negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
13,007 Commits 1 Branch 0 Tags
b2d84528f8d2d4d7f49da7c673da2d09616c6050
Commit Graph

13007 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
b2d84528f8 refactor(test): remove duplicate cron tool harnesses 2026-02-21 12:25:23 +00:00
Peter Steinberger
f4c89aa66e docs(changelog): add tts provider-override hardening note 2026-02-21 13:24:42 +01:00
Peter Steinberger
9516ace3c9 docs(changelog): note ACP resource-link prompt hardening 2026-02-21 13:23:51 +01:00
Peter Steinberger
14b0d2b816 refactor: harden control-ui auth flow and add insecure-flag audit summary 2026-02-21 13:18:23 +01:00
Peter Steinberger
4cd7d95746 style(browser): apply oxfmt cleanup for gate 2026-02-21 13:16:07 +01:00
Peter Steinberger
f265d45840 fix(tts): make model provider overrides opt-in 2026-02-21 13:16:07 +01:00
Peter Steinberger
d25a106628 docs(changelog): add tailscale auth hardening release note 2026-02-21 13:08:06 +01:00
Peter Steinberger
f202e73077 refactor(security): centralize host env policy and harden env ingestion 2026-02-21 13:04:39 +01:00
Peter Steinberger
08e020881d refactor(security): unify command gating and blocked-key guards 2026-02-21 13:04:37 +01:00
Peter Steinberger
356d61aacf fix(gateway): scope tailscale tokenless auth to websocket 2026-02-21 13:03:13 +01:00
Peter Steinberger
6aa11f3092 fix(acp): harden resource link metadata formatting 2026-02-21 13:00:02 +01:00
Peter Steinberger
073651fb57 docs: add sponsors section to README 2026-02-21 13:00:02 +01:00
Peter Steinberger
b577228d6b test(security): add overflow compaction truncation-budget regression 2026-02-21 12:59:10 +01:00
Aether AI Agent
084f621025 fix(security): OC-65 prevent compaction counter reset to enforce context exhaustion limit — Aether AI Agent 
Remove the `overflowCompactionAttempts = 0` reset inside the inner loop's
tool-result-truncation branch. The counter was being zeroed on each truncation
cycle, allowing prompt-injection attacks to bypass the MAX_OVERFLOW_COMPACTION_ATTEMPTS
guard and trigger unbounded auto-compaction, exhausting context window resources (DoS).

CWE-400 / GHSA-x2g4-7mj7-2hhj
 2026-02-21 12:59:10 +01:00
Peter Steinberger
2b76901f35 docs(changelog): credit reporter for control-ui auth hardening 2026-02-21 12:57:22 +01:00
Peter Steinberger
99048dbec2 fix(gateway): align insecure-auth toggle messaging 2026-02-21 12:57:22 +01:00
Peter Steinberger
810218756d docs(security): clarify trusted-host deployment assumptions 2026-02-21 12:53:12 +01:00
Peter Steinberger
ede496fa1a docs: clarify trusted-host assumption for tokenless tailscale 2026-02-21 12:52:49 +01:00
Peter Steinberger
fbb79d4013 fix(security): harden runtime command override gating 2026-02-21 12:49:57 +01:00
Peter Steinberger
cb84c537f4 fix: normalize status auth cost handling and models header tests 2026-02-21 12:45:06 +01:00
Peter Steinberger
e393d7aa5b docs(changelog): clarify Security/Exec release note 2026-02-21 12:44:20 +01:00
Peter Steinberger
dff61a10e1 docs(changelog): add windows system.run approval mismatch fix note 2026-02-21 11:58:40 +01:00
Santiago Medina Rolong
11f6bea598 add secret safety 2026-02-21 11:58:14 +01:00
Santiago Medina Rolong
8db5e77ffa skills: fmt 2026-02-21 11:58:14 +01:00
Santiago Medina Rolong
da844d6411 skills: update xurl description 2026-02-21 11:58:14 +01:00
Santiago Medina
ac2ef69454 Update skills/xurl/SKILL.md 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-02-21 11:58:14 +01:00
Santiago Medina Rolong
635b6298e3 skills: add xurl skill 2026-02-21 11:58:14 +01:00
Peter Steinberger
283029bdea refactor(security): unify webhook auth matching paths 2026-02-21 11:52:34 +01:00
Peter Steinberger
6007941f04 fix(security): harden and refactor system.run command resolution 2026-02-21 11:49:38 +01:00
Peter Steinberger
5cc631cc9c fix(agents): harden model-skip and tool-policy imports 2026-02-21 11:48:02 +01:00
Peter Steinberger
55aaeb5085 refactor(browser): centralize navigation guard enforcement 2026-02-21 11:46:11 +01:00
Peter Steinberger
2cdbadee1f fix(security): block startup-file env injection across host execution paths 2026-02-21 11:44:20 +01:00
Peter Steinberger
6b2f2811dc fix(security): require BlueBubbles webhook auth 2026-02-21 11:41:50 +01:00
Peter Steinberger
220bd95eff fix(browser): block non-network navigation schemes 2026-02-21 11:31:53 +01:00
Peter Steinberger
c6ee14d60e fix(security): block grep safe-bin file-read bypass 2026-02-21 11:18:29 +01:00
Ayaan Zaidi
f81522af2e fix(docker): install Playwright Chromium into node cache (#22585) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 84dc9ffccd27a51a5c9b8793e55d44abfc7ee520
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 15:48:27 +05:30
Peter Steinberger
75d4f6d51b docs: reorder and trim 2026.2.21 changelog entries 2026-02-21 11:12:58 +01:00
Peter Steinberger
eccff0b6c0 docs: relabel dependency hygiene changelog entries 2026-02-21 11:05:05 +01:00
Peter Steinberger
9231d7d30f chore: bump version to 2026.2.21 2026-02-21 11:02:30 +01:00
Ayaan Zaidi
677384c519 refactor: simplify Telegram preview streaming to single boolean (#22012) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a4017d3b9469d0c25c6ab3f4d9be06b98445474e
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 15:19:13 +05:30
Ayaan Zaidi
e1cb73cdeb fix: unblock Docker build by aligning commands schema default (#22558) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1ad610176d0d08eb5ba055429a10d7e8f9ec07a4
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 14:47:28 +05:30
Vincent Koc
3f19259843 Update bug_report.yml 2026-02-21 04:06:07 -05:00
Vincent Koc
d2a7293744 Docs: issue template copy cleanup (#22546) 
* docs: reduce channel-specific wording in feature template placeholder

