github/openclaw
1
1
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-03 03:03:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
12,615 Commits 902 Branches 94 Tags
b96419fab98aaa396ad0fc2582f8ebc6c488bf64
Commit Graph

2882 Commits

Author SHA1 Message Date
Mariano Belinky
65a7fc6de7 Changelog: note Feishu traversal hardening 2026-02-19 10:14:31 +01:00
Peter Steinberger
d51929ecb5 fix: block ISATAP SSRF bypass via shared host/ip guard 2026-02-19 09:59:47 +01:00
Peter Steinberger
cfc5e7bd82 fix(media): harden saveMediaSource against symlink TOCTOU 2026-02-19 09:51:57 +01:00
Vignesh Natarajan
d3dab089d7 fix: preserve reasoning stream partial contract (#20635) (thanks @obviyus) 2026-02-19 00:05:10 -08:00
Peter Steinberger
7e54b6c96f fix(browser): unify extension relay auth on gateway token 2026-02-19 08:40:40 +01:00
Gustavo Madeira Santana
c5698caca3 Security: default gateway auth bootstrap and explicit mode none (#20686) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: be1b73182c
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 02:35:50 -05:00
vikpos
f855d0be4f fix: skip heartbeat when HEARTBEAT.md does not exist (#20461) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f6e5f8172a
Co-authored-by: vikpos <24960005+vikpos@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 01:09:33 -05:00
Marcus Castro
48e6b4fca3 fix: run BOOT.md for each configured agent at startup (#20569) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9098a4cc64
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 00:58:56 -05:00
Ayaan Zaidi
d17a1f387b fix(telegram): unify inbound handling for message-like updates (#20591) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 442a100071
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-19 09:54:47 +05:30
Ayaan Zaidi
6b05916c14 fix: gate Telegram exec tool warnings behind verbose mode (#20560) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7ce94931f0
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-19 09:05:49 +05:30
青雲
3d4ef56044 fix: include provider and model name in billing error message (#20510) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 40dbdf62e8
Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-18 21:56:00 -05:00
Clawborn
2bb8ead187 Fix LaunchAgent missing TMPDIR causing SQLITE_CANTOPEN on macOS (#20512) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 25ba59765d
Co-authored-by: Clawborn <261310391+Clawborn@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-18 21:42:35 -05:00
Xinhe Hu
b62bd290cb fix: remove hardcoded disableBlockStreaming to honor agent config for TUI (#19693) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 710d449080
Co-authored-by: neipor <191749196+neipor@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-18 16:25:59 -05:00
Nimrod Gutman
dd28a77df0 fix(ios): refactor screen webview lifecycle handling (#20366) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7beb794a06
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-02-19 05:05:40 +08:00
Mariano
e67da1538c iOS/Gateway: wake disconnected iOS nodes via APNs before invoke (#20332) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7751f9c531
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 21:00:17 +00:00
Mariano
750276fa36 fix(protocol): regenerate Swift models for push.test (#20325) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9281e7ad03
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 20:04:03 +00:00
Mariano
264131eb9f Canvas: improve A2UI asset resolution and empty state (#20312) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: adce485695
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:44:55 +00:00
Mariano
fe3f0759b5 Chat UI: accept canonical main session key alias (#20311) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a4ed5235bc
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:42:18 +00:00
Mariano
6e7f1a6a1b iOS onboarding: prevent pairing flicker during auto-resume (#20310) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 691808b747
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:39:41 +00:00
Mariano
c2d12b7e31 iOS: add APNs registration and notification signing config (#20308) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 614180020e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:37:03 +00:00
Mariano
99d099aa84 Gateway: add APNs push test pipeline (#20307) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6a1c442207
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:32:42 +00:00
Mariano
e9b4d86e37 fix(protocol): preserve AnyCodable booleans from JSON bridge (#20220) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1d86183e3b
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 17:39:54 +00:00
Peter Steinberger
797a47c3ce docs: harden coding-agent skill guidance example 2026-02-18 16:55:50 +01:00
Pejman Pour-Moezzi
a0d904dc23 docs(discord): replace quick setup and add recommended guild setup (#20088) 
Co-authored-by: Shadow <shadow@openclaw.ai>
 2026-02-18 09:39:09 -06:00
Mariano
