d6879c66c1
Merge pull request #63 from builderz-labs/feat/github-issues-sync
...
feat: GitHub Issues Sync (Phase 1)
2026-03-02 13:02:22 +07:00
60197ab21f
feat: add GitHub Issues sync (Phase 1, Issue #58 )
...
Import GitHub issues as Mission Control tasks with duplicate detection,
priority mapping from labels, and bidirectional actions (comment/close).
- Migration 017: github_syncs table for sync history tracking
- GitHub API client (src/lib/github.ts) with fetch, comment, close ops
- POST/GET /api/github route with sync, comment, close, status actions
- GitHubSyncPanel UI: import form, issue preview, sync history, linked tasks
- Nav rail + page router wiring
- 6 E2E tests (all passing)
- Validation schema + github.synced event type
2026-03-02 12:45:39 +07:00
7eff5e8efe
Merge pull request #62 from builderz-labs/fix/ubuntu-launch-and-reconnect
...
fix: resolve reconnect storm and improve Ubuntu deployment
2026-03-02 12:15:50 +07:00
ebdc8de8b9
fix: resolve reconnect storm and improve Ubuntu deployment
...
Fix WebSocket reconnect storm (issue #53 ) caused by stale closure
reading connection.reconnectAttempts from Zustand state. Use a ref
to track attempts, avoiding the closure capture problem entirely.
Improve Dockerfile: create .data directory with correct ownership for
SQLite, set PORT/HOSTNAME env vars explicitly.
Add deployment guide documenting Ubuntu prerequisites (python3, make,
g++ for better-sqlite3 native compilation) and platform-specific
build constraints.
2026-03-02 12:15:19 +07:00
8510ee5f2c
Merge pull request #55 from rezero-household/docs/openclaw-memory-dir-env
...
docs: clarify OPENCLAW_MEMORY_DIR — memory browser shows only .sqlite without it
2026-03-02 11:51:29 +07:00
f3e6c896a5
Merge pull request #54 from rezero-household/fix/websocket-auth-token-field
...
fix: use correct auth field in gateway WebSocket handshake
2026-03-02 11:51:19 +07:00
5c65db713c
Merge pull request #61 from builderz-labs/feat/direct-cli
...
feat: direct CLI integration for gateway-free connections
2026-03-02 11:45:41 +07:00
f7aa1db27e
feat: add direct CLI integration for gateway-free tool connections
...
- Add migration 016 for direct_connections table
- Add POST/GET/DELETE /api/connect for CLI tool registration
- Enhance heartbeat POST to accept connection_id and inline token_usage
- Add connectSchema to validation
- Add connection.created/disconnected event types to event bus
- Show direct CLI connections in gateway manager panel
- Add 5 E2E tests for connection lifecycle
- Add CLI integration documentation (docs/cli-integration.md)
- Fix openapi.json brace mismatch on line 642 (Phase 2 bug)
- Add /api/connect endpoints to OpenAPI spec
2026-03-02 11:45:12 +07:00
e88942e8f8
Merge pull request #60 from builderz-labs/feat/openapi-docs
...
feat: OpenAPI 3.1 documentation with Scalar UI
2026-03-02 11:04:11 +07:00
4c7b3257d6
feat: add OpenAPI 3.1 documentation with Scalar UI
...
- Add openapi.json spec covering all 59 API routes (~95 operations)
- Serve spec at GET /api/docs (no auth required, cached)
- Add interactive Scalar API reference UI at /docs
- Allow unauthenticated access to /api/docs and /docs in middleware
- Add @scalar/api-reference-react dependency
- Add 3 E2E tests for spec validation and auth bypass
2026-03-02 11:03:16 +07:00
4489a5f715
Merge pull request #59 from builderz-labs/feat/agent-cost-panel
...
feat: per-agent cost breakdown panel
2026-03-02 10:47:44 +07:00
98da58a8ba
feat: add per-agent cost breakdown panel
...
- Add `agents` field to tokens action=stats response (groups by agent
extracted from sessionId split on ':')
- Add new action=agent-costs returning per-agent stats, model breakdown,
session list, and daily cost/token timeline
- New AgentCostPanel with summary cards, pie chart, trend lines,
efficiency bars, and expandable ranking table
- Add nav-rail entry in OBSERVE group after Tokens
- Add ContentRouter case for agent-costs tab
- Add 5 E2E tests for the new API endpoints
2026-03-02 10:46:13 +07:00
55487bc7c9
docs: clarify OPENCLAW_MEMORY_DIR for memory browser
...
