73477eee4c
fix: harden ACP plugin tools bridge ( #56867 ) (thanks @joe2643)
2026-03-30 05:09:59 +09:00
e0f0a1aa1f
docs: clarify browser allowlist troubleshooting
2026-03-29 22:19:22 +09:00
341e617c84
docs(plugins): refresh bundled plugin runtime docs
2026-03-29 09:10:39 +01:00
c7330eb716
Docs: audit Matrix CLI and setup docs
2026-03-29 01:48:18 -04:00
c9f1506d2f
docs(xai): clarify x_search onboarding flow
2026-03-29 00:25:18 +00:00
048a4e4f9e
docs: clarify mcp server and client modes
2026-03-28 04:10:20 +00:00
71f37a59ca
feat: add openclaw channel mcp bridge
2026-03-28 02:41:57 +00:00
eef27001de
docs: explain anthropic claude cli migration
2026-03-26 23:04:47 +00:00
a4a00aa1da
feat: pluginize cli inference backends
2026-03-26 15:11:15 +00:00
dad68d319b
Remove Qwen OAuth integration (qwen-portal-auth) ( #52709 )
...
* Remove Qwen OAuth integration (qwen-portal-auth)
Qwen OAuth via portal.qwen.ai is being deprecated by the Qwen team due
to traffic impact on their primary Qwen Code user base. Users should
migrate to the officially supported Model Studio (Alibaba Cloud Coding
Plan) provider instead.
Ref: https://github.com/openclaw/openclaw/issues/49557
- Delete extensions/qwen-portal-auth/ plugin entirely
- Remove qwen-portal from onboarding auth choices, provider aliases,
auto-enable list, bundled plugin defaults, and pricing cache
- Remove Qwen CLI credential sync (external-cli-sync, cli-credentials)
- Remove QWEN_OAUTH_MARKER from model auth markers
- Update docs/providers/qwen.md to redirect to Model Studio
- Update model-providers docs (EN + zh-CN) to remove Qwen OAuth section
- Regenerate config and plugin-sdk baselines
- Update all affected tests
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* Clean up residual qwen-portal references after OAuth removal
* Add migration hint for deprecated qwen-portal OAuth provider
* fix: finish qwen oauth removal follow-up
---------
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
2026-03-26 16:32:34 +08:00
fd934a566b
feat(cli): add json schema to cli tool ( #54523 )
...
Merged via squash.
Prepared head SHA: 39c15ee70d
2026-03-26 02:30:32 +03:00
0cbf6d5fed
fix: land cron tz one-shot handling and prerelease config warnings ( #53224 ) (thanks @RolfHegr)
2026-03-23 19:38:04 -07:00
3fe2f0a550
docs: fix CLI command tree, SDK import path, and tool group listing
...
- Remove non-existent 'secrets migrate' from CLI command tree
- Add actual secrets subcommands: audit, configure, apply
- Add missing plugin subcommands: inspect, uninstall, update, marketplace list
- Fix plugins info -> inspect (actual command name)
- Add message send and broadcast subcommands to command tree
- Remove misleading deprecated import from sdk-overview
- Add sessions_yield and subagents to group:sessions tool group docs
- Fix formatting
2026-03-23 10:40:41 -07:00
eac93507c3
fix(browser): enforce node browser proxy allowProfiles
2026-03-23 00:56:44 -07:00
c036e4d176
fix: restrict remote marketplace plugin sources
2026-03-22 22:47:08 -07:00
6b9915a106
refactor!: drop legacy CLAWDBOT env compatibility
2026-03-22 22:13:39 -07:00
b863e1c315
fix(docs): update remaining npm-spec references for ClawHub-first default
...
- cli/plugins.md: rewrite install synopsis with ClawHub-first order
- cli/hooks.md: update hook pack install examples
- help/troubleshooting.md: <npm-spec> -> <package>
- gateway/security/index.md: drop npm-specific framing
2026-03-22 15:43:15 -07:00
773fb9cead
docs: update hooks load order, session-memory reset event, and bootstrap allowlists
2026-03-22 20:38:54 +00:00
aa80b1eb7c
feat(cli): unify hook pack installs under plugins
2026-03-22 11:20:50 -07:00
8d9686bd0f
feat!: prefer clawhub plugin installs before npm
2026-03-22 18:17:45 +00:00
91b2800241
feat: add native clawhub install flows
2026-03-22 17:03:49 +00:00
42f23619e3
fix(hooks): harden workspace hook loading
2026-03-22 09:38:09 -07:00
709c730e2a
fix: standardize 'MS Teams' to 'Microsoft Teams' across docs ( #50863 )
...
