claudia.keller/openclaw-vainplex
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8601 commits 5 branches 0 tags 168 MiB
Commit graph

1420 commits

Author SHA1 Message Date
Peter Steinberger
7aeabbabd4 fix: refine oauth provider guard 2026-02-01 15:52:56 -08:00
Peter Steinberger
e58291e070 fix: align embedded runner with pi-coding-agent API 2026-02-01 15:51:46 -08:00
Peter Steinberger
a87a07ec8a fix: harden host exec env validation (#4896) (thanks @HassanFleyah) 2026-02-01 15:37:19 -08:00
Hasan FLeyah
0a5821a811
fix(security): enforce strict environment variable validation in exec tool (#4896) 2026-02-01 15:36:24 -08:00
VACInc
b796f6ec01
Security: harden web tools and file parsing (#4058) 
* feat: web content security wrapping + gkeep/simple-backup skills

* fix: harden web fetch + media text detection (#4058) (thanks @VACInc)

---------

Co-authored-by: VAC <vac@vacs-mac-mini.localdomain>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-01 15:23:25 -08:00
Peter Steinberger
3367b2aa27 fix: align embedded runner with session API changes 2026-02-01 15:06:55 -08:00
Peter Steinberger
8eb11bd304
fix: wire before_tool_call hook into tool execution (#6570) (thanks @ryancnelson) (#6660) 2026-02-01 14:52:11 -08:00
Ryan Nelson
6c6f1e9660
Fix missing before_tool_call hook integration (#6570) 
* Fix missing before_tool_call hook integration

- Add hook call in handleToolExecutionStart before tool execution begins
- Support parameter modification via hookResult.params
- Support tool call blocking via hookResult.block with custom blockReason
- Fix try/catch logic to properly re-throw blocking errors using __isHookBlocking flag
- Maintain tool event consistency by emitting start/end events when blocked
- Addresses GitHub issue #6535 (1 of 8 unimplemented hooks now working)

Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com>

* Add comprehensive test suite for before_tool_call hook

- 9 tests covering all hook scenarios: no hooks, parameter passing, modification, blocking, error handling
- Tests tool name normalization and different argument types
- Verifies proper error re-throwing and logging behavior
- Maintained in fork for regression testing

* Fix all issues identified by Greptile code review

Address P0/P1/P3 bugs:

P0 - Fix parameter mutation crash for non-object args:
- Normalize args to objects before passing to hooks (maintains hook contract)
- Handle parameter merging safely for both object and non-object args

P1 - Add missing internal state updates when blocking tools:
- Set toolMetaById metadata like normal flow
- Call onAgentEvent callback to maintain consistency
- Emit events in same order as normal tool execution

P1 - Fix test expectations to match implementation reality:
- Non-object args normalized to {} for hook params (not passed as-is)
- Add test for safe parameter modification with various arg types
- Update mocks to verify state updates when blocking

P3 - Replace magic __isHookBlocking property with dedicated ToolBlockedError class:
- More robust error handling without property collision risk
- Cleaner control flow that's serialization-safe

Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4 <noreply@anthropic.com>
 2026-02-01 14:49:14 -08:00
Peter Steinberger
9d2784cdb9 test: speed up telegram suites 2026-02-01 22:23:16 +00:00
Peter Steinberger
bcde2fca5a fix: align embedded agent session setup 2026-02-01 22:23:16 +00:00
Leszek Szpunar
9b6fffd00a
security(message-tool): validate filePath/path against sandbox root (#6398) 
* security(message-tool): validate filePath/path against sandbox root

* style: translate Polish comments to English for consistency
 2026-02-01 14:19:09 -08:00
Peter Steinberger
083ec9325e fix: cover OpenRouter attribution headers 2026-02-01 19:30:33 +00:00
Alex Atallah
74039fc0f1 Add openrouter attribution headers 2026-02-01 19:24:55 +00:00
Ayaan Zaidi
e9f70e8585
fix: satisfy lint curly rule (#6310) 
* fix: satisfy lint curly rule