OpenClaw does not create a memory/ subdirectory under OPENCLAW_HOME.
Agent memory markdown files (daily logs, MEMORY.md, etc.) live in each
agent's workspace directory, not in ~/.openclaw/memory/.
Without OPENCLAW_MEMORY_DIR set, the memory browser falls back to
OPENCLAW_HOME, which only contains .sqlite session indices — not the
human-readable markdown files users expect to see.
Document the correct value and add an inline note to .env.example.
2026-03-01 14:46:54 -08:00
2eec86cc87
fix: use correct auth field in gateway WebSocket handshake
...
OpenClaw gateway configured with auth.mode='token' expects
{ token: '...' } in the connect handshake params, not { password: '...' }.
Sending 'password' causes the gateway to reject the handshake, resulting
in a disconnect→reconnect loop that floods the error log.
Tested against OpenClaw gateway v2026.2.25 with auth.mode='token'.
2026-03-01 14:46:04 -08:00
e77ec4cf2d
Merge pull request #52 from builderz-labs/fix/cron-trigger-params
...
fix: cron job manual trigger sending wrong params
2026-03-02 02:48:09 +07:00
b6c6bb955d
fix: send jobId/jobName instead of command when triggering cron jobs
...
The triggerJob function was sending { command: job.command } to the API,
but the backend expects jobId or jobName to identify the job. This caused
all manual cron triggers to fail with "Job ID required" (400 error).
Also adds the missing `id` field to the CronJob store interface so
TypeScript recognizes the field already returned by the API.
2026-03-02 02:44:20 +07:00
1544d9f725
Merge pull request #51 from builderz-labs/feat/e2e-test-expansion
...
E2E test expansion + middleware fix + roadmap updates
2026-03-02 02:26:11 +07:00
a2846357ac
docs: add per-agent cost breakdowns to roadmap
...
User feedback: per-agent cost visibility is a top priority for
operators running their own agent orchestration setups. Currently
derivable from per-session data but not yet a dedicated panel.
2026-03-02 02:21:45 +07:00
45ad4a488b
test: add 94 E2E tests covering all CRUD routes + fix middleware location
...
Add comprehensive Playwright E2E test coverage for all major API routes:
- tasks-crud (18 tests): full lifecycle, filters, Aegis approval gate
- agents-crud (15 tests): CRUD, lookup by name/id, admin-only delete
- task-comments (7 tests): threaded comments, validation
- workflows-crud (8 tests): workflow template lifecycle
- webhooks-crud (9 tests): secret masking, regeneration
- alerts-crud (8 tests): alert rule lifecycle
- notifications (7 tests): delivery tracking, read status
- quality-review (6 tests): reviews with batch lookup
- search-and-export (7 tests): global search, export, activities
- user-management (8 tests): user admin CRUD
- helpers.ts: shared factory functions and cleanup utilities
Infrastructure fixes:
- Move middleware.ts to src/middleware.ts (Next.js 16 Turbopack
requires middleware in src/ when using src/app/ directory — the
root-level file was silently ignored, breaking CSRF protection)
- Add MC_DISABLE_RATE_LIMIT env var to bypass non-critical rate
limiters during E2E runs (login limiter stays active via critical flag)
- Fix limit-caps test: /api/activities caps at 500, not 200
- Set playwright workers=1, fullyParallel=false for serial execution
- Add CSRF origin fallback to request.nextUrl.host
Roadmap additions from user feedback:
- Agent-agnostic gateway support (not just OpenClaw)
- Direct CLI integration (Codex, Claude Code, etc.)
- Native macOS app (Electron or Tauri)
146/146 E2E tests passing (up from 51).
2026-03-02 02:21:10 +07:00
31520fe85d
Merge pull request #50 from builderz-labs/feat/v1.2-release
...
feat: v1.2.0 — validation hardening, unit tests, quality improvements
2026-03-02 00:26:13 +07:00
df06c3a2ad
feat: v1.2.0 — validation hardening, unit tests, quality improvements
...
