negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
2a18cbb1101f77d64be3a57e520e9bdea33e48f0
openclaw/src/plugins
History
Robin Waslander a1520d70ff fix(gateway): propagate real gateway client into plugin subagent runtime 
Plugin subagent dispatch used a hardcoded synthetic client carrying
operator.admin, operator.approvals, and operator.pairing for all
runtime.subagent.* calls. Plugin HTTP routes with auth:"plugin" require
no gateway auth by design, so an unauthenticated external request could
drive admin-only gateway methods (sessions.delete, agent.run) through
the subagent runtime.

Propagate the real gateway client into the plugin runtime request scope
when one is available. Plugin HTTP routes now run inside a scoped
runtime client: auth:"plugin" routes receive a non-admin synthetic
operator.write client; gateway-authenticated routes retain admin-capable
scopes. The security boundary is enforced at the HTTP handler level.

Fixes GHSA-xw77-45gv-p728
2026-03-11 14:17:01 +01:00
..
runtime
fix(gateway): propagate real gateway client into plugin subagent runtime
2026-03-11 14:17:01 +01:00
bundled-dir.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
bundled-runtime-deps.test.ts
fix(plugins): ship Feishu bundled runtime dependency (#39990)
2026-03-08 10:36:41 -05:00
bundled-sources.test.ts
fix: prefer bundled channel plugins over npm duplicates (#40094)
2026-03-08 13:00:24 -05:00
bundled-sources.ts
fix: prefer bundled channel plugins over npm duplicates (#40094)
2026-03-08 13:00:24 -05:00
cli.test.ts
chore: Enable typescript/no-explicit-any rule.
2026-02-02 16:18:09 +09:00
cli.ts
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
commands.test.ts
fix(discord): avoid native plugin command collisions
2026-03-07 21:59:44 +00:00
commands.ts
fix(discord): avoid native plugin command collisions
2026-03-07 21:59:44 +00:00
config-schema.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
config-state.test.ts
fix(agents): re-expose configured tools under restrictive profiles
2026-03-09 03:49:50 +00:00
config-state.ts
fix(agents): re-expose configured tools under restrictive profiles
2026-03-09 03:49:50 +00:00
discovery.test.ts
Plugins: add root-alias shim and cache/docs updates
2026-03-04 01:20:48 -05:00
discovery.ts
Plugins: add root-alias shim and cache/docs updates
2026-03-04 01:20:48 -05:00
enable.test.ts
fix: sync built-in channel enablement across config paths
2026-02-23 19:40:42 +00:00
enable.ts
fix: sync built-in channel enablement across config paths
2026-02-23 19:40:42 +00:00
hook-runner-global.test.ts
plugins: harden global hook runner state (#40184)
2026-03-09 11:20:33 -07:00
hook-runner-global.ts
plugins: harden global hook runner state (#40184)
2026-03-09 11:20:33 -07:00
hooks.before-agent-start.test.ts
refactor: dedupe cli config cron and install flows
2026-03-02 19:57:33 +00:00
hooks.model-override-wiring.test.ts
add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177)
2026-03-05 13:06:59 -05:00
hooks.phase-hooks.test.ts
add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177)
2026-03-05 13:06:59 -05:00
hooks.test-helpers.ts
fix: restore helper imports and plugin hook test exports
2026-03-02 19:57:33 +00:00
hooks.ts
add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177)
2026-03-05 13:06:59 -05:00
http-path.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
http-registry.test.ts
fix(gateway): harden plugin HTTP route auth
2026-03-07 19:55:06 +00:00
http-registry.ts
fix(gateway): harden plugin HTTP route auth
2026-03-07 19:55:06 +00:00
http-route-overlap.ts
fix(gateway): harden plugin HTTP route auth
2026-03-07 19:55:06 +00:00
install.test.ts
Infra: require explicit opt-in for prerelease npm installs (#38117)
2026-03-06 11:13:30 -05:00
install.ts
fix(security): stage installs before publish
2026-03-07 19:11:07 +00:00
installs.test.ts
refactor(channels): dedupe hook and monitor execution paths
