negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
16,148 Commits 1 Branch 0 Tags
a8fe8b6bf87c19a04ca084b15e71f6f877c07881
Commit Graph

16148 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
a8fe8b6bf8 test(guardrails): exclude suite files and harden auth temp identity naming 2026-03-02 18:21:13 +00:00
Peter Steinberger
82f01d6081 perf(runtime): reduce startup import overhead in logging and schema validation 2026-03-02 18:21:13 +00:00
Sid
41c8734afd fix(gateway): move plugin HTTP routes before Control UI SPA catch-all (#31885) 
* fix(gateway): move plugin HTTP routes before Control UI SPA catch-all

The Control UI handler (`handleControlUiHttpRequest`) acts as an SPA
catch-all that matches every path, returning HTML for GET requests and
405 for other methods.  Because it ran before `handlePluginRequest` in
the request chain, any plugin HTTP route that did not live under
`/plugins` or `/api` was unreachable — shadowed by the catch-all.

Reorder the handlers so plugin routes are evaluated first.  Core
built-in routes (hooks, tools, Slack, Canvas, etc.) still take
precedence because they are checked even earlier in the chain.
Unmatched plugin paths continue to fall through to Control UI as before.

Closes #31766

* fix: add changelog for plugin route precedence landing (#31885) (thanks @Sid-Qin)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-03-02 18:16:14 +00:00
Peter Steinberger
cf5702233c docs(security)!: document messaging-only onboarding default and hook/model risk 2026-03-02 18:15:49 +00:00
Mark L
718d418b32 fix(daemon): harden launchd plist with umask 077 (#31919) 
* fix(daemon): add launchd umask hardening

* fix: finalize launchd umask changelog + thanks (#31919) (thanks @liuxiaopai-ai)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-03-02 18:13:41 +00:00
Peter Steinberger
16df7ef4a9 feat(onboarding)!: default tools profile to messaging 2026-03-02 18:12:11 +00:00
Mark L
9b8e642475 Config: newline-join sandbox setupCommand arrays (#31953) 2026-03-02 18:11:32 +00:00
bmendonca3
8b27582509 fix(cli): apply --profile before dotenv bootstrap in runCli (#31950) 
Co-authored-by: bmendonca3 <bmendonca3@users.noreply.github.com>
 2026-03-02 18:09:45 +00:00
bmendonca3
a6489ab5e9 fix(agents): cap openai-completions tool call ids to provider-safe format (#31947) 
Co-authored-by: bmendonca3 <bmendonca3@users.noreply.github.com>
 2026-03-02 18:08:20 +00:00
Peter Steinberger
83c8406f01 refactor(security): split gateway auth suites and share safe write path checks 2026-03-02 18:07:03 +00:00
Peter Steinberger
602f6439bd test(memory): stabilize windows qmd spawn expectation 2026-03-02 18:06:12 +00:00
Peter Steinberger
1c9deeda97 refactor: split webhook ingress and policy guards 2026-03-02 18:02:21 +00:00
Peter Steinberger
fc0d374390 test(perf): drop duplicate gateway config patch validation case 2026-03-02 18:00:11 +00:00
Peter Steinberger
0ebe0480fa test(perf): replace relay fixed sleeps with condition waits 2026-03-02 17:55:47 +00:00
Peter Steinberger
8ae8056622 test(perf): trim telegram webhook artificial delay windows 2026-03-02 17:48:36 +00:00
Peter Steinberger
54382a66b4 test(perf): bypass matrix send queue delay in send tests 2026-03-02 17:46:31 +00:00
Peter Steinberger
d7ae61c412 test(gateway): fix trusted-proxy control-ui auth test origin config 2026-03-02 17:45:45 +00:00
Peter Steinberger
b07589642d test(perf): remove redundant acpx healthy-command case 2026-03-02 17:41:51 +00:00
Peter Steinberger
26b8e6d510 test(perf): avoid cron min-refire delay in auto-run coverage 2026-03-02 17:41:51 +00:00
Peter Steinberger
e339c75d5d style(docs): format faq markdown spacing 2026-03-02 17:38:11 +00:00
Peter Steinberger
7dac9b05dd fix(security): harden zip write race handling 2026-03-02 17:38:11 +00:00
Peter Steinberger
eb35fb745d docs: remove provider recommendation language 2026-03-02 17:33:38 +00:00
Peter Steinberger
b9e820b7ed test(perf): cut exec approval metadata test timeout 2026-03-02 17:33:06 +00:00
Peter Steinberger
aee27d0e38 refactor(security): table-drive wrapper approval pinning tests 2026-03-02 17:30:48 +00:00
Peter Steinberger
34ff873a7e test(perf): trim fixed waits in relay and startup tests 2026-03-02 17:30:33 +00:00
Peter Steinberger
310dd24ce3 test(perf): clean acpx runtime fixtures at suite end 2026-03-02 17:30:33 +00:00
Peter Steinberger
d4bf07d075 refactor(security): unify hardened install and fs write flows 2026-03-02 17:23:29 +00:00
Peter Steinberger
d3e8b17aa6 fix: harden webhook auth-before-body handling 2026-03-02 17:21:09 +00:00
Peter Steinberger
dded569626 fix(security): preserve system.run wrapper approval semantics 2026-03-02 17:20:52 +00:00
Peter Steinberger
104d32bb64 fix(security): unify root-bound write hardening 2026-03-02 17:12:33 +00:00
Peter Steinberger
be3a62c5e0 test(perf): defer delivery queue fixture cleanup to suite end 2026-03-02 17:10:55 +00:00
Hiren Thakore
193ad2f4f0 fix: handle PowerShell execution policy on Windows install (#24794) 
* fix: add Arch Linux support to install.sh (GH#8051)

