nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/scripts
History
Josh Avant 806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials (#29580) 
* feat(secrets): expand secret target coverage and gateway tooling

* docs(secrets): align gateway and CLI secret docs

* chore(protocol): regenerate swift gateway models for secrets methods

* fix(config): restore talk apiKey fallback and stabilize runner test

* ci(windows): reduce test worker count for shard stability

* ci(windows): raise node heap for test shard stability

* test(feishu): make proxy env precedence assertion windows-safe

* fix(gateway): resolve auth password SecretInput refs for clients

* fix(gateway): resolve remote SecretInput credentials for clients

* fix(secrets): skip inactive refs in command snapshot assignments

* fix(secrets): scope gateway.remote refs to effective auth surfaces

* fix(secrets): ignore memory defaults when enabled agents disable search

* fix(secrets): honor Google Chat serviceAccountRef inheritance

* fix(secrets): address tsgo errors in command and gateway collectors

* fix(secrets): avoid auth-store load in providers-only configure

* fix(gateway): defer local password ref resolution by precedence

* fix(secrets): gate telegram webhook secret refs by webhook mode

* fix(secrets): gate slack signing secret refs to http mode

* fix(secrets): skip telegram botToken refs when tokenFile is set

* fix(secrets): gate discord pluralkit refs by enabled flag

* fix(secrets): gate discord voice tts refs by voice enabled

* test(secrets): make runtime fixture modes explicit

* fix(cli): resolve local qr password secret refs

* fix(cli): fail when gateway leaves command refs unresolved

* fix(gateway): fail when local password SecretRef is unresolved

* fix(gateway): fail when required remote SecretRefs are unresolved

* fix(gateway): resolve local password refs only when password can win

* fix(cli): skip local password SecretRef resolution on qr token override

* test(gateway): cast SecretRef fixtures to OpenClawConfig

* test(secrets): activate mode-gated targets in runtime coverage fixture

* fix(cron): support SecretInput webhook tokens safely

* fix(bluebubbles): support SecretInput passwords across config paths

* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths

* fix(bluebubbles): align SecretInput schema helper typing

* fix(cli): clarify secrets.resolve version-skew errors

* refactor(secrets): return structured inactive paths from secrets.resolve

* refactor(gateway): type onboarding secret writes as SecretInput

* chore(protocol): regenerate swift models for secrets.resolve

* feat(secrets): expand extension credential secretref support

* fix(secrets): gate web-search refs by active provider

* fix(onboarding): detect SecretRef credentials in extension status

* fix(onboarding): allow keeping existing ref in secret prompt

* fix(onboarding): resolve gateway password SecretRefs for probe and tui

* fix(onboarding): honor secret-input-mode for local gateway auth

* fix(acp): resolve gateway SecretInput credentials

* fix(secrets): gate gateway.remote refs to remote surfaces

* test(secrets): cover pattern matching and inactive array refs

* docs(secrets): clarify secrets.resolve and remote active surfaces

* fix(bluebubbles): keep existing SecretRef during onboarding

* fix(tests): resolve CI type errors in new SecretRef coverage

* fix(extensions): replace raw fetch with SSRF-guarded fetch

* test(secrets): mark gateway remote targets active in runtime coverage

* test(infra): normalize home-prefix expectation across platforms

* fix(cli): only resolve local qr password refs in password mode

* test(cli): cover local qr token mode with unresolved password ref

* docs(cli): clarify local qr password ref resolution behavior

* refactor(extensions): reuse sdk SecretInput helpers

* fix(wizard): resolve onboarding env-template secrets before plaintext

* fix(cli): surface secrets.resolve diagnostics in memory and qr

* test(secrets): repair post-rebase runtime and fixtures

* fix(gateway): skip remote password ref resolution when token wins

* fix(secrets): treat tailscale remote gateway refs as active

* fix(gateway): allow remote password fallback when token ref is unresolved

* fix(gateway): ignore stale local password refs for none and trusted-proxy

* fix(gateway): skip remote secret ref resolution on local call paths

* test(cli): cover qr remote tailscale secret ref resolution

* fix(secrets): align gateway password active-surface with auth inference

* fix(cli): resolve inferred local gateway password refs in qr

* fix(gateway): prefer resolvable remote password over token ref pre-resolution

* test(gateway): cover none and trusted-proxy stale password refs

* docs(secrets): sync qr and gateway active-surface behavior

* fix: restore stability blockers from pre-release audit

* Secrets: fix collector/runtime precedence contradictions

* docs: align secrets and web credential docs

* fix(rebase): resolve integration regressions after main rebase

* fix(node-host): resolve gateway secret refs for auth

* fix(secrets): harden secretinput runtime readers

* gateway: skip inactive auth secretref resolution

* cli: avoid gateway preflight for inactive secret refs

* extensions: allow unresolved refs in onboarding status

* tests: fix qr-cli module mock hoist ordering

* Security: align audit checks with SecretInput resolution

* Gateway: resolve local-mode remote fallback secret refs

* Node host: avoid resolving inactive password secret refs

* Secrets runtime: mark Slack appToken inactive for HTTP mode

* secrets: keep inactive gateway remote refs non-blocking

* cli: include agent memory secret targets in runtime resolution

* docs(secrets): sync docs with active-surface and web search behavior

* fix(secrets): keep telegram top-level token refs active for blank account tokens

