github-mirrors/openclaw
1
0
Fork 0
mirror of https://fastgit.cc/github.com/openclaw/openclaw synced 2026-05-01 06:36:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
31,251 Commits 1,350 Branches 153 Tags
fix/runtime-dep-prune-cargo
Commit Graph

5648 Commits

Author SHA1 Message Date
Frank Yang
b822aaf584 fix(whatsapp): harden Baileys media upload hotfix (#65966) 
Merged via squash.

Prepared head SHA: b5db59b8fe
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-04-14 15:12:59 +01:00
Peter Steinberger
8c5bb6b6cb test: harden qa-lab concurrent web scenarios 2026-04-14 15:12:59 +01:00
Vincent Koc
6b902eb4ee fix(models): normalize google-vertex flash-lite ids 2026-04-14 15:12:59 +01:00
Peter Steinberger
8be0789ded test: harden video live provider release gate 2026-04-14 15:12:59 +01:00
Vincent Koc
d9ccaacbe9 fix(google): strip Gemini compat base suffixes (#66445) 
* fix(google): cover Gemini image /openai base URLs

* fix(google): strip Gemini compat base suffixes

* fix(google): scope Gemini /openai normalization

* fix(google): harden base URL normalization

* fix(google): restrict Gemini auth base URLs

* Update CHANGELOG.md

* Update CHANGELOG.md
 2026-04-14 15:12:59 +01:00
Vincent Koc
554344def3 fix(codex): keep auth read diagnostics off stdout (#66451) 
* fix(codex): keep auth read diagnostics off stdout

* docs(changelog): fix codex auth entry

* fix(codex): sanitize auth read diagnostics

* Update CHANGELOG.md
 2026-04-14 15:12:59 +01:00
Vincent Koc
14d1f9700b feat(codex): add gpt-5.4-pro forward compat (#66453) 
* feat(openai-codex): add gpt-5.4-pro forward-compat #63404

* feat(openai-codex): add gpt-5.4-pro forward-compat #63404

* openai-codex: use patch.cost when forward-compat falls back to normalizeModelCompat

* feat(codex): add gpt-5.4-pro forward compat

* fix(codex): reuse gpt-5.4 fallback for gpt-5.4-pro

---------

Co-authored-by: jepson-liu <jepsonliu@gmail.com>
 2026-04-14 15:12:59 +01:00
Vincent Koc
6a13095427 fix(telegram): trust explicit proxy DNS for media downloads (#66461) 2026-04-14 15:12:59 +01:00
Vincent Koc
986d2f137b test(discord): avoid status fast path in allow-from fixture 2026-04-14 15:12:59 +01:00
Vincent Koc
e39c2a7929 fix(github-copilot): enable xhigh for gpt-5.4 (#66437) 
* fix(github-copilot): enable xhigh for gpt-5.4

* Update CHANGELOG.md
 2026-04-14 15:12:59 +01:00
Vincent Koc
5281849156 fix(codex): canonicalize the gpt-5.4-codex alias (#66438) 
* fix(codex): canonicalize the gpt-5.4-codex alias

* Update CHANGELOG.md
 2026-04-14 15:12:58 +01:00
Vincent Koc
dc8ef1a31d fix(discord): return native status replies directly (#66434) 2026-04-14 15:12:58 +01:00
Vincent Koc
4c816f6b29 fix(qa-lab): correct scenario catalog type 2026-04-14 15:12:58 +01:00
Mason Huang
dd37602bc1 fix(browser): unblock loopback CDP readiness under strict SSRF defaults (#66354) 
Merged via squash.

Prepared head SHA: d9030ff2f0
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-14 15:12:58 +01:00
Vincent Koc
5d4eb22832 test(qa-lab): seed broken-turn recovery scenarios (#66416) 2026-04-14 15:12:58 +01:00
Vincent Koc
775303a7e5 fix(memory): restore ollama embedding adapter (#66269) 
* fix(memory): restore ollama embedding adapter

* Update CHANGELOG.md
 2026-04-14 15:12:58 +01:00
VACInc
916a0e7e63 [codex] Telegram: unblock status commands behind busy turns (#66226) 
* Telegram: unblock status commands behind busy turns

