romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,015 Commits 258 Branches 39 Tags 276 MiB
09ab5a9b31
Commit Graph

1954 Commits

Author SHA1 Message Date
Peter Steinberger
09ab5a9b31 fix: harden gateway security guidance (#2000) (thanks @rhuanssauro) 2026-01-26 13:38:37 +00:00
Peter Steinberger
c4a80f4edb fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
Peter Steinberger
fd9be79be1 fix: harden tailscale serve auth 2026-01-26 12:49:19 +00:00
Peter Steinberger
6859e1e6a6 fix(webchat): support image-only sends 2026-01-26 05:33:36 +00:00
Shadow
08183fe009
Web UI: keep sub-agent announce replies visible (#1977) 2026-01-25 22:49:09 -06:00
Shadow
34ce004151
Gateway: prefer newest session entries in merge (#1823) 2026-01-25 22:40:22 -06:00
Shadow
9ba142e8a5
Docs: add GCP Compute Engine deployment guide (#1848) 
Co-authored-by: hougangdev <hougangdev@users.noreply.github.com>
 2026-01-25 22:34:09 -06:00
Shadow
a2d9127ff6
Docs: add Raspberry Pi install guide (#1871) 
Co-authored-by: 0xJonHoldsCrypto <0xJonHoldsCrypto@users.noreply.github.com>
 2026-01-25 22:33:35 -06:00
Shadow
10914d6249
Docs: add DigitalOcean deployment guide (#1870) 
Co-authored-by: 0xJonHoldsCrypto <0xJonHoldsCrypto@users.noreply.github.com>
 2026-01-25 22:33:03 -06:00
Shadow
d696ee3dfd
Docs: add Claude Max API Proxy guide (#1875) 
Co-authored-by: atalovesyou <atalovesyou@users.noreply.github.com>
 2026-01-25 22:32:38 -06:00
Shadow
5172098073
Tlon: format reply IDs as @ud (#1837) 2026-01-25 22:30:18 -06:00
Shadow
5d6a9da370
Onboarding: add Venice API key flags (#1893) 2026-01-25 22:26:00 -06:00
Shadow
15f7648e1e
Docs: credit Control UI refresh contributors (#1852) 2026-01-25 22:18:47 -06:00
Shadow
8b91ceb7c9
macOS: preserve custom SSH usernames (#2046) 
Co-authored-by: Alexis Gallagher <algal@users.noreply.github.com>
 2026-01-25 21:46:15 -06:00
Shadow
7e4e24445e
Slack: clear ack reaction after streaming replies (#2044) 
Co-authored-by: Shaurya Pratap Singh <fancyboi999@users.noreply.github.com>
 2026-01-25 21:28:46 -06:00
Shadow
1b598ad709
Config: apply config.env before substitution (#1813) 
Co-authored-by: SPANISH FLU <spanishflu-est1918@users.noreply.github.com>
 2026-01-25 21:22:25 -06:00
Shadow
7f6422c897
Telegram: preserve topic IDs in restart notifications (#1807) 
Co-authored-by: hsrvc <hsrvc@users.noreply.github.com>
 2026-01-25 21:20:39 -06:00
Shadow
7187c3d067
TUI: guard against overflow width crashes (#1686) 
Co-authored-by: Mohammad Jafari <mossein@users.noreply.github.com>
 2026-01-25 21:18:16 -06:00
Shadow
73507e8654
Routing: precompile session key regexes (#1697) 
Co-authored-by: Ray Tien <ray0907@users.noreply.github.com>
 2026-01-25 21:15:20 -06:00
Shadow
9ecbb0ae81
Auth: print copyable Google auth URL (#1787) 
Co-authored-by: Robby <robbyczgw-cla@users.noreply.github.com>
 2026-01-25 21:13:36 -06:00
Shadow
84f8f8b10e
Telegram: skip block replies when streaming off (#1885) 
Co-authored-by: Ivan Casco <ivancasco@users.noreply.github.com>
 2026-01-25 21:11:50 -06:00
Shadow
47101da464
Telegram: honor caption param for media sends (#1888) 
Co-authored-by: Marc Güell Segarra <mguellsegarra@users.noreply.github.com>
 2026-01-25 21:09:59 -06:00
Shadow
6d60c32570
Update: ignore dist/control-ui in dirty check (#1976) 
Co-authored-by: Glucksberg <glucksberg@users.noreply.github.com>
 2026-01-25 21:07:51 -06:00
Shadow
5d2ef89e03
Browser: add URL fallback for relay tab matching (#1999) 
Co-authored-by: João Paulo Furtado <jonit-dev@users.noreply.github.com>
 2026-01-25 21:04:41 -06:00
Shadow
159f6bfddd
macOS: bump Textual to 0.3.1 (#2033) 
Co-authored-by: Garric G. Nahapetian <garricn@users.noreply.github.com>
 2026-01-25 21:02:18 -06:00
Shadow
9c8e8c5c2d
CI: increase Node heap size for macOS checks (#1890) 
Co-authored-by: Zach Knickerbocker <realZachi@users.noreply.github.com>
 2026-01-25 20:45:42 -06:00
Shadow
136f0d4d1d
Docs: add Render deployment guide (#1975) 
Co-authored-by: Anurag Goel <anurag@users.noreply.github.com>
 2026-01-25 20:28:53 -06:00
Shadow
a21671ed5b
Skills: add missing dependency metadata (#1995) 
Co-authored-by: jackheuberger <jackheuberger@users.noreply.github.com>
 2026-01-25 20:25:08 -06:00
Shadow
c7fabb43f9
Agents: expand cron tool description (#1988) 
Co-authored-by: Tomas Cupr <tomascupr@users.noreply.github.com>
 2026-01-25 20:23:40 -06:00
Shadow
9c26cded75
Docs: add Vercel AI Gateway sidebar entry (#1901) 
Co-authored-by: Jerilyn Zheng <jerilynzheng@users.noreply.github.com>
 2026-01-25 20:22:10 -06:00
Shadow
5c231fc21f
Doctor: warn on gateway exposure (#2016) 
Co-authored-by: Alex Alaniz <Alex-Alaniz@users.noreply.github.com>
 2026-01-25 20:01:38 -06:00
Peter Steinberger
8f6542409a chore: bump versions for 2026.1.25 2026-01-25 22:13:04 +00:00
Peter Steinberger
e0adf65dac test: cover CLI chat delta event (#1921) (thanks @rmorse) 2026-01-25 21:09:04 +00:00
Peter Steinberger
68824c8903 chore: start 2026.1.25 changelog 2026-01-25 20:59:03 +00:00
Peter Steinberger
885167dd58 fix: tighten security audit for loopback auth 2026-01-25 15:16:40 +00:00
Jamieson O'Reilly
6aec34bc60
fix(gateway): prevent auth bypass when behind unconfigured reverse proxy (#1795) 
* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy

When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.

Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.

The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.

Also adds documentation for reverse proxy security configuration.

* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)

---------

Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-25 15:08:03 +00:00
Peter Steinberger
1c606fdb57 chore: start 2026.1.25 changelog 2026-01-25 14:34:16 +00:00
Peter Steinberger
d1dd8a1d69 chore: release 2026.1.24-2 2026-01-25 14:16:15 +00:00
Peter Steinberger
a22ac64c47 chore: release 2026.1.24-1 2026-01-25 14:08:20 +00:00
Peter Steinberger
71eb6d5dd0 fix(imessage): normalize messaging targets (#1708) 
Co-authored-by: Aaron Ng <1653630+aaronn@users.noreply.github.com>
 2026-01-25 13:43:32 +00:00
Peter Steinberger
0130ecd800 fix: paragraph-aware newline chunking (#1726) 
Thanks @tyler6204

Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com>
 2026-01-25 13:24:19 +00:00
Peter Steinberger
22cf2b6766 fix: config/debug UI overflow (#1715) 
Thanks @saipreetham589.

Co-authored-by: SaiPreetham <saipreetham.pesu@gmail.com>
 2026-01-25 13:20:59 +00:00
Andre Foeken
9bd5def32c
fix(telegram): fall back to text when voice messages forbidden (#1725) 
* fix(telegram): fall back to text when voice messages forbidden

When TTS auto mode is enabled, slash commands like /status would fail
silently because sendVoice was rejected with VOICE_MESSAGES_FORBIDDEN.
The entire reply would fail without any text being sent.

This adds error handling to catch VOICE_MESSAGES_FORBIDDEN specifically
and fall back to sending the text content as a regular message instead
of failing completely.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: handle telegram voice fallback errors (#1725) (thanks @foeken)

---------

Co-authored-by: Echo <andre.foeken@Donut.local>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-25 13:18:41 +00:00
Peter Steinberger
5a21722f32 docs: expand 2026.1.24 highlights 2026-01-25 13:00:52 +00:00
Peter Steinberger
6110514606 docs: reorder 2026.1.24 changelog 2026-01-25 12:58:31 +00:00
Peter Steinberger
7a5e103a6a fix: treat Windows platform labels as Windows for node shell (#1760) 
Thanks @ymat19.

Co-authored-by: ymat19 <45934497+ymat19@users.noreply.github.com>
 2026-01-25 12:57:06 +00:00
Peter Steinberger
026def686e fix(matrix): decrypt E2EE media + size guard (#1744) 
Thanks @araa47.

Co-authored-by: Akshay <araa47@users.noreply.github.com>
 2026-01-25 12:53:57 +00:00
Peter Steinberger
8f3da653b0 fix: allow control ui token auth without pairing 2026-01-25 12:47:17 +00:00
David Gelberg
2fcbed2111
UI: refresh dashboard design system (#1786) 
* UI: refresh dashboard design system

- Typography: swap Inter for Space Grotesk (geometric, techy)
- Colors: punchier accent red, add teal secondary, warmer darks
- Cards: better shadows, hover lift effect, increased padding
- Stats: uppercase labels, larger bold values
- Buttons: hover lift micro-interaction, glow on primary
- Status dots: glow effects and subtle pulse animation
- Callouts: gradient backgrounds for depth
- Navigation: active state accent bar indicator
- Layout: more breathing room, bolder page titles

* UI: remove nav active bar indicator

* UI: hide nav scrollbar, remove nav border

* fix: add changelog entry for dashboard refresh (#1786) (thanks @mousberg)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-25 12:29:25 +00:00
plum-dawg
c96ffa7186
feat: Add Line plugin (#1630) 
* feat: add LINE plugin (#1630) (thanks @plum-dawg)

* feat: complete LINE plugin (#1630) (thanks @plum-dawg)

* chore: drop line plugin node_modules (#1630) (thanks @plum-dawg)

* test: mock /context report in commands test (#1630) (thanks @plum-dawg)

* test: limit macOS CI workers to avoid OOM (#1630) (thanks @plum-dawg)

* test: reduce macOS CI vitest workers (#1630) (thanks @plum-dawg)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-25 12:22:36 +00:00