yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • e9771f4b67 chore(deps): bump black in /backend in the uv group across 1 directory dependabot/uv/backend/uv-b7f5c28099 dependabot[bot] 2026-03-12 21:12:33 +00:00
  • 73b01fcb25 Merge pull request #261 from AndrewNLauder/feat/macos-support master Abhimanyu Saharan 2026-03-10 14:56:19 +05:30
  • 7bca8c1ca2 fix: address PR #261 review – remove DOCUMENTATION.md, fix systemd docs and install.sh Claude Thebot 2026-03-09 23:23:30 -07:00
  • efee334843 feat: run at boot (systemd/launchd) and auth token re-sync docs Claude Thebot 2026-03-09 22:25:31 -07:00
  • f7932d962a Merge pull request #252 from 0xjjjjjj/fix/mobile-responsive Abhimanyu Saharan 2026-03-09 02:06:23 +05:30
  • 7adadd5c88 fix: use data-cy selector for sidebar backdrop in e2e tests 0xjjjjjj 2026-03-08 10:01:31 -07:00
  • fab19ed5aa fix: use correct DashboardMetrics shape in mobile sidebar e2e stubs 0xjjjjjj 2026-03-08 09:41:32 -07:00
  • 162b820880 Merge branch 'master' into fix/mobile-responsive Abhimanyu Saharan 2026-03-08 12:58:59 +05:30
  • fe6ff69d5c Merge pull request #253 from 0xjjjjjj/fix/dockerfile-chown-only Abhimanyu Saharan 2026-03-08 12:58:37 +05:30
  • fad1e99329 test: add Cypress e2e tests for mobile sidebar behavior 0xjjjjjj 2026-03-07 21:42:05 -08:00
  • 3bc4dcaf55 fix: normalize sidebar width to 260px, add responsive padding to approvals 0xjjjjjj 2026-03-07 21:28:58 -08:00
  • 74792593b2 fix: reset sidebar state on navigation to prevent ghost re-open 0xjjjjjj 2026-03-07 21:28:55 -08:00
  • 2519af2395 fix: use derived state for sidebar close on navigation 0xjjjjjj 2026-03-07 21:20:37 -08:00
  • 9396be6fc0 fix: chown /app directory after user creation 0xjjjjjj 2026-03-07 20:45:25 -08:00
  • 42368f84bf perf: replace chown -R with COPY --chown in both Dockerfiles 0xjjjjjj 2026-03-07 20:38:09 -08:00
  • f0ab3e315b fix: address Copilot review — z-index, Escape key, signed-out UX 0xjjjjjj 2026-03-07 20:19:39 -08:00
  • 7a0eb7b24a fix: avoid setState in useEffect for sidebar close on navigation 0xjjjjjj 2026-03-07 20:18:08 -08:00
  • e85e714076 fix: bump mobile sidebar z-index above sticky page headers 0xjjjjjj 2026-03-07 18:51:53 -08:00
  • ea0149bd88 fix: mobile-responsive layout for dashboard and board views 0xjjjjjj 2026-03-07 17:18:39 -08:00
  • 0e6a933c3f fix(governor): address PR review feedback abhi1693/feat/cherry-pick-heartbeat-governor Abhimanyu Saharan 2026-03-08 01:07:10 +05:30
  • 6a1e92cda6 fix(frontend): avoid governor draft sync effect Abhimanyu Saharan 2026-03-08 00:40:30 +05:30
  • eba090a3d3 fix(governor): satisfy backend CI checks Abhimanyu Saharan 2026-03-08 00:34:24 +05:30
  • cbd3339138 fix(migrations): squash governor schema changes Abhimanyu Saharan 2026-03-08 00:29:33 +05:30
  • e99cdfc51a fix(migrations): Merge auto heartbeat governor heads Abhimanyu Saharan 2026-03-08 00:23:58 +05:30
  • faa96d71b1 fix(governor): apply reviewer fixes for dead code, import scope, and DB persistence DevBot 2026-02-23 15:55:08 +00:00
  • a4d3c40d11 feat(ui): add board auto heartbeat governor settings section DevBot 2026-02-23 11:51:05 +00:00
  • f27a8817cb test(governor): add board policy read/update API coverage DevBot 2026-02-23 11:51:03 +00:00
  • 1047a28f3c feat(governor): board-scoped auto heartbeat policy endpoints DevBot 2026-02-23 11:51:00 +00:00
  • 02b1709f3b fix: governor SQL table names DevBot 2026-02-23 11:14:10 +00:00
  • 2a3b1022c2 feat: auto heartbeat governor (elastic backoff) DevBot 2026-02-23 11:12:54 +00:00
  • fa445127d9 Merge pull request #242 from abhi1693/abhi1693/fix/security-review-hardening Abhimanyu Saharan 2026-03-08 00:18:01 +05:30
  • 793c8983cb fix(ci): sort rate limit test imports Abhimanyu Saharan 2026-03-08 00:06:45 +05:30