* fix(daemon): resolve gateway password secret refs for probe auth

* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled

* fix(secrets): align token inheritance and exec timeout defaults

* docs(secrets): clarify active-surface notes in cli docs

* cli: require secrets.resolve gateway capability

* gateway: log auth secret surface diagnostics

* secrets: remove dead provider resolver module

* fix(secrets): restore gateway auth precedence and fallback resolution

* fix(tests): align plugin runtime mock typings

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 		2026-03-03 02:58:20 +00:00
..
dev refactor(scripts): dedupe guard checks and smoke helpers 2026-03-02 08:54:20 +00:00
docker ci: fix install smoke docker helper path 2026-03-02 11:01:56 +00:00
docs-i18n chore(security): bump qs and golang.org/x/net 2026-02-14 21:22:46 +01:00
e2e fix: isolate docker onboard e2e config env 2026-03-02 04:10:28 +00:00
lib refactor(scripts): share guard runners and paged select UI 2026-03-02 14:36:41 +00:00
podman fix: sed escaping and UID mismatch in Podman Quadlet setup (#26414) 2026-02-28 09:20:18 -08:00
pre-commit refactor: centralize pre-commit file filtering 2026-02-16 03:42:11 +01:00
repro fix: run cli scripts via node build runner 2026-01-18 18:43:39 +00:00
shell-helpers fix(clawdock): include docker-compose.extra.yml in helper commands (#17094) 2026-02-19 03:40:47 -08:00
systemd refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
auth-monitor.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
bench-cli-startup.ts CLI: add root --help fast path and lazy channel option resolution (#30975) 2026-03-01 14:23:46 -08:00
bench-model.ts chore: apply local workspace updates (#9911) 2026-02-05 16:54:44 -05:00
build-and-run-mac.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
build-docs-list.mjs chore: Enable linting in `scripts`. 2026-01-31 21:29:14 +09:00
build_icon.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
bundle-a2ui.sh Chore: harden A2UI bundle dependency resolution (#22507) 2026-02-21 13:16:31 +05:30
canvas-a2ui-copy.ts chore: Also format `scripts` and `skills`. 2026-01-31 21:21:25 +09:00
changelog-to-html.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
check-channel-agnostic-boundaries.mjs refactor(scripts): dedupe guard checks and smoke helpers 2026-03-02 08:54:20 +00:00
check-composite-action-input-interpolation.py ci: harden workflow action input handling 2026-02-19 15:27:48 +01:00
check-ingress-agent-owner-context.mjs fix(security): enforce explicit ingress owner context 2026-03-02 23:50:36 +00:00
check-no-pairing-store-group-auth.mjs refactor(scripts): share guard runners and paged select UI 2026-03-02 14:36:41 +00:00
check-no-random-messaging-tmp.mjs refactor(scripts): share guard runners and paged select UI 2026-03-02 14:36:41 +00:00
check-no-raw-channel-fetch.mjs refactor(scripts): share guard runners and paged select UI 2026-03-02 14:36:41 +00:00
check-no-raw-window-open.mjs refactor(scripts): dedupe guard checks and smoke helpers 2026-03-02 08:54:20 +00:00
check-no-register-http-handler.mjs chore(lint): add registerHttpHandler usage guard script 2026-03-02 16:24:06 +00:00
check-pairing-account-scope.mjs refactor(scripts): share guard runners and paged select UI 2026-03-02 14:36:41 +00:00
check-plugin-sdk-exports.mjs fix(plugin-sdk): add export verification tests and release guard (#27569) 2026-03-02 21:30:44 +00:00
check-ts-max-loc.ts chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
check-webhook-auth-body-order.mjs refactor: split webhook ingress and policy guards 2026-03-02 18:02:21 +00:00
ci-changed-scope.mjs ci: move changed-scope logic into tested script 2026-03-03 02:37:23 +00:00
