33b4b76a53
docs(web): clarify control ui language picker
2026-04-06 02:44:24 +01:00
61e61ccc18
Dreaming: simplify sweep flow and add diary surface
2026-04-05 17:18:54 -07:00
ffc1f7b337
feat(i18n): add Ukrainian docs and control UI locale
2026-04-05 18:31:02 +01:00
bc910942e2
docs: refresh history sanitization tag mirrors
2026-04-04 22:21:26 +01:00
3d65b14019
docs: refresh NO_REPLY history mirrors
2026-04-04 21:55:11 +01:00
291afbbb95
docs: refresh transcript sanitization mirrors
2026-04-04 21:52:15 +01:00
4f9804ec24
docs: refresh config schema and gateway tool mirrors
2026-04-04 21:43:09 +01:00
e2b841d7d0
docs: refresh shared-secret default mirrors
2026-04-04 21:11:16 +01:00
0738ed8d19
docs: refresh control-ui shared-secret mirrors
2026-04-04 21:05:12 +01:00
0ef29325ed
docs: refresh config schema mirror refs
2026-04-04 20:38:15 +01:00
8eb1ea5b2e
docs: refresh config schema mirrors
2026-04-04 20:14:33 +01:00
f94645dfe5
docs: refresh session recall sanitization refs
2026-04-04 19:26:37 +01:00
fd222d3f07
docs: refresh chat history scaffolding refs
2026-04-04 19:23:55 +01:00
39d9ded2e5
docs: refresh chat history display mirrors
2026-04-04 19:17:58 +01:00
2ab8acb2c9
docs: refresh chat thinking and compaction refs
2026-04-04 18:25:13 +01:00
89535f9313
docs: refresh pairing locality refs
2026-04-04 16:13:04 +01:00
5fa60e6535
docs: refresh channel overview mirrors
2026-04-04 15:07:32 +01:00
114496871d
docs: refresh tailscale auth rate limit refs
2026-04-04 14:30:13 +01:00
2ecb8ca352
docs: refresh control ui auth ux refs
2026-04-04 14:14:54 +01:00
0afd30d325
docs: refresh shared-secret auth mirrors
2026-04-04 14:02:29 +01:00
11d17b3c38
docs: refresh control ui device identity refs
2026-04-04 13:52:23 +01:00
9f0845137a
docs: add Related sections to plugin and web interface pages
...
- building-plugins.md, manifest.md: link to architecture, SDK, channel/provider plugins
- control-ui.md, tui.md: link to sibling web interfaces and CLI
2026-03-31 14:34:56 +09:00
81b777c768
fix(config): harden SecretRef round-trip handling in Control UI and RPC writes ( #58044 )
...
* Config: harden SecretRef round-trip handling
* Gateway: test SecretRef preflight on config writes
* Agents: align skill loader with upstream Skill type
* Docs: align SecretRef write semantics with Control UI and RPC behavior
* Config: add UI and gateway regression evidence for SecretRef hardening
* Config: add token SecretRef restore regression and skill sourceInfo compat
* UI: scope structured-value lockout to SecretRef fields
* Agents: remove out-of-scope skill loader compat edits
* UI: reduce app-render churn to rawAvailable-only changes
* Gateway: scope SecretRef preflight to submitted config
* Docs: clarify config write SecretRef preflight scope
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com >
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com >
2026-03-30 23:55:03 -05:00
8e132aed6e
Hardening: refresh stale device pairing requests and pending metadata ( #50695 )
...
* Docs: clarify device pairing supersede behavior
* Device pairing: supersede pending requests on auth changes
2026-03-19 18:26:06 -05:00
56066dccb0
docs(ui): harden legacy query token guidance ( #49053 )
2026-03-17 22:18:42 -05:00
4d8106eece
docs(security): clarify wildcard Control UI origins
2026-03-17 09:36:51 -07:00
6101c023bb
fix(ui): restore control-ui query token compatibility ( #43979 )
...
* fix(ui): restore control-ui query token imports
* chore(changelog): add entry for openclaw#43979 thanks @stim64045-spec
---------
Co-authored-by: 大禹 <dayu@dayudeMac-mini.local >
Co-authored-by: Val Alexander <bunsthedev@gmail.com >
Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com >
2026-03-17 04:03:35 -05:00
4863b651c6
docs: rename onboarding user-facing wizard copy
...
Co-authored-by: Tak <contact-redacted@example.com >
2026-03-16 19:50:31 -05:00
5287ae3c06
docs: update setup wizard wording
2026-03-15 21:40:31 -07:00
d5bffcdeab
feat: add fast mode toggle for OpenAI models
2026-03-12 23:31:31 +00:00
a76e810193
fix(gateway): harden token fallback/reconnect behavior and docs ( #42507 )
...
