Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20,686 Commits 756 Branches 79 Tags
Commit Graph

103 Commits

Author SHA1 Message Date
Vincent Koc
e56dde815e fix(web-search): split runtime provider resolution 2026-03-20 00:06:12 -07:00
Shakker
5036ed2699 fix(secrets): cover tavily in runtime coverage tests 2026-03-20 06:13:27 +00:00
Lakshya Agarwal
b36e456b09
feat: add Tavily as a bundled web search plugin with search and extract tools (#49200) 
Merged via squash.

Prepared head SHA: ece9226e886004f1e0536dd5de3ddc2946fc118c
Co-authored-by: lakshyaag-tavily <266572148+lakshyaag-tavily@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-20 01:06:26 -04:00
Shakker
03c86b3dee
fix(secrets): mock bundled web search providers in runtime tests 2026-03-20 03:48:13 +00:00
Shakker
218f8d74b6
fix(secrets): use bundled web search fast path during reload 2026-03-20 03:28:08 +00:00
Vincent Koc
d03c110a0a fix(ci): split secrets runtime integration coverage 2026-03-19 14:49:01 -07:00
Vincent Koc
83a267e2f3 fix(ci): reset deep test runtime state 2026-03-19 14:23:32 -07:00
Peter Steinberger
83c5bc946d fix: restore full gate stability 2026-03-19 03:36:03 +00:00
Peter Steinberger
f6928617b7 test: stabilize gate regressions 2026-03-18 15:36:32 +00:00
Peter Steinberger
c0c3c4824d fix: checkpoint gate fixes before rebase 2026-03-18 15:36:18 +00:00
Vincent Koc
fbd88e2c8f
Main recovery: restore formatter and contract checks (#49570) 
* Extensions: fix oxfmt drift on main

* Plugins: restore runtime barrel exports on main

* Config: restore web search compatibility types

* Telegram: align test harness with reply runtime

* Plugin SDK: fix channel config accessor generics

* CLI: remove redundant search provider casts

* Tests: restore main typecheck coverage

* Lobster: fix test import formatting

* Extensions: route bundled seams through plugin-sdk

* Tests: use extension env helper for xai

* Image generation: fix main oxfmt drift

* Config: restore latest main compatibility checks

* Plugin SDK: align guardrail tests with lint

* Telegram: type native command skill mock
 2026-03-18 00:30:01 -07:00
Tak Hoffman
112d1d3a7c
refactor web search config ownership into extensions 2026-03-17 23:39:51 -05:00
Josh Avant
0ffcc308f2
Secrets: gate exec dry-run and preflight resolution behind --allow-exec (#49417) 
* Secrets: gate exec dry-run resolution behind --allow-exec

* Secrets: fix dry-run completeness and skipped exec audit semantics

* Secrets: require --allow-exec for exec-containing apply writes

* Docs: align secrets exec consent behavior

* Changelog: note secrets exec consent gating
 2026-03-17 23:24:34 -05:00
Tak Hoffman
3de973ffff
refactor web search provider execution out of core 2026-03-17 23:07:19 -05:00
Josh Avant
e99963100d
CLI: expand config set with SecretRef/provider builders and dry-run (#49296) 
* CLI: expand config set ref/provider builder and dry-run

* Docs: revert README Discord token example
 2026-03-17 18:15:49 -05:00
Gustavo Madeira Santana
467dae53cf
Secrets: honor caller env during runtime validation 2026-03-16 12:31:44 +00:00
Peter Steinberger
ae60094fb5
refactor(plugins): move onboarding auth metadata to manifests 2026-03-15 23:47:16 -07:00
Peter Steinberger
5c120cb36c
refactor: make setup the primary wizard surface 2026-03-15 22:01:04 -07:00
Peter Steinberger
7a6be3d531
refactor(plugins): move auth and model policy to providers 2026-03-15 21:52:29 -07:00
Peter Steinberger
0a2f95916b
test: expand ssh sandbox coverage and docs 2026-03-15 21:38:22 -07:00
Peter Steinberger
b8bb8510a2
feat: move ssh sandboxing into core 2026-03-15 21:35:30 -07:00
Peter Steinberger
8ab01c5c93
refactor(core): land plugin auth and startup cleanup 2026-03-15 20:12:37 -07:00
Peter Steinberger
e8156c8281 feat(web-search): add plugin-backed search providers 2026-03-16 01:07:44 +00:00
Peter Steinberger
e762a57d62 refactor: share secrets audit model fixtures 2026-03-13 20:37:53 +00:00
Peter Steinberger
5cc751386d refactor: share web secret unresolved helpers 2026-03-13 20:19:39 +00:00
Vincent Koc
7844bc89a1
Security: require Feishu webhook encrypt key (#44087) 
* Feishu: require webhook encrypt key in schema

