Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,204 Commits 756 Branches 79 Tags
Commit Graph

1163 Commits

Author SHA1 Message Date
Peter Steinberger
cceefe833a fix: harden delivery recovery backoff eligibility and tests (#27710) (thanks @Jimmy-xuzimo) 2026-02-26 21:37:00 +00:00
Xu Zimo
0cfd448bab fix(delivery-queue): change break to continue to prevent head-of-line blocking 
When an entry's backoff exceeds the recovery budget, the code was using
break which blocked all subsequent entries from being processed. This
caused permanent queue blockage for any installation with a delivery entry
at retryCount >= 2.

Fix: Changed break to continue so entries whose backoff exceeds the
remaining budget are skipped individually rather than blocking the
entire loop.

Closes #27638
 2026-02-26 21:37:00 +00:00
Peter Steinberger
df65ed7e9e test(gateway): align outbound session assertion shape 2026-02-26 22:14:32 +01:00
Peter Steinberger
4e690e09c7 refactor(gateway): centralize system.run approval context and errors 2026-02-26 22:01:16 +01:00
Peter Steinberger
d06632ba45 refactor(gateway): share node command catalog 2026-02-26 22:01:06 +01:00
Peter Steinberger
78a7ff2d50 fix(security): harden node exec approvals against symlink rebind 2026-02-26 21:47:45 +01:00
Peter Steinberger
a1628d89ec refactor: unify outbound session context wiring 2026-02-26 21:03:28 +01:00
Peter Steinberger
4cb4053993 fix: complete sessionKey forwarding for message:sent hook (#27584) (thanks @qualiobra) 2026-02-26 19:56:27 +00:00
Lucas Teixeira Campos Araujo
a4408a917e fix: pass sessionKey to deliverOutboundPayloads for message:sent hook dispatch 
Several call sites of deliverOutboundPayloads() were not passing the
sessionKey parameter, causing the internal message:sent hook to never
fire (the guard `if (!sessionKeyForInternalHooks) return` in deliver.ts
silently skipped the triggerInternalHook call).

Fixed call sites:
- commands/agent/delivery.ts (agent loop replies — main fix)
- infra/heartbeat-runner.ts (heartbeat OK + alert delivery)
- infra/outbound/message.ts (message tool sends)
- cron/isolated-agent/delivery-dispatch.ts (cron job delivery)
- gateway/server-node-events.ts (node event forwarding)

The sessionKey parameter already existed in DeliverOutboundPayloadsCoreParams
and was used by deliver.ts to emit the message:sent internal hook event,
but was simply not being passed from most callers.
 2026-02-26 19:56:27 +00:00
Shakker
f7041fbee3
fix(windows): normalize namespaced path containment checks 2026-02-26 18:49:48 +00:00
Peter Steinberger
10481097f8 refactor(security): enforce v1 node exec approval binding 2026-02-26 18:09:01 +01:00
Peter Steinberger
4894d907fa refactor(exec-approvals): unify system.run binding and generate host env policy 2026-02-26 16:58:01 +01:00
Peter Steinberger
4da6a7f212 refactor(restart): extract stale pid cleanup and supervisor markers 2026-02-26 16:39:27 +01:00
Peter Steinberger
9a4b2266cc fix(security): bind node system.run approvals to env 2026-02-26 16:38:07 +01:00
SidQin-cyber
63c6080d50 fix: clean stale gateway PIDs before triggerOpenClawRestart calls launchctl/systemctl 
When the /restart command runs inside an embedded agent process (no
SIGUSR1 listener), it falls through to triggerOpenClawRestart() which
calls launchctl kickstart -k directly — bypassing the pre-restart port
cleanup added in #27013. If the gateway was started via TUI/CLI, the
orphaned process still holds the port and the new launchd instance
crash-loops.

Add synchronous stale-PID detection (lsof) and termination
(SIGTERM→SIGKILL) inside triggerOpenClawRestart() itself, so every
caller — including the embedded agent /restart path — gets port cleanup
before the service manager restart command fires.

Closes #26736

Made-with: Cursor
 2026-02-26 15:22:35 +00:00
taw0002
792ce7b5b4 fix: detect OpenClaw-managed launchd/systemd services in process respawn 
restartGatewayProcessWithFreshPid() checks SUPERVISOR_HINT_ENV_VARS to
decide whether to let the supervisor handle the restart (mode=supervised)
or to fork a detached child (mode=spawned). The existing list only had
native launchd vars (LAUNCH_JOB_LABEL, LAUNCH_JOB_NAME) and systemd vars
(INVOCATION_ID, SYSTEMD_EXEC_PID, JOURNAL_STREAM).

macOS launchd does NOT automatically inject LAUNCH_JOB_LABEL into the
child environment. OpenClaw's own plist generator (buildServiceEnvironment
in service-env.ts) sets OPENCLAW_LAUNCHD_LABEL instead. So on stock macOS
LaunchAgent installs, isLikelySupervisedProcess() returned false, causing
the gateway to fork a detached child on SIGUSR1 restart. The original
process then exits, launchd sees its child died, respawns a new instance
which finds the orphan holding the port — infinite crash loop.

