Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,692 Commits 756 Branches 79 Tags
Commit Graph

113 Commits

Author SHA1 Message Date
Agent
002539c01e fix(security): harden sandbox novnc observer flow 2026-03-01 22:44:28 +00:00
Agent
dcd19da425 refactor: simplify sandbox boundary open flow 2026-03-01 21:49:42 +00:00
Agent
3be1343e00 fix: tighten sandbox mkdirp boundary checks (#30610) (thanks @glitch418x) 2026-03-01 21:41:47 +00:00
glitch418x
687f5779d1 sandbox: allow directory boundary checks for mkdirp 2026-03-01 21:41:47 +00:00
Ayaan Zaidi
139271ad5a fix: sandbox browser docker no-sandbox rollout (#29879) (thanks @Lukavyi) 2026-02-28 21:43:56 +05:30
Shakker
f7041fbee3
fix(windows): normalize namespaced path containment checks 2026-02-26 18:49:48 +00:00
Peter Steinberger
46eba86b45 fix: harden workspace boundary path resolution 2026-02-26 13:19:59 +01:00
Peter Steinberger
242188b7b1 refactor: unify boundary-safe reads for bootstrap and includes 2026-02-26 12:42:14 +01:00
Peter Steinberger
de61e9c977 refactor(security): unify path alias guard policies 2026-02-26 03:59:17 +01:00
Peter Steinberger
04d91d0319 fix(security): block workspace hardlink alias escapes 2026-02-26 03:42:54 +01:00
Peter Steinberger
91ae82ae19 refactor(sandbox): centralize dangerous docker override key handling 2026-02-25 02:12:15 +00:00
Peter Steinberger
eb4a93a8db refactor(sandbox): share container-path utils and tighten fs bridge tests 2026-02-25 01:59:53 +00:00
Peter Steinberger
c7ae4ed04d fix: harden sandbox fs dash-path regression coverage (#25891) (thanks @albertlieyingadrian) 2026-02-25 01:40:30 +00:00
Albert Lie
5e3502df5f fix(sandbox): prevent shell option interpretation for paths with leading hyphens 
Paths starting with "-" (like those containing "---" pattern) can be
interpreted as shell options by the sh shell. This fix adds a helper
function that prepends "./" to paths starting with "-" to prevent
this interpretation.

This fixes the issue where sandbox filesystem operations fail with
"Syntax error: ; unexpected" when file paths contain the "---" pattern
used in auto-generated inbound media filenames like:
file_1095---f00a04a2-99a0-4d98-99b0-dfe61c5a4198.ogg

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-02-25 01:40:30 +00:00
Peter Steinberger
58309fd8d9 refactor(matrix,tests): extract helpers and inject send-queue timing 2026-02-24 23:37:50 +00:00
Peter Steinberger
a2529c25ff test(matrix,discord,sandbox): expand breakage regression coverage 2026-02-24 23:37:50 +00:00
Peter Steinberger
e7a5f9f4d8 fix(channels,sandbox): land hard breakage cluster from reviewed PR bases 
Lands reviewed fixes based on #25839 (@pewallin), #25841 (@joshjhall), and #25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety.

