nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,862 Commits 946 Branches 95 Tags 6.4 GiB
Commit Graph

223 Commits

Author SHA1 Message Date
Peter Steinberger b66197f932
test: reduce import wrapper reload churn 2026-04-03 07:14:58 +01:00
Peter Steinberger e3674bcc04
test: streamline runtime wrapper test reloads 2026-04-03 04:41:38 +01:00
Neerav Makwana 7c7098fd1d
fix: keep inbound images readable on upgraded installs (#59971) (thanks @neeravmakwana) 
* fix(telegram): allow inbound media from config dir

Made-with: Cursor

* test: simplify local roots regression

* fix: keep inbound images readable on upgraded installs (#59971) (thanks @neeravmakwana)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-03 08:24:29 +05:30
bobbyt74 cae1d9bc6d
fix(whatsapp): add HTML/XML/CSS to MIME map + fallback for unknown media types (#51562) 
Merged via squash.

Prepared head SHA: 83f2eabd49
Co-authored-by: bobbyt74 <262672147+bobbyt74@users.noreply.github.com>
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Reviewed-by: @mcaxtr
 2026-04-02 00:25:12 -03:00
ImLukeF 101c31f5e1
test: harden ci-sensitive unit suites 2026-04-01 20:53:16 +11:00
Kenny Xie 2650ce31fc
fix(media): resolve relative MEDIA paths against agent workspace (#58624) 
* fix(media): resolve relative MEDIA: paths against agent workspace dir

* fix(agents): remove stale ollama compat import

* fix(media): preserve workspace dir in outbound access
 2026-03-31 21:09:28 -04:00
Peter Steinberger 43ef8a5a86
refactor(media): centralize outbound access plumbing 2026-04-01 00:32:53 +09:00
Peter Steinberger fc5a2f9293
fix(media): add host media read helper 2026-04-01 00:08:20 +09:00
Peter Steinberger 3bb02d3338
fix(media): align outbound sends with fs read capability 2026-04-01 00:07:50 +09:00
Vincent Koc 0ed4f8a72b
fix(media): reject oversized image inputs before decode (#58226) 
* fix(media): cap oversized image inputs

* chore(changelog): add media input guard note

* fix(media): address input guard review feedback

* fix(media): fail closed on unknown sips dimensions

* fix(media): avoid sips fallback in input guard
 2026-03-31 22:52:55 +09:00
Vincent Koc e704323ff3
fix(media): drop auth headers on cross-origin redirects (#58224) 
* fix(media): drop auth headers on cross-origin redirects

* chore(changelog): sync unreleased context

* fix(media): keep fetch-guard redirect helper working
 2026-03-31 19:57:42 +09:00
Jacob Tomlinson 781775ec08
Media: secure image temp dirs (#58270) 2026-03-31 11:12:47 +01:00
pgondhi987 f865a5455e
fix(media): drop sensitive headers on cross-origin redirects [AI] (#58156) 2026-03-31 09:22:11 +01:00
Peter Steinberger 6b6ddcd2a6
test: speed up core runtime suites 2026-03-31 02:25:02 +01:00
Shakker 1dda032531 style: format rebased main files 2026-03-31 01:40:55 +01:00
Jacob Tomlinson 1ca4261d7e
fix(media): keep local roots configuration-derived (#57770) 
* fix(media): keep local roots configuration-derived

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>

* fix(media): simplify local root lookup

* fix(media): keep legacy local roots export
 2026-03-30 17:15:03 +01:00
Sean c6f2db1506
fix: prevent gateway attachment offload regressions (#55513) (thanks @Syysean) 
* feat(gateway): implement claim check pattern to prevent OOM on large attachments

* fix: sanitize mediaId, refine trimEnd, remove warn log, add threshold and absolute path

* fix: enforce maxBytes before decoding and use dynamic path from saveMediaBuffer

* fix: enforce absolute maxBytes limit before Buffer allocation and preserve file extensions

* fix: align saveMediaBuffer arguments and satisfy oxfmt linter

* chore: strictly enforce linting rules (curly braces, unused vars, and error typing)

* fix: restrict offload to mainstream mimes to avoid extension-loss bug in store.ts for BMP/TIFF

* fix: restrict offload to mainstream mimes to bypass store.ts extension-loss bug

* chore: document bmp/tiff exclusion from offload whitelist in MIME_TO_EXT

* feat: implement agent-side resolver for opaque media URIs and finalize contract

