openclaw

Commit Graph

Author	SHA1	Message	Date
Peter Steinberger	a82bc7d887	fix(ci): align contract expectations	2026-04-04 12:29:11 +09:00
Vincent Koc	9e389cff3d	fix(config): migrate legacy group allow aliases (#60597 ) * fix(config): migrate legacy group allow aliases * fix(config): inline legacy streaming migration helpers * refactor(config): rename legacy account matcher helper * chore(agents): codify config contract boundaries * fix(config): keep legacy allow aliases writable * Update AGENTS.md	2026-04-04 11:15:32 +09:00
Peter Steinberger	ab318de8b7	test(plugins): finish moving contract coverage	2026-04-04 00:11:39 +01:00
Peter Steinberger	e4b5027c5e	refactor(plugins): move extension seams into extensions	2026-04-04 00:10:16 +01:00
Vincent Koc	0464435777	fix(ci): align windows builtin mock types	2026-04-04 03:57:48 +09:00
Peter Steinberger	bc23db501b	test: trim more core importOriginal usage	2026-04-03 19:49:43 +01:00
Peter Steinberger	03a43fe231	refactor(plugins): genericize core channel seams	2026-04-03 19:09:21 +01:00
Peter Steinberger	856592cf00	fix(outbound): restore generic delivery and security seams	2026-04-03 19:09:20 +01:00
Peter Steinberger	636a23b73e	test: extract node builtin mock helpers	2026-04-03 18:40:28 +01:00
Shakker	0af1d0ddb2	test: split security audit code safety coverage	2026-04-04 01:07:28 +09:00
Shakker	9a88a933cf	refactor: narrow audit browser enablement check	2026-04-03 16:39:47 +01:00
Shakker	2e520d112d	refactor: split browser sdk imports for sandbox and audit	2026-04-03 16:39:47 +01:00
Peter Steinberger	35e1605147	feat: add configurable context visibility	2026-04-03 04:34:57 +09:00
Vincent Koc	08962b6812	fix(browser): keep static helper seams cold (#59471 ) * fix(browser): keep static helper seams cold * fix(browser): narrow sandbox helper facade imports * fix(browser): harden host inspection helpers	2026-04-02 17:12:32 +09:00
Gustavo Madeira Santana	91a7505af6	fix(tests): serialize shared channel audit state cases	2026-04-01 19:12:05 -04:00
Vincent Koc	5474796735	docs(security): clarify acpx yolo mode	2026-03-31 20:54:30 +09:00
Vincent Koc	b4ac69c652	docs(acp): align approval policy wording	2026-03-31 20:49:31 +09:00
Jacob Tomlinson	7bd2761b92	Exec approvals: detect command carriers in strict inline eval (#57842 ) * Exec approvals: detect command carriers in strict inline eval * Exec approvals: cover carrier option edge cases * Exec approvals: cover make and find carriers * Exec approvals: catch attached eval flags * Exec approvals: keep sed -E out of inline eval * Exec approvals: treat sed in-place flags as optional	2026-03-31 10:58:17 +01:00
Peter Steinberger	6b6ddcd2a6	test: speed up core runtime suites	2026-03-31 02:25:02 +01:00
joelnishanth	f849b8de97	hooks: default hooks.internal.enabled to true so bundled hooks load on fresh installs Made-with: Cursor	2026-03-30 22:00:54 +05:30
Jacob Tomlinson	6b38815f86	fix(gateway): tighten tools invoke HTTP guardrails (#57771 ) * fix(gateway): tighten tools invoke HTTP guardrails Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com> * fix(security): centralize gateway HTTP deny defaults * fix(gateway): drop duplicate scope guard after rebase --------- Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>	2026-03-30 17:16:33 +01:00
Jacob Tomlinson	1a75906a6f	Exec approvals: prevent interpreter allow-always persistence (#57772 ) * Exec approvals: block interpreter allow-always persistence * Exec approvals: normalize interpreter allowlist formatting * Exec approvals: normalize interpreter allowlist wrapping * Exec approvals: tighten awk regression coverage * Exec approvals: harden awk interpreter coverage	2026-03-30 17:03:54 +01:00
Jacob Tomlinson	29cb1e3c7e	Gateway: tighten HTTP tool invoke authorization (#57773 ) * Gateway: harden HTTP tool invoke access * Gateway: strengthen HTTP tools invoke regression coverage * Gateway: keep owner-only tools off HTTP	2026-03-30 16:59:40 +01:00
