openclaw

Author	SHA1	Message	Date
Peter Steinberger	b79e7fdb7a	fix(image): propagate workspace root for image allowlist (#16722 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 24a13675cbc71b261726d83656233691e2e44b0e Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete	2026-02-15 03:08:28 +01:00
Vignesh Natarajan	69dd1a31bf	Changelog: note remote skills cache disconnect cleanup	2026-02-14 18:02:17 -08:00
Vignesh Natarajan	6f6954fb34	Changelog: note directory cache bounds hardening	2026-02-14 17:58:11 -08:00
Vignesh Natarajan	c6bac6703e	Changelog: note Slack thread starter cache bounds	2026-02-14 17:55:25 -08:00
Vignesh Natarajan	bb53d984d3	Changelog: note abort memory map hardening	2026-02-14 17:52:24 -08:00
Vignesh Natarajan	377bb9073e	Changelog: note agentRunSeq map hardening	2026-02-14 17:50:52 -08:00
Tyler Yust	edb06170f5	fix(image): allow workspace and sandbox media paths (#15541 )	2026-02-14 17:46:36 -08:00
Vignesh Natarajan	56708b636e	Changelog: note diagnostic session-state bounds	2026-02-14 17:30:10 -08:00
Vignesh Natarajan	d70cc39544	Changelog: note memory watcher FD-pressure hardening	2026-02-14 17:25:10 -08:00
Vignesh Natarajan	41d7d0e2e6	Changelog: note TUI gateway bind URL fix	2026-02-14 17:16:17 -08:00
Vignesh Natarajan	aa09be168d	Changelog: note media local root allowlist update	2026-02-14 17:10:58 -08:00
Vignesh Natarajan	21ee5c0aaf	Changelog: note sandbox bind-mount file tool fix	2026-02-14 16:54:37 -08:00
Vignesh Natarajan	f18e3fba79	Changelog: note explicit TUI session override fix	2026-02-14 16:40:52 -08:00
Vignesh Natarajan	b08146fad6	TUI/Gateway: emit internal hooks for /new and /reset	2026-02-14 16:33:42 -08:00
Gustavo Madeira Santana	a8c30634ac	changelog: add workspace onboarding attribution	2026-02-14 19:20:27 -05:00
Gustavo Madeira Santana	28b78b25b7	fix(workspace): persist bootstrap onboarding state	2026-02-14 19:20:27 -05:00
Vignesh Natarajan	3f69607d8c	Changelog: configurable LanceDB capture limit	2026-02-14 16:03:40 -08:00
Vignesh Natarajan	53a8f474ee	Memory/QMD: handle fallback init failures gracefully	2026-02-14 15:42:02 -08:00
Vignesh Natarajan	c4dbcc3444	Memory/QMD: make status checks side-effect free	2026-02-14 15:42:02 -08:00
Robby	ceb934299b	fix(workspace): create BOOTSTRAP.md regardless of workspace state (#16457 ) (#16504 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: a57718c09e9b601087edcb3ee15dd7ac6b96fee2 Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-14 18:41:35 -05:00
Charlie Greenman	dec6859702	agents: reduce prompt token bloat from exec and context (#16539 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 8e1635fa3fdfb199a58bd53e816abc41cd400d44 Co-authored-by: CharlieGreenman <8540141+CharlieGreenman@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-14 18:32:45 -05:00
Vignesh Natarajan	2547514b47	Memory/QMD: treat prefixed no-results markers as empty	2026-02-14 15:31:52 -08:00
Peter Steinberger	abf42abd41	fix: LINE webhook verification 200; fix tsgo error (#16582 ) (thanks @arosstale)	2026-02-15 00:27:12 +01:00
Peter Steinberger	90117a3849	docs: consolidate 2026.2.14 changelog	2026-02-15 00:05:51 +01:00
Peter Steinberger	9e2e57458e	docs(changelog): soften exec allowlist scope note	2026-02-15 00:03:21 +01:00
Vignesh Natarajan	c0bf6bc24f	Memory/QMD: parse scope once in qmd scope checks	2026-02-14 14:59:18 -08:00
Vignesh Natarajan	0fdcb3be43	Memory/QMD: skip unchanged session export writes	2026-02-14 14:59:18 -08:00
Vignesh Natarajan	83e08b3bd5	Memory/QMD: optimize qmd readFile for line-window reads	2026-02-14 14:59:18 -08:00
