nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,052 Commits 712 Branches 79 Tags 2.1 GiB
Commit Graph

13052 Commits

Author SHA1 Message Date
Vincent Koc d9844c6afa
CI: remove docs spellcheck step (#22738) 2026-02-21 10:58:34 -05:00
Peter Steinberger fa89ae8e9e fix: stabilize swift protocol generation and flaky tests 2026-02-21 16:53:46 +01:00
Peter Steinberger 8588183abe test: stabilize docker e2e suites for pairing and model updates 2026-02-21 16:38:48 +01:00
Peter Steinberger 5da03e6221 fix(macos): harden exec allowlist shell-chain checks 2026-02-21 16:27:18 +01:00
Onur 8178ea472d
feat: thread-bound subagents on Discord (#21805) 
* docs: thread-bound subagents plan

* docs: add exact thread-bound subagent implementation touchpoints

* Docs: prioritize auto thread-bound subagent flow

* Docs: add ACP harness thread-binding extensions

* Discord: add thread-bound session routing and auto-bind spawn flow

* Subagents: add focus commands and ACP/session binding lifecycle hooks

* Tests: cover thread bindings, focus commands, and ACP unbind hooks

* Docs: add plugin-hook appendix for thread-bound subagents

* Plugins: add subagent lifecycle hook events

* Core: emit subagent lifecycle hooks and decouple Discord bindings

* Discord: handle subagent bind lifecycle via plugin hooks

* Subagents: unify completion finalizer and split registry modules

* Add subagent lifecycle events module

* Hooks: fix subagent ended context key

* Discord: share thread bindings across ESM and Jiti

* Subagents: add persistent sessions_spawn mode for thread-bound sessions

* Subagents: clarify thread intro and persistent completion copy

* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions

* Discord: add thread-bound session TTL with auto-unfocus

* Subagents: fail session spawns when thread bind fails

* Subagents: cover thread session failure cleanup paths

* Session: add thread binding TTL config and /session ttl controls

* Tests: align discord reaction expectations

* Agent: persist sessionFile for keyed subagent sessions

* Discord: normalize imports after conflict resolution

* Sessions: centralize sessionFile resolve/persist helper

* Discord: harden thread-bound subagent session routing

* Rebase: resolve upstream/main conflicts

* Subagents: move thread binding into hooks and split bindings modules

* Docs: add channel-agnostic subagent routing hook plan

* Agents: decouple subagent routing from Discord

* Discord: refactor thread-bound subagent flows

* Subagents: prevent duplicate end hooks and orphaned failed sessions

* Refactor: split subagent command and provider phases

* Subagents: honor hook delivery target overrides

* Discord: add thread binding kill switches and refresh plan doc

* Discord: fix thread bind channel resolution

* Routing: centralize account id normalization

* Discord: clean up thread bindings on startup failures

* Discord: add startup cleanup regression tests

* Docs: add long-term thread-bound subagent architecture

* Docs: split session binding plan and dedupe thread-bound doc

* Subagents: add channel-agnostic session binding routing

* Subagents: stabilize announce completion routing tests

* Subagents: cover multi-bound completion routing

* Subagents: suppress lifecycle hooks on failed thread bind

* tests: fix discord provider mock typing regressions

* docs/protocol: sync slash command aliases and delete param models

* fix: add changelog entry for Discord thread-bound subagents (#21805) (thanks @onutc)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-02-21 16:14:55 +01:00
Peter Steinberger 166068dfbe test: add byteplus coding-plan live test 2026-02-21 15:42:44 +01:00
Peter Steinberger c8466e516f fix(agents): raise dynamic retry cap budget 2026-02-21 15:41:30 +01:00
Peter Steinberger 1bd3f01c17 fix(telegram): guard duplicate bot token accounts 2026-02-21 15:41:03 +01:00
Peter Steinberger b520e7ac38 fix: stabilize docker live model and doctor-switch tests 2026-02-21 15:36:24 +01:00
Peter Steinberger b25d3652e7 fix(agents): cap embedded runner retry loop 2026-02-21 15:35:45 +01:00
Peter Steinberger 352b5262da fix(ci): make docs spellcheck fallback deterministic 2026-02-21 15:08:28 +01:00
Peter Steinberger 3101047234 feat(models): add Gemini 3.1 support 2026-02-21 15:08:06 +01:00
Peter Steinberger 581868365d fix: finish volcengine/byteplus landing polish (#7967) (thanks @funmore123) 2026-02-21 15:05:09 +01:00
fanziqing 559736a5a0 feat(volcengine): integrate Volcengine & Byteplus Provider 2026-02-21 15:05:09 +01:00
Peter Steinberger 95c14d9b5f docs: prune low-signal changelog entries 2026-02-21 15:02:10 +01:00
Peter Steinberger 7bd5c5d5a4 docs(changelog): reorder unreleased fixes by user impact 2026-02-21 14:37:49 +01:00
Peter Steinberger 892620ddab chore: update workspace dependencies 2026-02-21 14:35:13 +01:00
大猫子 c62a6e7040
fix(models): add kimi-coding implicit provider template (openclaw#22526) thanks @lailoo 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: lailoo <20536249+lailoo@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-21 07:35:09 -06:00
Peter Steinberger 14b3743228 fix(ci): stabilize Windows path handling in sandbox tests 2026-02-21 14:32:15 +01:00
Peter Steinberger 10b8839a82 fix(security): centralize WhatsApp outbound auth and return 403 tool auth errors 2026-02-21 14:31:01 +01:00
Peter Steinberger f64d5ddf60 fix: replace README sponsors HTML table with markdown 2026-02-21 14:29:55 +01:00
Peter Steinberger f23da067f6 fix(security): harden heredoc allowlist parsing 2026-02-21 14:27:51 +01:00
orlyjamie 92cada2aca fix(security): block command substitution in unquoted heredoc bodies 
The shell command analyzer (splitShellPipeline) skipped all token
validation while parsing heredoc bodies. When the heredoc delimiter
was unquoted, bash performs command substitution on the body content,
allowing $(cmd) and backtick expressions to execute arbitrary commands
that bypass the exec allowlist.