claude-auth-status.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
clawlog.sh fix(security): harden clawlog command execution 2026-03-01 23:33:13 +00:00
clawtributors-map.json 🤖 Feishu: expand channel support 2026-02-05 12:29:04 -08:00
codesign-mac-app.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
codespell-dictionary.txt docs: add custom spellcheck dictionary and fix docs typos (#22457) 2026-02-21 01:35:35 -05:00
codespell-ignore.txt fix(ci): make docs spellcheck fallback deterministic 2026-02-21 15:08:28 +01:00
committer chore: block node_modules commits 2026-01-18 22:28:59 +00:00
copy-export-html-templates.ts refactor: bundle export-html templates instead of reading from node_modules 2026-02-17 00:00:57 +01:00
copy-hook-metadata.ts fix: all bundled hooks broken since 2026.2.2 (tsdown migration) (#9295) 2026-02-09 11:35:47 +09:00
create-dmg.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
cron_usage_report.ts fix(ci): restore main lint/typecheck after direct merges 2026-02-16 23:26:11 +00:00
debug-claude-usage.ts chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
docs-link-audit.mjs fix: docs broken links and improve link checker (#13056) 2026-02-09 18:45:06 -08:00
docs-list.js chore: Enable linting in `scripts`. 2026-01-31 21:29:14 +09:00
docs-spellcheck.sh fix(ci): make docs spellcheck fallback deterministic 2026-02-21 15:08:28 +01:00
firecrawl-compare.ts chore: Enable linting in `scripts`. 2026-01-31 21:29:14 +09:00
generate-host-env-security-policy-swift.mjs refactor(security): enforce v1 node exec approval binding 2026-02-26 18:09:01 +01:00
generate-secretref-credential-matrix.ts feat(secrets): expand SecretRef coverage across user-supplied credentials (#29580) 2026-03-03 02:58:20 +00:00
ghsa-patch.mjs refactor(security): enforce v1 node exec approval binding 2026-02-26 18:09:01 +01:00
install.ps1 fix: handle PowerShell execution policy on Windows install (#24794) 2026-03-02 11:09:01 -06:00
install.sh refactor(runtime): unify node version guard parsing 2026-03-03 02:19:34 +00:00
ios-configure-signing.sh fix(ios): auto-generate local signing overrides (#20716) 2026-02-19 15:48:46 +08:00
ios-team-id.sh fix(ios): normalize team IDs before preferred match 2026-02-24 15:02:27 +00:00
label-open-issues.ts refactor: dedupe extension and ui helpers 2026-03-02 19:57:33 +00:00
make_appcast.sh fix: support legacy and beta prerelease version formats 2026-02-24 02:05:37 +00:00
mobile-reauth.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
notarize-mac-artifact.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
package-mac-app.sh fix(macos): derive canonical APP_BUILD after deps install 2026-02-28 10:04:25 +05:30
package-mac-dist.sh fix(macos): set release bundle ID so Sparkle auto-update works (#19750) 2026-02-20 12:08:10 +05:30
pr fix(scripts/pr): SSH-first prhead remote with GraphQL fallback for fork PRs (#32126) 2026-03-03 02:46:01 +00:00
pr-merge chore: fix root_dir resolution/stale scripts during PR review 2026-02-13 15:09:39 -05:00
pr-prepare chore: fix root_dir resolution/stale scripts during PR review 2026-02-13 15:09:39 -05:00
pr-review chore: fix root_dir resolution/stale scripts during PR review 2026-02-13 15:09:39 -05:00
protocol-gen-swift.ts fix: stabilize swift protocol generation and flaky tests 2026-02-21 16:53:46 +01:00
protocol-gen.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
readability-basic-compare.ts chore: Enable linting in `scripts`. 2026-01-31 21:29:14 +09:00
recover-orphaned-processes.sh fix: reset stale execution state after SIGUSR1 in-process restart (#15195) 2026-02-13 15:30:09 -05:00
