Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,256 Commits 756 Branches 79 Tags
Commit Graph

1470 Commits

Author SHA1 Message Date
Peter Steinberger
1bc5c2a7e9 refactor: unify exec shell parser parity and gateway websocket test helpers 2026-02-21 23:17:12 +01:00
Peter Steinberger
2028ca4428 fix(macos): unify exec allowlist validation pipeline 2026-02-21 23:09:07 +01:00
Peter Steinberger
dd41fadcaf fix(macos): enforce path-only exec allowlist patterns 2026-02-21 22:58:40 +01:00
Peter Steinberger
90a378ca3a fix(macos): block quoted shell substitution in allowlist checks 2026-02-21 22:57:53 +01:00
Peter Steinberger
25e89cc863 fix(security): harden shell env fallback 2026-02-21 20:01:08 +01:00
Peter Steinberger
e371da38aa fix(macos): consolidate exec approval evaluation 2026-02-21 19:30:35 +01:00
Peter Steinberger
fa89ae8e9e fix: stabilize swift protocol generation and flaky tests 2026-02-21 16:53:46 +01:00
Peter Steinberger
5da03e6221 fix(macos): harden exec allowlist shell-chain checks 2026-02-21 16:27:18 +01:00
Onur
8178ea472d
feat: thread-bound subagents on Discord (#21805) 
* docs: thread-bound subagents plan

* docs: add exact thread-bound subagent implementation touchpoints

* Docs: prioritize auto thread-bound subagent flow

* Docs: add ACP harness thread-binding extensions

* Discord: add thread-bound session routing and auto-bind spawn flow

* Subagents: add focus commands and ACP/session binding lifecycle hooks

* Tests: cover thread bindings, focus commands, and ACP unbind hooks

* Docs: add plugin-hook appendix for thread-bound subagents

* Plugins: add subagent lifecycle hook events

* Core: emit subagent lifecycle hooks and decouple Discord bindings

* Discord: handle subagent bind lifecycle via plugin hooks

* Subagents: unify completion finalizer and split registry modules

* Add subagent lifecycle events module

* Hooks: fix subagent ended context key

* Discord: share thread bindings across ESM and Jiti

* Subagents: add persistent sessions_spawn mode for thread-bound sessions

* Subagents: clarify thread intro and persistent completion copy

* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions

* Discord: add thread-bound session TTL with auto-unfocus

* Subagents: fail session spawns when thread bind fails

* Subagents: cover thread session failure cleanup paths

* Session: add thread binding TTL config and /session ttl controls

* Tests: align discord reaction expectations

* Agent: persist sessionFile for keyed subagent sessions

* Discord: normalize imports after conflict resolution

* Sessions: centralize sessionFile resolve/persist helper

* Discord: harden thread-bound subagent session routing

* Rebase: resolve upstream/main conflicts

* Subagents: move thread binding into hooks and split bindings modules

* Docs: add channel-agnostic subagent routing hook plan

* Agents: decouple subagent routing from Discord

* Discord: refactor thread-bound subagent flows

* Subagents: prevent duplicate end hooks and orphaned failed sessions

* Refactor: split subagent command and provider phases

* Subagents: honor hook delivery target overrides

* Discord: add thread binding kill switches and refresh plan doc

* Discord: fix thread bind channel resolution

* Routing: centralize account id normalization

* Discord: clean up thread bindings on startup failures

* Discord: add startup cleanup regression tests

* Docs: add long-term thread-bound subagent architecture

* Docs: split session binding plan and dedupe thread-bound doc

* Subagents: add channel-agnostic session binding routing

* Subagents: stabilize announce completion routing tests

* Subagents: cover multi-bound completion routing

* Subagents: suppress lifecycle hooks on failed thread bind

* tests: fix discord provider mock typing regressions

* docs/protocol: sync slash command aliases and delete param models

* fix: add changelog entry for Discord thread-bound subagents (#21805) (thanks @onutc)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-02-21 16:14:55 +01:00
Peter Steinberger
f202e73077 refactor(security): centralize host env policy and harden env ingestion 2026-02-21 13:04:39 +01:00
Peter Steinberger
2cdbadee1f fix(security): block startup-file env injection across host execution paths 2026-02-21 11:44:20 +01:00
Peter Steinberger
9231d7d30f chore: bump version to 2026.2.21 2026-02-21 11:02:30 +01:00
Harold Hunt
844d84a7f5
Issue 17774 - Usage - Local - Show data from midnight to midnight of selected dates for browser time zone (AI assisted) (openclaw#19357) thanks @huntharo 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini (override approved by Tak for this run; local baseline failures outside PR scope)

Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 20:09:03 -06:00
Mariano
774d73b458
fix(macos): reject insecure non-loopback ws remote gateway urls (#21971) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9e8cdbf0951bf1e3ea7c98ef0c8ac1b5f7b408a9
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:34:00 +00:00
Peter Steinberger
f66b23de75 chore(release): bump versions to 2026.2.20 2026-02-20 00:02:53 +01:00
Peter Steinberger
b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger
4344699574 build: regenerate swift protocol models for updateAvailable 2026-02-19 08:54:30 +00:00
Mariano
750276fa36
fix(protocol): regenerate Swift models for push.test (#20325) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9281e7ad039f3bd7559c90f021f72a67ffffb4e7
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 20:04:03 +00:00
Peter Steinberger
168d24526e chore(protocol): regenerate Swift models for device pair remove params 2026-02-18 14:01:34 +00:00
the sun gif man
114736ed1a
Doctor/Security: fix telegram numeric ID + symlink config permission warnings (#19844) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: e42bf1e48de947571007df1d65f25d157a399a84
Co-authored-by: joshp123 <1497361+joshp123@users.noreply.github.com>
Co-authored-by: joshp123 <1497361+joshp123@users.noreply.github.com>
Reviewed-by: @joshp123
 2026-02-18 00:09:51 -08:00
Peter Steinberger
8278903f0a fix: update deep links handling 2026-02-18 04:40:42 +01:00
Peter Steinberger
4bf3338834 chore: bump version to 2026.2.18 unreleased 2026-02-18 04:40:06 +01:00
Peter Steinberger
5bd95bef5a fix(protocol): regenerate swift gateway models 2026-02-18 01:37:34 +00:00
Peter Steinberger
9a2c39419e chore(release): bump version to 2026.2.17 2026-02-17 23:08:55 +01:00
Vignesh Natarajan
a7c25f203a Protocol: regenerate cron Swift models 2026-02-17 01:54:59 +01:00
Peter Steinberger
8c241449f5 fix(protocol): sync generated gateway swift models 2026-02-16 23:33:05 +00:00
Advait Paliwal
bc67af6ad8
cron: separate webhook POST delivery from announce (#17901) 
* cron: split webhook delivery from announce mode

* cron: validate webhook delivery target

* cron: remove legacy webhook fallback config

* fix: finalize cron webhook delivery prep (#17901) (thanks @advaitpaliwal)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-02-16 02:36:00 -08:00
Peter Steinberger
39fa81dc96 chore: bump version to 2026.2.16 2026-02-16 06:08:47 +01:00
Advait Paliwal
115cfb4430
gateway: add cron finished-run webhook (#14535) 
* gateway: add cron finished webhook delivery

