Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,513 Commits 756 Branches 79 Tags
Commit Graph

979 Commits

Author SHA1 Message Date
kumarabhirup
6594de6186
Merge Ironclaw changes onto upstream Openclaw 2026.2.22 
Replays all Ironclaw-specific changes (176 commits) onto the latest
upstream Openclaw release (2026.2.22). Conflicts auto-resolved in
favor of Ironclaw to guarantee zero change loss.

Merge base: cbc3de6c9 (2026-02-16)
Upstream: a37e12eab (upstream/main, 2026.2.22)
Ironclaw: 3009566c9 (origin/main, 2026.2.15-1.9)
Backup: ironclaw-backup-pre-sync

Conflict resolutions:
- 6 GitHub workflow files: deleted (Ironclaw intentionally stripped)
- src/sessions/session-key-utils.test.ts: kept (Ironclaw modified)
- Duplicate imports from merge: deduplicated
- Unused imports from upstream code Ironclaw overrode: removed
- Broken test indentation from merge: fixed

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-21 18:06:01 -08:00
Vignesh
3317b49d3b
feat(memory): allow QMD searches via mcporter keep-alive (openclaw#19617) thanks @vignesh07 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: vignesh07 <1436853+vignesh07@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-21 18:54:33 -06:00
Peter Steinberger
057233953e test(retry): table-drive retryAfter timer cases 2026-02-21 23:58:33 +00:00
Peter Steinberger
6ea47c3f02 test(outbound): table-drive pre-aborted action cases 2026-02-21 23:37:12 +00:00
Peter Steinberger
204f379f6b test(archive): share zip/tar fixture generation 2026-02-21 23:35:21 +00:00
Peter Steinberger
ffd9b86ca4 test(ssrf): table-drive blocked hostname literal checks 2026-02-21 23:33:47 +00:00
Alberto Leal
2958a8414d test(media): narrow result kind before sendResult assertion 2026-02-22 00:31:21 +01:00
Alberto Leal
8934da785b test(media): verify tmpdir media paths allowed through message action runner 
Add integration test confirming that runMessageAction with a sandbox
root now accepts media paths under os.tmpdir() through the full
normalization pipeline (normalizeSandboxMediaList → resolveSandboxedMediaSource).
 2026-02-22 00:31:21 +01:00
Peter Steinberger
bcfae0434b test(fetch): table-drive sync throw cleanup coverage 2026-02-21 23:28:07 +00:00
Peter Steinberger
8394f0e30e fix(test): resolve outbound envelope case typing 2026-02-22 00:10:07 +01:00
Peter Steinberger
8752203f59 refactor(test): stabilize case tables and readonly helper inputs 2026-02-22 00:10:07 +01:00
Brian Mendonca
21087c5c70 test: fix rebase-introduced tsgo regressions 2026-02-21 23:57:34 +01:00
Brian Mendonca
69cedc7a15 test: make brew fallback assertion windows-safe 2026-02-21 23:57:34 +01:00
Brian Mendonca
a186036814 test: fix latest tsgo inference regressions in test suites 2026-02-21 23:57:34 +01:00
Brian Mendonca
60c735dd98 test: normalize outbound payload fixture typing 2026-02-21 23:57:34 +01:00
Brian Mendonca
828f4e18e0 test: finish readonly fixture compatibility for CI check 2026-02-21 23:57:34 +01:00
Brian Mendonca
c7c047287e test: fix readonly typing regressions in check baseline 2026-02-21 23:57:34 +01:00
Gustavo Madeira Santana
0e1aa77928 chore(tsgo/format): fix CI errors 2026-02-21 17:51:56 -05:00
Peter Steinberger
71bd15bb42 fix(ssrf): block special-use ipv4 ranges 2026-02-21 23:45:49 +01:00
Gustavo Madeira Santana
2f46308d5a
refactor(logging): migrate non-agent internal console calls to subsystem logger (#22964) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b4a5b12422c7a90054dbb7473dd6c4b3e9ca8df5
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-21 17:44:00 -05:00
Peter Steinberger
21b0eac917 test: consolidate infra approval and heartbeat test matrices 2026-02-21 22:23:43 +00:00
Peter Steinberger
1bc5c2a7e9 refactor: unify exec shell parser parity and gateway websocket test helpers 2026-02-21 23:17:12 +01:00
Peter Steinberger
cc2ff68947 test: optimize gateway infra memory and security coverage 2026-02-21 21:44:50 +00:00
Peter Steinberger
0f9ea0229a test(infra): dedupe install-source fixtures and cover npm pack parsing 2026-02-21 21:40:39 +00:00
Peter Steinberger
f9e21d5720 test(infra): dedupe gateway-lock setup and cover guard paths 2026-02-21 21:40:39 +00:00
Peter Steinberger
d35a8b48f5 test(infra): dedupe archive case setup and cover packed-root multi-dir failure 2026-02-21 21:40:39 +00:00
Peter Steinberger
822688dc13 test(infra): dedupe store temp fixtures and cover json5 voicewake sanitization 2026-02-21 21:40:39 +00:00
Peter Steinberger
c93fc3786c test(infra): dedupe brew fixtures and cover explicit brew file precedence 2026-02-21 21:40:39 +00:00
Peter Steinberger
2042a69211 test(infra): dedupe dotenv fixture setup and cover fallback-only load 2026-02-21 21:40:39 +00:00
Peter Steinberger
1bbeedfab2 test(infra): dedupe heartbeat ghost reminder temp/mocks setup 2026-02-21 21:40:38 +00:00
Peter Steinberger
1b585b2959 refactor(test): snapshot tailscale test env per case 2026-02-21 19:13:47 +00:00
Peter Steinberger
807968e4df refactor(test): replace manual PATH restore with env helpers 2026-02-21 19:13:47 +00:00
Peter Steinberger
194ebd9e30 refactor(test): dedupe env setup in envelope and config tests 2026-02-21 19:13:47 +00:00
Peter Steinberger
fc43a16d43 refactor(test): replace ad-hoc env restore blocks with helpers 2026-02-21 19:13:47 +00:00
Peter Steinberger
63488eb981 refactor(test): dedupe telegram token env handling in tests 2026-02-21 19:13:47 +00:00
Peter Steinberger
992b7e5577 refactor(test): use env snapshots in setup hooks 2026-02-21 19:13:46 +00:00
Peter Steinberger
7724abeee0 refactor(test): dedupe env setup across suites 2026-02-21 19:13:46 +00:00
Peter Steinberger
25e89cc863 fix(security): harden shell env fallback 2026-02-21 20:01:08 +01:00
Peter Steinberger
ed960ba4eb refactor(security): centralize path guard helpers 2026-02-21 19:54:26 +01:00
Peter Steinberger
4b226b74f5 fix(security): block zip symlink escape in archive extraction 2026-02-21 19:42:33 +01:00
Peter Steinberger
9fc6c8b713 fix: hide synthetic untrusted metadata in chat history 2026-02-21 19:26:04 +01:00
Peter Steinberger
89aad7b922 refactor: tighten safe-bin policy model and docs parity 2026-02-21 19:24:23 +01:00
Peter Steinberger
57fbbaebca fix: block safeBins sort --compress-program bypass 2026-02-21 19:13:53 +01:00
Onur
8178ea472d
feat: thread-bound subagents on Discord (#21805) 
* docs: thread-bound subagents plan

