Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
openclaw/src
History
Kevin Shenghui 9c142993b8 fix: preserve operator scopes for shared auth connections 
When connecting via shared gateway token (no device identity),
the operator scopes were being cleared, causing API operations
to fail with 'missing scope' errors.

This fix preserves scopes when sharedAuthOk is true, allowing
headless/API operator clients to retain their requested scopes.

Fixes #27494

(cherry picked from commit c71c8948bd693de0391f861c31d4d6c2cce96061)
2026-02-26 13:40:58 +00:00
..
acp
feat: ACP thread-bound agents (#23580)
2026-02-26 11:00:09 +01:00
agents
fix: enable store=true for Azure OpenAI Responses API
2026-02-26 13:40:58 +00:00
auto-reply
fix(typing): force cleanup when dispatch idle is never received
2026-02-26 13:40:58 +00:00
browser
refactor(browser): split act route modules and dedupe path guards
2026-02-26 01:21:34 +01:00
canvas-host
channels
refactor(security): centralize channel allowlist auth policy
2026-02-26 13:06:33 +01:00
cli
fix(sessions): add fix-missing cleanup path for orphaned store entries
2026-02-26 13:40:58 +00:00
commands
fix(sessions): add fix-missing cleanup path for orphaned store entries
2026-02-26 13:40:58 +00:00
compat
config
fix(config): warn and ignore unknown plugin entry keys
2026-02-26 13:40:58 +00:00
cron
refactor(reply): split abort cutoff and timeout policy modules
2026-02-26 14:00:35 +01:00
daemon
Daemon tests: guard undefined runtime status
2026-02-26 03:24:48 -05:00
discord
Doctor: keep allowFrom account-scoped in multi-account configs
2026-02-26 05:34:58 -05:00
docs
gateway
fix: preserve operator scopes for shared auth connections
2026-02-26 13:40:58 +00:00
hooks
refactor: unify boundary hardening for file reads
2026-02-26 13:04:37 +01:00
imessage
refactor(security): centralize channel allowlist auth policy
2026-02-26 13:06:33 +01:00
infra
fix(gateway): pin paired reconnect metadata for node policy
2026-02-26 14:11:04 +01:00
line
fix(security): keep DM pairing allowlists out of group auth
2026-02-26 12:58:18 +01:00
link-understanding
chore: remove verified dead code paths
2026-02-22 09:21:09 +01:00
logging
fix(security): harden regex compilation for filters and redaction
2026-02-23 23:54:50 +00:00
markdown
fix(markdown): require paired || delimiters for spoiler detection (#26105)
2026-02-25 04:54:51 +00:00
media
refactor(tmp): harden temp boundary guardrails
2026-02-24 23:51:10 +00:00
media-understanding
fix(security): lock sandbox tmp media paths to openclaw roots
2026-02-24 23:10:19 +00:00
memory
refactor: deduplicate shared helpers and test setup
2026-02-23 20:40:44 +00:00
node-host
fix(security): harden approval-bound node exec cwd handling
2026-02-26 04:14:11 +01:00
pairing
pairing: enforce strict account-scoped state
2026-02-26 00:31:24 -05:00
plugin-sdk
feat: ACP thread-bound agents (#23580)
2026-02-26 11:00:09 +01:00
plugins
fix(plugins): fallback bundled channel specs when npm install returns 404 (#12849)
2026-02-26 08:06:54 -05:00
process
fix(queue): harden drain/abort/timeout race handling
2026-02-26 13:43:39 +01:00
providers
Config: expand Kilo catalog and persist selected Kilo models (#24921)
2026-02-23 21:17:37 -05:00
routing
fix(core): unify session-key normalization and plugin boundary checks
2026-02-26 12:41:23 +00:00
scripts
security
refactor(security): centralize channel allowlist auth policy
2026-02-26 13:06:33 +01:00
sessions
fix(core): unify session-key normalization and plugin boundary checks
2026-02-26 12:41:23 +00:00
shared
fix(ssrf): unify ipv6 special-use blocking
2026-02-26 03:43:42 +01:00
signal
refactor: unify reaction ingress policy guards across channels
2026-02-26 01:34:47 +01:00
slack
fix(slack): gate member and message subtype system events
2026-02-26 12:48:20 +01:00
telegram
fix(telegram): degrade command sync on BOT_COMMANDS_TOO_MUCH
2026-02-26 13:40:58 +00:00
terminal
test(core): use lightweight clears in runtime and telegram setup
2026-02-22 08:09:14 +00:00
test-helpers
refactor: dedupe media and request-body test scaffolding
2026-02-22 18:37:25 +00:00
test-utils
test: dedupe fixtures and test harness setup
2026-02-23 05:45:54 +00:00
tts
tui
test: fix post-merge config and tui command-handler tests
2026-02-24 04:38:21 +00:00
types
utils
refactor!: remove google-antigravity provider support
2026-02-23 05:20:14 +01:00
web
fix: suppress reasoning payload leakage in whatsapp replies
2026-02-25 01:36:37 +00:00
whatsapp
WhatsApp: enforce allowFrom for explicit outbound sends (#20921)
2026-02-22 18:13:23 -05:00
wizard
fix(onboard): seed Control UI origins for non-loopback binds (land #26157, thanks @stakeswky)
2026-02-26 12:13:20 +00:00
channel-web.ts
docker-image-digests.test.ts
docker-setup.test.ts
fix: harden Docker/GCP onboarding flow (#26253) (thanks @pandego)
2026-02-26 04:46:18 +00:00
dockerfile.test.ts
fix: harden Docker/GCP onboarding flow (#26253) (thanks @pandego)
2026-02-26 04:46:18 +00:00
entry.ts
refactor(gateway): simplify restart flow and expand lock tests
2026-02-22 10:44:47 +01:00
extensionAPI.ts
globals.ts
index.ts
logger.test.ts
logger.ts
logging.ts
polls.test.ts
polls.ts
runtime.ts
utils.test.ts
fix(utils): guard resolveUserPath for missing workspace input
2026-02-22 13:19:25 +01:00
utils.ts
fix(utils): guard resolveUserPath for missing workspace input
2026-02-22 13:19:25 +01:00
version.test.ts
test(core): increase coverage for sessions, auth choice, and model listing
2026-02-22 14:08:51 +00:00
version.ts