  • cc3024acc3 fix(security): Address PR review feedback Abhimanyu Saharan 2026-03-08 00:01:04 +05:30
  • b3cb604776 Merge branch 'master' into abhi1693/fix/security-review-hardening Abhimanyu Saharan 2026-03-07 23:47:27 +05:30
  • 6d2ff60a82 fix(security): Stop logging raw trusted proxy entries Abhimanyu Saharan 2026-03-07 23:47:00 +05:30
  • 46bc9a02c6 fix(security): Keep short agent token prefixes in logs Abhimanyu Saharan 2026-03-07 23:43:32 +05:30
  • fb8a932923 fix(security): Close review follow-up gaps Abhimanyu Saharan 2026-03-07 23:40:50 +05:30
  • 355bed1b40 Update backend/app/api/board_webhooks.py Hugh Brown 2026-03-04 14:26:12 -07:00
  • 370256a4fd Update backend/.env.test Hugh Brown 2026-03-04 14:25:45 -07:00
  • e80cf9f3c8 fix: suppress mypy no-untyped-call for redis.asyncio.from_url Hugh Brown 2026-03-04 14:19:15 -07:00
  • e053fd4a46 fix: share a single async Redis client per URL to avoid duplicate connection pools Hugh Brown 2026-03-04 14:13:45 -07:00
  • a30b94c887 fix: redact credentials from Redis URL in rate-limit error messages Hugh Brown 2026-03-04 14:09:10 -07:00
  • c5716897d7 fix: add BASE_URL to migration check env vars in Makefile Hugh Brown 2026-03-04 13:59:06 -07:00
  • 5989adedea Apply ruff reformatting Hugh Brown 2026-03-04 13:44:21 -07:00
  • bafc736e03 test: make Settings construction hermetic in security header tests Hugh Brown 2026-03-04 13:42:35 -07:00
  • 6af02f6b75 fix: align in-memory rate limiter to count blocked attempts like Redis Hugh Brown 2026-03-04 13:13:55 -07:00
  • 6b55b52a68 refactor: switch RedisRateLimiter to async redis.asyncio client Hugh Brown 2026-03-04 12:53:02 -07:00
  • b4bbe1c657 fix: chain Alembic migrations to avoid multiple heads Hugh Brown 2026-03-04 12:38:02 -07:00
  • 0a749db2c4 Remove unused imports Hugh Brown 2026-03-04 12:06:24 -07:00
  • 3f333e1592 Add isort fix Hugh Brown 2026-03-04 12:03:44 -07:00
  • dc25a9df6b fix: fail fast when RATE_LIMIT_BACKEND=redis but no Redis URL is configured Hugh Brown 2026-03-04 11:56:58 -07:00
  • f1bcf72810 feat: add trusted client-IP extraction from proxy headers Hugh Brown 2026-03-04 11:51:02 -07:00
  • 24e40f1153 docs: update operations README for configurable rate-limit backend Hugh Brown 2026-03-04 11:36:22 -07:00
  • 494bf4649e docs: update api.md and authentication.md for Redis rate-limit backend and token logging Hugh Brown 2026-03-04 11:33:04 -07:00
  • 72241d6870 Correct import order Hugh Brown 2026-03-04 10:53:07 -07:00
  • 81d16a324b docs: update security.md for Redis rate-limit backend and token logging Hugh Brown 2026-03-04 10:39:41 -07:00
  • 77f73872eb fix: scope optional agent auth rate limiting to X-Agent-Token header only Hugh Brown 2026-03-04 10:37:05 -07:00
  • ac69c6b7b8 fix: normalize and validate signature_header in webhook schemas Hugh Brown 2026-03-04 10:32:13 -07:00
  • fe310b50dc Apply black fixes Hugh Brown 2026-03-04 06:54:10 -07:00
  • fc9fc1661c feat: add Redis-backed rate limiter with configurable backend Hugh Brown 2026-03-04 02:15:14 -07:00
  • ee825fb2d5 docs: fix gateway token description in openclaw_gateway_ws.md to match actual behavior Hugh Brown 2026-03-04 01:41:25 -07:00
  • 528a2483b7 feat: add configurable signature_header for webhook HMAC verification Hugh Brown 2026-03-04 01:35:25 -07:00
  • ce18fe4f0c fix: apply rate limiting to optional agent auth path Hugh Brown 2026-03-04 01:09:16 -07:00
  • 84a5d8677e docs: update security.md to reflect current gateway token behavior Hugh Brown 2026-03-03 22:55:32 -07:00
  • a66765a514 Apply ruff fixes Hugh Brown 2026-03-03 22:46:39 -07:00
  • 0896b0772d Import linting Hugh Brown 2026-03-03 22:45:38 -07:00
  • ebe148e537 fix: use Alpine-compatible flags for addgroup/adduser in frontend Dockerfile Hugh Brown 2026-03-03 22:36:56 -07:00