* fix: support unicode media URIs and allow consecutive dots in safe IDs based on Codex review

* fix(gateway): enforce strict fail-fast for oversized media to prevent OOM bypass

* refactor(gateway): harden media offload with performance and security optimizations

This update refines the Claim Check pattern with industrial-grade guards:

- Performance: Implemented sampled Base64 validation for large payloads (>4KB) to prevent event loop blocking.
- Security: Added null-byte (\u0000) detection and reinforced path traversal guards.
- I18n: Updated media-uri regex to a blacklist-based character class for Unicode/Chinese filename support, with oxlint bypass for intentional control regex.
- Robustness: Enhanced error diagnostics with JSON-serialized IDs.

* fix: add HEIC/HEIF to offload allowlist and pass maxBytes to saveMediaBuffer

* fix(gateway): clean up offloaded media files on attachment parse failure

Address Codex review feedback: track saved media IDs and implement best-effort cleanup via deleteMediaBuffer if subsequent attachments fail validation, preventing orphaned files on disk.

* fix(gateway): enforce full base64 validation to prevent whitespace padding bypass

Address Codex review feedback: remove early return in isValidBase64 so padded payloads cannot bypass offload thresholds and reintroduce memory pressure. Updated related comments.

* fix(gateway): preserve offloaded media metadata and fix validation error mapping

Address Codex review feedback:
- Add \offloadedRefs\ to \ParsedMessageWithImages\ to expose structured metadata for offloaded attachments, preventing transcript media loss.
- Move \erifyDecodedSize\ outside the storage try-catch block to correctly surface client base64 validation failures as 4xx errors instead of 5xx \MediaOffloadError\.
- Add JSDoc TODOs indicating that upstream callers (chat.ts, agent.ts, server-node-events.ts) must explicitly pass the \supportsImages\ flag.

* fix(agents): explicitly allow media store dir when loading offloaded images

Address Codex review feedback: Pass getMediaDir() to loadWebMedia's localRoots for media-uri refs to prevent legacy path resolution mismatches from silently dropping large attachments.

* fix(gateway): resolve attachment offload regressions and error mapping

Address Codex review feedback:
- Pass \supportsImages\ dynamically in \chat.ts\ and \gent.ts\ based on model catalog, and explicitly in \server-node-events.ts\.
- Persist \offloadedRefs\ into the transcript pipeline in \chat.ts\ to preserve media metadata for >2MB attachments.
- Correctly map \MediaOffloadError\ to 5xx (UNAVAILABLE) to differentiate server storage faults from 4xx client validation errors.

* fix(gateway): dynamically compute supportsImages for overrides and node events

Address follow-up Codex review feedback:

- Use effective model (including overrides) to compute \supportsImages\ in \gent.ts\.

- Move session load earlier in \server-node-events.ts\ to dynamically compute \supportsImages\ rather than hardcoding true.

* fix(gateway): resolve capability edge cases reported by codex

Address final Codex edge cases:
- Refactor \gent.ts\ to compute \supportsImages\ even when no session key is present, ensuring text-only override requests without sessions safely drop attachments.
- Update catalog lookups in \chat.ts\, \gent.ts\, and \server-node-events.ts\ to strictly match both \id\ and \provider\ to prevent cross-provider model collisions.

* fix(agents): restore before_install hook for skill installs

Restore the plugin scanner security hook that was accidentally dropped during merge conflict resolution.

* fix: resolve attachment pathing, defer parsing after auth gates, and clean up node-event mocks

* fix: resolve syntax errors in test-env, fix missing helper imports, and optimize parsing sequence in node events

* fix(gateway): re-enforce message length limit after attachment parsing

Adds a secondary check to ensure the 20,000-char cap remains effective even after media markers are appended during the offload flow.