57083e4220 iOS: add Apple Watch companion message MVP (#20054) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 720791ae6b
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 13:37:41 +00:00
Mariano
1437ed76a0 Gateway/CLI: add paired-device remove and clear flows (#20057) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 26523f8a38
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 13:27:31 +00:00
Mariano
fc65f70a9b iOS: stabilize pairing/reconnect loops (#20056) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b01a482a17
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 13:23:06 +00:00
Mariano
39881a318a Browser: reuse extension relay when relay port is already occupied (#20035) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b310666d39
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 13:13:04 +00:00
Nimrod Gutman
cb34e80f98 fix(ios): restore auto-selected team for local signing (#19993) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6f375238f0
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-02-18 19:38:23 +08:00
Taras Lukavyi
d833dcd731 fix(telegram): cron and heartbeat messages land in wrong chat instead of target topic (#19367) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: bf02bbf9ce
Co-authored-by: Lukavyi <1013690+Lukavyi@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-18 15:31:01 +05:30
Gustavo Madeira Santana
07fdceb5fd refactor: centralize presence routing and version precedence coverage (#19609) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 10d9df5263
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-18 00:02:51 -05:00
Robby
5c69e625f5 fix(cli): display correct model for sub-agents in sessions list (#18660) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ba54c5a351
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-17 23:59:20 -05:00
Peter Steinberger
28bac46c92 fix(security): harden safeBins path trust 2026-02-18 04:55:31 +01:00
Peter Steinberger
42d2a61888 chore(changelog): move SSRF transition fix to 2026.2.18 2026-02-18 04:53:50 +01:00
Peter Steinberger
442fdbf3d8 fix(security): block SSRF IPv6 transition bypasses 2026-02-18 04:53:09 +01:00
Peter Steinberger
35851cdaff chore(changelog): move cron SSRF fix into 2026.2.18 2026-02-18 04:52:13 +01:00
Peter Steinberger
516046dba8 fix: avoid doctor token regeneration on invalid repairs 2026-02-18 04:51:25 +01:00
Peter Steinberger
99db4d13e5 fix(gateway): guard cron webhook delivery against SSRF 2026-02-18 04:48:08 +01:00
Ayaan Zaidi
6a5f887b3d test: harden Telegram command menu sanitization coverage (#19703) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6a41b11590
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-18 09:16:31 +05:30
Peter Steinberger
cc29be8c9b fix: serialize sandbox registry writes 2026-02-18 04:44:56 +01:00
Peter Steinberger
4bf3338834 chore: bump version to 2026.2.18 unreleased 2026-02-18 04:40:06 +01:00
Peter Steinberger
c90b09cb02 feat(agents): support Anthropic 1M context beta header 2026-02-18 03:29:48 +01:00
Peter Steinberger
d1c00dbb7c fix: harden include confinement edge cases (#18652) (thanks @aether-ai-agent) 2026-02-18 03:27:16 +01:00
Gustavo Madeira Santana
985ec71c55 CLI: resolve parent/subcommand option collisions (#18725) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b7e51cf909
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-17 20:57:09 -05:00
Peter Steinberger
414b996b0c fix(agents): make image resize logs single-line with size 2026-02-18 01:58:33 +01:00
Peter Steinberger
3459200444 docs: reorder unreleased changelog by user-impact highlights 2026-02-18 01:51:28 +01:00
Peter Steinberger
76949001ea fix: compact skill paths in prompt (#14776) (thanks @bitfish3) 2026-02-18 01:35:37 +01:00
DylanWoodAkers
cfd384ead2 feat(skills): improve descriptions with routing logic (#14577) 
* feat(skills): improve descriptions with routing logic

Apply OpenAI's recommended pattern for skill descriptions:
- Add 'Use when' conditions for clear triggering
- Add 'NOT for' negative examples to reduce misfires
- Make descriptions act as routing logic, not marketing copy

Based on: https://developers.openai.com/blog/skills-shell-tips/

Skills updated:
- coding-agent: clarify when to delegate vs direct edit
- github: add boundaries vs browser/scripting
- weather: add scope limitations

Glean reported 20% drop in skill triggering without negative
examples, recovering after adding them. This change brings
Clawdbot skills in line with that pattern.

* docs(skills): clarify routing boundaries (openclaw#14577) (thanks @DylanWoodAkers)

* docs(changelog): add PR 14577 release note (openclaw#14577) (thanks @DylanWoodAkers)

---------

Co-authored-by: ClawdBotWolf <clawdbotwolf@proton.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-18 01:31:28 +01:00
Peter Steinberger
1d23934c09 fix: follow-up slack streaming routing/tests (#9972) (thanks @natedenh) 2026-02-18 00:50:22 +01:00
Peter Steinberger
f07bb8e8fc fix(hooks): backport internal message hook bridge with safe delivery semantics 2026-02-18 00:35:41 +01:00