Fix: add OPENCLAW_LAUNCHD_LABEL, OPENCLAW_SYSTEMD_UNIT, and
OPENCLAW_SERVICE_MARKER to the supervisor hint list. These are set by
OpenClaw's own service environment builders for both launchd and systemd
and are the reliable supervised-mode signals.

Fixes #27605
 2026-02-26 15:21:23 +00:00
Peter Steinberger
7d8aeaaf06 fix(gateway): pin paired reconnect metadata for node policy 2026-02-26 14:11:04 +01:00
Peter Steinberger
7b5153f214 refactor: dedupe boundary-path canonical checks 2026-02-26 14:04:47 +01:00
Peter Steinberger
1aef45bc06 fix: harden boundary-path canonical alias handling 2026-02-26 13:43:29 +01:00
Peter Steinberger
e3385a6578 fix(security): harden root file guards and host writes 2026-02-26 13:32:58 +01:00
Peter Steinberger
4fd29a35bb fix: block broken-symlink sandbox path escapes 2026-02-26 13:30:45 +01:00
Peter Steinberger
46eba86b45 fix: harden workspace boundary path resolution 2026-02-26 13:19:59 +01:00
Peter Steinberger
eac86c2081 refactor: unify boundary hardening for file reads 2026-02-26 13:04:37 +01:00
Peter Steinberger
da0ba1b73a fix(security): harden channel auth path checks and exec approval routing 2026-02-26 12:46:05 +01:00
Peter Steinberger
242188b7b1 refactor: unify boundary-safe reads for bootstrap and includes 2026-02-26 12:42:14 +01:00
Peter Steinberger
46003e85bf fix: unify web tool proxy path (#27430) (thanks @kevinWangSheng) 2026-02-26 11:32:43 +00:00
Peter Steinberger
9925ac6a2d fix(config): harden include file loading path checks 2026-02-26 12:23:31 +01:00
Onur Solmaz
a7d56e3554
feat: ACP thread-bound agents (#23580) 
* docs: add ACP thread-bound agents plan doc

