Gustavo Madeira Santana 392bbddf29 Security: owner-only tools + command auth hardening (#9202) ...

* Security: gate whatsapp_login by sender auth

* Security: treat undefined senderAuthorized as unauthorized (opt-in)

* fix: gate whatsapp_login to owner senders (#8768) (thanks @victormier)

* fix: add explicit owner allowlist for tools (#8768) (thanks @victormier)

* fix: normalize escaped newlines in send actions (#8768) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>

2026-02-04 19:49:36 -05:00

..

exec

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

queue

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

abort.test.ts

refactor: rename to openclaw

2026-01-30 03:16:21 +01:00

abort.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner-execution.ts

Fix subagent announce failover race (always emit lifecycle end + treat timeout=0 as no-timeout) (#6621)

2026-02-02 02:06:14 -08:00

agent-runner-helpers.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner-memory.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner-payloads.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner-utils.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner-utils.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.authprofileid-fallback.test.ts

refactor: rename to openclaw

2026-01-30 03:16:21 +01:00

agent-runner.block-streaming.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.claude-cli.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.resets-corrupted-gemini-sessions-deletes-transcripts.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.retries-after-compaction-failure-by-resetting-session.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.signals-typing-block-replies.test.ts

refactor: rename to openclaw

2026-01-30 03:16:21 +01:00

agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.signals-typing-normal-runs.test.ts

test: align NO_REPLY typing expectations

2026-01-21 17:12:50 +00:00

agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.still-replies-even-if-session-reset-fails.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.memory-flush.runreplyagent-memory-flush.increments-compaction-count-flush-compaction-completes.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.memory-flush.runreplyagent-memory-flush.runs-memory-flush-turn-updates-session-metadata.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.memory-flush.runreplyagent-memory-flush.skips-memory-flush-cli-providers.test.ts

refactor: rename to openclaw

2026-01-30 03:16:21 +01:00

agent-runner.memory-flush.runreplyagent-memory-flush.skips-memory-flush-sandbox-workspace-is-read.test.ts

refactor: rename to openclaw

2026-01-30 03:16:21 +01:00

agent-runner.memory-flush.runreplyagent-memory-flush.uses-configured-prompts-memory-flush-runs.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.messaging-tools.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.reasoning-tags.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.response-usage-footer.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

agent-runner.ts

fix: flush block streaming on paragraph boundaries for chunkMode=newline (#7014)

2026-02-02 01:22:41 -08:00

audio-tags.ts

refactor: consolidate reply/media helpers

2026-01-10 02:41:16 +01:00

bash-command.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

block-reply-coalescer.ts

fix: flush block streaming on paragraph boundaries for chunkMode=newline (#7014)

2026-02-02 01:22:41 -08:00

block-reply-pipeline.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

block-streaming.ts

fix: flush block streaming on paragraph boundaries for chunkMode=newline (#7014)

2026-02-02 01:22:41 -08:00

body.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

commands-allowlist.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-approve.test.ts

test: reset /approve mock per test (#1) (thanks @mitsuhiko)

2026-02-03 16:19:41 -08:00

commands-approve.ts

fix(approvals): gate /approve by gateway scopes

2026-02-03 16:18:49 -08:00

commands-bash.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-compact.ts

Security: owner-only tools + command auth hardening (#9202)

2026-02-04 19:49:36 -05:00

commands-config.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-context-report.ts

Security: owner-only tools + command auth hardening (#9202)

2026-02-04 19:49:36 -05:00

commands-context.ts

Security: owner-only tools + command auth hardening (#9202)

2026-02-04 19:49:36 -05:00

commands-core.ts

Revert "iOS: wire node services and tests"

2026-02-02 17:36:49 +00:00

commands-info.test.ts

fix: tighten commands output + telegram pagination (#2504)

2026-01-27 02:43:14 -05:00

commands-info.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-models.ts

Telegram: add inline button model selection for /models and /model commands

2026-02-04 09:23:17 +05:30

commands-parsing.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-plugin.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-policy.test.ts

Telegram: add inline button model selection for /models and /model commands

2026-02-04 09:23:17 +05:30

commands-ptt.ts

fix: resolve check errors in nodes-tool and commands-ptt

2026-02-02 20:05:17 +00:00

commands-session.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-status.ts

feat: add cloudflare ai gateway provider

2026-02-04 04:10:13 -08:00

commands-subagents.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-tts.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands-types.ts

