Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19,795 Commits 756 Branches 79 Tags
Commit Graph

1774 Commits

Author SHA1 Message Date
Peter Steinberger
43838b1b14 refactor(device): share missing-scope helper 2026-03-17 06:24:01 +00:00
Peter Steinberger
aa2d5aaa0c
feat(plugins): add image generation capability 2026-03-16 22:58:55 -07:00
Peter Steinberger
00b57145ff
refactor: move agent runtime into agents layer 2026-03-16 22:53:16 -07:00
Peter Steinberger
9ebe38b6e3
refactor: untangle remaining plugin sdk boundaries 2026-03-16 21:16:32 -07:00
Peter Steinberger
3e010e280a
feat(plugins): add media understanding provider registration 2026-03-16 20:42:00 -07:00
Peter Steinberger
fe4368cbca fix: align thinking defaults and plugin sdk exports 2026-03-17 03:16:39 +00:00
Peter Steinberger
1ffe8fde84 fix: stabilize docker test suite 2026-03-17 03:02:03 +00:00
Peter Steinberger
662031a88e
feat(plugins): add speech provider registration 2026-03-16 18:50:09 -07:00
Josh Lehman
eeb140b4f0
fix(plugins): late-binding subagent runtime for non-gateway load paths (#46648) 
Merged via squash.

Prepared head SHA: 44742652c9ac2eec82a6d958fd77f84ba1d29c0a
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-16 14:27:54 -07:00
Gustavo Madeira Santana
13894ec5aa
Gateway tests: share ordered client teardown helper 2026-03-16 14:36:04 +00:00
Gustavo Madeira Santana
d352be8e99
Gateway tests: centralize mock responses provider setup 2026-03-16 14:36:04 +00:00
Gustavo Madeira Santana
771fbeae79
Gateway: simplify startup and stabilize mock responses tests 2026-03-16 14:32:55 +00:00
Gustavo Madeira Santana
96ed010a37
Gateway: gate deferred channel startup behind opt-in 2026-03-16 13:55:53 +00:00
Gustavo Madeira Santana
1b234b910b
Gateway: defer full channel plugins until after listen 2026-03-16 13:31:20 +00:00
Ayaan Zaidi
ccba943738
test(gateway): restore agent request route mock 2026-03-16 17:17:03 +05:30
Vincent Koc
9ee0fb52e9 Gateway: cover lazy channel runtime resolution 2026-03-16 01:43:47 -07:00
Vincent Koc
776e5d8a08 Gateway: lazily resolve channel runtime 2026-03-16 01:43:47 -07:00
Peter Steinberger
7e74adef91
refactor: shrink public channel plugin sdk surfaces 2026-03-16 01:34:22 -07:00
Peter Steinberger
a73d6620b3
refactor: route remaining channel imports through plugin sdk 2026-03-16 01:17:13 -07:00
Vincent Koc
7a09255361 Runtime: lazy-load channel runtime singletons 2026-03-16 01:02:19 -07:00
Peter Steinberger
74d0c39b32
refactor: move session lifecycle and outbound fallbacks into plugins 2026-03-16 00:40:43 -07:00
Peter Steinberger
4ab016a9bd fix: preserve loopback gateway scopes for local auth 2026-03-16 06:22:15 +00:00
Vincent Koc
7b2a7da549 Gateway: import normalizeAgentId in hooks 2026-03-15 23:20:11 -07:00
Vincent Koc
c4b18ab3c9 Status: split lightweight gateway agent list 2026-03-15 22:55:27 -07:00
Vincent Koc
4cb46f223c Security: trim audit policy import surfaces 2026-03-15 22:55:26 -07:00
Joey Krug
304703f165 fix: resume orphaned subagent sessions after SIGUSR1 reload 
Closes #47711

After a SIGUSR1 gateway reload aborts in-flight subagent LLM calls, the gateway now scans for orphaned sessions and sends a synthetic resume message to restart their work. Also makes the deferral timeout configurable via gateway.reload.deferralTimeoutMs (default: 5 minutes, up from 90s).
 2026-03-15 22:32:36 -07:00
Peter Steinberger
5c120cb36c
refactor: make setup the primary wizard surface 2026-03-15 22:01:04 -07:00
Peter Steinberger
a69f6190ab
fix(gateway): pin plugin webhook route registry (#47902) 2026-03-15 21:53:05 -07:00
Peter Steinberger
656848dcd7
refactor: rename setup wizard surfaces 2026-03-15 21:40:31 -07:00
Vincent Koc
d8e138c743 Gateway: add presence-only probe mode for status 2026-03-15 19:56:08 -07:00
Josh Avant
a2cb81199e
secrets: harden read-only SecretRef command paths and diagnostics (#47794) 
* secrets: harden read-only SecretRef resolution for status and audit

* CLI: add SecretRef degrade-safe regression coverage

* Docs: align SecretRef status and daemon probe semantics

* Security audit: close SecretRef review gaps

* Security audit: preserve source auth SecretRef configuredness

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-15 21:55:24 -05:00
Peter Steinberger
d56559bad7 fix: repair node24 ci type drift 2026-03-16 01:15:31 +00:00
Peter Steinberger
74c762beb0
refactor: decouple channel setup discovery 2026-03-15 16:26:09 -07:00
Vincent Koc
c9a8b6f82f chore(fmt): format changes and broken types 2026-03-15 12:03:35 -07:00
Vincent Koc
fc2d29ea92
Gateway: tighten forwarded client and pairing guards (#46800) 
* Gateway: tighten forwarded client and pairing guards

* Gateway: make device approval scope checks atomic

* Gateway: preserve device approval baseDir compatibility
 2026-03-15 10:50:49 -07:00
Peter Steinberger
7c0a849ed7
fix: harden device token rotation denial paths 2026-03-15 09:05:45 -07:00
Vincent Koc
a60fd3feed Nodes tests: prove pull-time policy revalidation 2026-03-15 09:05:22 -07:00
Vincent Koc
ec2c6d83b9
Nodes: recheck queued actions before delivery (#46815) 
* Nodes: recheck queued actions before delivery

* Nodes tests: cover pull-time policy recheck

* Nodes tests: type node policy mocks explicitly
 2026-03-15 08:47:17 -07:00
Andrew Demczuk
26e0a3ee9a
fix(gateway): skip Control UI pairing when auth.mode=none (closes #42931) (#47148) 
When auth is completely disabled (mode=none), requiring device pairing
for Control UI operator sessions adds friction without security value
since any client can already connect without credentials.