Vignesh Natarajan	62aae7f69d	Memory/QMD: add limit arg to search command	2026-02-14 14:59:18 -08:00
Vignesh Natarajan	19df928e7f	Memory/QMD: robustly parse noisy qmd JSON output	2026-02-14 14:59:18 -08:00
Vignesh Natarajan	6bf333bf31	Memory/QMD: prefer exact docid lookup in index	2026-02-14 14:59:18 -08:00
Vignesh Natarajan	f9f816d139	Memory/QMD: cap qmd command output buffering	2026-02-14 14:59:18 -08:00
Bin Deng	c0cd3c3c08	fix: add safety timeout to session.compact() to prevent lane deadlock (#16533 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 21e4045addca7a424828478d84dd5e4b202cbcfd Co-authored-by: BinHPdev <219093083+BinHPdev@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-14 17:54:12 -05:00
Peter Steinberger	7d658410e5	docs(changelog): clarify exec allowlist mode only	2026-02-14 23:51:15 +01:00
Peter Steinberger	db60b424a2	docs(changelog): note exec allowlist command substitution fix	2026-02-14 23:51:15 +01:00
Vishal Doshi	3efb752124	fix(gateway): abort active runs during sessions.reset (#16576 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 43da87f2dfd38133210f98422255705d09ae7922 Co-authored-by: Grynn <212880+Grynn@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-14 17:42:33 -05:00
Peter Steinberger	a99ad11a41	fix: validate state for manual Chutes OAuth	2026-02-14 23:33:56 +01:00
Gustavo Madeira Santana	8217d77ece	fix(cli): run plugin gateway_stop hooks before message exit (#16580 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 8542ac77ae183e19a0700c3bb0304ab06bb7d568 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-14 17:33:08 -05:00
Peter Steinberger	d02202e765	docs(changelog): note clawtributors updater injection fix	2026-02-14 23:26:39 +01:00
Peter Steinberger	a429380e33	fix(scripts): harden clawtributors updater	2026-02-14 23:25:32 +01:00
Bruno Škvorc	dbdcbe03e7	fix: preserve bootstrap paths and expose failed mutations (#16131 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 385dcbd8a9d3fd1bd67b5cb439b699a98728a679 Co-authored-by: Swader <1430603+Swader@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-14 17:01:16 -05:00
Peter Steinberger	c0c0e0f9ae	fix(security): block full-form IPv4-mapped IPv6 in SSRF guard	2026-02-14 22:58:38 +01:00
Peter Steinberger	9e7aab9baf	docs(changelog): credit logicx24 for plugin install traversal report	2026-02-14 22:54:38 +01:00
yinghaosang	8927c69b3f	fix(cli): stop message send from hanging forever after delivery (#16460 ) (#16491 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 78dffc9e99533715abf23d40062ed38a0fec4a50 Co-authored-by: yinghaosang <261132136+yinghaosang@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-14 16:53:56 -05:00
Peter Steinberger	576f7072a7	docs(changelog): credit @simecek for gateway connect auth fix	2026-02-14 22:42:35 +01:00
Gustavo Madeira Santana	48b3d7096c	fix: harden device pairing token generation and verification (#16535 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: bcbb50e3683b12643d8eb2ef3fde74dd3a3ac4a7 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-14 16:23:33 -05:00
Peter Steinberger	0b20ee2722	docs(changelog): note gateway /approve scope fix	2026-02-14 22:14:18 +01:00
Peter Steinberger	938b1dd1e7	docs(changelog): fix gatewayUrl SSRF entry	2026-02-14 22:08:28 +01:00
Peter Steinberger	3513ff09de	docs(changelog): note Telegram webhookSecret hard requirement	2026-02-14 22:08:19 +01:00
Peter Steinberger	c5406e1d24	fix(security): prevent gatewayUrl SSRF	2026-02-14 22:01:11 +01:00

... 39 40 41 42 43 ...

4601 Commits