2026-02-22 21:19:09 +00:00
installs.ts
refactor: dedupe cli config cron and install flows
2026-03-02 19:57:33 +00:00
loader.test.ts
refactor: simplify plugin sdk compatibility aliases
2026-03-08 18:40:14 +00:00
loader.ts
refactor: simplify plugin sdk compatibility aliases
2026-03-08 18:40:14 +00:00
logger.test.ts
refactor(plugins): reuse plugin loader logger adapter
2026-02-18 23:48:32 +00:00
logger.ts
refactor(plugins): reuse plugin loader logger adapter
2026-02-18 23:48:32 +00:00
manifest-registry.test.ts
refactor(tests): dedupe manifest registry link fixture setup
2026-03-03 01:54:27 +00:00
manifest-registry.ts
Plugins: add root-alias shim and cache/docs updates
2026-03-04 01:20:48 -05:00
manifest.ts
fix(plugins): allow hardlinks for bundled plugins (fixes #28175, #28404) (openclaw#32119) thanks @markfietje
2026-03-02 16:10:31 -06:00
path-safety.ts
fix(windows): normalize namespaced path containment checks
2026-02-26 18:49:48 +00:00
providers.ts
refactor(plugins): reuse plugin loader logger adapter
2026-02-18 23:48:32 +00:00
registry.ts
fix(gateway): harden plugin HTTP route auth
2026-03-07 19:55:06 +00:00
runtime.ts
refactor(runtime): harden channel-registry cache invalidation and split outbound delivery flow
2026-03-03 00:05:39 +00:00
schema-validator.test.ts
CLI: dedupe config validate errors and expose allowed values
2026-03-02 20:05:12 -05:00
schema-validator.ts
CLI: dedupe config validate errors and expose allowed values
2026-03-02 20:05:12 -05:00
services.test.ts
refactor(plugins): reuse plugin service runtime context
2026-02-18 17:23:44 +00:00
services.ts
refactor(plugins): reuse plugin service runtime context
2026-02-18 17:23:44 +00:00
slots.test.ts
refactor(agents): dedupe plugin hooks and test helpers
2026-02-22 07:44:57 +00:00
slots.ts
feature(context): extend plugin system to support custom context management (#22201)
2026-03-06 05:31:59 -08:00
source-display.test.ts
fix(cli): improve plugins list source display
2026-02-09 13:05:48 -06:00
source-display.ts
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
status.ts
refactor(plugins): reuse plugin loader logger adapter
2026-02-18 23:48:32 +00:00
toggle-config.ts
fix: sync built-in channel enablement across config paths
2026-02-23 19:40:42 +00:00
tools.optional.test.ts
refactor(core): dedupe infra, media, pairing, and plugin helpers
2026-03-02 21:32:11 +00:00
tools.ts
Gateway: suppress tools.catalog plugin conflict diagnostics
2026-02-23 00:05:57 -06:00
types.ts
fix(discord): avoid native plugin command collisions
2026-03-07 21:59:44 +00:00
uninstall.test.ts
refactor(test): dedupe repeated fixture setup helpers
2026-02-22 20:04:51 +00:00
uninstall.ts
CLI: add plugins uninstall command (#5985) (openclaw#6141) thanks @JustasMonkev
2026-02-12 20:11:26 -06:00
update.test.ts
fix: prefer bundled channel plugins over npm duplicates (#40094)
2026-03-08 13:00:24 -05:00
update.ts
fix: prefer bundled channel plugins over npm duplicates (#40094)
2026-03-08 13:00:24 -05:00
voice-call.plugin.test.ts
test: remove duplicated scenario scaffolding across runtime tests
2026-02-18 04:04:14 +00:00
wired-hooks-after-tool-call.e2e.test.ts
refactor(core): extract shared dedup helpers
2026-03-07 10:41:05 +00:00
wired-hooks-compaction.test.ts
fix(agents): increment compaction counter on overflow-triggered compaction (#39123)
2026-03-07 19:44:06 +00:00
wired-hooks-gateway.test.ts
refactor(test): share plugin hook registry helper
2026-02-15 14:44:15 +00:00
wired-hooks-llm.test.ts
refactor(agent): dedupe harness and command workflows
2026-02-16 14:59:30 +00:00
wired-hooks-message.test.ts
refactor(test): share plugin hook registry helper
2026-02-15 14:44:15 +00:00
wired-hooks-session.test.ts
Plugins: add sessionKey to session lifecycle hooks
2026-03-03 01:48:46 +00:00
wired-hooks-subagent.test.ts
refactor(agents): dedupe plugin hooks and test helpers
2026-02-22 07:44:57 +00:00