* fix: standardize 'MS Teams' to 'Microsoft Teams' across docs
* Apply suggestion from @greptile-apps[bot]
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-19 23:54:47 -07:00
8e132aed6e
Hardening: refresh stale device pairing requests and pending metadata ( #50695 )
...
* Docs: clarify device pairing supersede behavior
* Device pairing: supersede pending requests on auth changes
2026-03-19 18:26:06 -05:00
9f2a01d972
docs: replace stale claude-sonnet-4-5 with 4-6, normalize Node version, remove stale dates
2026-03-19 10:33:03 -07:00
401ffb59f5
CLI: support versioned plugin updates ( #49998 )
...
Merged via squash.
Prepared head SHA: 545ea60fa2
2026-03-19 12:51:10 -04:00
7d8d3d9d77
docs: merge duplicate OpenRouter entry, fix broken plugin anchor links
2026-03-18 16:00:46 -07:00
3cecbcf8b6
docs: fix curly quotes, non-breaking hyphens, and remaining apostrophes in headings
2026-03-18 01:31:38 -07:00
466510b6d8
refactor: replace "seam" terminology across codebase
...
Replace "seam" with clearer terms throughout:
- "surface" for public API/extension boundaries
- "boundary" for plugin/module interfaces
- "interface" for runtime connection points
- "hook" for test injection points
- "palette" for the lobster palette reference
Also delete experiments/acp-pluginification-architecture-plan.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:20:15 -07:00
0354d49a82
docs update web search config guidance
2026-03-18 00:00:17 -05:00
0ffcc308f2
Secrets: gate exec dry-run and preflight resolution behind --allow-exec ( #49417 )
...
* Secrets: gate exec dry-run resolution behind --allow-exec
* Secrets: fix dry-run completeness and skipped exec audit semantics
* Secrets: require --allow-exec for exec-containing apply writes
* Docs: align secrets exec consent behavior
* Changelog: note secrets exec consent gating
2026-03-17 23:24:34 -05:00
2c35faf437
docs: fix "a OpenClaw" → "an OpenClaw" grammar across docs
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 20:43:18 -07:00
d2ef865073
docs(plugins): deduplicate and cross-reference plugin capability docs
...
- Merge hook order + which-hook-to-use into single reference table
- Deduplicate npm spec restrictions (link to CLI reference)
- Deduplicate plugin shapes in cli/plugins.md (link to main definition)
- Add capability-cookbook to docs.json navigation
- Add cross-references: Architecture→Load pipeline, Config→configuration
reference, Plugin slots→manifest kind, Adding capability→cookbook
- Add missing cursor bundle subtype in 3 locations
- Fix verbose/info→verbose/inspect references
- Remove duplicate "info is alias for inspect" note
- Add missing install command to CLI command summary
- Replace premature "shape" jargon with "pattern" before definition
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 20:43:18 -07:00
2d3bcbfe08
CLI: skip exec SecretRef dry-run resolution unless explicitly allowed ( #49322 )
...
* CLI: gate exec SecretRef dry-run resolution behind opt-in
* Docs: clarify config dry-run exec opt-in behavior
* CLI: preserve static exec dry-run validation
2026-03-17 20:20:11 -05:00
e99963100d
CLI: expand config set with SecretRef/provider builders and dry-run ( #49296 )
...
* CLI: expand config set ref/provider builder and dry-run
* Docs: revert README Discord token example
2026-03-17 18:15:49 -05:00
e7422716bb
docs(plugins): rename plugins info to plugins inspect across all docs
...
Update all references from `plugins info` to `plugins inspect` in bundles,
plugin system, and CLI index docs to match the renamed command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 15:33:42 -07:00
025bdc7e8f
docs(cli): add plugins inspect command reference
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 10:59:49 -07:00
6636ca87f4
docs(hooks): clarify trust model and audit guidance
2026-03-17 09:54:30 -07:00
da34f81ce2
fix(secrets): scope message SecretRef resolution and harden doctor/status paths ( #48728 )
...
* fix(secrets): scope message runtime resolution and harden doctor/status
* docs: align message/doctor/status SecretRef behavior notes
* test(cli): accept scoped targetIds wiring in secret-resolution coverage
* fix(secrets): keep scoped allowedPaths isolation and tighten coverage gate
* fix(secrets): avoid default-account coercion in scoped target selection
* test(doctor): cover inactive telegram secretref inspect path
* docs
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-03-17 00:01:34 -05:00
4863b651c6
docs: rename onboarding user-facing wizard copy
...