qsam	47839d3b9a	fix(mattermost): detect stale websocket after bot disable/enable cycle (#53604 ) Merged via squash. Prepared head SHA: `818d437a54` Co-authored-by: Qinsam <19649380+Qinsam@users.noreply.github.com> Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com> Reviewed-by: @mukhtharcm	2026-03-30 07:54:59 +05:30
Peter Steinberger	471e059b69	refactor(plugin-sdk): remove channel-specific sdk shims	2026-03-30 01:03:24 +01:00
Peter Steinberger	276ccd2583	fix(exec): default implicit target to auto	2026-03-30 06:03:08 +09:00
Peter Steinberger	c48e0f8e6a	style: normalize import order and formatting	2026-03-29 16:33:22 +09:00
scoootscooob	5d81b64343	fix(exec): fail closed when sandbox is unavailable and harden deny followups (#56800 ) * fix(exec): fail closed when sandbox is unavailable and harden deny followups * docs(changelog): note exec fail-closed fix	2026-03-28 22:20:49 -07:00
Vignesh Natarajan	c3a0304f63	chore(test): fix stale web search audit coverage	2026-03-28 17:18:57 -07:00
Robin Waslander	31112d5985	fix(security): audit web search keys for all bundled providers (#56540 ) hasWebSearchKey() was hardcoded to only check Brave and Perplexity credentials. Replace with provider-aware check using resolveBundledPluginWebSearchProviders() so Gemini, Grok/XAI, Kimi, Moonshot, and OpenRouter credentials are recognized by the audit. Add focused regression tests for each provider. Fixes #34509	2026-03-28 18:55:38 +01:00
Peter Steinberger	4e50548e46	fix: restore skill sourceInfo provenance handling	2026-03-28 04:05:18 +00:00
Peter Steinberger	5853b1aab8	fix: replay skill source drift	2026-03-28 03:53:59 +00:00
Peter Steinberger	8147f5075b	refactor: inline canonical skill source reads	2026-03-28 03:48:17 +00:00
Peter Steinberger	2accc0391a	test: dedupe security utility suites	2026-03-28 01:38:12 +00:00
Peter Steinberger	0ffd6b202f	test: dedupe security audit and acl suites	2026-03-28 01:17:57 +00:00
Peter Steinberger	d38ec0c9c9	test: dedupe loader heartbeat and audit cases	2026-03-28 00:53:34 +00:00
Peter Steinberger	6a039bca30	test: dedupe loader and audit suites	2026-03-28 00:46:53 +00:00
Peter Steinberger	b4fe0faf1b	test: dedupe config and utility suites	2026-03-28 00:46:53 +00:00
Peter Steinberger	c52f89bd60	test: dedupe helper-heavy test suites	2026-03-27 22:35:27 +00:00
Peter Steinberger	7d4fab3e73	test: debrand pairing and dm policy fixtures	2026-03-27 22:18:20 +00:00
Peter Steinberger	8d054e7892	test: move shared seams into contract suites	2026-03-27 16:33:53 +00:00
Peter Steinberger	4d630b7e92	refactor: expose dm policy test seams	2026-03-27 13:46:17 +00:00
Peter Steinberger	9a775aa59c	refactor: continue plugin seam cleanup	2026-03-27 13:46:16 +00:00
Ayaan Zaidi	85d5e4360d	fix(skills): use skill sourceInfo	2026-03-27 10:59:07 +05:30
Marcus Castro	38adeb888c	fix: align Skill consumers with sourceInfo → source rename	2026-03-27 01:49:58 -03:00
Ayaan Zaidi	51d851e092	fix(skills): use skill sourceInfo	2026-03-27 09:57:02 +05:30
Peter Steinberger	70184d0a5e	fix: compaction API drift + Skill sourceInfo→source migration - compaction.ts: drop removed 'headers' param from generateSummary call - compaction.retry.test.ts: align test call with new generateSummary signature - compaction-safeguard.ts: replace getApiKeyAndHeaders with getApiKey (upstream removed) - Migrate all Skill sourceInfo.source → flat source field across agents, cli, security - Update 6 test files to match new Skill shape	2026-03-27 04:23:39 +00:00
Peter Steinberger	be6b841334	fix: align skill and compaction API usage	2026-03-27 03:27:51 +00:00
Peter Steinberger	a331270f8a	fix: restore green build after upstream API drift	2026-03-27 02:49:53 +00:00
Peter Steinberger	10527ff8a3	build: refresh deps and vitest cache lanes	2026-03-27 02:26:07 +00:00

1 2 3 4 5 ...

357 Commits