* docs: make bug report template placeholders version-neutral

* docs: fix YAML indentation in bug report placeholder

* docs: fix indentation of version field in bug report template
 2026-02-21 03:43:35 -05:00
Vincent Koc
dcf2c6d7f1 docs: normalize Amazon Bedrock setup section labels (#22549) 
* docs(channels): promote Signal option setups to onboarding sections

* docs(channels): rename Microsoft Teams minimal setup section

* docs(channels): standardize onboarding option headings for Zalo and Twitch

* docs(providers): normalize Amazon Bedrock onboarding section labels
 2026-02-21 03:40:54 -05:00
Vincent Koc
e36245bd37 docs: finalize onboarding option heading normalization (#22547) 
* docs(channels): promote Signal option setups to onboarding sections

* docs(channels): rename Microsoft Teams minimal setup section

* docs(channels): standardize onboarding option headings for Zalo and Twitch
 2026-02-21 03:38:37 -05:00
Vincent Koc
ef42fe0094 docs: rename Tlon setup heading (#22544) 
* docs: fix thinking link and add reasoning anchor reference

* docs(channels): rename LINE setup heading to onboarding

* docs(channels): normalize Nextcloud Talk onboarding headings

* docs(channels): use onboarding heading for Matrix setup

* docs(channels): standardize Discord onboarding heading

* docs(channels): standardize Telegram onboarding heading

* docs(channels): standardize WhatsApp onboarding heading

* docs(channels): rename iMessage onboarding and configuration sections

* docs(channels): rename Slack onboarding and configuration sections

* docs(channels): rename Signal onboarding heading

* docs(channels): standardize Nostr onboarding and configuration headings

* docs(channels): standardize Zalo onboarding and configuration headings

* docs(channels): standardize Twitch onboarding heading

* docs(channels): standardize Google Chat onboarding heading

* docs(channels): standardize Mattermost onboarding heading

* docs(channels): standardize Zalo Personal onboarding heading

* docs(channels): normalize Discord configuration heading

* docs(channels): standardize Microsoft Teams onboarding heading

* docs(channels): rename Signal configuration reference heading

* docs(channels): rename Matrix configuration reference heading

* docs(channels): normalize WhatsApp configuration heading

* docs(thinking): link reasoning section heading to in-page anchor

* docs(channels): normalize BlueBubbles configuration heading

* docs(channels): normalize Feishu configuration heading

* docs(channels): standardize Signal setup option headings

* docs(channels): refine Twitch setup heading clarity

* docs(channels): simplify Zalo setup heading phrasing

* docs(channels): trim Microsoft Teams minimal setup heading

* docs(channels): rename Tlon setup to onboarding
 2026-02-21 03:37:27 -05:00
Vincent Koc
b5a77b9cb2 docs: finalize remaining setup heading phrasing (#22543) 
* docs: fix thinking link and add reasoning anchor reference