- Fix task status enum mismatch (blocked → quality_review)
- Add 12 Zod schemas for all unvalidated mutation routes
- Apply validateBody() across 11 API route handlers
- Add readLimiter (120/min) for GET-heavy endpoints
- Extend heavyLimiter to search, backup, cleanup routes
- Add security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
- Fill auth test stubs with real assertions (safeCompare, requireRole)
- Add validation, rate-limit, and db-helpers unit test suites (60 tests total)
- Replace as-any casts with typed interfaces (SessionQueryRow, UserQueryRow, CountRow)
- Bump version to 1.2.0, add CHANGELOG.md, update README roadmap
2026-03-02 00:22:59 +07:00
281315c685
Merge pull request #49 from builderz-labs/fix/scrub-sensitive-data
...
fix: scrub deployment-specific data from public repo
2026-03-01 15:40:16 +07:00
ef872652e9
fix: replace screenshot with redacted version
...
Blur Sessions, Recent Logs, and Live Feed panels to remove
production filesystem paths and agent session names.
2026-03-01 15:39:49 +07:00
8dd6e7ef17
fix: scrub deployment-specific data from public repo
...
- Replace hardcoded Telegram bot integrations (Jarv/Forge/Nefes/Ops)
with a single generic Telegram entry
- Remove 'forge' agent from hardcoded UI color themes
- Replace /home/openclaw/ paths in .env.example with /path/to/
- Fix default port in scripts: 3005 → 3000 (matches docs)
- Replace 'Jarvis' placeholder with generic 'my-agent'
- Rename 'Forge' → 'Builder' in agent identity registry
2026-03-01 15:37:55 +07:00
55b2544aab
Merge pull request #47 from builderz-labs/fix/v1.1-security-bugs
...
fix: patch security and build bugs in v1.1
2026-03-01 15:35:00 +07:00
9c95933521
Merge pull request #48 from builderz-labs/docs/add-screenshot
...
docs: add dashboard screenshot and fix E2E test count
2026-03-01 15:27:48 +07:00
1b09c5903a
docs: add dashboard screenshot and fix E2E test count
...
- Add Mission Control dashboard screenshot to README hero section
- Fix E2E test count: 52 → 51 (actual count from audit)
2026-03-01 15:26:50 +07:00
c8f932344f
fix: patch command injection, missing rate limit, Docker build, logger crash
...
- Sanitize session ID in control route to prevent command injection
via unsanitized URL params interpolated into shell commands
- Add mutationLimiter and structured logging to session control endpoint
- Install python3/make/g++ in Dockerfile deps stage for better-sqlite3
native addon compilation
- Handle missing public/ directory in Docker COPY with glob pattern
- Guard pino-pretty transport against missing devDependency at runtime
2026-02-27 21:57:50 +07:00
0165173225
Merge pull request #46 from builderz-labs/feat/medium-priority-v1.1
...
feat: error boundaries, pino logger, a11y, HSTS, zod validation, export limits
2026-02-27 21:48:10 +07:00
c104b7e071
Merge remote-tracking branch 'origin/main' into feat/medium-priority-v1.1
...
# Conflicts:
# src/app/api/agents/route.ts
# src/app/api/alerts/route.ts
# src/app/api/auth/login/route.ts
# src/app/api/spawn/route.ts
# src/app/api/tasks/[id]/route.ts
# src/app/api/tasks/route.ts
# src/app/api/webhooks/route.ts
# src/lib/validation.ts
2026-02-27 21:47:56 +07:00
08f3c12c1f
Merge pull request #45 from builderz-labs/feat/high-priority-v1.1
...
feat: Docker, session controls, model catalog, API rate limiting
2026-02-27 21:38:42 +07:00
321a7c2db2
feat: error boundaries, pino logger, a11y, HSTS, zod validation, export limits
2026-02-27 21:37:06 +07:00
299faf50e3
feat: add Docker support, session controls, model catalog, API rate limiting
2026-02-27 20:56:02 +07:00
4f92c22f32
Merge pull request #44 from builderz-labs/docs/roadmap-update
...
Expand roadmap with 10 tracked issues from codebase audit
2026-02-27 20:17:07 +07:00
9e4b50280c
docs: expand roadmap with 10 tracked issues from codebase audit
...
Adds concrete roadmap items with issue links covering Docker support,
session controls, model catalog, rate limiting, error boundaries,
structured logging, accessibility, HSTS, input validation, and
export limits.
2026-02-27 20:16:44 +07:00
0e65f97253
Merge pull request #33 from builderz-labs/fix/db-foreign-keys-indexes
...
