青雲
dc8423f2c0
fix: back up existing systemd unit before overwriting on update ( #24350 ) ( #24937 )
...
When `openclaw update` regenerates the systemd service file, any user
customizations to ExecStart (e.g. proxychains4 wrapper) are silently
lost. Now the existing unit file is copied to `.bak` before writing
the new one, so users can restore their customizations.
The backup path is printed in the install output so users are aware.
Co-authored-by: echoVic <AkiraVic@outlook.com >
2026-02-24 03:22:55 +00:00
Soumik Bhatta
70cfb69a5f
fix(doctor): skip false positive permission warnings for Nix store symlinks ( #24901 )
...
On NixOS/Nix-managed installs, config and state directories are symlinks
into /nix/store/. Symlinks on Linux always report 0o777 via lstatSync,
causing `openclaw doctor` to incorrectly warn about open permissions.
Use lstatSync to detect symlinks, resolve the target, and only suppress
the warning when the resolved path lives in /nix/store/ (an immutable
filesystem). Symlinks to insecure targets still trigger warnings.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-24 03:22:52 +00:00
Bill Cropper
588ad7fb38
fix: respect agent model config in slug generator ( #24776 )
...
The slug generator was using hardcoded DEFAULT_PROVIDER and DEFAULT_MODEL
instead of resolving from agent config. This caused it to fall back to
anthropic/claude-opus-4-6 even when a cloud model was configured.
Now uses resolveAgentModelPrimary() to get the configured model, with
fallback to defaults if not configured.
Fixes issue where session memory filenames would fail to generate
when using cloud models that require special backends.
2026-02-24 03:22:48 +00:00
David Murray
e2e10b3da4
fix(slack): map threadId to replyToId for restart sentinel notifications ( #24885 )
...
The restart sentinel wake path passes threadId to deliverOutboundPayloads,
but Slack requires replyToId (mapped to thread_ts) for threading. The agent
reply path already does this conversion but the sentinel path did not,
causing post-restart notifications to land as top-level DMs.
Fixes #17716
2026-02-24 03:22:45 +00:00
Omair Afzal
19c43eade2
fix(memory): strip null bytes from workspace paths causing ENOTDIR ( #24876 )
...
Add stripNullBytes() helper and apply it to all return paths in
resolveAgentWorkspaceDir() including configured, default, and
state-dir-derived paths. Null bytes in paths cause ENOTDIR errors
when Node tries to resolve them as directories.
2026-02-24 03:22:42 +00:00
Omair Afzal
177f167eab
fix: guard .trim() calls on potentially undefined workspaceDir ( #24875 )
...
Change workspaceDir param type from string to string | undefined in
resolvePluginSkillDirs and use nullish coalescing before .trim() to
prevent TypeError when workspaceDir is undefined.
2026-02-24 03:22:39 +00:00
Peter Steinberger
7b2b86c60a
fix(exec): add approval race changelog and regressions
2026-02-24 03:22:05 +00:00
Peter Steinberger
6f0dd61795
fix(exec): restore two-phase approval registration flow
2026-02-24 03:16:36 +00:00
Peter Steinberger
c6c1e3e7cf
docs(changelog): correct exec approvals reporter credit
2026-02-24 03:13:48 +00:00
Peter Steinberger
ffd63b7a2c
fix(security): trust resolved skill-bin paths in allowlist auto-allow
2026-02-24 03:12:43 +00:00
Peter Steinberger
204d9fb404
refactor(security): dedupe shell env probe and add path regression test
2026-02-24 03:11:33 +00:00
Peter Steinberger
64aab80201
test(exec): add regressions for safe-bin metadata and chain semantics
2026-02-24 03:10:19 +00:00
Peter Steinberger
a67689a7e3
fix: harden allow-always shell multiplexer wrapper handling
2026-02-24 03:06:51 +00:00
Peter Steinberger
4a3f8438e5
fix(gateway): bind node exec approvals to nodeId
2026-02-24 03:05:58 +00:00
Peter Steinberger
9530c01085
refactor(exec): split safe-bin policy modules and dedupe allowlist flow
2026-02-24 03:05:03 +00:00
Peter Steinberger
c5ac90ab92
docs(changelog): add shell-env fallback hardening note