  • 433021b02c fix: use Annotated+BeforeValidator for webhook secret normalization Hugh Brown 2026-03-03 22:31:58 -07:00
  • 2ef6164cf8 fix: normalize webhook secret via schema validator instead of inline Hugh Brown 2026-03-03 22:25:37 -07:00
  • 91e8270364 revert: restore GatewayRead.token field to avoid frontend breaking change Hugh Brown 2026-03-03 22:21:14 -07:00
  • 54279bf413 revert: restore truncated token_prefix in agent auth log messages Hugh Brown 2026-03-03 22:14:06 -07:00
  • b2fb8a082d feat: make webhook payload size limit configurable Hugh Brown 2026-03-03 22:10:49 -07:00
  • acd1526acf docs: update api.md to reflect require_user_or_agent rename Hugh Brown 2026-03-03 22:02:46 -07:00
  • af094ad11a fix: exclude signature and auth headers from webhook payload capture Hugh Brown 2026-03-03 21:54:47 -07:00
  • fcbde9b0e1 test: remove duplicate rate limiter tests from test_security_fixes Hugh Brown 2026-03-03 21:45:51 -07:00
  • cc50877131 refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent Hugh Brown 2026-03-03 21:41:56 -07:00
  • ea78b41a36 fix: persist webhook secret on create and normalize on update Hugh Brown 2026-03-03 21:23:18 -07:00
  • 3a00636ceb Update backend/migrations/versions/a1b2c3d4e5f6_add_webhook_secret.py Hugh Brown 2026-03-03 17:14:10 -07:00
  • 3ca0931c72 Update backend/app/api/board_webhooks.py Hugh Brown 2026-03-03 16:58:03 -07:00
  • cd7e411b3e Update backend/app/api/skills_marketplace.py Hugh Brown 2026-03-03 16:55:55 -07:00
  • cd70242043 docs: fix rate limiter docstrings to reflect sliding-window algorithm Hugh Brown 2026-03-03 16:46:48 -07:00
  • 3a0c67a656 Update backend/app/api/board_webhooks.py Hugh Brown 2026-03-03 16:45:54 -07:00
  • 86229038eb Update backend/tests/test_security_fixes.py Hugh Brown 2026-03-03 16:41:50 -07:00
  • 149fde90c4 docs: document security hardening changes from security review Hugh Brown 2026-03-03 14:51:52 -07:00
  • 916dace3c8 Address ruff / formatting errors Hugh Brown 2026-03-03 14:28:03 -07:00
  • 62d2378bdc chore: simplify and harden security review changes Hugh Brown 2026-03-03 14:13:50 -07:00
  • 4960d8561b security: fix fail-open auth, streaming payload limit, and rate limiter memory leak Hugh Brown 2026-03-03 14:01:18 -07:00
  • 858575cf6c test: add comprehensive tests for all security fixes Hugh Brown 2026-03-03 13:47:27 -07:00
  • 547965a5cb security: redact gateway tokens from API responses Hugh Brown 2026-03-03 13:44:21 -07:00
  • 94988deef2 security: add rate limiting to agent auth and webhook ingest Hugh Brown 2026-03-03 13:42:32 -07:00
  • 8a30c82c6d security: remove hardcoded auth token from committed .env.test Hugh Brown 2026-03-03 13:40:27 -07:00
  • 8e145a2129 security: set sensible defaults for security response headers Hugh Brown 2026-03-03 13:40:03 -07:00
  • c7f8578f38 security: run Docker containers as non-root user Hugh Brown 2026-03-03 13:39:32 -07:00
  • 4257c08ba9 security: stop logging token prefix on failed agent auth Hugh Brown 2026-03-03 13:39:04 -07:00
  • 66da278673 security: require org-admin for gateway session message endpoint Hugh Brown 2026-03-03 13:38:41 -07:00
  • 7ca4145aff security: add 1 MB payload size limit to webhook ingestion Hugh Brown 2026-03-03 13:37:51 -07:00
  • 5d382ed67b security: mitigate prompt injection in agent instruction strings Hugh Brown 2026-03-03 13:34:24 -07:00
  • 4d1dbb4098 security: add HMAC signature verification to webhook ingest Hugh Brown 2026-03-03 13:33:28 -07:00
  • 10848b98cb security: scope agent board listing to organization Hugh Brown 2026-03-03 13:31:49 -07:00
  • c7692e30d3 security: rename misleading require_admin to require_user_actor Hugh Brown 2026-03-03 13:31:07 -07:00