* fix: handle PowerShell execution policy on Windows install (GH#24784)
 2026-03-02 11:09:01 -06:00
Dalomeve
a0e11e63fe docs(faq): add Windows exec encoding troubleshooting (#30736) 
Co-authored-by: dalomeve <dalomeve@users.noreply.github.com>
 2026-03-02 11:08:26 -06:00
Peter Steinberger
07b16d5ad0 fix(security): harden workspace bootstrap boundary reads 2026-03-02 17:07:36 +00:00
Mark L
67b2dde7c5 Docs: add WSL2 boot auto-start guide (#31616) 2026-03-02 11:07:15 -06:00
Glucksberg
7a55a3ca07 fix(install): correct Windows PATH troubleshooting docs (#28102) 
* fix(install): correct Windows PATH troubleshooting — no \bin suffix needed (closes #19921)

* fix(docs): apply same PATH fix to FAQ
 2026-03-02 11:07:07 -06:00
Peter Steinberger
11562c452a test(perf): avoid unused heartbeat fixture file writes 2026-03-02 17:01:40 +00:00
Val Alexander
eb2e20c994 fix(ui): preserve margin-top: 0 for onboarding mode 
- Change margin from -12px -16px -32px to 0 -16px -32px
- Preserves zero top offset required for onboarding mode
- Prevents clipping of top edge/actions area when padding-top: 0
 2026-03-02 11:01:27 -06:00
Val Alexander
24a13c05b3 fix(ui): add mobile responsive margins and overflow fallback 
- Add margin: 0 for mobile viewports (<=600px, <=400px) to prevent clipping
- Add overflow: hidden fallback for older browsers (Safari <16, Firefox <81)
- Fixes mobile regression where negative margins over-cancel padding

Addresses issue where save button was clipped on mobile due to
hard-coded desktop negative margins not accounting for mobile's
smaller content padding (4px 4px 16px).
 2026-03-02 11:01:27 -06:00
SidQin-cyber
20c36f7e84 fix(ui): prevent config page save button from being clipped by overflow 
The config-layout used a uniform margin: -16px that did not match the
parent .content padding (12px 16px 32px), causing the right edge of the
actions bar—including the Save button—to extend into the overflow-hidden
region on systems with non-overlay scrollbars (e.g. Ubuntu/GTK).

Changes:
- Match negative margin to actual .content padding (-12px -16px -32px).
- Use overflow: clip instead of overflow: hidden on .config-main so it
  does not create a scroll container that shifts the stacking context.
- Add flex-shrink: 0 and position: relative on .config-actions to
  guarantee the actions bar is never collapsed or layered behind the
  scrollable content area.

Closes #31658
 2026-03-02 11:01:27 -06:00
Peter Steinberger
db7a8a6982 test(perf): reuse delivery queue suite temp root 2026-03-02 16:55:18 +00:00
Peter Steinberger
4a80311628 refactor(security): split sandbox media staging and stream safe copies 2026-03-02 16:53:14 +00:00
Peter Steinberger
7a7eee920a refactor(gateway): harden plugin http route contracts 2026-03-02 16:48:00 +00:00
Peter Steinberger
33e76db12a refactor(gateway): scope ws origin fallback metrics to runtime 2026-03-02 16:47:00 +00:00
Peter Steinberger
9a68590385 refactor(logging): extract bounded regex redaction util 2026-03-02 16:47:00 +00:00
Peter Steinberger
031bf0c6c0 refactor(security): split safe-regex parse and bounded matching 2026-03-02 16:47:00 +00:00
Peter Steinberger
8611fd67b5 test(perf): remove duplicate bundled memory slot loader case 2026-03-02 16:46:17 +00:00
Peter Steinberger
14c93d2646 docs(changelog): add skills archive extraction hardening note 2026-03-02 16:45:47 +00:00
Artale
1b462ed174 fix(test): use NTFS junctions and platform guards for symlink tests on Windows (openclaw#28747) thanks @arosstale 
Verified:
- pnpm install --frozen-lockfile
- pnpm test src/agents/apply-patch.test.ts src/agents/sandbox/fs-bridge.test.ts src/agents/sandbox/validate-sandbox-security.test.ts src/infra/archive.test.ts

Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-02 10:45:19 -06:00
Peter Steinberger
18f8393b6c fix: harden sandbox writes and centralize atomic file writes 2026-03-02 16:45:12 +00:00