release-check.ts fix: restore release-check control flow after export guard merge 2026-03-02 21:35:12 +00:00
restart-mac.sh refactor: replace bot.molt identifiers with ai.openclaw 2026-02-25 05:03:24 +00:00
run-node.d.mts chore: Fix types in tests 33/N. 2026-02-17 15:50:07 +09:00
run-node.mjs fix(gateway): remove watch-mode build/start race (#18782) 2026-02-17 11:24:08 +09:00
run-openclaw-podman.sh fix(podman): default run-openclaw-podman bind to loopback (land #27491, thanks @robbyczgw-cla) 2026-02-26 12:13:20 +00:00
sandbox-browser-entrypoint.sh feat(security): Harden Docker browser container chromium flags (#23889) (#31504) 2026-03-02 11:28:27 -08:00
sandbox-browser-setup.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
sandbox-common-setup.sh refactor(sandbox): add sandbox-common dockerfile 2026-02-15 00:57:13 +01:00
sandbox-setup.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
setup-auth-system.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
sparkle-build.ts fix(release): unify sparkle build policy and defaults 2026-02-28 10:04:25 +05:30
sqlite-vec-smoke.mjs chore: Also format `scripts` and `skills`. 2026-01-31 21:21:25 +09:00
sync-labels.ts CI: add PR size autolabel workflow (#14410) 2026-02-11 21:12:27 -06:00
sync-moonshot-docs.ts Docs: fix Moonshot sync markers (#6789) 2026-02-02 03:38:14 +01:00
sync-plugin-versions.ts fix(feishu): restore group command fallback and plugin deps 2026-02-22 19:13:19 +01:00
termux-auth-widget.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
termux-quick-auth.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
termux-sync-widget.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
test-cleanup-docker.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
test-force.ts chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
test-hotspots.mjs chore(test): add vitest hotspot reporter script 2026-03-03 00:43:01 +00:00
test-install-sh-docker.sh ci: fix install smoke docker helper path 2026-03-02 11:01:56 +00:00
test-install-sh-e2e-docker.sh refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
test-live-gateway-models-docker.sh test: cap docker live model sweeps and harden timeouts 2026-02-25 02:48:34 +00:00
test-live-models-docker.sh test: cap docker live model sweeps and harden timeouts 2026-02-25 02:48:34 +00:00
test-parallel.mjs test: isolate high-variance suites in parallel scheduler 2026-03-02 22:29:13 +00:00
test-perf-budget.mjs test(perf): slim ios team-id harness and add perf budget guard 2026-03-03 00:20:46 +00:00
test-shell-completion.ts style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
ui.js fix(scripts): harden Windows UI spawn behavior 2026-02-16 20:49:09 -05:00
update-clawtributors.ts fix: agent-only announce path, BB message IDs, sender identity, SSRF allowlist (#23970) 2026-03-01 22:52:11 -08:00
update-clawtributors.types.ts fix: agent-only announce path, BB message IDs, sender identity, SSRF allowlist (#23970) 2026-03-01 22:52:11 -08:00
watch-node.d.mts chore: Fix types in tests 33/N. 2026-02-17 15:50:07 +09:00
watch-node.mjs fix(gateway): remove watch-mode build/start race (#18782) 2026-02-17 11:24:08 +09:00
write-build-info.ts chore: Enable linting in `scripts`. 2026-01-31 21:29:14 +09:00
write-cli-compat.ts fix (cli): harden daemon compat shim for minimal bundle exports 2026-02-14 20:53:32 -08:00
write-cli-startup-metadata.ts CLI: add root --help fast path and lazy channel option resolution (#30975) 2026-03-01 14:23:46 -08:00
write-plugin-sdk-entry-dts.ts fix(slack): download all files in multi-image messages (#15447) 2026-02-14 14:16:02 +01:00
zai-fallback-repro.ts chore: apply local workspace updates (#9911) 2026-02-05 16:54:44 -05:00