* Feishu: cover encrypt key webhook validation

* Feishu: enforce encrypt key at startup

* Feishu: add webhook forgery regression test

* Feishu: collect encrypt key during onboarding

* Docs: require Feishu webhook encrypt key

* Changelog: note Feishu webhook hardening

* Docs: clarify Feishu encrypt key screenshot

* Feishu: treat webhook encrypt key as secret input

* Feishu: resolve encrypt key only in webhook mode
 2026-03-12 11:01:00 -04:00
Luke
7761e7626f
Providers: add Opencode Go support (#42313) 
* feat(providers): add opencode-go provider support and onboarding

* Onboard: unify OpenCode auth handling openclaw#42313 thanks @ImLukeF

* Docs: merge OpenCode Zen and Go docs openclaw#42313 thanks @ImLukeF

* Update CHANGELOG.md

---------

Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-11 01:31:06 -04:00
Josh Avant
0125ce1f44
Gateway: fail closed unresolved local auth SecretRefs (#42672) 
* Gateway: fail closed unresolved local auth SecretRefs

* Docs: align node-host gateway auth precedence

* CI: resolve rebase breakages in checks lanes

* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state

* Gateway: remove stale remote.enabled auth-surface semantics

* Changelog: note gateway SecretRef fail-closed fix
 2026-03-10 21:41:56 -05:00
Peter Steinberger
5716e52417 refactor: unify gateway credential planning 2026-03-11 01:37:25 +00:00
Josh Avant
36d2ae2a22 SecretRef: harden custom/provider secret persistence and reuse (#42554) 
* Models: gate custom provider keys by usable secret semantics

* Config: project runtime writes onto source snapshot

* Models: prevent stale apiKey preservation for marker-managed providers

* Runner: strip SecretRef marker headers from resolved models

* Secrets: scan active agent models.json path in audit

* Config: guard runtime-source projection for unrelated configs

* Extensions: fix onboarding type errors in CI

* Tests: align setup helper account-enabled expectation

* Secrets audit: harden models.json file reads

* fix: harden SecretRef custom/provider secret persistence (#42554) (thanks @joshavant)
 2026-03-10 23:55:10 +00:00
Rodrigo Uroz
ff2e7a2945
fix(acp): strip provider auth env for child ACP processes (openclaw#42250) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-10 16:50:10 -05:00
pomelo-nwu
95eaa08781 refactor: rename bailian to modelstudio and fix review issues 
- Rename provider ID, constants, functions, CLI flags, and types from
  "bailian" to "modelstudio" to match the official English name
  "Alibaba Cloud Model Studio".
- Fix P2 bug: global endpoint variant now always overwrites baseUrl
  instead of silently preserving a stale CN URL.
- Fix P1 bug: add modelstudio entry to PROVIDER_ENV_VARS so
  secret-input-mode=ref no longer throws.
- Move Model Studio imports to top of onboard-auth.config-core.ts.
- Remove unused BAILIAN_BASE_URL export.

Made-with: Cursor
 2026-03-10 19:58:43 +00:00
Josh Avant
d30dc28b8c
Secrets: reject exec SecretRef traversal ids across schema/runtime/gateway (#42370) 
* Secrets: harden exec SecretRef validation and reload LKG coverage

* Tests: harden exec fast-exit stdin regression case

* Tests: align lifecycle daemon test formatting with oxfmt 0.36
 2026-03-10 13:45:37 -05:00
Josh Avant
f0eb67923c
fix(secrets): resolve web tool SecretRefs atomically at runtime 2026-03-09 22:57:03 -05:00
DevMac
4bb8104810 test(secrets): skip ACL-dependent runtime snapshot tests on windows 2026-03-09 05:38:54 +00:00
Peter Steinberger
41eef15cdc test: fix windows secrets runtime ci 2026-03-09 05:24:09 +00:00
Vincent Koc
eabda6e3a4 fix(tests): correct security check failure 2026-03-08 18:13:35 -07:00
bbblending
4ff4ed7ec9
fix(config): refresh runtime snapshot from disk after write. Fixes #37175 (#37313) 
Merged via squash.