* fix(gateway): harden token fallback and auth reconnect handling
* docs(gateway): clarify auth retry and token-drift recovery
* fix(gateway): tighten auth reconnect gating across clients
* fix: harden gateway token retry (#42507 ) (thanks @joshavant)
2026-03-10 17:05:57 -05:00
f2f561fab1
fix(ui): preserve control-ui auth across refresh ( #40892 )
...
Merged via squash.
Prepared head SHA: f9b2375892485e91c838215b8880d54970179153
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com >
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com >
Reviewed-by: @velvet-shark
2026-03-09 12:50:47 +01:00
10d0e3f3ca
fix(dashboard): keep gateway tokens out of URL storage
2026-03-07 18:33:30 +00:00
2b45eb0e52
Docs: document Control UI locale support
2026-03-05 16:57:59 -05:00
aea28e26fb
fix(auto-reply): expand standalone stop phrases
2026-02-24 04:02:43 +00:00
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
77c3b142a9
Web UI: add full cron edit parity, all-jobs run history, and compact filters (openclaw#24155) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-22 23:05:42 -06:00
356d61aacf
fix(gateway): scope tailscale tokenless auth to websocket
2026-02-21 13:03:13 +01:00
99048dbec2
fix(gateway): align insecure-auth toggle messaging
2026-02-21 12:57:22 +01:00
ede496fa1a
docs: clarify trusted-host assumption for tokenless tailscale
2026-02-21 12:52:49 +01:00
81fd771cb9
fix(gateway): preserve chat.history context under hard caps
2026-02-16 21:50:01 -05:00
bc67af6ad8
cron: separate webhook POST delivery from announce ( #17901 )
...
* cron: split webhook delivery from announce mode
* cron: validate webhook delivery target
* cron: remove legacy webhook fallback config
* fix: finalize cron webhook delivery prep (#17901 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM >
2026-02-16 02:36:00 -08:00
14fb2c05b1
Gateway/Control UI: preserve partial output on abort ( #15026 )
...
* Gateway/Control UI: preserve partial output on abort
* fix: finalize abort partial handling and tests (#15026 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM >
2026-02-15 16:55:28 -08:00
115cfb4430
gateway: add cron finished-run webhook ( #14535 )
...
* gateway: add cron finished webhook delivery
* config: allow cron webhook in runtime schema
* cron: require notify flag for webhook posts
* ui/docs: add cron notify toggle and webhook docs
* fix: harden cron webhook auth and fill notify coverage (#14535 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM >
2026-02-15 16:14:17 -08:00
578a6e27aa
Docs: enable markdownlint autofixables except list numbering ( #10476 )
...
* docs(markdownlint): enable autofixable rules except list numbering
* docs(zalo): fix malformed bot platform link
2026-02-06 10:08:59 -05:00
0a1f4f666a
revert(docs): undo markdownlint autofix churn
2026-02-06 10:00:08 -05:00
c7aec0660e
docs(markdownlint): enable autofixable rules and normalize links
2026-02-06 09:55:12 -05:00
a13ff55bd9
Security: Prevent gateway credential exfiltration via URL override ( #9179 )
...
* Gateway: require explicit auth for url overrides
* Gateway: scope credential blocking to non-local URLs only
Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.
Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.
This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.
* Security: require explicit credentials for gateway url overrides (#8113 ) (thanks @victormier)
* Gateway: reuse explicit auth helper for url overrides (#8113 ) (thanks @victormier)
* Tests: format gateway chat test (#8113 ) (thanks @victormier)
* Tests: require explicit auth for gateway url overrides (#8113 ) (thanks @victormier)
---------
Co-authored-by: Victor Mier <victormier@gmail.com >
2026-02-04 18:59:44 -05:00
3f82daefd8
feat(cron): enhance delivery modes and job configuration
...
- Updated isolated cron jobs to support new delivery modes: `announce` and `none`, improving output management.
- Refactored job configuration to remove legacy fields and streamline delivery settings.
- Enhanced the `CronJobEditor` UI to reflect changes in delivery options, including a new segmented control for delivery mode selection.
- Updated documentation to clarify the new delivery configurations and their implications for job execution.
- Improved tests to validate the new delivery behavior and ensure backward compatibility with legacy settings.
This update provides users with greater flexibility in managing how isolated jobs deliver their outputs, enhancing overall usability and clarity in job configurations.
2026-02-04 01:03:59 -08:00
0bb0dfc9bc
feat(cron): default isolated jobs to announce delivery and enhance scheduling options
...
- Updated isolated cron jobs to default to `announce` delivery mode, improving user experience.
- Enhanced scheduling options to accept ISO 8601 timestamps for `schedule.at`, while still supporting epoch milliseconds.
- Refined documentation to clarify delivery modes and scheduling formats.
- Adjusted related CLI commands and UI components to reflect these changes, ensuring consistency across the platform.
- Improved handling of legacy delivery fields for backward compatibility.
This update streamlines the configuration of isolated jobs, making it easier for users to manage job outputs and schedules.
2026-02-04 01:03:59 -08:00
Vincent Koc