Co-authored-by: Tak <contact-redacted@example.com>
2026-03-16 19:50:31 -05:00
7deb543624
Browser: support non-Chrome existing-session profiles via userDataDir ( #48170 )
...
Merged via squash.
Prepared head SHA: e490035a24
2026-03-16 14:21:22 +01:00
3832f938fd
Docs: use placeholders for marketplace plugin examples
2026-03-16 02:09:20 -07:00
d896d8e0cd
Docs: add Claude marketplace plugin install guidance
2026-03-16 02:04:05 -07:00
476d948732
!refactor(browser): remove Chrome extension path and add MCP doctor migration ( #47893 )
...
* Browser: replace extension path with Chrome MCP
* Browser: clarify relay stub and doctor checks
* Docs: mark browser MCP migration as breaking
* Browser: reject unsupported profile drivers
* Browser: accept clawd alias on profile create
* Doctor: narrow legacy browser driver migration
2026-03-15 23:56:08 -07:00
f9e185887f
docs: restore onboard docs references
2026-03-16 05:50:57 +00:00
823039c000
docs: prefer setup wizard command
2026-03-15 22:01:04 -07:00
5287ae3c06
docs: update setup wizard wording
2026-03-15 21:40:31 -07:00
0a2f95916b
test: expand ssh sandbox coverage and docs
2026-03-15 21:38:22 -07:00
b8bb8510a2
feat: move ssh sandboxing into core
2026-03-15 21:35:30 -07:00
be8fef3840
docs: expand openshell sandbox docs
2026-03-15 20:35:56 -07:00
46482a283a
feat: add nostr setup and unify channel setup discovery
2026-03-15 19:58:22 -07:00
a2cb81199e
secrets: harden read-only SecretRef command paths and diagnostics ( #47794 )
...
* secrets: harden read-only SecretRef resolution for status and audit
* CLI: add SecretRef degrade-safe regression coverage
* Docs: align SecretRef status and daemon probe semantics
* Security audit: close SecretRef review gaps
* Security audit: preserve source auth SecretRef configuredness
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-03-15 21:55:24 -05:00
10f4a03de8
docs(google): remove stale plugin references
2026-03-16 02:11:19 +00:00
dd40741e18
feat(plugins): add compatible bundle support
2026-03-15 16:08:50 -07:00
5a7aba94a2
CLI: support package-manager installs from GitHub main ( #47630 )
...
* CLI: resolve package-manager main install specs
* CLI: skip registry resolution for raw package specs
* CLI: support main package target updates
* CLI: document package update specs in help
* Tests: cover package install spec resolution
* Tests: cover npm main-package updates
* Tests: cover update --tag main
* Installer: support main package targets
* Installer: support main package targets on Windows
* Docs: document package-manager main updates
* Docs: document installer main targets
* Docs: document npm and pnpm main installs
* Docs: document update --tag main
* Changelog: note package-manager main installs
* Update src/infra/update-global.test.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-15 14:18:12 -07:00
c30cabcca4
Docs: sweep recent user-facing updates ( #46424 )
...
* Docs: document Telegram force-document sends
* Docs: note Telegram document send behavior
* Docs: clarify memory file precedence
* Docs: align default AGENTS memory guidance
* Docs: update workspace FAQ memory note
* Docs: document gateway status require-rpc
* Docs: add require-rpc to gateway CLI index
2026-03-14 10:20:44 -07:00
b6d1d0d72d
fix(browser): prefer user profile over chrome relay
2026-03-14 04:15:34 +00:00
f4fef64fc1
Gateway: treat scope-limited probe RPC as degraded reachability ( #45622 )
...
* Gateway: treat scope-limited probe RPC as degraded
* Docs: clarify gateway probe degraded scope output
* test: fix CI type regressions in gateway and outbound suites
* Tests: fix Node24 diffs theme loading and Windows assertions
* Tests: fix extension typing after main rebase
* Tests: fix Windows CI regressions after rebase
* Tests: normalize executable path assertions on Windows
* Tests: remove duplicate gateway daemon result alias
* Tests: stabilize Windows approval path assertions
* Tests: fix Discord rate-limit startup fixture typing
* Tests: use Windows-friendly relative exec fixtures
---------
Co-authored-by: Mainframe <mainframe@MainfraacStudio.localdomain>
2026-03-13 23:13:33 -05:00
e986aa175f
docs: fix session key :dm: → :direct ( #26506 )
2026-03-13 14:28:33 +05:30
433e65711f
fix: fall back to a startup entry for windows gateway install
2026-03-13 03:18:17 +00:00
b858d6c3a9
fix: clarify windows onboarding gateway health
2026-03-13 02:40:40 +00:00
d6d01f853f
fix: align Ollama onboarding docs before landing ( #43473 ) (thanks @BruceMacD)
...