Add authMode parameter to shouldSkipControlUiPairing so the bypass
fires only for Control UI + operator role + auth.mode=none. This avoids
the #43478 regression where a top-level OR disabled pairing for ALL
websocket clients.
 2026-03-15 13:03:39 +01:00
Ace Lee
d7ac16788e
fix(android): support android node calllog.search (#44073) 
* fix(android): support android node  `calllog.search`

* fix(android): support android node calllog.search

* fix(android): wire callLog through shared surfaces

* fix: land Android callLog support (#44073) (thanks @lxk7280)

---------

Co-authored-by: lixuankai <lixuankai@oppo.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-15 14:54:32 +05:30
Tak Hoffman
29fec8bb9f
fix(gateway): harden health monitor account gating (#46749) 
* gateway: harden health monitor account gating

* gateway: tighten health monitor account-id guard
 2026-03-14 21:58:28 -05:00
rstar327
ba6064cc22
feat(gateway): make health monitor stale threshold and max restarts configurable (openclaw#42107) 
Verified:
- pnpm exec vitest --run src/config/config-misc.test.ts -t "gateway.channelHealthCheckMinutes"
- pnpm exec vitest --run src/gateway/server-channels.test.ts -t "health monitor"
- pnpm exec vitest --run src/gateway/channel-health-monitor.test.ts src/gateway/server/readiness.test.ts
- pnpm exec vitest --run extensions/feishu/src/outbound.test.ts
- pnpm exec tsc --noEmit

Co-authored-by: rstar327 <114364448+rstar327@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-14 21:21:56 -05:00
Andrew Demczuk
92fc8065e9
fix(gateway): remove re-introduced auth.mode=none pairing bypass 
The revert of #43478 (commit 39b4185d0b) was silently undone by
3704293e6f which was based on a branch that included the original
change. This removes the auth.mode=none skipPairing condition again.

The blanket skip was too broad - it disabled pairing for ALL websocket
clients, not just Control UI behind reverse proxies.
 2026-03-15 00:46:24 +01:00
George Zhang
3704293e6f
browser: drop headless/remote MCP attach modes, simplify existing-session to autoConnect-only (#46628) 2026-03-14 15:54:22 -07:00
George Zhang
b1d8737017
browser: drop chrome-relay auto-creation, simplify to user profile only (#46596) 
Merged via squash.

Prepared head SHA: 74becc8f7dac245a345d2c7d549f604344df33fd
Co-authored-by: odysseus0 <8635094+odysseus0@users.noreply.github.com>
Co-authored-by: odysseus0 <8635094+odysseus0@users.noreply.github.com>
Reviewed-by: @odysseus0
 2026-03-14 15:40:02 -07:00
Vincent Koc
39b4185d0b revert: 9bffa3422c4dc13f5c72ab5d2813cc287499cc14 2026-03-14 15:09:22 -07:00
Andrew Demczuk
678ea77dcf
style(gateway): fix oxfmt formatting and remove unused test helper 2026-03-14 21:46:53 +01:00
Sally O'Malley
8db6fcca77
fix(gateway/cli): relax local backend self-pairing and harden launchd restarts (#46290) 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-03-14 14:27:52 -04:00
Andrew Demczuk
9bffa3422c
fix(gateway): skip device pairing when auth.mode=none 
Fixes #42931

When gateway.auth.mode is set to "none", authentication succeeds with
method "none" but sharedAuthOk remains false because the auth-context
only recognises token/password/trusted-proxy methods. This causes all
pairing-skip conditions to fail, so Control UI browser connections get
closed with code 1008 "pairing required" despite auth being disabled.

Short-circuit the skipPairing check: if the operator explicitly
disabled authentication, device pairing (which is itself an auth
mechanism) must also be bypassed.

Fixes #42931
 2026-03-14 19:17:39 +01:00
Nimrod Gutman
9aac55d306
Add /btw side questions (#45444) 
* feat(agent): add /btw side questions

* fix(agent): gate and log /btw reviews

* feat(btw): isolate side-question delivery

* test(reply): update route reply runtime mocks

* fix(btw): complete side-result delivery across clients

* fix(gateway): handle streamed btw side results

* fix(telegram): unblock btw side questions

* fix(reply): make external btw replies explicit

* fix(chat): keep btw side results ephemeral in internal history

* fix(btw): address remaining review feedback

* fix(chat): preserve btw history on mobile refresh

* fix(acp): keep btw replies out of prompt history

* refactor(btw): narrow side questions to live channels

* fix(btw): preserve channel typing indicators

* fix(btw): keep side questions isolated in chat

* fix(outbound): restore typed channel send deps

* fix(btw): avoid blocking replies on transcript persistence

* fix(btw): keep side questions fast

* docs(commands): document btw slash command

* docs(changelog): add btw side questions entry

* test(outbound): align session transcript mocks
 2026-03-14 17:27:54 +02:00