* config: allow cron webhook in runtime schema

* cron: require notify flag for webhook posts

* ui/docs: add cron notify toggle and webhook docs

* fix: harden cron webhook auth and fill notify coverage (#14535) (thanks @advaitpaliwal)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-02-15 16:14:17 -08:00
Peter Steinberger
3cd786cc2d refactor(swift): share discovery status text 2026-02-15 20:40:47 +00:00
Peter Steinberger
ef2c66a16b refactor(camera): centralize JPEG transcode cap 2026-02-15 20:33:14 +00:00
Peter Steinberger
71009ab1b6 refactor(macos): share tailnet IPv4 detection 2026-02-15 20:22:40 +00:00
Peter Steinberger
c8779ef61d refactor(macos): share pairing alert plumbing 2026-02-15 20:19:55 +00:00
Peter Steinberger
218189318d refactor(swift): share primary IPv4 lookup 2026-02-15 20:17:43 +00:00
Peter Steinberger
f37b1c11e0 refactor(macos): centralize presence system info 2026-02-15 20:12:50 +00:00
Peter Steinberger
375e16170d refactor(macos): dedupe file watcher 2026-02-15 20:07:12 +00:00
Peter Steinberger
3a075f0292 fix(macos): drop duplicate AnyCodable helpers 2026-02-15 20:05:25 +00:00
Peter Steinberger
cbd9395082 ci(protocol): regenerate swift protocol models 2026-02-15 07:07:55 +00:00
Peter Steinberger
8725c2b19f style(swift): run swiftformat + swiftlint autocorrect 2026-02-15 05:38:35 +01:00
Peter Steinberger
379b445582 chore: bump version to 2026.2.15 2026-02-15 04:50:31 +01:00
Peter Steinberger
1ff15e60d3 chore(release): bump versions to 2026.2.14 2026-02-15 02:53:35 +01:00
Vignesh Natarajan
0f53a3b9f3 Protocol: regenerate Swift gateway models 2026-02-14 17:27:17 -08:00
Bin Deng
b9d14855d0
Fix: Force dashboard command to use localhost URL (#16434) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 3c03b4cc9b1dec96e0541df37910a697493ca285
Co-authored-by: BinHPdev <219093083+BinHPdev@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 15:00:58 -05:00
Peter Steinberger
d583782ee3 fix(security): harden discovery routing and TLS pins 2026-02-14 17:18:14 +01:00
Peter Steinberger
28d9dd7a77 fix(macos): harden openclaw deep links 2026-02-14 15:03:27 +01:00
Nick Taylor
1fb52b4d7b
feat(gateway): add trusted-proxy auth mode (#15940) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279d4b304f83186fda44dfe63a729406a835dafa
Co-authored-by: nickytonline <833231+nickytonline@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 12:32:17 +01:00
Peter Steinberger
748d6821d2 fix(config): add forensic config write audit and watch attribution 2026-02-14 01:36:15 +00:00
Shuai-DaiDai
bdc63b5b7d
fix(macos): resolve dashboard basePath for local and remote (#15862) 
Co-authored-by: 帅小呆1号 <shuaixiaodai1@openclaw.ai>
 2026-02-14 02:19:36 +01:00
Ramin Shirali Hossein Zade
1af0edf7ff
fix: ensure exec approval is registered before returning (#2402) (#3357) 
* feat(gateway): add register and awaitDecision methods to ExecApprovalManager

Separates registration (synchronous) from waiting (async) to allow callers
to confirm registration before the decision is made. Adds grace period for
resolved entries to prevent race conditions.

* feat(gateway): add two-phase response and waitDecision handler for exec approvals

Send immediate 'accepted' response after registration so callers can confirm
the approval ID is valid. Add exec.approval.waitDecision endpoint to wait for
decision on already-registered approvals.

* fix(exec): await approval registration before returning approval-pending

Ensures the approval ID is registered in the gateway before the tool returns.
Uses exec.approval.request with expectFinal:false for registration, then
fire-and-forget exec.approval.waitDecision for the decision phase.

Fixes #2402

* test(gateway): update exec-approval test for two-phase response

Add assertion for immediate 'accepted' response before final decision.

* test(exec): update approval-id test mocks for new two-phase flow

Mock both exec.approval.request (registration) and exec.approval.waitDecision
(decision) calls to match the new internal implementation.

* fix(lint): add cause to errors, use generics instead of type assertions

* fix(exec-approval): guard register() against duplicate IDs

* fix: remove unused timeoutMs param, guard register() against duplicates

* fix(exec-approval): throw on duplicate ID, capture entry in closure

* fix: return error on timeout, remove stale test mock branch

* fix: wrap register() in try/catch, make timeout handling consistent

* fix: update snapshot on timeout, make two-phase response opt-in

* fix: extend grace period to 15s, return 'expired' status

* fix: prevent double-resolve after timeout

* fix: make register() idempotent, capture snapshot before await

* fix(gateway): complete two-phase exec approval wiring

* fix: finalize exec approval race fix (openclaw#3357) thanks @ramin-shirali

* fix(protocol): regenerate exec approval request models (openclaw#3357) thanks @ramin-shirali

* fix(test): remove unused callCount in discord threading test

---------

Co-authored-by: rshirali <rshirali@rshirali-haga.local>
Co-authored-by: rshirali <rshirali@rshirali-haga-1.home>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 19:57:02 +01:00
Peter Steinberger
a844fb161c build(protocol): regenerate swift gateway models 2026-02-13 16:14:53 +00:00