* fix(gateway): prevent dropping valid small images and clean up orphaned media on size rejection

* fix(gateway): share attachment image capability checks

* fix(gateway): preserve mixed attachment order

* fix: fail closed on unknown image capability (#55513) (thanks @Syysean)

* fix: classify offloaded attachment refs explicitly (#55513) (thanks @Syysean)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-30 20:54:40 +05:30
Peter Steinberger 8061b792b2 test: repair focused unit lane drift 2026-03-28 11:41:06 +00:00
Peter Steinberger 48b2eb2604 test: fix media and channel regression expectations 2026-03-28 08:10:47 +00:00
Ayaan Zaidi 0feeea0994
test: make media symlink fixture idempotent 2026-03-28 13:30:11 +05:30
Ayaan Zaidi 912bd1f5cc
test: align media parse expectations 2026-03-28 13:29:14 +05:30
Peter Steinberger e7c1fcba0c test: dedupe media utility suites 2026-03-28 07:31:40 +00:00
Peter Steinberger b4fe0faf1b test: dedupe config and utility suites 2026-03-28 00:46:53 +00:00
Peter Steinberger fef688fb7a test: dedupe utility and config suites 2026-03-28 00:26:55 +00:00
Jacob Tomlinson 824e16f9dd
fix(media): require fs access for dynamic local roots (#55946) 
* fix(media): require fs access for dynamic local roots

* fix(media): tighten fs root expansion policy

* fix(media): align fs root expansion with effective policy
 2026-03-27 19:06:02 +00:00
Peter Steinberger 8ddeada97d test: move extension-owned coverage into plugins 2026-03-27 15:11:33 +00:00
Val Alexander bb932beeac Media: respect umask and clean failed downloads 2026-03-27 08:55:06 -05:00
Val Alexander 206c29514c Media: enforce file mode after writes 2026-03-27 08:55:06 -05:00
Peter Steinberger 4019671331 refactor: add runtime-boundary plugin test seams 2026-03-27 13:46:17 +00:00
Anmol Ahuja c40884d306
Prefer non-user writeable paths (#54346) 
* infra: trust system binary roots

* infra: isolate windows install root overrides

* infra: narrow windows reg lookup

* browser: restore windows executable comments

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-03-27 11:29:32 +00:00
Peter Steinberger 5f9f08394a refactor: share matrix and telegram dedupe helpers 2026-03-26 15:08:45 +00:00
Peter Steinberger 2ed11a375a refactor: share web media loader 2026-03-26 14:55:32 +00:00
Devin Robison 4797bbc5b9
fix: reject path traversal and home-dir patterns in media parse layer (#54642) 
* fix: reject path traversal and home-dir patterns in media parse layer

* Update parse tests
 2026-03-25 13:35:16 -06:00
Peter Steinberger ee714f5a42
test(media): make local roots fixture windows-safe 2026-03-25 06:24:39 -07:00
Peter Steinberger c92002e1de
fix(media): align outbound media access with fs policy 2026-03-25 05:50:21 -07:00
Jealous 2c3cf4f387 chore(tts): rename VOICE_BUBBLE identifiers to OPUS and update docs 2026-03-25 10:49:21 +05:30
Peter Steinberger 1ba436b372 test: speed up media and image-generation suites 2026-03-24 23:45:33 +00:00
Peter Steinberger 6f6468027a refactor: dedupe test and runtime seams 2026-03-24 23:33:30 +00:00
Peter Steinberger d2e0cfc09f test: speed up media fetch suite 2026-03-24 17:27:02 +00:00
Peter Steinberger d884676dd2 test: speed up whatsapp and shared test suites 2026-03-24 15:16:18 +00:00
Peter Steinberger 9105b3723d
test: harden no-isolate test module resets 2026-03-23 01:02:16 -07:00
Peter Steinberger dc90d3b1d3
refactor(media): share local file access guards 2026-03-23 00:58:23 -07:00
Peter Steinberger 4fd7feb0fd
fix(media): block remote-host file URLs in loaders 2026-03-23 00:29:46 -07:00
Peter Steinberger 55ad5d7bd7
fix(security): harden explicit-proxy SSRF pinning 2026-03-22 23:05:42 -07:00
Peter Steinberger 81445a9010
fix(media): bound remote error-body snippet reads 2026-03-22 22:43:42 -07:00
Peter Steinberger 2773f33084
test: stabilize vitest no-isolate suites 2026-03-22 14:28:43 -07:00
Peter Steinberger 8aca2fdc73 refactor: reuse shared core account lookups 2026-03-22 20:30:20 +00:00
Peter Steinberger 0404c16217 test: harden media local roots path assertions 2026-03-22 19:47:11 +00:00
Peter Steinberger 1822db9227
test: harden no-isolate timer and undici seams 2026-03-22 12:04:11 -07:00
Peter Steinberger 1ceaad18a6
test: harden vitest no-isolate coverage 2026-03-22 10:48:21 -07:00