2026-02-24 03:04:49 +00:00
Peter Steinberger
60f1d1959a
test: stabilize invoke-system-run env-wrapper assertion on Windows
2026-02-24 03:02:38 +00:00
Peter Steinberger
d0ef4c75c7
docs(changelog): credit safeBins advisory reporters
2026-02-24 02:59:17 +00:00
Peter Steinberger
ff10fe8b91
fix(security): require /etc/shells for shell env fallback
2026-02-24 02:58:24 +00:00
Shakker
71f4b93656
docs: refresh clawtributors list
2026-02-24 02:55:02 +00:00
Shakker
ef1ffacfb2
scripts: exclude unresolved clawtributors from README
2026-02-24 02:55:02 +00:00
Peter Steinberger
90383e00e9
fix(security): harden autoAllowSkills exec matching
2026-02-24 02:53:47 +00:00
Peter Steinberger
e578521ef4
fix(security): harden session export image data-url handling
2026-02-24 02:53:39 +00:00
Peter Steinberger
fefc414576
fix(security): harden structural session path fallback
2026-02-24 02:52:48 +00:00
Peter Steinberger
ff4e6ca0d9
fix(ios): gate agent deep links with local confirmation
2026-02-24 02:51:58 +00:00
Peter Steinberger
f8524ec77a
fix(security): harden exported session html rendering
2026-02-24 02:40:29 +00:00
Peter Steinberger
f6afc8c5b6
docs(security): clarify host-side exec trust model defaults
2026-02-24 02:40:18 +00:00
Peter Steinberger
1d28da55a5
fix(voice-call): block Twilio webhook replay and stale transitions
2026-02-24 02:37:24 +00:00
Gustavo Madeira Santana
4663d68384
Tests: make model-catalog fixtures type-valid
2026-02-23 21:36:34 -05:00
Peter Steinberger
ce02ad9643
refactor(agents): centralize sandbox media and fs policy helpers
2026-02-24 02:32:01 +00:00
Gustavo Madeira Santana
207ec7cfae
chore(provider): remove unused pruning functions
2026-02-23 21:31:12 -05:00
Peter Steinberger
4032390572
docs(security): clarify trusted user-triggered local actions
2026-02-24 02:29:09 +00:00
Peter Steinberger
3f923e8313
test: add env -S allowlist bypass regressions
2026-02-24 02:28:00 +00:00
Peter Steinberger
6634030be3
fix: enforce apply_patch workspaceOnly in sandbox mounts
2026-02-24 02:23:56 +00:00
Peter Steinberger
c070be1bc4
fix(sandbox): harden fs bridge path checks and bind mount policy
2026-02-24 02:21:43 +00:00
Peter Steinberger
dd9d9c1c60
fix(security): enforce workspaceOnly for sandbox image tool
2026-02-24 02:17:55 +00:00
Peter Steinberger
0026255def
refactor(security): harden system.run wrapper enforcement
2026-02-24 02:17:41 +00:00
Gustavo Madeira Santana
5239b55c0a
Config: expand Kilo catalog and persist selected Kilo models ( #24921 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f5a7e1a3855599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-23 21:17:37 -05:00
Peter Steinberger
6c441ea797
fix: support legacy and beta prerelease version formats
2026-02-24 02:05:37 +00:00
Peter Steinberger
08e2aa44e7
fix(commands): restrict commands.allowFrom to sender principals
2026-02-24 02:01:01 +00:00
Peter Steinberger
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
Peter Steinberger
edfefdff7d
docs(changelog): mark ACP hardening as next npm release
2026-02-24 01:56:22 +00:00
Peter Steinberger
a1c4bf07c6
fix(security): harden exec wrapper allowlist execution parity
2026-02-24 01:52:17 +00:00
Peter Steinberger
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
Peter Steinberger
8779b523dc
test(sandbox): speed up agent-config coverage with pure resolvers
2026-02-24 01:46:12 +00:00
Peter Steinberger
467666adc7
test(sandbox): use focused modules in lightweight suites
2026-02-24 01:46:12 +00:00
Peter Steinberger
f0f886ecc4
docs(security): clarify gateway-node trust boundary in docs
2026-02-24 01:35:44 +00:00
Peter Steinberger
1f81677093
docs(changelog): note dangerous name-matching audit unification
2026-02-24 01:33:08 +00:00
Peter Steinberger
161d9841dc
refactor(security): unify dangerous name matching handling
2026-02-24 01:33:08 +00:00
Peter Steinberger
6a7c303dcc
test(msteams): fix allowlist name-match expectations
2026-02-24 01:26:53 +00:00
