negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
18,023 Commits 1 Branch 0 Tags
4473242b4ffc8cc568ef7e4c7386dcd7e040dca4
Commit Graph

1634 Commits

Author SHA1 Message Date
Robin Waslander
a1520d70ff fix(gateway): propagate real gateway client into plugin subagent runtime 
Plugin subagent dispatch used a hardcoded synthetic client carrying
operator.admin, operator.approvals, and operator.pairing for all
runtime.subagent.* calls. Plugin HTTP routes with auth:"plugin" require
no gateway auth by design, so an unauthenticated external request could
drive admin-only gateway methods (sessions.delete, agent.run) through
the subagent runtime.

Propagate the real gateway client into the plugin runtime request scope
when one is available. Plugin HTTP routes now run inside a scoped
runtime client: auth:"plugin" routes receive a non-admin synthetic
operator.write client; gateway-authenticated routes retain admin-capable
scopes. The security boundary is enforced at the HTTP handler level.

Fixes GHSA-xw77-45gv-p728
 2026-03-11 14:17:01 +01:00
Robin Waslander
dafd61b5c1 fix(gateway): enforce caller-scope subsetting in device.token.rotate 
device.token.rotate accepted attacker-controlled scopes and forwarded
them to rotateDeviceToken without verifying the caller held those
scopes. A pairing-scoped token could rotate up to operator.admin on
any already-paired device whose approvedScopes included admin.

Add a caller-scope subsetting check before rotateDeviceToken: the
requested scopes must be a subset of client.connect.scopes via the
existing roleScopesAllow helper. Reject with missing scope: <scope>
if not.

Also add server.device-token-rotate-authz.test.ts covering both the
priv-esc path and the admin-to-node-invoke chain.

Fixes GHSA-4jpw-hj22-2xmc
 2026-03-11 14:16:59 +01:00
Peter Steinberger
c91d1622d5 fix(gateway): split conversation reset from admin reset 2026-03-11 02:50:44 +00:00
Josh Avant
0125ce1f44 Gateway: fail closed unresolved local auth SecretRefs (#42672) 
* Gateway: fail closed unresolved local auth SecretRefs

* Docs: align node-host gateway auth precedence

* CI: resolve rebase breakages in checks lanes

* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state

* Gateway: remove stale remote.enabled auth-surface semantics

* Changelog: note gateway SecretRef fail-closed fix
 2026-03-10 21:41:56 -05:00
Peter Steinberger
aad014c7c1 fix: harden subagent control boundaries 2026-03-11 01:44:38 +00:00
Peter Steinberger
68c674d37c refactor(security): simplify system.run approval model 2026-03-11 01:43:06 +00:00
Peter Steinberger
5716e52417 refactor: unify gateway credential planning 2026-03-11 01:37:25 +00:00
Peter Steinberger
7289c19f1a fix(security): bind system.run approvals to exact argv text 2026-03-11 01:25:31 +00:00
Peter Steinberger
702f6f3305 fix: fail closed for unresolved local gateway auth refs 2026-03-11 01:14:06 +00:00
Peter Steinberger
1df78202b9 refactor: share approval gateway client setup 2026-03-10 22:18:04 +00:00
Josh Avant
a76e810193 fix(gateway): harden token fallback/reconnect behavior and docs (#42507) 
* fix(gateway): harden token fallback and auth reconnect handling

* docs(gateway): clarify auth retry and token-drift recovery

* fix(gateway): tighten auth reconnect gating across clients

* fix: harden gateway token retry (#42507) (thanks @joshavant)
 2026-03-10 17:05:57 -05:00
PonyX-lab
53374394fb Fix stale runtime model reuse on session reset (#41173) 
Merged via squash.

Prepared head SHA: d8a04a466a3b110aa7d608cc1425a66fa65e326b
Co-authored-by: PonyX-lab <266766228+PonyX-lab@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-10 14:02:43 -07:00
Josh Avant
d30dc28b8c Secrets: reject exec SecretRef traversal ids across schema/runtime/gateway (#42370) 
* Secrets: harden exec SecretRef validation and reload LKG coverage

* Tests: harden exec fast-exit stdin regression case

* Tests: align lifecycle daemon test formatting with oxfmt 0.36
 2026-03-10 13:45:37 -05:00
Teconomix
6d0547dc2e mattermost: fix DM media upload for unprefixed user IDs (#29925) 
Merged via squash.

