openclaw/src at 83689fc83837ac80837705cfd4b81aae0214afeb - openclaw - Gitea

Ayuriel/openclaw

History

Marco Di Dionisio 83689fc838 fix: include trusted-proxy in sharedAuthOk check

In trusted-proxy mode, sharedAuthResult is null because hasSharedAuth
only triggers for token/password in connectParams.auth. But the primary
auth (authResult) already validated the trusted-proxy — the connection
came from a CIDR in trustedProxies with a valid userHeader. This IS
shared auth semantically (the proxy vouches for identity), so operator
connections should be able to skip device identity.

Without this fix, trusted-proxy operator connections are rejected with
"device identity required" because roleCanSkipDeviceIdentity() sees
sharedAuthOk=false.

(cherry picked from commit e87048a6a650d391e1eb5704546eb49fac5f0091)

2026-02-24 04:33:51 +00:00

..

fix(acp): harden permission tool-name validation

2026-02-24 01:11:34 +00:00

fix(openrouter): skip reasoning effort injection for 'auto' routing model

2026-02-24 04:33:51 +00:00

fix(auto-reply): expand standalone stop phrases

2026-02-24 04:02:43 +00:00

refactor(browser): share relay token + options validation tests

2026-02-24 04:23:22 +00:00

test: tighten canvas host websocket watchdog timeouts

2026-02-21 23:02:44 +00:00

fix: harden legacy plugin schema compatibility tests (#24933 ) (thanks @pandego)

2026-02-24 03:50:53 +00:00

fix(cli): load plugin registry for configure and onboard commands (#17266 )

2026-02-24 04:33:50 +00:00

chore(status): clarify bootstrap file semantics

2026-02-24 04:17:56 +00:00

…

fix(config): add actionable guidance for dmPolicy open allowFrom mismatch

2026-02-24 04:33:50 +00:00

fix(cron): treat embedded error payloads as run failures

2026-02-24 04:33:50 +00:00

fix: back up existing systemd unit before overwriting on update (#24350 ) (#24937 )

2026-02-24 03:22:55 +00:00

test(discord): stabilize parent-info + doctor migration assertions (#25028 )

2026-02-24 04:10:52 +00:00

…

fix: include trusted-proxy in sharedAuthOk check

2026-02-24 04:33:51 +00:00

fix(agents): include SOUL.md, IDENTITY.md, USER.md in subagent/cron bootstrap allowlist

2026-02-24 04:04:35 +00:00

fix(security): harden account-key handling against prototype pollution

2026-02-24 01:09:31 +00:00

fix(hooks): decouple message:sent internal hook from mirror param

2026-02-24 04:20:30 +00:00

fix(security): harden account-key handling against prototype pollution

2026-02-24 01:09:31 +00:00

link-understanding

chore: remove verified dead code paths

2026-02-22 09:21:09 +01:00

fix(security): harden regex compilation for filters and redaction

2026-02-23 23:54:50 +00:00

test: dedupe channel and transport adapters

2026-02-21 21:44:01 +00:00

fix(security): harden session export image data-url handling

2026-02-24 02:53:39 +00:00

media-understanding

refactor: de-duplicate channel runtime and payload helpers

2026-02-23 21:25:28 +00:00

refactor: deduplicate shared helpers and test setup

2026-02-23 20:40:44 +00:00

fix(security): trust resolved skill-bin paths in allowlist auto-allow

2026-02-24 03:12:43 +00:00

refactor: de-duplicate channel runtime and payload helpers

2026-02-23 21:25:28 +00:00

refactor(security): unify dangerous name matching handling

2026-02-24 01:33:08 +00:00

fix(plugins): pass session context to before_compaction hook in subscribe handler

2026-02-24 04:33:50 +00:00

test: speed up supervisor test timing

2026-02-23 20:15:56 +00:00

Config: expand Kilo catalog and persist selected Kilo models (#24921 )

2026-02-23 21:17:37 -05:00

fix: normalize input peer.kind in resolveAgentRoute (#22730 )

2026-02-24 04:33:50 +00:00

test(scripts): dedupe a2ui temp fixture and cover skip-missing env path

2026-02-21 21:40:39 +00:00

Deny cron tool on /tools/invoke by default

2026-02-24 04:33:50 +00:00

Agents/Replies: scope done fallback to direct sessions

2026-02-22 13:30:30 -08:00

fix: scope Telegram RFC2544 SSRF exception to policy opt-in (#24982 ) (thanks @stakeswky)

2026-02-24 03:28:00 +00:00

fix(security): harden account-key handling against prototype pollution

2026-02-24 01:09:31 +00:00

refactor(security): unify dangerous name matching handling

2026-02-24 01:33:08 +00:00

fix: adapt landed fixups to current type and approval constraints

2026-02-24 04:20:30 +00:00

test(core): use lightweight clears in runtime and telegram setup

2026-02-22 08:09:14 +00:00

refactor: dedupe media and request-body test scaffolding

2026-02-22 18:37:25 +00:00

test: dedupe fixtures and test harness setup

2026-02-23 05:45:54 +00:00

test: streamline auto-reply and tts suites

2026-02-21 21:44:01 +00:00

test: dedupe fixtures and test harness setup

2026-02-23 05:45:54 +00:00

chore(deadcode): add deadcode scanning and remove unused lockfile deps (#22468 )

2026-02-21 01:29:20 -05:00

refactor!: remove google-antigravity provider support

2026-02-23 05:20:14 +01:00

fix(whatsapp): groupAllowFrom sender filter bypassed when groupPolicy is allowlist (#24670 )

2026-02-24 04:20:30 +00:00

WhatsApp: enforce allowFrom for explicit outbound sends (#20921 )

2026-02-22 18:13:23 -05:00

test: dedupe gateway browser discord and channel coverage

2026-02-22 17:11:54 +00:00

channel-web.ts

…

docker-image-digests.test.ts

…

docker-setup.test.ts

Docker: precreate identity dir in docker setup

2026-02-22 16:33:53 -08:00

dockerfile.test.ts

…

entry.ts

refactor(gateway): simplify restart flow and expand lock tests

2026-02-22 10:44:47 +01:00

extensionAPI.ts

…

globals.ts

…

index.ts

…

logger.test.ts

…

logger.ts

…

logging.ts

…

polls.test.ts

…

polls.ts

…

runtime.ts

…

utils.test.ts

fix(utils): guard resolveUserPath for missing workspace input

2026-02-22 13:19:25 +01:00

utils.ts

fix(utils): guard resolveUserPath for missing workspace input

2026-02-22 13:19:25 +01:00

version.test.ts

test(core): increase coverage for sessions, auth choice, and model listing

2026-02-22 14:08:51 +00:00

version.ts

…