Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,177 Commits 756 Branches 79 Tags
Commit Graph

3347 Commits

Author SHA1 Message Date
Peter Steinberger
a5e2bd4eaa docs: document verbose-gated tool error details 2026-02-22 15:26:48 +01:00
Peter Steinberger
184844e50c fix: add signal rpc malformed-json regression test (#22995) (thanks @adhitShet) 2026-02-22 15:23:37 +01:00
Peter Steinberger
7abae052f9 chore(skills): remove bundled food-order skill 2026-02-22 15:06:27 +01:00
Onur Solmaz
f39a66de27 docs: make subagents thread guidance channel-first (#23589) (thanks @osolmaz) 2026-02-22 14:39:40 +01:00
Peter Steinberger
1152b25866 fix(gateway): guard trim crashes in subagent flow 2026-02-22 13:21:26 +01:00
Peter Steinberger
eec3182cbb fix(utils): guard resolveUserPath for missing workspace input 2026-02-22 13:19:25 +01:00
Artale
51e9c54f09
fix(agents): skip bootstrap files with undefined path (#22698) 
* fix(agents): skip bootstrap files with undefined path

buildBootstrapContextFiles() called file.path.replace() without checking
that path was defined. If a hook pushed a bootstrap file using 'filePath'
instead of 'path', the function threw TypeError and crashed every agent
session — not just the misconfigured hook.

Fix: add a null-guard before the path.replace() call. Files with undefined
path are skipped with a warning so one bad hook can't take down all agents.

Also adds a test covering the undefined-path case.

Fixes #22693

* fix: harden bootstrap path validation and report guards (#22698) (thanks @arosstale)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-22 13:17:07 +01:00
Peter Steinberger
7c3c406a35 fix: keep auth-profile cooldown windows immutable in-window (#23536) (thanks @arosstale) 2026-02-22 13:14:02 +01:00
artale
dc69610d51 fix(auth-profiles): never shorten cooldown deadline on retry 
When the backoff saturates at 60 min and retries fire every 30 min
(e.g. cron jobs), each failed request was resetting cooldownUntil to
now+60m.  Because now+60m < existing deadline, the window kept getting
renewed and the profile never recovered without manually clearing
usageStats in auth-profiles.json.

Fix: only write a new cooldownUntil (or disabledUntil for billing) when
the new deadline is strictly later than the existing one.  This lets the
original window expire naturally while still allowing genuine backoff
extension when error counts climb further.