Prepared head SHA: 5cffcb072cc82394fe4c93d6c1c0c520325180b7
Co-authored-by: teconomix <6959299+teconomix@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-10 14:22:24 +05:30
futuremind2026
382287026b cron: record lastErrorReason in job state (#14382) 
Merged via squash.

Prepared head SHA: baa6b5d566a41950dea0a214881eef48697326d8
Co-authored-by: futuremind2026 <258860756+futuremind2026@users.noreply.github.com>
Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com>
Reviewed-by: @BunsDev
 2026-03-10 00:01:45 -05:00
Josh Avant
f0eb67923c fix(secrets): resolve web tool SecretRefs atomically at runtime 2026-03-09 22:57:03 -05:00
Harold Hunt
de49a8b72c Telegram: exec approvals for OpenCode/Codex (#37233) 
Merged via squash.

Prepared head SHA: f2433790941841ade0efe6292ff4909b2edd6f18
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Reviewed-by: @huntharo
 2026-03-09 23:04:35 -04:00
Val Alexander
6b87489890 Revert "feat(ui): add chat infrastructure modules (slice 1 of dashboard-v2)" 
This reverts commit 5a659b0b61.
 2026-03-09 18:47:44 -05:00
Val Alexander
5a659b0b61 feat(ui): add chat infrastructure modules (slice 1 of dashboard-v2) 
New self-contained chat modules extracted from dashboard-v2-structure:

- chat/slash-commands.ts: slash command definitions and completions
- chat/slash-command-executor.ts: execute slash commands via gateway RPC
- chat/slash-command-executor.node.test.ts: test coverage
- chat/speech.ts: speech-to-text (STT) support
- chat/input-history.ts: per-session input history navigation
- chat/pinned-messages.ts: pinned message management
- chat/deleted-messages.ts: deleted message tracking
- chat/export.ts: shared exportChatMarkdown helper
- chat-export.ts: re-export shim for backwards compat

Gateway fix:
- Restore usage/cost stripping in chat.history sanitization
- Add test coverage for sanitization behavior

These modules are additive and tree-shaken — no existing code
imports them yet. They will be wired in subsequent slices.
 2026-03-09 18:34:47 -05:00
Mariano
0c7f07818f acp: add regression coverage and smoke-test docs (#41456) 
Merged via squash.

Prepared head SHA: 514d5873520683efcca1542cbca1ee6ec645582b
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 22:40:14 +01:00
Mariano
1bc59cc09d Gateway: tighten node pending drain semantics (#41429) 
Merged via squash.

Prepared head SHA: 361c2eb5c84e3b532862d843536ca68b21336fb2
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 21:56:00 +01:00
Mariano
ef95975411 Gateway: add pending node work primitives (#41409) 
Merged via squash.

Prepared head SHA: a6d7ca90d71a33c6d634a6396d1e7ae40545ea66
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 21:42:57 +01:00
Mariano
d4e59a3666 Cron: enforce cron-owned delivery contract (#40998) 
Merged via squash.

Prepared head SHA: 5877389e33d5b3a518925b5793a6f6294cb3fb3d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 20:12:37 +01:00
xaeon2026
425bd89b48 Allow ACP sessions.patch lineage fields on ACP session keys (#40995) 
Merged via squash.

Prepared head SHA: c1191edc08618dec1826c57b75556c4e35ccccaf
Co-authored-by: xaeon2026 <264572156+xaeon2026@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 17:08:11 +01:00
Mariano
e3df94365b ACP: add optional ingress provenance receipts (#40473) 
Merged via squash.

Prepared head SHA: b63e46dd94479de611dab68868340aa18bdaff2f
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 04:19:03 +01:00
Radek Sienkiewicz
4f42c03a49 gateway: fix global Control UI 404s for symlinked wrappers and bundled package roots (#40385) 
Merged via squash.

Prepared head SHA: 567b3ed68434220bb319a940fa1b834a2f520ff5
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-03-09 01:50:42 +01:00
Mariano
e806c479f5 Gateway/iOS: replay queued foreground actions safely after resume (#40281) 
Merged via squash.

