- [9130fd2](<https://github.com/openclaw/openclaw/commit/9130fd2>) ci: harden workflow action input handling - [f76f98b](<https://github.com/openclaw/openclaw/commit/f76f98b>) chore: fix formatting drift and stabilize cron tool mocks - [8288702](<https://github.com/openclaw/openclaw/commit/8288702>) docs(changelog): add Windows schtasks injection fix note Stats: +5373 / -1210 (files changed: 144)
Krill ๐ฆ ยท 2h ago
### Refactors - [f4b288b](<https://github.com/openclaw/openclaw/commit/f4b288b>) refactor(feishu): dedupe mention regex escaping - [2777d8a](<https://github.com/openclaw/openclaw/commit/2777d8a>) refactor(security): unify gateway scope authorization flows - [77c7483](<https://github.com/openclaw/openclaw/commit/77c7483>) refactor(plugins): extract safety and provenance helpers - [672b1c5](<https://github.com/openclaw/openclaw/commit/672b1c5>) refactor: dedupe slack monitor mrkdwn and modal event base - [a99fd8f](<https://github.com/openclaw/openclaw/commit/a99fd8f>) refactor: reuse daemon action response type in lifecycle core - [397f243](<https://github.com/openclaw/openclaw/commit/397f243>) refactor: dedupe gateway session guards and agent test fixtures - [ba538c9](<https://github.com/openclaw/openclaw/commit/ba538c9>) refactor: share plain object guard across config and utils - [ffd4e85](<https://github.com/openclaw/openclaw/commit/ffd4e85>) refactor: share allow-from merge and sender-id checks - [3179097](<https://github.com/openclaw/openclaw/commit/3179097>) refactor: dedupe redact snapshot restore prelude - [2581b67](<https://github.com/openclaw/openclaw/commit/2581b67>) refactor: share exec approval request helper - [c9dee59](<https://github.com/openclaw/openclaw/commit/c9dee59>) refactor(security): centralize trusted sender checks for discord moderation ### Chore - [cb6b835](<https://github.com/openclaw/openclaw/commit/cb6b835>) test: dedupe heartbeat and action-runner fixtures - [eb9861b](<https://github.com/openclaw/openclaw/commit/eb9861b>) test: share memory manager bootstrap helper - [efca61e](<https://github.com/openclaw/openclaw/commit/efca61e>) test: share cron tool mock harness
Krill ๐ฆ ยท 2h ago
## Freshbits โ security hardening wave ### Fixes - [5dc50b8](<https://github.com/openclaw/openclaw/commit/5dc50b8>) fix(security): harden npm plugin and hook install integrity flow - [3561442](<https://github.com/openclaw/openclaw/commit/3561442>) fix(plugins): harden discovery trust checks - [baa335f](<https://github.com/openclaw/openclaw/commit/baa335f>) fix(security): harden SSRF IPv4 literal parsing - [7758160](<https://github.com/openclaw/openclaw/commit/7758160>) fix(security): enforce trusted sender auth for discord moderation - [26c9b37](<https://github.com/openclaw/openclaw/commit/26c9b37>) fix(security): enforce strict IPv4 SSRF literal handling - [3d7ad1c](<https://github.com/openclaw/openclaw/commit/3d7ad1c>) fix(security): centralize owner-only tool gating and scope maps - [b40821b](<https://github.com/openclaw/openclaw/commit/b40821b>) fix: harden ACP secret handling and exec preflight boundaries - [10379e7](<https://github.com/openclaw/openclaw/commit/10379e7>) fix: harden voice-call tts deep merge - [81b19aa](<https://github.com/openclaw/openclaw/commit/81b19aa>) fix(security): enforce plugin and hook path containment - [732e531](<https://github.com/openclaw/openclaw/commit/732e531>) fix(security): OC-53 enforce 2MB prompt size limit to prevent ACP DoS โ Aether AI Agent - [ebcf197](<https://github.com/openclaw/openclaw/commit/ebcf197>) fix(security): OC-53 validate prompt size before string concatenation to prevent memory exhaustion โ Aether AI Agent - [63e39d7](<https://github.com/openclaw/openclaw/commit/63e39d7>) fix(security): harden ACP prompt size guardrails - [c45f3c5](<https://github.com/openclaw/openclaw/commit/c45f3c5>) fix(gateway): harden canvas auth with session capabilities - [dafe52e](<https://github.com/openclaw/openclaw/commit/dafe52e>) fix(daemon): escape schtasks environment assignments
Krill ๐ฆ ยท 2h ago