Fixes #23516

[AI-assisted]
 2026-02-22 13:14:02 +01:00
Peter Steinberger
376eb6e99b docs(changelog): note safe-bin profile hardening 2026-02-22 13:03:05 +01:00
Peter Steinberger
e80c803fa8 fix(security): block shell env allowlist bypass in system.run 2026-02-22 12:47:05 +01:00
Peter Steinberger
d5bb9f026e fix: add changelog entry for remote ws onboarding hardening (#23476) (thanks @bmendonca3) 2026-02-22 12:46:20 +01:00
Peter Steinberger
65dccbdb4b fix: document onboarding dmScope default as breaking change (#23468) (thanks @bmendonca3) 2026-02-22 12:36:49 +01:00
Peter Steinberger
401106b963 fix: harden flaky tests and cover native google thought signatures (#23457) (thanks @echoVic) 2026-02-22 12:24:53 +01:00
Peter Steinberger
777817392d fix: fail closed missing provider group policy across message channels (#23367) (thanks @bmendonca3) 2026-02-22 12:21:04 +01:00
Yuzuru Suzuki
6f7e5f92c3
fix: add operator.read and operator.write to default CLI scopes (#22582) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 8569fc88c970e75934617c200ebfe117e9d5ae88
Co-authored-by: YuzuruS <1485195+YuzuruS@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 16:36:18 +05:30
Peter Steinberger
37f12eb7ee fix: align BlueBubbles private-api null fallback + warning (#23459) (thanks @echoVic) 2026-02-22 11:47:57 +01:00
Peter Steinberger
812bf7c8e1 fix: add bindings comment regression test (#23458) (thanks @echoVic) 2026-02-22 11:47:11 +01:00
Glucksberg
2739328508
fix(telegram): classify undici fetch errors as recoverable for retry (#16699) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 67b5bce44f7014c8cbefc00eed0731e61d6300b9
Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 16:16:11 +05:30
Peter Steinberger
38f02c7a32 fix(session): resolve agent session path with configured sessions dir 
Co-authored-by: David Rudduck <david@rudduck.org.au>
 2026-02-22 11:35:55 +01:00
Peter Steinberger
5c57a45a59 fix: add non-streaming directive-tag regression tests (#23298) (thanks @SidQin-cyber) 2026-02-22 11:31:23 +01:00
Peter Steinberger
29e41d4c0a fix: land security audit severity + temp-path guard fixes (#23428) (thanks @bmendonca3) 2026-02-22 11:26:17 +01:00
Peter Steinberger
1cd3b30907 fix: stop hardcoded channel fallback and auto-pick sole configured channel (#23357) (thanks @lbo728) 
Co-authored-by: lbo728 <extreme0728@gmail.com>
 2026-02-22 11:21:43 +01:00
Frank Yang
e33d7fcd13
fix(telegram): prevent update offset skipping queued updates (#23284) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 92efaf956bf906a176d1e6c5488ddcb02d89b4e1
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 15:50:33 +05:30
Peter Steinberger
bf56196de3 fix: tighten feishu dedupe boundary (#23377) (thanks @SidQin-cyber) 2026-02-22 11:13:40 +01:00
Peter Steinberger
1b327da6e3 fix: harden exec sandbox fallback semantics (#23398) (thanks @bmendonca3) 2026-02-22 11:12:01 +01:00
Peter Steinberger
602a1ebd55 fix: handle intentional signal daemon shutdown on abort (#23379) (thanks @frankekn) 2026-02-22 10:59:34 +01:00
Vignesh Natarajan
99a2f5379e Memory/QMD: normalize Han-script BM25 search queries 2026-02-22 01:53:00 -08:00
Peter Steinberger
9f0b6a8c92 fix: harden ACP gateway startup sequencing (#23390) (thanks @janckerchen) 2026-02-22 10:47:38 +01:00
Peter Steinberger
59807efa31 refactor(plugin-sdk): unify channel dedupe primitives 2026-02-22 10:46:34 +01:00
Peter Steinberger
9b9cc44a4e fix: finalize modelByChannel validator landing (#23412) (thanks @ProspectOre) 2026-02-22 10:41:40 +01:00
Peter Steinberger
dd07c06d00 fix: tighten gateway restart loop handling (#23416) (thanks @jeffwnli) 2026-02-22 10:38:32 +01:00
Vignesh Natarajan
b4cdffc7a4 TUI: make Ctrl+C exit behavior reliably responsive 2026-02-22 01:28:55 -08:00
Peter Steinberger
f4dd0577b0 fix(security): block hook transform symlink escapes 2026-02-22 10:18:05 +01:00
Peter Steinberger
6c2e999776 refactor(security): unify secure id paths and guard weak patterns 2026-02-22 10:16:19 +01:00
Peter Steinberger
ae8d4a8eec fix(security): harden channel token and id generation 2026-02-22 10:16:02 +01:00
Peter Steinberger
de2e5c7b74 docs(security): clarify dangerous control-ui bypass policy 2026-02-22 10:11:46 +01:00
Vignesh Natarajan
b9e9fbc97c TUI: preserve RTL text order in terminal output 2026-02-22 01:10:03 -08:00
Peter Steinberger
2b63592be5 fix: harden exec allowlist wrapper resolution 2026-02-22 09:52:02 +01:00
Peter Steinberger
8e7d8c3d8e docs(changelog): add shell startup env override fix note 2026-02-22 09:50:21 +01:00
Vignesh Natarajan
2a66c8d676 Agents/Subagents: honor subagent alsoAllow grants 2026-02-22 00:39:27 -08:00
Peter Steinberger
c99e7696e6 fix: decouple owner display secret from gateway auth token 2026-02-22 09:35:07 +01:00
Peter Steinberger
8887f41d7d refactor(gateway)!: remove legacy v1 device-auth handshake 2026-02-22 09:27:03 +01:00
Vignesh Natarajan
6ceadaa41f Agents: add fallback reply for tool-only completions 2026-02-22 00:23:31 -08:00
Peter Steinberger
3d03375043 fix(gateway): block avatar symlink escapes 2026-02-22 08:51:17 +01:00
Peter Steinberger
cd7faea93b docs(changelog): note next npm release for hook auth fix 2026-02-22 08:48:13 +01:00
Vignesh Natarajan
6bf5e76be6 Agents: drop stale pre-compaction usage snapshots 2026-02-21 23:47:15 -08:00
Peter Steinberger
265da4dd2a fix(security): harden gateway command/audit guardrails 2026-02-22 08:45:48 +01:00
Peter Steinberger
3284d2eb22 fix(security): normalize hook auth rate-limit client keys 2026-02-22 08:40:49 +01:00
Vignesh Natarajan
aab20e58d7 Sessions: persist prompt-token totals without usage 2026-02-21 23:37:42 -08:00