* docs: apply oxfmt formatting
 2026-02-01 20:04:53 +05:30
Ayaan Zaidi
0992c5a809 fix: cap context window resolution (#6187) (thanks @iamEvanYT) 2026-02-01 19:52:56 +05:30
Evan
5d3c898a94 fix: update compaction safeguard to respect context window tokens 2026-02-01 19:52:56 +05:30
Peter Steinberger
e4f7155369 fix(ci): repair lint/build checks 2026-02-01 10:20:27 +00:00
Vignesh
35dc417b18
agents: add tool policy conformance snapshot (no runtime behavior change) (#6011) 2026-02-01 01:57:49 -08:00
Mario Zechner
ba4a55f6d9 fix(agents): update cacheControlTtl to cacheRetention for pi-ai 0.50.9 
- Update @mariozechner/pi-ai and pi-agent-core to 0.50.9
- Rename cacheControlTtl to cacheRetention with values none/short/long
- Add backwards compatibility mapping: 5m->short, 1h->long
- Remove dead OpenRouter check (uses openai-completions API)
- Default new configs to cacheRetention: short
 2026-02-01 09:50:52 +01:00
cpojer
b48d72a2b8
chore: fix lint, and format after lint to catch reformats triggered by autofixes. 2026-02-01 13:19:06 +09:00
Tak Hoffman
a393ae79d2
Merge pull request #3677 from conroywhitney/fix/1897-session-status-time-hint 
fix(system-prompt): hint session_status for date/time instead of embedding it
 2026-01-31 20:22:41 -06:00
cpojer
58f4185925
fix: Failing tests due to import sorting. 2026-02-01 11:05:46 +09:00
Tak Hoffman
1aeaf811b0
Merge branch 'main' into fix/1897-session-status-time-hint 2026-01-31 19:58:05 -06:00
cpojer
f06dd8df06
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
Ayaan Zaidi
b5c2b1880d fix: stabilize partial streaming filters 2026-01-31 22:46:19 +05:30
Ayaan Zaidi
a64d8d2d66 fix: harden telegram streaming state 2026-01-31 22:46:19 +05:30
Ayaan Zaidi
37721ebd7c fix: restore telegram draft streaming partials 2026-01-31 22:46:19 +05:30
Josh Palmer
7a6c40872d
Agents: add system prompt safety guardrails (#5445) 
* 🤖 agents: add system prompt safety guardrails

What:
- add safety guardrails to system prompt
- update system prompt docs
- update prompt tests

Why:
- discourage power-seeking or self-modification behavior
- clarify safety/oversight priority when conflicts arise

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)

* 🤖 agents: tighten safety wording for prompt guardrails

What:
- scope safety wording to system prompts/safety/tool policy changes
- document Safety inclusion in minimal prompt mode
- update safety prompt tests

Why:
- avoid blocking normal code changes or PR workflows
- keep prompt mode docs consistent with implementation

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)

* 🤖 docs: note safety guardrails are soft

What:
- document system prompt safety guardrails as advisory
- add security note on prompt guardrails vs hard controls

Why:
- clarify threat model and operator expectations
- avoid implying prompt text is an enforcement layer

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)
 2026-01-31 15:50:15 +01:00
Peter Steinberger
1287328b6f feat: add MiniMax OAuth plugin (#4521) (thanks @Maosghoul) 2026-01-31 12:42:45 +01:00
cpojer
76361ae3ab
revert: Switch back to tsc for compiling. 2026-01-31 18:31:49 +09:00
Peter Steinberger
ddc5683c67 fix: resolve workspace templates from package root 2026-01-31 09:07:49 +00:00
Peter Steinberger
ee26b68fe1 fix: lint cleanups 2026-01-31 07:59:01 +00:00
Peter Steinberger
a42e1c82d9 fix: restore tsc build and plugin install tests 2026-01-31 07:54:15 +00:00
cpojer
c4feb7a457
chore: Fix TypeScript errors 5/n. 2026-01-31 16:49:55 +09:00
cpojer
9e908ad6be
chore: Fix TypeScript errors 4/n. 2026-01-31 16:48:44 +09:00
cpojer
3282d22dd9
chore: Fix TypeScript errors 3/n. 2026-01-31 16:47:03 +09:00
cpojer
952b0f8c48
chore: Fix TypeScript errors 2/n. 2026-01-31 16:42:40 +09:00
cpojer
e5eb9610dc
chore: Fix TypeScript errors 1/n. 2026-01-31 16:38:03 +09:00
cpojer
5ceff756e1
chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
cpojer
9c4cbaab7b
chore: Enable eslint/no-unused-vars. 2026-01-31 16:06:39 +09:00
cpojer
15792b153f
chore: Enable more lint rules, disable some that trigger a lot. Will clean up later. 2026-01-31 16:04:04 +09:00
cpojer
7a9ddcd590
chore: Enable some "perf" lint rules. 2026-01-31 15:58:24 +09:00
Mario Zechner
cbc405c9e3 Agents: update pi-coding-agent API usage 2026-01-31 07:35:52 +01:00
cpojer
67945e8d62
chore: Switch from TypeScript to build with tsdown, speeds up pnpm build by 5-10x. 2026-01-31 15:25:37 +09:00
Peter Steinberger
d2a852b982 fix: align embedded session setup with sdk 2026-01-31 06:22:24 +00:00
Peter Steinberger
e9f0be06eb fix: repair docker build typing 2026-01-31 06:50:56 +01:00
Peter Steinberger
08ed62852a chore: update deps and pi model discovery 2026-01-31 06:45:57 +01:00
Mario Zechner
bf15d0a3f5 Auth: switch Kimi Coding to built-in provider 2026-01-31 06:04:10 +01:00
Mario Zechner
9b1a6b30d9 Tests: update pi SDK mocks 2026-01-31 05:23:53 +01:00
Mario Zechner
c0a6e675a3 Agents: update pi dependencies to 0.50.7 2026-01-31 04:20:12 +01:00