* docs: expand ACP implementation specification

* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup

* feat(acp): add /acp commands and Discord spawn gate

* ACP: add acpx runtime plugin backend

* fix(subagents): defer transient lifecycle errors before announce

* Agents: harden ACP sessions_spawn and tighten spawn guidance

* Agents: require explicit ACP target for runtime spawns

* docs: expand ACP control-plane implementation plan

* ACP: harden metadata seeding and spawn guidance

* ACP: centralize runtime control-plane manager and fail-closed dispatch

* ACP: harden runtime manager and unify spawn helpers

* Commands: route ACP sessions through ACP runtime in agent command

* ACP: require persisted metadata for runtime spawns

* Sessions: preserve ACP metadata when updating entries

* Plugins: harden ACP backend registry across loaders

* ACPX: make availability probe compatible with adapters

* E2E: add manual Discord ACP plain-language smoke script

* ACPX: preserve streamed spacing across Discord delivery

* Docs: add ACP Discord streaming strategy

* ACP: harden Discord stream buffering for thread replies

* ACP: reuse shared block reply pipeline for projector

* ACP: unify streaming config and adopt coalesceIdleMs

* Docs: add temporary ACP production hardening plan

* Docs: trim temporary ACP hardening plan goals

* Docs: gate ACP thread controls by backend capabilities

* ACP: add capability-gated runtime controls and /acp operator commands

* Docs: remove temporary ACP hardening plan

* ACP: fix spawn target validation and close cache cleanup

* ACP: harden runtime dispatch and recovery paths

* ACP: split ACP command/runtime internals and centralize policy

* ACP: harden runtime lifecycle, validation, and observability

* ACP: surface runtime and backend session IDs in thread bindings

* docs: add temp plan for binding-service migration

* ACP: migrate thread binding flows to SessionBindingService

* ACP: address review feedback and preserve prompt wording

* ACPX plugin: pin runtime dependency and prefer bundled CLI

* Discord: complete binding-service migration cleanup and restore ACP plan

* Docs: add standalone ACP agents guide

* ACP: route harness intents to thread-bound ACP sessions

* ACP: fix spawn thread routing and queue-owner stall

* ACP: harden startup reconciliation and command bypass handling

* ACP: fix dispatch bypass type narrowing

* ACP: align runtime metadata to agentSessionId

* ACP: normalize session identifier handling and labels

* ACP: mark thread banner session ids provisional until first reply

* ACP: stabilize session identity mapping and startup reconciliation

* ACP: add resolved session-id notices and cwd in thread intros

* Discord: prefix thread meta notices consistently

* Discord: unify ACP/thread meta notices with gear prefix

* Discord: split thread persona naming from meta formatting

* Extensions: bump acpx plugin dependency to 0.1.9

* Agents: gate ACP prompt guidance behind acp.enabled

* Docs: remove temp experiment plan docs

* Docs: scope streaming plan to holy grail refactor

* Docs: refactor ACP agents guide for human-first flow

* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow

* Docs/Skill: add OpenCode and Pi to ACP harness lists

* Docs/Skill: align ACP harness list with current acpx registry

* Dev/Test: move ACP plain-language smoke script and mark as keep

* Docs/Skill: reorder ACP harness lists with Pi first

* ACP: split control-plane manager into core/types/utils modules

* Docs: refresh ACP thread-bound agents plan

* ACP: extract dispatch lane and split manager domains

* ACP: centralize binding context and remove reverse deps

* Infra: unify system message formatting

* ACP: centralize error boundaries and session id rendering

* ACP: enforce init concurrency cap and strict meta clear

* Tests: fix ACP dispatch binding mock typing

* Tests: fix Discord thread-binding mock drift and ACP request id

* ACP: gate slash bypass and persist cleared overrides

* ACPX: await pre-abort cancel before runTurn return

* Extension: pin acpx runtime dependency to 0.1.11

* Docs: add pinned acpx install strategy for ACP extension

* Extensions/acpx: enforce strict local pinned startup

* Extensions/acpx: tighten acp-router install guidance

* ACPX: retry runtime test temp-dir cleanup

* Extensions/acpx: require proactive ACPX repair for thread spawns

* Extensions/acpx: require restart offer after acpx reinstall

* extensions/acpx: remove workspace protocol devDependency

* extensions/acpx: bump pinned acpx to 0.1.13

* extensions/acpx: sync lockfile after dependency bump

* ACPX: make runtime spawn Windows-safe

* fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
 2026-02-26 11:00:09 +01:00
Ayaan Zaidi
30fd2bbe19 fix(ssrf): honor global family policy for pinned dispatcher 2026-02-26 14:57:15 +05:30
Peter Steinberger
e915b4c64a refactor: unify monitor abort lifecycle handling 2026-02-26 04:36:25 +01:00
Peter Steinberger
de61e9c977 refactor(security): unify path alias guard policies 2026-02-26 03:59:17 +01:00
Peter Steinberger
8a006a3260 feat(heartbeat): add directPolicy and restore default direct delivery 2026-02-26 03:57:03 +01:00
Peter Steinberger
1e7ec8bfd2 fix(routing): preserve explicit cron account and bound message defaults 
Co-authored-by: lbo728 <72309817+lbo728@users.noreply.github.com>
Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com>
 2026-02-26 02:56:03 +00:00
Peter Steinberger
92eb3dfc9d refactor(security): unify exec approval request matching 2026-02-26 03:54:37 +01:00
Peter Steinberger
61b3246a7f fix(ssrf): unify ipv6 special-use blocking 2026-02-26 03:43:42 +01:00
Peter Steinberger
04d91d0319 fix(security): block workspace hardlink alias escapes 2026-02-26 03:42:54 +01:00
Peter Steinberger
03e689fc89 fix(security): bind system.run approvals to argv identity 2026-02-26 03:41:31 +01:00
Peter Steinberger
baf656bc6f fix: block IPv6 multicast SSRF bypass 2026-02-26 03:35:10 +01:00
Peter Steinberger
1f004e6640 refactor(tmp): simplify trusted tmp dir state checks 2026-02-26 02:46:53 +01:00
Peter Steinberger
aaeed3c4ea test(agents): add missing announce delivery regressions 2026-02-26 00:38:34 +00:00
Peter Steinberger
4258a3307f refactor(agents): unify subagent announce delivery pipeline 
Co-authored-by: Smith Labs <SmithLabsLLC@users.noreply.github.com>
Co-authored-by: Do Cao Hieu <docaohieu2808@users.noreply.github.com>
 2026-02-26 00:30:44 +00:00
Peter Steinberger
f41715a18f refactor(browser): split act route modules and dedupe path guards 2026-02-26 01:21:34 +01:00
Peter Steinberger
496a76c03b fix(security): harden browser trace/download temp path handling 2026-02-26 01:04:05 +01:00
Peter Steinberger
2011edc9e5 fix(gateway): preserve agentId through gateway send path 
Landed from #23249 by @Sid-Qin.
Includes extra regression tests for agentId precedence + blank fallback.

Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
 2026-02-25 23:31:35 +00:00
Peter Steinberger
45b5c35b21 test: fix CI failures in heartbeat and typing tests 2026-02-25 02:28:42 +00:00
Peter Steinberger
24d7612ddf refactor(heartbeat): harden dm delivery classification 2026-02-25 02:13:07 +00:00
Peter Steinberger
885452f5c1 fix: fail-closed shared-session reply routing (#24571) (thanks @brandonwise) 2026-02-25 02:11:34 +00:00
Peter Steinberger
a805d6b439 fix(heartbeat): block dm targets and internalize blocked prompts 2026-02-25 02:05:45 +00:00
Brandon Wise
389ccda0f6 fix: remove unused DeliverableMessageChannel import 2026-02-25 01:41:31 +00:00
Brandon Wise
f35c902bd6 style: fix oxfmt formatting in targets.test.ts 2026-02-25 01:41:31 +00:00