Prepared head SHA: 69e1861abf97d20c787a790d37e68c9e3ae2cb1d
Co-authored-by: bbblending <122739024+bbblending@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-08 19:49:15 -04:00
Peter Steinberger
dc78725d47 test: stabilize exec resolver timeout fixture 2026-03-08 03:50:41 +00:00
Vincent Koc
e4d80ed556
CI: restore main detect-secrets scan (#38438) 
* Tests: stabilize detect-secrets fixtures

* Tests: fix rebased detect-secrets false positives

* Docs: keep snippets valid under detect-secrets

* Tests: finalize detect-secrets false-positive fixes

* Tests: reduce detect-secrets false positives

* Tests: keep detect-secrets pragmas inline

* Tests: remediate next detect-secrets batch

* Tests: tighten detect-secrets allowlists

* Tests: stabilize detect-secrets formatter drift
 2026-03-07 10:06:35 -08:00
Josh Avant
8e20dd22d8
Secrets: harden SecretRef-safe models.json persistence (#38955) 2026-03-07 11:28:39 -06:00
Peter Steinberger
3c71e2bd48 refactor(core): extract shared dedup helpers 2026-03-07 10:41:05 +00:00
Vincent Koc
42e3d8d693
Secrets: add inline allowlist review set (#38314) 
* Secrets: add inline allowlist review set

* Secrets: narrow detect-secrets file exclusions

* Secrets: exclude Docker fingerprint false positive

* Secrets: allowlist test and docs false positives

* Secrets: refresh baseline after allowlist updates

* Secrets: fix gateway chat fixture pragma

* Secrets: format pre-commit config

* Android: keep talk mode fixture JSON valid

* Feishu: rely on client timeout injection

* Secrets: allowlist provider auth test fixtures

* Secrets: allowlist onboard search fixtures

* Secrets: allowlist onboard mode fixture

* Secrets: allowlist gateway auth mode fixture

* Secrets: allowlist APNS wake test key

* Secrets: allowlist gateway reload fixtures

* Secrets: allowlist moonshot video fixture

* Secrets: allowlist auto audio fixture

* Secrets: allowlist tiny audio fixture

* Secrets: allowlist embeddings fixtures

* Secrets: allowlist resolve fixtures

* Secrets: allowlist target registry pattern fixtures

* Secrets: allowlist gateway chat env fixture

* Secrets: refresh baseline after fixture allowlists

* Secrets: reapply gateway chat env allowlist

* Secrets: reapply gateway chat env allowlist

* Secrets: stabilize gateway chat env allowlist

* Secrets: allowlist runtime snapshot save fixture

* Secrets: allowlist oauth profile fixtures

* Secrets: allowlist compaction identifier fixture

* Secrets: allowlist model auth fixture

* Secrets: allowlist model status fixtures

* Secrets: allowlist custom onboarding fixture

* Secrets: allowlist mattermost token summary fixtures

* Secrets: allowlist gateway auth suite fixtures

* Secrets: allowlist channel summary fixture

* Secrets: allowlist provider usage auth fixtures

* Secrets: allowlist media proxy fixture

* Secrets: allowlist secrets audit fixtures

* Secrets: refresh baseline after final fixture allowlists

* Feishu: prefer explicit client timeout

* Feishu: test direct timeout precedence
 2026-03-06 19:35:26 -05:00
Vincent Koc
455430a6f8
Dead code: remove unused helper modules (#38318) 
* Dead code: remove unused provider runtime policy helper

* Dead code: remove unused shared env writer

* Dead code: remove unused auth store path collector
 2026-03-06 17:53:02 -05:00
Josh Avant
0e4245063f
CLI: make read-only SecretRef status flows degrade safely (#37023) 
* CLI: add read-only SecretRef inspection

* CLI: fix read-only SecretRef status regressions

* CLI: preserve read-only SecretRef status fallbacks

* Docs: document read-only channel inspection hook

* CLI: preserve audit coverage for read-only SecretRefs

* CLI: fix read-only status account selection

* CLI: fix targeted gateway fallback analysis

* CLI: fix Slack HTTP read-only inspection

* CLI: align audit credential status checks

* CLI: restore Telegram read-only fallback semantics
 2026-03-05 23:07:13 -06:00
Josh Avant
72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094) 2026-03-05 12:53:56 -06:00
joshavant
a9969e641a
docs: fix secretref marker rendering in credential surface 2026-03-03 15:08:41 -06:00
joshavant
490670128b
fix(docs): avoid MDX regex markers in secretref page 2026-03-03 14:00:09 -06:00
joshavant
70c6bc8581
fix(docs): use MDX-safe secretref markers 2026-03-03 13:54:03 -06:00
Peter Steinberger
2d67c9b2a0 fix: repair Feishu reset hook typing and stabilize secret resolver timeout 2026-03-03 05:06:08 +00:00