Fixes #25836
Fixes #25840
Fixes #25824
Fixes #25868

Co-authored-by: Peter Wallin <pwallin@gmail.com>
Co-authored-by: Joshua Hall <josh@yaplabs.com>
Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com>
Co-authored-by: peteragility <peteragility@users.noreply.github.com>
 2026-02-24 23:27:56 +00:00
Peter Steinberger
5552f9073f refactor(sandbox): centralize network mode policy helpers 2026-02-24 23:26:46 +00:00
Peter Steinberger
14b6eea6e3 feat(sandbox): block container namespace joins by default 2026-02-24 23:20:34 +00:00
Peter Steinberger
9ef0fc2ff8 fix(sandbox): block @-prefixed workspace path bypass 2026-02-24 17:23:14 +00:00
Peter Steinberger
13bfe7faa6 refactor(sandbox): share bind parsing and host-path policy checks 2026-02-24 15:04:47 +00:00
Peter Steinberger
b5787e4abb fix(sandbox): harden bind validation for symlink missing-leaf paths 2026-02-24 14:37:35 +00:00
Peter Steinberger
d3ecc234da test: align flaky CI expectations after main changes (#24991) (thanks @stakeswky) 2026-02-24 04:34:49 +00:00
Peter Steinberger
c070be1bc4 fix(sandbox): harden fs bridge path checks and bind mount policy 2026-02-24 02:21:43 +00:00
Peter Steinberger
8dfa33d373 test(sandbox): add root bind mount regression 2026-02-24 00:17:21 +00:00
Peter Steinberger
a30f9c8673 fix(sandbox): fallback docker user to workspace owner uid/gid 
Co-authored-by: LucasAIBuilder <LucasAIBuilder@users.noreply.github.com>
 2026-02-22 23:33:15 +01:00
Peter Steinberger
6f895eb831 fix(sandbox): honor explicit bind mounts over workspace defaults 
Co-authored-by: tasaankaeris <tasaankaeris@users.noreply.github.com>
 2026-02-22 20:37:22 +01:00
Peter Steinberger
3286791316 refactor(agents): dedupe config and truncation guards 2026-02-22 17:54:51 +00:00
Peter Steinberger
8a0a28763e test(core): reduce mock reset overhead across unit and e2e specs 2026-02-22 08:22:58 +00:00
Peter Steinberger
dd5774a300 test(agents): use lightweight clears in skills/sandbox setup 2026-02-22 08:06:06 +00:00
Peter Steinberger
751ca08728 test(agents): use lightweight clears in sandbox browser create setup 2026-02-22 08:01:16 +00:00
Peter Steinberger
c9593c4c87 test(sandbox): table-drive bind and network validation cases 2026-02-21 23:28:07 +00:00
Harry Cui Kepler
ffa63173e0
refactor(agents): migrate console.warn/error/info to subsystem logger (#22906) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a806c4cb2700564096ce8980a8d7f839f8a0d388
Co-authored-by: Kepler2024 <166882517+Kepler2024@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-21 17:11:47 -05:00
Peter Steinberger
861718e4dc test: group remaining suite cleanups 2026-02-21 21:44:57 +00:00
Peter Steinberger
21bb46d304 fix(ci): include browser network in sandbox test fixture 2026-02-21 13:05:51 +00:00
Peter Steinberger
f48698a50b fix(security): harden sandbox browser network defaults 2026-02-21 14:02:53 +01:00
Peter Steinberger
8c1518f0f3 fix(sandbox): use one-time noVNC observer tokens 2026-02-21 13:56:58 +01:00
Peter Steinberger
621d8e1312 fix(sandbox): require noVNC observer password auth 2026-02-21 13:44:24 +01:00
Peter Steinberger
1835dec200 fix(security): force sandbox browser hash migration and audit stale labels 2026-02-21 13:25:41 +01:00
Shadow
8c9f35cdb5
Agents: sanitize skill env overrides 2026-02-20 12:38:54 -06:00
Peter Steinberger
c0cd53e104 perf(test): trim sandbox registry cleanup churn 2026-02-18 16:28:00 +00:00
Peter Steinberger
fdc6768227 perf(test): stabilize and speed sandbox registry races 2026-02-18 04:10:27 +00:00
Peter Steinberger
35016a380c fix(sandbox): serialize registry mutations and lock usage 2026-02-18 04:55:40 +01:00
Peter Steinberger
bc00c7d156 refactor: dedupe sandbox registry helpers 2026-02-18 04:46:38 +01:00
Peter Steinberger
cc29be8c9b fix: serialize sandbox registry writes 2026-02-18 04:44:56 +01:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
Peter Steinberger
638853c6d2 fix(security): sanitize sandbox env vars before docker launch 2026-02-18 02:18:05 +01:00
Peter Steinberger
5487c9adeb feat(security): add sandbox env sanitization helpers + tests 2026-02-18 02:18:02 +01:00
cpojer
d0cb8c19b2
chore: wtf. 2026-02-17 13:36:48 +09:00