(cherry picked from commit 19fa274343a102ca85c7679ec28c5a3503a99f55)
2026-03-13 02:03:54 +00:00
f906bf58db
docs(ollama): update onboarding flow
...
Co-Authored-By: Jeffrey Morgan <jmorganca@gmail.com>
(cherry picked from commit e8ca2ff4e522f2d971801a537b3c4fdfecde0711)
2026-03-13 02:03:54 +00:00
bf89947a8e
fix: switch pairing setup codes to bootstrap tokens
2026-03-12 22:23:07 +00:00
46f0bfc55b
Gateway: harden custom session-store discovery ( #44176 )
...
Merged via squash.
Prepared head SHA: 52ebbf5188
2026-03-12 16:44:46 +00:00
0bcb95e8fa
Models: enforce source-managed SecretRef markers in models.json ( #43759 )
...
Merged via squash.
Prepared head SHA: 4a065ef5d8
2026-03-12 02:22:52 -05:00
7761e7626f
Providers: add Opencode Go support ( #42313 )
...
* feat(providers): add opencode-go provider support and onboarding
* Onboard: unify OpenCode auth handling openclaw#42313 thanks @ImLukeF
* Docs: merge OpenCode Zen and Go docs openclaw#42313 thanks @ImLukeF
* Update CHANGELOG.md
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-11 01:31:06 -04:00
0125ce1f44
Gateway: fail closed unresolved local auth SecretRefs ( #42672 )
...
* Gateway: fail closed unresolved local auth SecretRefs
* Docs: align node-host gateway auth precedence
* CI: resolve rebase breakages in checks lanes
* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state
* Gateway: remove stale remote.enabled auth-surface semantics
* Changelog: note gateway SecretRef fail-closed fix
2026-03-10 21:41:56 -05:00
a76e810193
fix(gateway): harden token fallback/reconnect behavior and docs ( #42507 )
...
* fix(gateway): harden token fallback and auth reconnect handling
* docs(gateway): clarify auth retry and token-drift recovery
* fix(gateway): tighten auth reconnect gating across clients
* fix: harden gateway token retry (#42507 ) (thanks @joshavant)
2026-03-10 17:05:57 -05:00
8e3f3bc3cf
acp: enrich streaming updates for ide clients ( #41442 )
...
Merged via squash.
Prepared head SHA: 0764368e80
2026-03-09 22:26:46 +01:00
d346f2d9ce
acp: restore session context and controls ( #41425 )
...
Merged via squash.
Prepared head SHA: fcabdf7c31
2026-03-09 22:17:19 +01:00
e6e4169e82
acp: fail honestly in bridge mode ( #41424 )
...
Merged via squash.
Prepared head SHA: b5e6e13afe
2026-03-09 22:01:30 +01:00
d4e59a3666
Cron: enforce cron-owned delivery contract ( #40998 )
...
Merged via squash.
Prepared head SHA: 5877389e33
2026-03-09 20:12:37 +01:00
e3df94365b
ACP: add optional ingress provenance receipts ( #40473 )
...
Merged via squash.
Prepared head SHA: b63e46dd94
2026-03-09 04:19:03 +01:00
38543d8196
fix(cron): consolidate announce delivery, fire-and-forget trigger, and minimal prompt mode ( #40204 )
...
* fix(cron): consolidate announce delivery and detach manual runs
* fix: queue detached cron runs (#40204 )
2026-03-08 14:46:33 -07:00
0ecfd37b44
feat: add local backup CLI ( #40163 )
...
Merged via squash.
Prepared head SHA: ed46625ae2
2026-03-08 16:21:20 -04:00
492fe679a7
feat(tui): infer workspace agent when launching TUI ( #39591 )
...
Merged via squash.
Prepared head SHA: 23533e24c4
2026-03-08 13:31:11 +03:00
4062aa5e5d
Gateway: add safer password-file input for gateway run ( #39067 )
...
* CLI: add gateway password-file option
* Docs: document safer gateway password input
* Update src/cli/gateway-cli/run.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Tests: clean up gateway password temp dirs
* CLI: restore gateway password warning flow
* Security: harden secret file reads
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-07 18:20:17 -08:00
25252ab5ab
gateway: harden shared auth resolution across systemd, discord, and node host
2026-03-07 18:28:32 -06:00
8e20dd22d8
Secrets: harden SecretRef-safe models.json persistence ( #38955 )
2026-03-07 11:28:39 -06:00
786ec21b5a
docs(cli): improve memory command examples ( #31803 )
...
