romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
350 Commits 258 Branches 39 Tags 276 MiB
01185952e6
Commit Graph

350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
01185952e6 Verbose: send tool result metadata only 2025-12-03 09:40:05 +00:00
Peter Steinberger
c8309e73aa Tau RPC: resolve on agent_end 2025-12-03 09:39:26 +00:00
Peter Steinberger
4143c2be2d Docs: note streaming verbose tool results 2025-12-03 09:22:43 +00:00
Peter Steinberger
d839533d4e Auto-reply: stream verbose tool results via tau rpc 2025-12-03 09:21:31 +00:00
Peter Steinberger
78646030f4 Auto-reply: show tool results before main reply in verbose mode 2025-12-03 09:14:10 +00:00
Peter Steinberger
4c6bef34cf Chore: format + lint fixes 2025-12-03 09:09:34 +00:00
Peter Steinberger
05ce99d557 Docs: mention verbose hints 2025-12-03 09:08:03 +00:00
Peter Steinberger
ffd14dc6c6 Auto-reply: add verbose session hint 2025-12-03 09:07:17 +00:00
Peter Steinberger
e33c7a813d Auto-reply: add /verbose directives and tool result replies 2025-12-03 09:04:37 +00:00
Peter Steinberger
ddf5cc12c2 Auto-reply: treat prefixed think directives as directive-only 2025-12-03 08:57:30 +00:00
Peter Steinberger
e5fff1d374 Auto-reply: ack think directives 2025-12-03 08:54:38 +00:00
Peter Steinberger
6ec2335bae Docs: document thinking levels 2025-12-03 08:45:30 +00:00
Peter Steinberger
ff6d832151 Auto-reply: add thinking directives 2025-12-03 08:45:23 +00:00
Peter Steinberger
2fbd0b9f74 Changelog: heartbeat array handling 2025-12-03 01:03:59 +00:00
Peter Steinberger
a0633e3ff1 Format: align thinking helpers 2025-12-03 01:02:10 +00:00
Peter Steinberger
ba744915eb Heartbeat: guard optional heartbeatCommand 2025-12-03 00:45:27 +00:00
Peter Steinberger
11529882e7 Heartbeat: normalize reply arrays for twilio/web 2025-12-03 00:43:28 +00:00
Peter Steinberger
f1ee08659e Heartbeat: normalize array replies 2025-12-03 00:40:19 +00:00
Peter Steinberger
61e76cb43b Auto-reply: allow array payloads in signature 2025-12-03 00:35:57 +00:00
Peter Steinberger
849244d93e CI: fix command-reply payload typing 2025-12-03 00:33:58 +00:00
Peter Steinberger
61723fa0d0 Auto-reply: format and lint fixes 2025-12-03 00:30:05 +00:00
Peter Steinberger
d25d12ca8a Auto-reply: smarter chunking breaks 2025-12-03 00:25:01 +00:00
Peter Steinberger
80b2967ae8 web: handle multi-payload replies 2025-12-02 23:46:11 +00:00
Peter Steinberger
0f378bb640 limits: chunk replies for twilio/web 2025-12-02 23:10:16 +00:00
Peter Steinberger
f374561579 auto-reply: support multi-text RPC outputs 2025-12-02 23:03:55 +00:00
Peter Steinberger
32f1af6277 logging: emit agent/session meta at command start 2025-12-02 21:30:28 +00:00
Peter Steinberger
45d9bca433 revert: mark system prompt sent on first turn 2025-12-02 21:23:56 +00:00
Peter Steinberger
088887c8fe chore: cut 1.3.1 in changelog 2025-12-02 21:13:47 +00:00
Peter Steinberger
8c7f4e4ab0 docs: note media cleanup and tau rpc typing 2025-12-02 21:13:21 +00:00
Peter Steinberger
5d0e0c8e8f ci: fix lint and tau rpc typing 2025-12-02 21:12:51 +00:00
Peter Steinberger
138279a7e1 fix(media): clean up files after response finishes 2025-12-02 21:10:18 +00:00
Peter Steinberger
5e5adbfc8f test(media): add redirect coverage and update changelog 2025-12-02 21:09:26 +00:00
Peter Steinberger
082da8a28b Merge branch 'fix/media-replies' 2025-12-02 21:07:45 +00:00
Peter Steinberger
86302247b6 chore: tidy claude prompt and drop npm lock 2025-12-02 21:07:37 +00:00
Joao Lisboa
7d919ac3bc style: fix biome formatting 2025-12-02 21:07:13 +00:00
Joao Lisboa
26ae8c780e style: fix biome lint errors 2025-12-02 21:07:13 +00:00
Joao Lisboa
562f8075d8 style: fix biome formatting 2025-12-02 21:07:13 +00:00
Joao Lisboa
57b48d9ad9 fix: send Claude identity prefix on first session message 
The systemSent variable was being set to true before being passed to
runCommandReply, causing the identity prefix to never be injected.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 21:07:13 +00:00
Joao Lisboa
b2f3e69eae fix: follow redirects when downloading Twilio media 
node:https request() doesn't follow redirects by default, causing
Twilio media URLs (which 302 to CDN) to save placeholder/metadata
instead of actual images.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 21:07:13 +00:00
Joao Lisboa
24bc88b638 chore: user-agnostic Claude identity and tests 
- Use ~/Clawd instead of hardcoded /Users/steipete/clawd
- Add MEDIA: syntax instructions to identity prefix
- Update tests to check for 'scratchpad' instead of specific path

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 21:07:13 +00:00
Joao Lisboa
d53d8da56f fix: media serving and id consistency 
- server.ts: Replace sendFile with manual readFile+send to fix
  NotFoundError when serving media (sendFile failed even after stat)
- store.ts: Return id with file extension so it matches actual filename

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 21:07:13 +00:00
Joao Lisboa
fc2890748e fix: use export type for type-only re-exports 
Fixes build error with isolatedModules.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 21:06:27 +00:00
Peter Steinberger
873ba41650 docs: update agent guidance and changelog 2025-12-02 20:10:43 +00:00
Peter Steinberger
2a2b662c3e perf(pi): reuse tau rpc for command auto-replies 2025-12-02 20:09:51 +00:00
Peter Steinberger
65c7078abb chore: credit media fix contributor 2025-12-02 18:38:02 +00:00
Peter Steinberger
dc226c4ee0 fix(media): block symlink traversal 2025-12-02 18:37:15 +00:00
Joao Lisboa
0ea182c0c1 Fix path traversal vulnerability in media server 
The /media/:id endpoint was vulnerable to path traversal attacks.
Since this endpoint is exposed via Tailscale Funnel (unlike the
WhatsApp webhook which requires Twilio signature validation),
attackers could directly request paths like /media/%2e%2e%2fwarelay.json
to access sensitive files in ~/.warelay/ (e.g. warelay.json), or even
escape further to the user's home directory via multiple ../ sequences.

Fix: validate resolved paths stay within the media directory.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 19:33:21 +01:00
Peter Steinberger
5b5eebe015 chore(logs): rotate daily and prune after 24h 2025-12-02 17:11:43 +00:00
Peter Steinberger
1f0c022b96 chore(security): purge session store on logout 2025-12-02 16:33:44 +00:00
Peter Steinberger
241941fb70 chore(security): harden ipc socket 2025-12-02 16:09:40 +00:00