* fix(telegram): keep export-session on topic lane

* Update CHANGELOG.md

---------

Co-authored-by: VACInc <3279061+VACInc@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-04-14 15:12:58 +01:00
Ayaan Zaidi
3c2b1f763e fix(browser): preserve legacy strict SSRF alias 2026-04-14 15:12:58 +01:00
Ayaan Zaidi
38a4096a41 fix(browser): preserve explicit strict SSRF config 2026-04-14 15:12:58 +01:00
Ayaan Zaidi
e741035355 fix(browser): use loopback policy for json-new fallback 2026-04-14 15:12:58 +01:00
Ayaan Zaidi
71d54be5c5 fix(browser): relax default hostname SSRF guard 2026-04-14 15:12:58 +01:00
Luke
020a19a3fb Agents: clarify local model context preflight (#66236) 
Merged via squash.

Prepared head SHA: 11bfaf15f6
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
Reviewed-by: @ImLukeF
 2026-04-14 15:12:58 +01:00
Peter Steinberger
e9ccffed5f test: keep telegram cache boundary compatible 2026-04-14 15:12:58 +01:00
Peter Steinberger
b0920127c4 test: align post-rebase full-suite drift 2026-04-14 15:12:57 +01:00
Peter Steinberger
ae4b2fe355 fix: align latest main type drift 2026-04-14 15:12:57 +01:00
Peter Steinberger
e5a09dcb26 test: align feishu replay helper typing 2026-04-14 15:12:57 +01:00
Peter Steinberger
08d48cb0d3 fix: tighten inbound replay typing 2026-04-14 15:12:57 +01:00
Ayaan Zaidi
73515ae687 test: remove timer dependency from telegram topic cache tests 2026-04-14 15:12:57 +01:00
Ayaan Zaidi
f847c6a0ff fix: restore pnpm check 2026-04-14 15:12:57 +01:00
Ayaan Zaidi
68c0b1c37c fix(telegram): persist topic cache via default runtime 2026-04-14 15:12:57 +01:00
Ayaan Zaidi
091d43e493 fix(telegram): allow topic cache without session runtime 2026-04-14 15:12:57 +01:00
Ayaan Zaidi
d77d25fa53 test(telegram): cover topic-name cache reload 2026-04-14 15:12:57 +01:00
Ayaan Zaidi
7ad1652df8 fix(telegram): persist topic-name cache 2026-04-14 15:12:57 +01:00
Agustin Rivera
d776fe18f3 fix(slack): align interaction auth with allowlists (#66028) 
* fix(slack): align interaction auth with allowlists

* fix(slack): address review followups

* fix(slack): preserve explicit owners with wildcard

* chore: append Claude comments resolution worklog

* fix(slack): harden interaction auth with default-deny, mandatory actor binding, and channel type validation

- Add interactiveEvent flag to authorizeSlackSystemEventSender for stricter
  interactive control authorization
- Default-deny when no allowFrom or channel users are configured for
  interactive events (block actions, modals)
- Require expectedSenderId for all interactive event types; block actions
  pass Slack-verified userId, modals pass metadata-embedded userId
- Reject ambiguous channel types for interactive events to prevent DM
  authorization bypass via channel-type fallback
- Add comprehensive test coverage for all new behaviors

* fix(slack): scope interactive owner/allowFrom enforcement to interactive paths only

* fix(slack): preserve no-channel interactive default

* Update context-engine-maintenance test

* chore: remove USER.md worklog artifact

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* changelog: note Slack interactive auth allowlist alignment (#66028)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-14 15:12:56 +01:00
Eva H
4dcfcbceee fix: include apiKey in codex provider catalog to unblock models.json loading (#66180) 
Merged via squash.

Prepared head SHA: ce61934ac9
Co-authored-by: hoyyeva <63033505+hoyyeva@users.noreply.github.com>
Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com>
Reviewed-by: @BruceMacD
 2026-04-14 15:12:56 +01:00
Vincent Koc
e63cbe831b test(qa-lab): cover GPT-style broken turns 2026-04-14 01:39:49 +01:00
ShihChi Huang
df3e65c8d3 fix(slack): isolate doctor contract API (#63192) 
* Slack: isolate doctor contract API