Security: owner-only tools + command auth hardening (#9202)

2026-02-04 19:49:36 -05:00

commands.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

commands.ts

refactor(auto-reply): split reply pipeline

2026-01-14 09:11:16 +00:00

config-commands.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

config-value.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

debug-commands.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

directive-handling.auth.ts

feat: add cloudflare ai gateway provider

2026-02-04 04:10:13 -08:00

directive-handling.fast-lane.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

directive-handling.impl.ts

Telegram: add inline button model selection for /models and /model commands

2026-02-04 09:23:17 +05:30

directive-handling.model-picker.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

directive-handling.model.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

directive-handling.model.ts

Telegram: add inline button model selection for /models and /model commands

2026-02-04 09:23:17 +05:30

directive-handling.parse.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

directive-handling.persist.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

directive-handling.queue-validation.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

directive-handling.shared.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

directive-handling.ts

chore: migrate to oxlint and oxfmt

2026-01-14 15:02:19 +00:00

directives.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

dispatch-from-config.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

dispatch-from-config.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

exec.ts

feat: add /exec session overrides

2026-01-18 06:12:54 +00:00

followup-runner.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

followup-runner.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

formatting.test.ts

fix: flush block streaming on paragraph boundaries for chunkMode=newline (#7014)

2026-02-02 01:22:41 -08:00

get-reply-directives-apply.ts

Telegram: add inline button model selection for /models and /model commands

2026-02-04 09:23:17 +05:30

get-reply-directives-utils.ts

feat: add /exec session overrides

2026-01-18 06:12:54 +00:00

get-reply-directives.ts

fix: flush block streaming on paragraph boundaries for chunkMode=newline (#7014)

2026-02-02 01:22:41 -08:00

get-reply-inline-actions.ts

chore: Enable typescript/no-explicit-any rule.

2026-02-02 16:18:09 +09:00

get-reply-run.ts

Security: owner-only tools + command auth hardening (#9202)

2026-02-04 19:49:36 -05:00

get-reply.ts

feat(ui): add Agents dashboard

2026-02-02 21:31:17 -05:00

groups.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

history.test.ts

test: cover typing and history helpers

2026-01-23 23:34:30 +00:00

history.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

inbound-context.ts

fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)

2026-02-03 23:02:45 -08:00

inbound-dedupe.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

inbound-sender-meta.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

inbound-text.ts

fix: finalize inbound contexts

2026-01-17 05:06:39 +00:00

line-directives.test.ts

feat: Add Line plugin (#1630)

2026-01-25 12:22:36 +00:00

line-directives.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

memory-flush.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

memory-flush.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

mentions.test.ts

refactor: rename to openclaw

2026-01-30 03:16:21 +01:00

mentions.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

model-selection.inherit-parent.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

model-selection.ts

fix: honor telegram model overrides in buttons (#8193) (thanks @gildo)

2026-02-04 09:23:17 +05:30

normalize-reply.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

normalize-reply.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

provider-dispatcher.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

queue.collect-routing.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

queue.ts

fix: hard-abort clears queues on /stop

2026-01-16 21:15:25 +00:00

reply-directives.ts

refactor: unify inline directives and media fetch

2026-01-10 03:01:04 +01:00

reply-dispatcher.ts

chore: We have a sleep at home. The sleep at home:

2026-02-02 21:44:02 +09:00

reply-elevated.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

reply-inline.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

reply-payloads.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

reply-reference.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

reply-routing.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

reply-tags.ts

refactor: unify inline directives and media fetch

2026-01-10 03:01:04 +01:00

reply-threading.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

response-prefix-template.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

response-prefix-template.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

route-reply.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

route-reply.ts

feat: per-channel responsePrefix override (#9001)

2026-02-04 16:16:34 -05:00

session-reset-model.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

session-resets.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

session-updates.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

session-usage.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

session.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

session.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

stage-sandbox-media.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

streaming-directives.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

subagents-utils.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

subagents-utils.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

test-ctx.ts

style: oxfmt

2026-01-17 10:26:08 +00:00

test-helpers.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

typing-mode.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

typing.test.ts

chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.

2026-02-01 10:03:47 +09:00

typing.ts

chore: Enable "curly" rule to avoid single-statement if confusion/errors.

2026-01-31 16:19:20 +09:00

untrusted-context.ts

fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)

2026-02-03 23:02:45 -08:00