Track whether heredoc delimiters are quoted or unquoted. When unquoted,
scan the body for $( , ${ , and backtick tokens and reject the command.
Quoted heredocs (<<'EOF' / <<"EOF") are safe - the shell treats their
body as literal text.

Ref: https://github.com/openclaw/openclaw/security/advisories/GHSA-65rx-fvh6-r4h2
 2026-02-21 14:27:35 +01:00
Peter Steinberger 2706cbd6d7 fix(agents): include filenames in image resize logs 2026-02-21 13:16:41 +00:00
Peter Steinberger 3cfb402bda refactor(test): reuse state-dir helper in agent runner suite 2026-02-21 13:08:05 +00:00
Peter Steinberger 25db01fe08 refactor(test): use withEnvAsync in pairing store fixture 2026-02-21 13:06:12 +00:00
Peter Steinberger 21bb46d304 fix(ci): include browser network in sandbox test fixture 2026-02-21 13:05:51 +00:00
Peter Steinberger 7a27e2648a refactor(test): dedupe plugin env overrides via env helpers 2026-02-21 13:03:41 +00:00
Peter Steinberger f48698a50b fix(security): harden sandbox browser network defaults 2026-02-21 14:02:53 +01:00
Peter Steinberger cf82614259 refactor(test): reuse state-dir helper in telegram tests 2026-02-21 13:02:12 +00:00
Peter Steinberger 26eb1f781d refactor(test): reuse state-dir env helper in auth profile override e2e 2026-02-21 13:00:16 +00:00
Peter Steinberger c2874aead7 refactor(test): centralize temporary state-dir env setup 2026-02-21 12:59:24 +00:00
Peter Steinberger 50a8942c07 docs(changelog): add WhatsApp reaction allowlist security note 2026-02-21 13:57:54 +01:00
Aether AI Agent e217f8c3f7 fix(security): OC-91 validate WhatsApp JID against allowlist in all send paths — Aether AI Agent 2026-02-21 13:57:54 +01:00
Peter Steinberger 8c1518f0f3 fix(sandbox): use one-time noVNC observer tokens 2026-02-21 13:56:58 +01:00
Peter Steinberger b43aadc34c refactor(test): dedupe temp-home setup in voicewake suite 2026-02-21 12:56:34 +00:00
Peter Steinberger c529bafdc3 refactor(test): reuse temp-home helper in voicewake e2e 2026-02-21 12:54:54 +00:00
Peter Steinberger 577e5cc74b refactor(test): dedupe gateway env setup and add env util coverage 2026-02-21 12:52:21 +00:00
Peter Steinberger 621d8e1312 fix(sandbox): require noVNC observer password auth 2026-02-21 13:44:24 +01:00
Peter Steinberger 6cb7e16d40 fix(oauth): harden refresh token refresh-response validation 2026-02-21 13:44:14 +01:00
Henry Loenwind 24d18d0d72
fix: Correct data path in SKILL.md (coding-agent) (#11009) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f7e56b80c6
Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 18:09:25 +05:30
Peter Steinberger be7f825006 refactor(gateway): harden proxy client ip resolution 2026-02-21 13:36:23 +01:00
Ayaan Zaidi 8b1fe0d1e2
fix(telegram): split streaming preview per assistant block (#22613) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 26f35f4411
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 18:05:23 +05:30
Peter Steinberger 36a0df423d refactor(gateway): make ws and http auth surfaces explicit 2026-02-21 13:33:09 +01:00
Peter Steinberger 1835dec200 fix(security): force sandbox browser hash migration and audit stale labels 2026-02-21 13:25:41 +01:00
Peter Steinberger b2d84528f8 refactor(test): remove duplicate cron tool harnesses 2026-02-21 12:25:23 +00:00
Peter Steinberger f4c89aa66e docs(changelog): add tts provider-override hardening note 2026-02-21 13:24:42 +01:00
Peter Steinberger 9516ace3c9 docs(changelog): note ACP resource-link prompt hardening 2026-02-21 13:23:51 +01:00
Peter Steinberger 14b0d2b816 refactor: harden control-ui auth flow and add insecure-flag audit summary 2026-02-21 13:18:23 +01:00
Peter Steinberger 4cd7d95746 style(browser): apply oxfmt cleanup for gate 2026-02-21 13:16:07 +01:00