Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,080 Commits 756 Branches 79 Tags
Commit Graph

41 Commits

Author SHA1 Message Date
SidQin-cyber
c4711a9b69 fix(gateway): let POST requests pass through root-mounted Control UI to plugin handlers 
The Control UI handler checked HTTP method before path routing, causing
all POST requests (including plugin webhook endpoints like /bluebubbles-webhook)
to receive 405 Method Not Allowed.  Move the method check after path-based
exclusions so non-GET/HEAD requests reach plugin HTTP handlers.

Closes #31344

Made-with: Cursor
 2026-03-02 16:06:48 +00:00
Tyler Yust
f918b336d1
fix: agent-only announce path, BB message IDs, sender identity, SSRF allowlist (#23970) 
* fix(agents): defer announces until descendant cleanup settles

* fix(bluebubbles): harden message metadata extraction

* feat(contributors): rank by composite score (commits, PRs, LOC, tenure)

* refactor(control-ui): move method guard after path checks to improve request handling

* fix subagent completion announce when only current run is pending

* fix(subagents): keep orchestrator runs active until descendants finish

* fix: prepare PR feedback follow-ups (#23970) (thanks @tyler6204)
 2026-03-01 22:52:11 -08:00
Gustavo Madeira Santana
8e69fd80e0 Gateway: harden control-ui vs plugin HTTP precedence 2026-03-01 22:38:14 -05:00
Sid
c1428e8df9
fix(gateway): prevent /api/* routes from returning SPA HTML when basePath is empty (#30333) 
Merged via squash.

Prepared head SHA: 12591f304e5db80b0a49d44b3adeecace5ce228c
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-03-01 22:23:54 +01:00
Peter Steinberger
e3385a6578 fix(security): harden root file guards and host writes 2026-02-26 13:32:58 +01:00
Peter Steinberger
13db0b88f5 refactor(gateway): share safe avatar file open checks 2026-02-22 23:12:45 +01:00
Peter Steinberger
6970c2c2db fix(gateway): harden control-ui avatar reads 2026-02-22 22:40:22 +01:00
bmendonca3
6ac89757ba
Security/Gateway: harden Control UI static path containment (#21203) 
* Security/Gateway: harden Control UI static path containment

* gateway: block control-ui symlink escapes

* CI: retrigger flaky node test lane

---------

Co-authored-by: Brian Mendonca <brianmendonca@Brians-MacBook-Air.local>
 2026-02-21 23:47:51 +01:00
Peter Steinberger
4ef4aa3c10 refactor(gateway): streamline control-ui secure file serving 2026-02-21 23:36:55 +01:00
Peter Steinberger
7c500ff623 fix(security): harden control-ui static path resolution 2026-02-21 23:10:55 +01:00
Marcus Castro
618b36f07a
fix(gateway): return 404 for missing static assets instead of SPA fallback (#12060) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 32d2ca7a13cbce69e4ea819fed6841f28bbd1b9d
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:41:57 +00:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2
chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf
chore: Update formatting. 2026-02-17 09:18:40 +09:00
Peter Steinberger
c6e6023e3a refactor(gateway): share Control UI bootstrap contract and CSP 2026-02-16 03:50:39 +01:00
Peter Steinberger
adc818db4a fix(gateway): serve Control UI bootstrap config and lock down CSP 2026-02-16 03:15:57 +01:00
Peter Steinberger
66d8117d44 fix: harden control ui framing + ws origin 2026-02-03 16:00:57 -08:00
Gustavo Madeira Santana
5935c4d23d fix(ui): fix web UI after tsdown migration and typing changes 2026-02-03 13:56:20 -05:00
cpojer
f06dd8df06
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1
chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
d297e17958 refactor: centralize control ui avatar helpers 2026-01-22 23:41:36 +00:00
Peter Steinberger
482fcd2f2c fix: resolve control UI avatar URLs (#1457) (thanks @dlauer) 2026-01-22 21:58:46 +00:00
Dave Lauer
ffca65d15f fix(gateway): resolve local avatars to URL in HTML injection and RPC 
The frontend fix alone wasn't enough because:
1. serveIndexHtml() was injecting the raw avatar filename into HTML
2. agent.identity.get RPC was returning raw filename, overwriting the
   HTML-injected value

Now both paths resolve local file avatars (*.png, *.jpg, etc.) to the
/avatar/{agentId} endpoint URL.
 2026-01-22 15:16:31 -05:00
Peter Steinberger
8544df36b8 feat: extend Control UI assistant identity 2026-01-22 07:08:13 +00:00
Robby
3125637ad6 feat(webui): add custom assistant identity support 
Adds the ability to customize the assistant's name and avatar in the Web UI.

Configuration options:
- config.ui.assistant.name: Custom name (replaces 'Assistant')
- config.ui.assistant.avatar: Emoji or letter for avatar (replaces 'A')

Also reads from workspace IDENTITY.md as fallback:
- Name: field sets the assistant name
- Emoji: field sets the avatar

Priority: config > IDENTITY.md > defaults

Closes #1383
 2026-01-22 07:07:53 +00:00
Peter Steinberger
a2bea8e366 feat: add agent avatar support (#1329) (thanks @dlauer) 2026-01-22 04:00:07 +00:00
Peter Steinberger
16bc4cdef3 chore: drop legacy Relay signing 2026-01-16 03:11:16 +00:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt 
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
 2026-01-14 15:02:19 +00:00
Peter Steinberger
c46bab35df fix: drop explicit ui:install step 2026-01-09 07:02:42 +00:00
Peter Steinberger
c27dd75135 build(control-ui): prefer bun for UI build 2026-01-06 09:08:25 +01:00
Peter Steinberger
246adaa119 chore: rename project to clawdbot 2026-01-04 14:38:51 +00:00
Peter Steinberger
1d6de24ab3 feat: configurable control ui base path 2026-01-03 17:55:31 +01:00
Mariano Belinky
941ad27551 Bundle Control UI in Mac app 2026-01-01 08:55:09 +01:00
Peter Steinberger
bb7f4abd4b feat(gateway): support bun-compiled embedded gateway 2025-12-19 19:21:26 +01:00
Peter Steinberger
6b6f2b5414 fix(control-ui): drop /ui alias 2025-12-19 05:13:07 +00:00
Peter Steinberger
c498348a34 fix(control-ui): serve dashboard at root 2025-12-19 05:11:08 +00:00
Peter Steinberger
df0c51a63b Gateway: add browser control UI 2025-12-18 22:41:06 +00:00