* docs: add exact thread-bound subagent implementation touchpoints

* Docs: prioritize auto thread-bound subagent flow

* Docs: add ACP harness thread-binding extensions

* Discord: add thread-bound session routing and auto-bind spawn flow

* Subagents: add focus commands and ACP/session binding lifecycle hooks

* Tests: cover thread bindings, focus commands, and ACP unbind hooks

* Docs: add plugin-hook appendix for thread-bound subagents

* Plugins: add subagent lifecycle hook events

* Core: emit subagent lifecycle hooks and decouple Discord bindings

* Discord: handle subagent bind lifecycle via plugin hooks

* Subagents: unify completion finalizer and split registry modules

* Add subagent lifecycle events module

* Hooks: fix subagent ended context key

* Discord: share thread bindings across ESM and Jiti

* Subagents: add persistent sessions_spawn mode for thread-bound sessions

* Subagents: clarify thread intro and persistent completion copy

* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions

* Discord: add thread-bound session TTL with auto-unfocus

* Subagents: fail session spawns when thread bind fails

* Subagents: cover thread session failure cleanup paths

* Session: add thread binding TTL config and /session ttl controls

* Tests: align discord reaction expectations

* Agent: persist sessionFile for keyed subagent sessions

* Discord: normalize imports after conflict resolution

* Sessions: centralize sessionFile resolve/persist helper

* Discord: harden thread-bound subagent session routing

* Rebase: resolve upstream/main conflicts

* Subagents: move thread binding into hooks and split bindings modules

* Docs: add channel-agnostic subagent routing hook plan

* Agents: decouple subagent routing from Discord

* Discord: refactor thread-bound subagent flows

* Subagents: prevent duplicate end hooks and orphaned failed sessions

* Refactor: split subagent command and provider phases

* Subagents: honor hook delivery target overrides

* Discord: add thread binding kill switches and refresh plan doc

* Discord: fix thread bind channel resolution

* Routing: centralize account id normalization

* Discord: clean up thread bindings on startup failures

* Discord: add startup cleanup regression tests

* Docs: add long-term thread-bound subagent architecture

* Docs: split session binding plan and dedupe thread-bound doc

* Subagents: add channel-agnostic session binding routing

* Subagents: stabilize announce completion routing tests

* Subagents: cover multi-bound completion routing

* Subagents: suppress lifecycle hooks on failed thread bind

* tests: fix discord provider mock typing regressions

* docs/protocol: sync slash command aliases and delete param models

* fix: add changelog entry for Discord thread-bound subagents (#21805) (thanks @onutc)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-02-21 16:14:55 +01:00
Peter Steinberger
f23da067f6 fix(security): harden heredoc allowlist parsing 2026-02-21 14:27:51 +01:00
orlyjamie
92cada2aca fix(security): block command substitution in unquoted heredoc bodies 
The shell command analyzer (splitShellPipeline) skipped all token
validation while parsing heredoc bodies. When the heredoc delimiter
was unquoted, bash performs command substitution on the body content,
allowing $(cmd) and backtick expressions to execute arbitrary commands
that bypass the exec allowlist.

Track whether heredoc delimiters are quoted or unquoted. When unquoted,
scan the body for $( , ${ , and backtick tokens and reject the command.
Quoted heredocs (<<'EOF' / <<"EOF") are safe - the shell treats their
body as literal text.

Ref: https://github.com/openclaw/openclaw/security/advisories/GHSA-65rx-fvh6-r4h2
 2026-02-21 14:27:35 +01:00
Peter Steinberger
c2874aead7 refactor(test): centralize temporary state-dir env setup 2026-02-21 12:59:24 +00:00
Peter Steinberger
f202e73077 refactor(security): centralize host env policy and harden env ingestion 2026-02-21 13:04:39 +01:00
Peter Steinberger
6007941f04 fix(security): harden and refactor system.run command resolution 2026-02-21 11:49:38 +01:00
Peter Steinberger
2cdbadee1f fix(security): block startup-file env injection across host execution paths 2026-02-21 11:44:20 +01:00