* chore: changelog

* fix(slack): move doctor changelog entry to Unreleased

* Plugins: lock Slack doctor sidecar metadata

* Slack: fix changelog entry placement

---------

Co-authored-by: @zimeg <zim@o526.net>
Co-authored-by: George Pickett <gpickett00@gmail.com>
 2026-04-13 17:33:49 -07:00
Agustin Rivera
a1c44d28fc Feishu: tighten allowlist target canonicalization (#66021) 
* fix(feishu): tighten allowlist id matching

* fix(feishu): address review follow-ups

* changelog: note Feishu allowlist canonicalization tightening (#66021)

* fix(feishu): collapse typed wildcard allowlist aliases to bare wildcard

Previously normalizeFeishuTarget folded chat:* / user:* / open_id:* /
dm:* / group:* / channel:* down to '*', so those entries acted as
allow-all. The new typed canonicalization was producing literal keys
(chat:*, user:*, ...) that never matched any sender, silently
flipping those configs from allow-all to deny-all. Restore the prior
behavior by collapsing a wildcard value to '*' inside
canonicalizeFeishuAllowlistKey.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-13 16:59:07 -06:00
Agustin Rivera
692438cbb2 fix(stream): tighten voice stream ingress guards (#66027) 
* fix(stream): tighten voice stream ingress guards

* fix(stream): address review follow-ups

* fix(stream): normalize trusted proxy ip matching

* changelog: note voice-call media-stream ingress guard tightening (#66027)

* fix(stream): require non-empty trusted proxy list before honoring forwarding headers

Without an explicit trusted proxy list, the prior gate treated every
remote as 'from a trusted proxy', so enabling trustForwardingHeaders
let any direct caller spoof X-Forwarded-For / X-Real-IP and rotate the
resolved IP per request to evade maxPendingConnectionsPerIp. Require
trustedProxyIPs to be non-empty AND match the remote before trusting
forwarding headers.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-13 16:51:16 -06:00
Vincent Koc
955270fb73 fix(ci): repair telegram ui and watch regressions 2026-04-13 23:49:59 +01:00
Vincent Koc
94779b4fb1 fix(ci): repair telegram topic cache typing 2026-04-13 23:33:41 +01:00
Vincent Koc
8ab89989c2 fix(ci): restore plugin-local whatsapp deps 2026-04-13 23:26:25 +01:00
Gustavo Madeira Santana
b5dcc11273 plugins: trim staged runtime cargo 2026-04-13 18:10:40 -04:00
Mariano
3d06d90e83 fix(memory): unify default root memory handling (#66141) 
* fix(memory): unify default root memory handling

* test(memory): align legacy migration expectation

* docs(changelog): tag qmd root-memory fix

* docs(changelog): append qmd root-memory entry

* docs(changelog): dedupe qmd root-memory entry

* docs(changelog): attribute qmd root-memory fix

---------

Co-authored-by: mbelinky <mbelinky@users.noreply.github.com>
 2026-04-13 23:59:57 +02:00
Vincent Koc
f3283a330b fix(ci): repair extension boundary contracts 2026-04-13 22:37:25 +01:00
Vincent Koc
ea25cf2595 fix(ci): unblock discord boundary typing 2026-04-13 22:37:24 +01:00
Tak Hoffman
f94d6778b1 fix(active-memory): Move active memory recall into the hidden prompt prefix (#66144) 
* move active memory into prompt prefix

* document active memory prompt prefix

* strip active memory prefixes from recall history

* harden active memory prompt prefix handling

* hide active memory prefix in leading history views

* strip hidden memory blocks after prompt merges

* preserve user turns in memory recall cleanup
 2026-04-13 16:05:43 -05:00
rafaelreis-r
68e0e456f3 fix: allow plugin commands on Slack when channel supports native commands (#64578) 
Merged via squash.

Prepared head SHA: 2ec97bf0b3
Co-authored-by: rafaelreis-r <57492577+rafaelreis-r@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-13 13:14:02 -07:00
Mariano
3d42e33dd0 fix(memory-core): run Dreaming once per cron schedule (#66139) 
Merged via squash.

Prepared head SHA: 48229a24cb
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-04-13 21:50:32 +02:00
Mariano
1490e2b1d3 Lobster: import published core runtime (#64755) 
* Lobster: import published core runtime

* Changelog: add Lobster core runtime note

* Lobster: type embedded core runtime

* Lobster: keep package-boundary tsconfig narrow
 2026-04-13 20:38:46 +02:00