Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17,620 Commits 756 Branches 79 Tags
Commit Graph

1318 Commits

Author SHA1 Message Date
daymade
f930fcbd3f Add regression test and CHANGELOG entry 
- Add test ensuring launchd path never returns "failed" status
- Add CHANGELOG.md entry documenting the fix with issue/PR references
- Reference ThrottleInterval evolution (#27650#29078 → current 1s)
 2026-03-08 13:42:50 +00:00
daymade
03aea082d0 chore: condense inline comments per code review 
Remove redundant rationale from test body (test names already convey it)
and trim the production comment to what/consequence/link (mechanism
details live in #39760).
 2026-03-08 13:42:50 +00:00
daymade
5f45e76d61 fix(darwin): remove self-kickstart from launchd gateway restart; rely on KeepAlive 
When the gateway needs a config-triggered restart under launchd, calling
`launchctl kickstart -k` from within the service itself races with
launchd's async bootout state machine:

1. `kickstart -k` initiates a launchd bootout → SIGTERM to self
2. Gateway ignores SIGTERM during shutdown → process doesn't exit
3. 2s `spawnSync` timeout kills the launchctl child, but launchd
   continues the bootout asynchronously
4. Fallback `launchctl bootstrap` fails with EIO (service mid-bootout)
5. In-process restart runs on the same PID that launchd will SIGKILL
6. LaunchAgent is permanently unloaded — no auto-restart

Fix: on darwin/launchd, skip `triggerOpenClawRestart()` entirely.
The caller already calls `exitProcess(0)` for supervised mode, and
`KeepAlive=true` (always set in the plist template) restarts the
service within ~1 second.

The schtasks (Windows) path is unchanged — Windows doesn't have an
equivalent KeepAlive mechanism.
 2026-03-08 13:42:50 +00:00
Peter Steinberger
2646739d23 refactor: centralize strict numeric parsing 2026-03-08 03:02:25 +00:00
Peter Steinberger
44e7c1142e refactor(doctor): model legacy file copies as plans 2026-03-08 02:16:03 +00:00
Peter Steinberger
01cff3a7a6 refactor(pairing): share allowFrom path resolution 2026-03-08 02:16:03 +00:00
Peter Steinberger
189cd99377 refactor(discord): require explicit outbound target hints 2026-03-08 01:15:29 +00:00
Peter Steinberger
3987ca4099 refactor(retry): simplify telegram shouldRetry composition 2026-03-08 01:14:16 +00:00
Peter Steinberger
eb09d8dd71 fix(telegram): land #34238 from @hal-crackbot 
Landed from contributor PR #34238 by @hal-crackbot.

Co-authored-by: Hal Crackbot <hal@crackbot.dev>
 2026-03-08 00:56:58 +00:00
Vincent Koc
a56841b98c
Daemon: harden WSL2 systemctl install checks (#39294) 
* Daemon: harden WSL2 systemctl install checks

* Changelog: note WSL2 daemon install hardening

* Daemon: tighten systemctl failure classification
 2026-03-07 16:43:19 -08:00
Peter Steinberger
9d2b292998 fix(exec-approvals): honor allow-always for bash script invocations 
Landed from contributor PR #35137 by @yuweuii.

Co-authored-by: yuweuii <82372187+yuweuii@users.noreply.github.com>
 2026-03-08 00:39:54 +00:00
Peter Steinberger
8a469a12b2 test(exec): dedupe wrapper boundary regressions 2026-03-08 00:12:08 +00:00
Peter Steinberger
5f50823abf refactor(exec): share wrapper depth classification 2026-03-08 00:12:08 +00:00
Peter Steinberger
2fc95a7cfc fix(exec): close dispatch-wrapper boundary drift 2026-03-07 23:40:38 +00:00
Peter Steinberger
939b18475d fix(exec): honor shell comments in allow-always analysis 2026-03-07 23:31:25 +00:00
Peter Steinberger
c5bd84309a refactor: share allowFrom stringification helpers 2026-03-07 23:27:51 +00:00
Peter Steinberger
1d1757b16f fix(exec): recognize PowerShell encoded commands 2026-03-07 23:15:46 +00:00
Peter Steinberger
5b27b0cecf refactor(outbound,agents): extract shared payload and queue helpers 2026-03-07 23:07:16 +00:00
Peter Steinberger
7ab49a7fb7 test(regression): cover recent landed fix paths 2026-03-07 23:07:16 +00:00
Peter Steinberger
c76d29208b fix(node-host): bind approved script operands 2026-03-07 23:04:00 +00:00
Peter Steinberger
708187f28c fix(outbound): prevent replay after ack crash windows (#38668, thanks @Gundam98) 
Co-authored-by: Gundam98 <huhanwen98@gmail.com>
 2026-03-07 22:53:27 +00:00
Peter Steinberger
733f7af92b fix(heartbeat): keep requests-in-flight retries from drifting schedule (#39182, thanks @MumuTW) 
Co-authored-by: MumuTW <clothl47364@gmail.com>
 2026-03-07 22:10:51 +00:00
Peter Steinberger
cc7e61612a fix(gateway): harden service-mode stale process cleanup (#38463, thanks @spirittechie) 
Co-authored-by: Jesse Paul <drzin69@gmail.com>
 2026-03-07 21:36:24 +00:00
Altay
97f9e25525
fix(ci): restore strip-ansi and typecheck fixtures (#39146) 
* fix: restore strip-ansi and typecheck fixtures