- Local validation: `pnpm exec vitest run --config vitest.gateway.config.ts src/gateway/server-methods/nodes.invoke-wake.test.ts`
- Local validation: `pnpm build`
- mb-server validation: `pnpm exec vitest run --config vitest.gateway.config.ts src/gateway/server-methods/nodes.invoke-wake.test.ts`
- mb-server validation: `pnpm build`
- mb-server validation: `pnpm protocol:check`
 2026-03-08 22:46:54 +01:00
Tyler Yust
38543d8196 fix(cron): consolidate announce delivery, fire-and-forget trigger, and minimal prompt mode (#40204) 
* fix(cron): consolidate announce delivery and detach manual runs

* fix: queue detached cron runs (#40204)
 2026-03-08 14:46:33 -07:00
Peter Steinberger
371c53b282 test: expand talk config contract fixtures 2026-03-08 18:40:14 +00:00
Peter Steinberger
2ed644f5d3 fix: require talk resolved payload 2026-03-08 18:40:14 +00:00
Peter Steinberger
dc5645d459 test: add talk config contract fixtures 2026-03-08 16:22:48 +00:00
Peter Steinberger
87640f9a61 fix: align talk config secret schemas 2026-03-08 16:22:48 +00:00
Tak Hoffman
d9e8e8ac15 fix: resolve live config paths in status and gateway metadata (#39952) 
* fix: resolve live config paths in status and gateway metadata

* fix: resolve remaining runtime config path references

* test: cover gateway config.set config path response
 2026-03-08 09:59:32 -05:00
Peter Steinberger
4e2290b841 refactor: add canonical talk config payload 2026-03-08 14:58:29 +00:00
dano does design
6ff7e8f42e talk: add configurable silence timeout 2026-03-08 14:30:25 +00:00
Ayaan Zaidi
46145fde19 fix(android): remove mic and screen foreground services 2026-03-08 16:25:49 +05:30
Ayaan Zaidi
0f9566b0b5 fix(android): remove self-update install flow 2026-03-08 16:25:49 +05:30
Ayaan Zaidi
930caeaafb fix(chat): preserve sender labels in dashboard history 2026-03-08 09:17:02 +05:30
Peter Steinberger
380eb1c072 refactor: reuse shared gateway probe auth 2026-03-08 03:02:25 +00:00
Peter Steinberger
9d7d961db8 fix: restore Telegram webhook-mode health after restarts 
Landed from contributor PR #39313 by @fellanH.

Co-authored-by: Felix Hellström <30758862+fellanH@users.noreply.github.com>
 2026-03-08 02:27:18 +00:00
Peter Steinberger
1e05f14f3a fix: land health-monitor disconnected reason label (#36436) (thanks @Sid-Qin) 2026-03-08 02:02:19 +00:00
SidQin-cyber
066d589b8a fix(gateway): distinguish disconnected from stuck in health-monitor restart reason 
resolveChannelRestartReason did not handle the "disconnected" evaluation
reason explicitly, so it fell through to "stuck". This conflates a clean
WebSocket drop (e.g. Discord 1006) with a genuinely stuck channel, making
logs misleading and preventing future policy differentiation.

Add "disconnected" to ChannelRestartReason and handle it before the
catch-all "stuck" return.

Closes #36404
 2026-03-08 02:02:19 +00:00
Peter Steinberger
08597e817d fix(ci): stabilize detect-secrets baseline 2026-03-08 01:25:15 +00:00
Peter Steinberger
da88d92099 fix(gateway): fail closed for config-first secretrefs 2026-03-08 01:13:28 +00:00
Peter Steinberger
f236742dc1 fix(gateway): block cached device token override fallback 2026-03-08 01:13:28 +00:00
Vincent Koc
ac02529844 Gateway Auth: allowlist connection auth precedence fixtures 2026-03-07 16:43:22 -08:00
Josh Avant
25252ab5ab gateway: harden shared auth resolution across systemd, discord, and node host 2026-03-07 18:28:32 -06:00
Vincent Koc
27b6b0c119 Gateway Secrets: allowlist unresolved secret ref label 2026-03-07 16:27:00 -08:00
Vincent Koc
a7c605ec4a Gateway Credentials: allowlist precedence fixtures 2026-03-07 16:27:00 -08:00
Vincent Koc
ace64831e0 Gateway Credentials: allowlist password fixtures 2026-03-07 16:27:00 -08:00