* docs(channels): rename LINE setup heading to onboarding

* docs(channels): normalize Nextcloud Talk onboarding headings

* docs(channels): use onboarding heading for Matrix setup

* docs(channels): standardize Discord onboarding heading

* docs(channels): standardize Telegram onboarding heading

* docs(channels): standardize WhatsApp onboarding heading

* docs(channels): rename iMessage onboarding and configuration sections

* docs(channels): rename Slack onboarding and configuration sections

* docs(channels): rename Signal onboarding heading

* docs(channels): standardize Nostr onboarding and configuration headings

* docs(channels): standardize Zalo onboarding and configuration headings

* docs(channels): standardize Twitch onboarding heading

* docs(channels): standardize Google Chat onboarding heading

* docs(channels): standardize Mattermost onboarding heading

* docs(channels): standardize Zalo Personal onboarding heading

* docs(channels): normalize Discord configuration heading

* docs(channels): standardize Microsoft Teams onboarding heading

* docs(channels): rename Signal configuration reference heading

* docs(channels): rename Matrix configuration reference heading

* docs(channels): normalize WhatsApp configuration heading

* docs(thinking): link reasoning section heading to in-page anchor

* docs(channels): normalize BlueBubbles configuration heading

* docs(channels): normalize Feishu configuration heading

* docs(channels): standardize Signal setup option headings

* docs(channels): refine Twitch setup heading clarity

* docs(channels): simplify Zalo setup heading phrasing

* docs(channels): trim Microsoft Teams minimal setup heading
 2026-02-21 03:36:39 -05:00
Vincent Koc
d7891badda docs: more channel heading consistency updates (#22541) 
* docs: fix thinking link and add reasoning anchor reference

* docs(channels): rename LINE setup heading to onboarding

* docs(channels): normalize Nextcloud Talk onboarding headings

* docs(channels): use onboarding heading for Matrix setup

* docs(channels): standardize Discord onboarding heading

* docs(channels): standardize Telegram onboarding heading

* docs(channels): standardize WhatsApp onboarding heading

* docs(channels): rename iMessage onboarding and configuration sections

* docs(channels): rename Slack onboarding and configuration sections

* docs(channels): rename Signal onboarding heading

* docs(channels): standardize Nostr onboarding and configuration headings

* docs(channels): standardize Zalo onboarding and configuration headings

* docs(channels): standardize Twitch onboarding heading

* docs(channels): standardize Google Chat onboarding heading

* docs(channels): standardize Mattermost onboarding heading

* docs(channels): standardize Zalo Personal onboarding heading

* docs(channels): normalize Discord configuration heading

* docs(channels): standardize Microsoft Teams onboarding heading

* docs(channels): rename Signal configuration reference heading

* docs(channels): rename Matrix configuration reference heading

* docs(channels): normalize WhatsApp configuration heading

* docs(thinking): link reasoning section heading to in-page anchor

* docs(channels): normalize BlueBubbles configuration heading

* docs(channels): normalize Feishu configuration heading

* docs(channels): standardize Signal setup option headings
 2026-02-21 03:36:03 -05:00
Nimrod Gutman
78caf9ec3d feat(ios): surface gateway talk defaults and refresh icon assets (#22530) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 54f3a40e223f64a48f22485e919951d7ccd7ac85
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-02-21 10:34:20 +02:00
Vincent Koc
e93e67bc8e docs: fix thinking section heading link target (#22539) 
* docs: fix thinking link and add reasoning anchor reference

* docs(channels): rename LINE setup heading to onboarding

* docs(channels): normalize Nextcloud Talk onboarding headings

* docs(channels): use onboarding heading for Matrix setup

* docs(channels): standardize Discord onboarding heading

* docs(channels): standardize Telegram onboarding heading

* docs(channels): standardize WhatsApp onboarding heading

* docs(channels): rename iMessage onboarding and configuration sections

* docs(channels): rename Slack onboarding and configuration sections

* docs(channels): rename Signal onboarding heading

* docs(channels): standardize Nostr onboarding and configuration headings

* docs(channels): standardize Zalo onboarding and configuration headings

* docs(channels): standardize Twitch onboarding heading

* docs(channels): standardize Google Chat onboarding heading

* docs(channels): standardize Mattermost onboarding heading

* docs(channels): standardize Zalo Personal onboarding heading

* docs(channels): normalize Discord configuration heading

* docs(channels): standardize Microsoft Teams onboarding heading

* docs(channels): rename Signal configuration reference heading

* docs(channels): rename Matrix configuration reference heading

* docs(channels): normalize WhatsApp configuration heading

* docs(thinking): link reasoning section heading to in-page anchor
 2026-02-21 03:33:06 -05:00