Merged via squash.
Prepared head SHA: 15dcda3027
2026-03-07 19:03:23 +03:00
f392b81e95
Infra: require explicit opt-in for prerelease npm installs ( #38117 )
...
* Infra: tighten npm registry spec parsing
* Infra: block implicit prerelease npm installs
* Plugins: cover prerelease install policy
* Infra: add npm registry spec tests
* Hooks: cover prerelease install policy
* Docs: clarify plugin guide version policy
* Docs: clarify plugin install version policy
* Docs: clarify hooks install version policy
* Docs: clarify hook pack version policy
2026-03-06 11:13:30 -05:00
0e4245063f
CLI: make read-only SecretRef status flows degrade safely ( #37023 )
...
* CLI: add read-only SecretRef inspection
* CLI: fix read-only SecretRef status regressions
* CLI: preserve read-only SecretRef status fallbacks
* Docs: document read-only channel inspection hook
* CLI: preserve audit coverage for read-only SecretRefs
* CLI: fix read-only status account selection
* CLI: fix targeted gateway fallback analysis
* CLI: fix Slack HTTP read-only inspection
* CLI: align audit credential status checks
* CLI: restore Telegram read-only fallback semantics
2026-03-05 23:07:13 -06:00
98aecab7bd
Docs: cover heartbeat, cron, and plugin route updates
2026-03-05 17:05:21 -05:00
72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails ( #35094 )
2026-03-05 12:53:56 -06:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
6b85ec3022
docs: tighten subscription guidance and update MiniMax M2.5 refs
2026-03-03 00:02:37 +00:00
ad12d1fbce
fix(plugins): prefer bundled plugin ids over bare npm specs
2026-03-02 20:49:50 +00:00
3002f13ca7
feat(config): add `openclaw config validate` and improve startup error messages ( #31220 )
...
Merged via squash.
Prepared head SHA: 4598f2a541
2026-03-02 00:45:51 -05:00
548a502c69
docs: sync android node docs with current pairing and capabilities
2026-03-02 11:08:51 +05:30
449511484d
fix(gateway): allow ws:// to private network addresses ( #28670 )
...
* fix(gateway): allow ws:// to RFC 1918 private network addresses
resolve ws-private-network conflicts
* gateway: keep ws security strict-by-default with private opt-in
* gateway: apply private ws opt-in in connection detail guard
* gateway: apply private ws opt-in in websocket client
* onboarding: gate private ws urls behind explicit opt-in
* gateway tests: enforce strict ws defaults with private opt-in
* onboarding tests: validate private ws opt-in behavior
* gateway client tests: cover private ws env override
* gateway call tests: cover private ws env override
* changelog: add ws strict-default security entry for pr 28670
* docs(onboard): document private ws break-glass env
* docs(gateway): add private ws env to remote guide
* docs(docker): add private ws break-glass env var
* docs(security): add private ws break-glass guidance
* docs(config): document OPENCLAW_ALLOW_PRIVATE_WS
* Update CHANGELOG.md
* gateway: normalize private-ws host classification
* test(gateway): cover non-unicast ipv6 private-ws edges
* changelog: rename insecure private ws break-glass env
* docs(onboard): rename insecure private ws env
* docs(gateway): rename insecure private ws env in config reference
* docs(gateway): rename insecure private ws env in remote guide
* docs(security): rename insecure private ws env
* docs(docker): rename insecure private ws env
* test(onboard): rename insecure private ws env
* onboard: rename insecure private ws env
* test(gateway): rename insecure private ws env in call tests
* gateway: rename insecure private ws env in call flow
* test(gateway): rename insecure private ws env in client tests
* gateway: rename insecure private ws env in client
* docker: pass insecure private ws env to services
* docker-setup: persist insecure private ws env
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-01 20:49:45 -08:00
96ffbb5aaf
CLI: add config path subcommand to print active config file path ( #26256 )
...
Merged via squash.
Prepared head SHA: b11c593a34
2026-03-01 23:33:20 -05:00
b7615e0ce3
Exec/ACP: inject OPENCLAW_SHELL into child shell env ( #31271 )
...