* test: normalize windows install path assertions
 2026-03-07 23:13:13 +03:00
Peter Steinberger
d72734946a fix(security): harden install base drift cleanup 2026-03-07 19:23:01 +00:00
Peter Steinberger
e27bbe4982 fix(exec): block dangerous override-only env pivots 2026-03-07 19:18:05 +00:00
Peter Steinberger
6aa80844b8 fix(security): stage installs before publish 2026-03-07 19:11:07 +00:00
Peter Steinberger
74ecdec9ba fix(security): harden fs-safe copy writes 2026-03-07 19:10:27 +00:00
Peter Steinberger
8928aba7ee refactor: dedupe minimax provider auth test setup 2026-03-07 19:02:01 +00:00
Peter Steinberger
31acad4e8f fix: harden zip extraction writes 2026-03-07 19:01:35 +00:00
Peter Steinberger
8bd0eb5424 fix(outbound): land #38944 from @Narcooo 
Co-authored-by: Narcooo <Narcooo@users.noreply.github.com>
 2026-03-07 18:46:48 +00:00
Vincent Koc
e4d80ed556
CI: restore main detect-secrets scan (#38438) 
* Tests: stabilize detect-secrets fixtures

* Tests: fix rebased detect-secrets false positives

* Docs: keep snippets valid under detect-secrets

* Tests: finalize detect-secrets false-positive fixes

* Tests: reduce detect-secrets false positives

* Tests: keep detect-secrets pragmas inline

* Tests: remediate next detect-secrets batch

* Tests: tighten detect-secrets allowlists

* Tests: stabilize detect-secrets formatter drift
 2026-03-07 10:06:35 -08:00
Peter Steinberger
a31d3cad96 refactor(fetch-guard): clarify cross-origin redirect header filtering 2026-03-07 17:58:05 +00:00
Peter Steinberger
46715371b0 fix(security): strip custom auth headers on cross-origin redirects 2026-03-07 17:34:42 +00:00
Josh Avant
8e20dd22d8
Secrets: harden SecretRef-safe models.json persistence (#38955) 2026-03-07 11:28:39 -06:00
Ayaan Zaidi
05c240fad6
fix: restart Windows gateway via Scheduled Task (#38825) (#38825) 2026-03-07 18:00:38 +05:30
Peter Steinberger
3c71e2bd48 refactor(core): extract shared dedup helpers 2026-03-07 10:41:05 +00:00
Xinhua Gu
1a022a31de
fix(gateway): classify wrapped "fetch failed" messages as transient network errors (openclaw#38530) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: xinhuagu <562450+xinhuagu@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-06 21:47:32 -06:00
Vincent Koc
42e3d8d693
Secrets: add inline allowlist review set (#38314) 
* Secrets: add inline allowlist review set

