Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,538 Commits 756 Branches 79 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
pushkarsingh32
4ba0a4d4fb
fix(slack): wrap session key in backticks to prevent emoji shortcode parsing (openclaw#30266) thanks @pushkarsingh32 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: pushkarsingh32 <29558481+pushkarsingh32@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 09:23:50 -06:00
fuller-stack-dev
70a4f25ab1
fix(security): remove post-compaction audit injection message (#28507) 
* fix: remove post-compaction audit injection (Layer 3)

Remove the post-compaction read audit that injects fake system messages
into conversations after context compaction. This audit:

- Hardcodes WORKFLOW_AUTO.md (a file that doesn't exist in standard
  workspaces) as a required read after every compaction
- Leaks raw regex syntax (memory\/\d{4}-\d{2}-\d{2}\.md) in
  user-facing warning messages
- Injects messages via enqueueSystemEvent that appear as user-role
  messages, tricking agents into reading attacker-controlled files
- Creates a persistent prompt injection vector (see #27697)

Layer 1 (compaction summary) and Layer 2 (workspace context refresh
from AGENTS.md via post-compaction-context.ts) remain intact and are
sufficient for post-compaction context recovery.

Deleted files:
- src/auto-reply/reply/post-compaction-audit.ts
- src/auto-reply/reply/post-compaction-audit.test.ts

Modified files:
- src/auto-reply/reply/agent-runner.ts (removed imports, audit map,
  flag setting, and Layer 3 audit block)

Fixes #27697, fixes #26851, fixes #20484, fixes #22339, fixes #25600
Relates to #26461

* fix: resolve lint failures from post-compaction audit removal

* Tests: add regression for removed post-compaction audit warnings

---------

Co-authored-by: Wilfred (OpenClaw Agent) <jay@openclaw.dev>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-27 17:15:59 -08:00
Peter Steinberger
382fe8009a refactor!: remove google-antigravity provider support 2026-02-23 05:20:14 +01:00
Peter Steinberger
0342bed289 fix(replies): keep finals for cross-target messaging sends 
Co-authored-by: Ion Mudreac <mudreac@gmail.com>
 2026-02-22 19:34:30 +01:00
Peter Steinberger
9df896e5b9 test(auto-reply): use lightweight clears in agent runner setup 2026-02-22 08:01:16 +00:00
Vignesh Natarajan
aab20e58d7 Sessions: persist prompt-token totals without usage 2026-02-21 23:37:42 -08:00
Shakker
7579e9511e Auto-reply: delay onAgentRunStart until real activity 2026-02-19 19:15:09 +00:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
7d2ef131c1
chore: Fix types in tests 42/N. 2026-02-17 15:50:07 +09:00
cpojer
d0cb8c19b2
chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf
chore: Update formatting. 2026-02-17 09:18:40 +09:00
Vignesh Natarajan
5a26d1c622 Agent: guard reminder promises behind cron scheduling 2026-02-16 14:07:16 -08:00
McRolly NWANGWU
d19b746928
feat(skills): add cross-platform install fallback for non-brew environments (#17687) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 3ed4850838578b90140cc11c6fd23be6953c87ea
Co-authored-by: mcrolly <60803337+mcrolly@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
 2026-02-15 22:25:26 -05:00
Vignesh Natarajan
3087657679 test (memory/compaction): cover resolved memory flush prompt semantics 2026-02-15 19:20:38 -08:00
Peter Steinberger
32aea365ed perf(test): consolidate agent runner misc suites 2026-02-14 21:19:39 +00:00