* exec: mark runtime shell context in exec env
* tests(exec): cover OPENCLAW_SHELL in gateway exec
* tests(exec): cover OPENCLAW_SHELL in pty mode
* acpx: mark runtime shell context for spawned process
* tests(acpx): log OPENCLAW_SHELL in runtime fixture
* tests(acpx): assert OPENCLAW_SHELL in runtime prompt
* docs(env): document OPENCLAW_SHELL runtime markers
* docs(exec): describe OPENCLAW_SHELL exec marker
* docs(acp): document OPENCLAW_SHELL acp marker
* docs(gateway): note OPENCLAW_SHELL for background exec
* tui: tag local shell runs with OPENCLAW_SHELL
* tests(tui): assert OPENCLAW_SHELL in local shell runner
* acp client: tag spawned bridge env with OPENCLAW_SHELL
* tests(acp): cover acp client OPENCLAW_SHELL env helper
* docs(env): include acp-client and tui-local shell markers
* docs(acp): document acp-client OPENCLAW_SHELL marker
* docs(tui): document tui-local OPENCLAW_SHELL marker
* exec: keep shell runtime env string-only for docker args
* changelog: note OPENCLAW_SHELL runtime markers
2026-03-01 20:31:06 -08:00
d320b30b9b
Docs: expand ACP first-use naming and link protocol site
2026-02-27 00:33:58 +01:00
297cca0565
docs(cli): improve secrets command guide
2026-02-27 00:20:02 +01:00
0ec7711bc2
fix(agents): harden compaction and reset safety
...
Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com>
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>
2026-02-26 17:41:24 +01:00
4380d74d49
docs(secrets): add dedicated apply plan contract page
2026-02-26 14:47:22 +00:00
14897e8de7
docs(secrets): clarify partial migration guidance
2026-02-26 14:47:22 +00:00
06290b49b2
feat(secrets): finalize mode rename and validated exec docs
2026-02-26 14:47:22 +00:00
f413e314b9
feat(secrets): replace migrate flow with audit/configure/apply
2026-02-26 14:47:22 +00:00
bde9cbb058
docs(secrets): align provider model and add exec resolver coverage
2026-02-26 14:47:22 +00:00
5e3a86fd2f
feat(secrets): expand onboarding secret-ref flows and custom-provider parity
2026-02-26 14:47:22 +00:00
e8637c79b3
fix(secrets): harden sops migration sops rule matching
2026-02-26 14:47:22 +00:00
0e69660c41
feat(secrets): finalize external secrets runtime and migration hardening
2026-02-26 14:47:22 +00:00
c5b89fbaea
Docs: address review feedback on secrets docs
2026-02-26 14:47:22 +00:00
9203d583f9
Docs: add secrets and CLI secrets reference pages
2026-02-26 14:47:22 +00:00
c0a3801086
Docs: document secrets refs runtime and migration
2026-02-26 14:47:22 +00:00
dfa0b5b4fc
Channels: move single-account config into accounts.default ( #27334 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 50b5771808
2026-02-26 04:06:03 -05:00
96c7702526
Agents: add account-scoped bind and routing commands ( #27195 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: ad35a458a5
2026-02-26 02:36:56 -05:00
42f455739f
fix(security): clarify denyCommands exact-match guidance
2026-02-26 00:55:35 +01:00
c2a837565c
docs: fix configure section example
2026-02-25 02:44:49 +00:00
bfafec2271
docs: expand doctor and devices CLI references
2026-02-25 02:41:13 +00:00
a12cbf8994
docs: refresh CLI and trusted-proxy docs
2026-02-25 02:40:12 +00:00
14b6eea6e3
feat(sandbox): block container namespace joins by default
2026-02-24 23:20:34 +00:00
8cc841766c
docs(security): enumerate dangerous config parameters
2026-02-24 14:25:43 +00:00
4d124e4a9b
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
12cc754332
fix(acp): harden permission auto-approval policy
2026-02-24 01:03:30 +00:00
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
d92ba4f8aa
feat: Provider/Mistral full support for Mistral on OpenClaw 🇫🇷 ( #23845 )
...