* Secrets: narrow detect-secrets file exclusions

* Secrets: exclude Docker fingerprint false positive

* Secrets: allowlist test and docs false positives

* Secrets: refresh baseline after allowlist updates

* Secrets: fix gateway chat fixture pragma

* Secrets: format pre-commit config

* Android: keep talk mode fixture JSON valid

* Feishu: rely on client timeout injection

* Secrets: allowlist provider auth test fixtures

* Secrets: allowlist onboard search fixtures

* Secrets: allowlist onboard mode fixture

* Secrets: allowlist gateway auth mode fixture

* Secrets: allowlist APNS wake test key

* Secrets: allowlist gateway reload fixtures

* Secrets: allowlist moonshot video fixture

* Secrets: allowlist auto audio fixture

* Secrets: allowlist tiny audio fixture

* Secrets: allowlist embeddings fixtures

* Secrets: allowlist resolve fixtures

* Secrets: allowlist target registry pattern fixtures

* Secrets: allowlist gateway chat env fixture

* Secrets: refresh baseline after fixture allowlists

* Secrets: reapply gateway chat env allowlist

* Secrets: reapply gateway chat env allowlist

* Secrets: stabilize gateway chat env allowlist

* Secrets: allowlist runtime snapshot save fixture

* Secrets: allowlist oauth profile fixtures

* Secrets: allowlist compaction identifier fixture

* Secrets: allowlist model auth fixture

* Secrets: allowlist model status fixtures

* Secrets: allowlist custom onboarding fixture

* Secrets: allowlist mattermost token summary fixtures

* Secrets: allowlist gateway auth suite fixtures

* Secrets: allowlist channel summary fixture

* Secrets: allowlist provider usage auth fixtures

* Secrets: allowlist media proxy fixture

* Secrets: allowlist secrets audit fixtures

* Secrets: refresh baseline after final fixture allowlists

* Feishu: prefer explicit client timeout

* Feishu: test direct timeout precedence
 2026-03-06 19:35:26 -05:00
Vincent Koc
455430a6f8
Dead code: remove unused helper modules (#38318) 
* Dead code: remove unused provider runtime policy helper

* Dead code: remove unused shared env writer

* Dead code: remove unused auth store path collector
 2026-03-06 17:53:02 -05:00
Vincent Koc
f392b81e95
Infra: require explicit opt-in for prerelease npm installs (#38117) 
* Infra: tighten npm registry spec parsing

* Infra: block implicit prerelease npm installs

* Plugins: cover prerelease install policy

* Infra: add npm registry spec tests

* Hooks: cover prerelease install policy

* Docs: clarify plugin guide version policy

* Docs: clarify plugin install version policy

* Docs: clarify hooks install version policy

* Docs: clarify hook pack version policy
 2026-03-06 11:13:30 -05:00
Octane
777af476cb
Respect source channel for agent event surfacing (#36030) 2026-03-06 01:14:00 -05:00
Josh Avant
0e4245063f
CLI: make read-only SecretRef status flows degrade safely (#37023) 
* CLI: add read-only SecretRef inspection

* CLI: fix read-only SecretRef status regressions

* CLI: preserve read-only SecretRef status fallbacks

* Docs: document read-only channel inspection hook

* CLI: preserve audit coverage for read-only SecretRefs

* CLI: fix read-only status account selection

* CLI: fix targeted gateway fallback analysis

* CLI: fix Slack HTTP read-only inspection

* CLI: align audit credential status checks

* CLI: restore Telegram read-only fallback semantics
 2026-03-05 23:07:13 -06:00
Vignesh Natarajan
05fb16d151 fix(agent): harden undici stream timeouts for long openai-completions runs 2026-03-05 19:44:11 -08:00
Vignesh Natarajan
604f22c42a fix(heartbeat): pin HEARTBEAT.md reads to workspace path 2026-03-05 18:52:39 -08:00
zerone0x
94fdee2eac
fix(memory-flush): ban timestamped variant files in default flush prompt (#34951) 
Merged via squash.

Prepared head SHA: efadda4988b460e6da07be72994d4951d64239d0
Co-authored-by: zerone0x <39543393+zerone0x@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 18:15:13 -08:00
Gustavo Madeira Santana
6dfd39c32f
Harden Telegram poll gating and schema consistency (#36547) 
Merged via squash.

Prepared head SHA: f77824419e3d166f727474a9953a063a2b4547f2
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 19:24:43 -05:00
Isis Anisoptera
432e0222dd
fix: restore auto-reply system events timeline (#34794) (thanks @anisoptera) (#34794) 
Co-authored-by: Ayaan Zaidi <zaidi@uplause.io>
 2026-03-05 07:56:14 +05:30
Vincent Koc
2b98cb6d8b
Fix gateway restart false timeouts on Debian/systemd (#34874) 
* daemon(systemd): target sudo caller user scope

* test(systemd): cover sudo user scope commands

* infra(ports): fall back to ss when lsof missing

* test(ports): verify ss fallback listener detection

* cli(gateway): use probe fallback for restart health

* test(gateway): cover restart-health probe fallback
 2026-03-04 10:52:33 -08:00
Shakker
698c200eba fix(outbound): fail media-only text-only adapter fallback 2026-03-04 18:42:21 +00:00