* Onboard: add Mistral auth choice and CLI flags
* Onboard/Auth: add Mistral provider config defaults
* Auth choice: wire Mistral API-key flow
* Onboard non-interactive: support --mistral-api-key
* Media understanding: add Mistral Voxtral audio provider
* Changelog: note Mistral onboarding and media support
* Docs: add Mistral provider and onboarding/media references
* Tests: cover Mistral media registry/defaults and auth mapping
* Memory: add Mistral embeddings provider support
* Onboarding: refresh Mistral model metadata
* Docs: document Mistral embeddings and endpoints
* Memory: persist Mistral embedding client state in managers
* Memory: add regressions for mistral provider wiring
* Gateway: add live tool probe retry helper
* Gateway: cover live tool probe retry helper
* Gateway: retry malformed live tool-read probe responses
* Memory: support plain-text batch error bodies
* Tests: add Mistral Voxtral live transcription smoke
* Docs: add Mistral live audio test command
* Revert: remove Mistral live voice test and docs entry
* Onboard: re-export Mistral default model ref from models
* Changelog: credit joeVenner for Mistral work
* fix: include Mistral in auto audio key fallback
* Update CHANGELOG.md
* Update CHANGELOG.md
---------
Co-authored-by: Shakker <shakkerdroid@gmail.com>
2026-02-23 00:03:56 +00:00
3461dda880
docs: fix voicecall expose disable example
2026-02-22 20:58:28 +01:00
72446f419f
docs: align CLI docs and help surface
2026-02-22 20:05:01 +01:00
0c1f491a02
fix(gateway): clarify pairing and node auth guidance
2026-02-22 19:50:29 +01:00
f442a3539f
feat(update): add core auto-updater and dry-run preview
2026-02-22 17:11:36 +01:00
6fda04e938
refactor: tighten onboarding dmScope typing and docs links
2026-02-22 12:46:09 +01:00
65dccbdb4b
fix: document onboarding dmScope default as breaking change ( #23468 ) (thanks @bmendonca3)
2026-02-22 12:36:49 +01:00
bc78b343ba
Security: expand audit checks for mDNS and real-IP fallback
2026-02-22 11:26:17 +01:00
265da4dd2a
fix(security): harden gateway command/audit guardrails
2026-02-22 08:45:48 +01:00
049b8b14bc
fix(security): flag open-group runtime/fs exposure in audit
2026-02-22 08:22:51 +01:00
f97c45c5b5
fix(security): warn on Discord name-based allowlists in audit
2026-02-21 19:45:17 +01:00
f48698a50b
fix(security): harden sandbox browser network defaults
2026-02-21 14:02:53 +01:00
1835dec200
fix(security): force sandbox browser hash migration and audit stale labels
2026-02-21 13:25:41 +01:00
810218756d
docs(security): clarify trusted-host deployment assumptions
2026-02-21 12:53:12 +01:00
d871ee91d0
fix(config-cli): correct misleading --json flag description ( #21332 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b6c8d1edfa
2026-02-19 20:09:17 -05:00
b40821b068
fix: harden ACP secret handling and exec preflight boundaries
2026-02-19 15:34:20 +01:00
5dc50b8a3f
fix(security): harden npm plugin and hook install integrity flow
2026-02-19 15:11:25 +01:00
e3e0ffd801
feat(security): audit gateway HTTP no-auth exposure
2026-02-19 14:25:56 +01:00
b4dbe03298
refactor: unify restart gating and update availability sync
2026-02-19 10:00:41 +01:00
a333d92013
docs(security): harden gateway security guidance
2026-02-17 23:48:49 +01:00
c0072be6a6
docs(cli): add components send example
2026-02-17 09:58:47 -05:00
b114c82701
CLI: approve latest pending device request
2026-02-17 14:08:04 +00:00
e4d63818f5
fix: ignore tools.exec.pathPrepend for node hosts
2026-02-14 20:45:05 +01:00
65eefd65e1
docs: clarify node host PATH override behavior
2026-02-14 20:17:07 +01:00
8e5689a84d
feat(telegram): add sendPoll support ( #16193 ) ( #16209 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b58492cfed
2026-02-14 18:34:30 +01:00
6f7d31c426
fix(security): harden plugin/hook npm installs
2026-02-14 14:07:14 +01:00
f8ba8f7699
fix(docs): update outdated hooks documentation URLs ( #16165 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 8ed13fb02f
2026-02-14 13:05:37 +01:00
ab71fdf821
Plugin API: compaction/reset hooks, bootstrap file globs, memory plugin status ( #13287 )
...
* feat: add before_compaction and before_reset plugin hooks with session context
- Pass session messages to before_compaction hook
- Add before_reset plugin hook for /new and /reset commands
- Add sessionId to plugin hook agent context
* feat: extraBootstrapFiles config with glob pattern support
Add extraBootstrapFiles to agent defaults config, allowing glob patterns
(e.g. "projects/*/TOOLS.md") to auto-load project-level bootstrap files
into agent context every turn. Missing files silently skipped.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(status): show custom memory plugins as enabled, not unavailable
The status command probes memory availability using the built-in
memory-core manager. Custom memory plugins (e.g. via plugin slot)
can't be probed this way, so they incorrectly showed "unavailable".
Now they show "enabled (plugin X)" without the misleading label.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use async fs.glob and capture pre-compaction messages
- Replace globSync (node:fs) with fs.glob (node:fs/promises) to match
codebase conventions for async file operations
- Capture session.messages BEFORE replaceMessages(limited) so
before_compaction hook receives the full conversation history,
not the already-truncated list
* fix: resolve lint errors from CI (oxlint strict mode)
- Add void to fire-and-forget IIFE (no-floating-promises)
- Use String() for unknown catch params in template literals
- Add curly braces to single-statement if (curly rule)
* fix: resolve remaining CI lint errors in workspace.ts
- Remove `| string` from WorkspaceBootstrapFileName union (made all
typeof members redundant per no-redundant-type-constituents)
- Use type assertion for extra bootstrap file names
- Drop redundant await on fs.glob() AsyncIterable (await-thenable)
* fix: address Greptile review — path traversal guard + fs/promises import
- workspace.ts: use path.resolve() + traversal check in loadExtraBootstrapFiles()
- commands-core.ts: import fs from node:fs/promises, drop fs.promises prefix
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: resolve symlinks before workspace boundary check
Greptile correctly identified that symlinks inside the workspace could
point to files outside it, bypassing the path prefix check. Now uses
fs.realpath() to resolve symlinks before verifying the real path stays
within the workspace boundary.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address Greptile review — hook reliability and type safety
1. before_compaction: add compactingCount field so plugins know both
the full pre-compaction message count and the truncated count being
fed to the compaction LLM. Clarify semantics in comment.
2. loadExtraBootstrapFiles: use path.basename() for the name field
so "projects/quaid/TOOLS.md" maps to the known "TOOLS.md" type
instead of an invalid WorkspaceBootstrapFileName cast.
3. before_reset: fire the hook even when no session file exists.
Previously, short sessions without a persisted file would silently
skip the hook. Now fires with empty messages array so plugins
always know a reset occurred.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: validate bootstrap filenames and add compaction hook timeout
- Only load extra bootstrap files whose basename matches a recognized
workspace filename (AGENTS.md, TOOLS.md, etc.), preventing arbitrary
files from being injected into agent context.
- Wrap before_compaction hook in a 30-second Promise.race timeout so
misbehaving plugins cannot stall the compaction pipeline.
- Clarify hook comments: before_compaction is intentionally awaited
(plugins need messages before they're discarded) but bounded.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: make before_compaction non-blocking, add sessionFile to after_compaction
- before_compaction is now true fire-and-forget — no await, no timeout.
Plugins that need full conversation data should persist it themselves
and return quickly, or use after_compaction for async processing.
- after_compaction now includes sessionFile path so plugins can read
the full JSONL transcript asynchronously. All pre-compaction messages
are preserved on disk, eliminating the need to block compaction.
- Removes Promise.race timeout pattern that didn't actually cancel
slow hooks (just raced past them while they continued running).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add sessionFile to before_compaction for parallel processing
The session JSONL already has all messages on disk before compaction
starts. By providing sessionFile in before_compaction, plugins can
read and extract data in parallel with the compaction LLM call rather
than waiting for after_compaction. This is the optimal path for memory
plugins that need the full conversation history.
sessionFile is also kept on after_compaction for plugins that only
need to act after compaction completes (analytics, cleanup, etc.).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: move bootstrap extras into bundled hook
---------
Co-authored-by: Solomon Steadman <solstead@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Clawdbot <clawdbot@alfie.local>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 00:45:45 +01:00
1def8c5448
fix(security): extend audit hardening checks
2026-02-13 16:26:58 +01:00
57d0f65e7d
CLI: add plugins uninstall command ( #5985 ) (openclaw#6141) thanks @JustasMonkev
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test
Co-authored-by: JustasMonkev <59362982+JustasMonkev@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-12 20:11:26 -06:00
3421b2ec1e
fix: harden hook session key routing defaults
2026-02-13 02:09:14 +01:00
Peter Steinberger
Gustavo Madeira Santana
pomelo
Mikhail Beliakov
Vincent Koc
Jacob Tomlinson
Saurabh Mishra
Josh Avant
Harold Hunt
Tak Hoffman
Radek Sienkiewicz
Jealous
Bruce MacDonald
Luke
Mariano
Mariano
Tyler Yust
shichangs
arceus77-7
Jason
Sid
Ayaan Zaidi
Alberto Leal
cyb1278588254
Philipp Spiess
Peter Steinberger
Gustavo Madeira Santana
Brian Mendonca
adhitShet
Sebastian
Robby
Nicholas
solstead
JustasM