Fix SQLite foreign keys and add missing indexes
2026-02-27 20:08:14 +07:00
b5766b0850
fix: enable foreign_keys pragma and add missing indexes
...
- Add `PRAGMA foreign_keys = ON` to db.ts — without this, all
ON DELETE CASCADE constraints across 7 tables are silently ignored
(SQLite disables foreign keys by default)
- Add migration 015 with indexes on hot query paths:
notifications(read_at), notifications(recipient, read_at),
activities(actor), activities(entity_type, entity_id),
messages(read_at)
2026-02-27 20:07:50 +07:00
3218cfd3eb
Merge pull request #32 from builderz-labs/docs/readme-final-fixes
...
Fix remaining README inconsistencies
2026-02-27 19:50:14 +07:00
77e989b5bf
docs: fix remaining README inconsistencies
...
- Fix panel count in hero section: "20+" → "26" (matches architecture tree)
- Fix security advice: remove stale reference to open security issues (all closed), replace with actionable deployment guidance
2026-02-27 19:49:48 +07:00
a49786d940
Merge pull request #31 from builderz-labs/docs/readme-accuracy-fixes
...
Fix README inaccuracies and add engines field
2026-02-27 19:24:58 +07:00
dd7d4fb481
docs: fix README inaccuracies and add engines field
...
- Fix migration count: 11 → 14 (actual count in migrations.ts)
- Fix panel count: 23 → 26 (actual count in components/panels/)
- Fix API route count: 25+ → 30+ (actual count in app/api/)
- Update testing line to mention 52 E2E tests
- Collapse completed issues list into link to v1.0.0 release notes
- Add engines.node >= 20 to package.json (matches CI)
2026-02-27 19:24:36 +07:00
5515ab5f77
Merge pull request #30 from builderz-labs/fix/ci-release-readiness
...
Fix CI workflow and release readiness bugs
2026-02-27 18:52:41 +07:00
5647ac1932
fix: CI workflow and release readiness bugs
...
- Swap pnpm/node setup order (pnpm must install before node cache)
- Move build step before E2E tests (next start needs .next/ output)
- Add `cp .env.test .env` step so E2E server has auth credentials
- Fix test:all script to build before E2E (same ordering bug)
- Remove stale package-lock.json (project uses pnpm exclusively)
- Update README: remove "No E2E test suite" (52 tests exist now)
2026-02-27 18:52:13 +07:00
243f25a1db
Merge pull request #29 from builderz-labs/test/e2e-critical-fixes
...
Add 52 Playwright E2E tests for all critical fixes
2026-02-27 15:39:19 +07:00
8de9e0b5c3
test: add 52 Playwright E2E tests covering all critical fixes
...
8 test suites verifying:
- Auth guards on 19 GET endpoints (Issue #4 )
- Timing-safe API key comparison (Issue #5 )
- Legacy cookie auth removal (Issue #7 )
- Login rate limiting (Issue #8 )
- CSRF Origin header validation (Issue #20 )
- DELETE body standardization (Issue #18 )
- Query limit caps at 200 (Issue #19 )
- Login flow and session lifecycle
Also fixes migration 013 crash on fresh DB when gateways table
doesn't exist (created lazily by gateways API, not in migrations).
2026-02-27 15:38:49 +07:00
2f0335443f
Merge pull request #28 from builderz-labs/docs/update-readme-post-fixes
...
docs: update README to reflect completed fixes
2026-02-27 14:13:34 +07:00
33fa5451d7
docs: update README to reflect completed security and quality fixes
...
- Update Known Limitations to remove resolved items (#4-#20)
- Replace Roadmap open checkboxes with completed checklist
- Add Up Next section for remaining work
2026-02-27 14:12:18 +07:00
84a7989e3a
Merge pull request #27 from builderz-labs/fix/p3-cleanup
...
chore: P3 cleanup — CoC, templates, DELETE patterns, limits, CSRF
2026-02-27 14:04:49 +07:00
08c9f3625b
chore: CODE_OF_CONDUCT, issue templates, DELETE patterns, limit caps, CSRF origin check
...
- Add Contributor Covenant 2.1 Code of Conduct (Closes #16 )
- Add bug report and feature request issue templates (Closes #17 )
- Standardize DELETE handlers to use request body instead of query params (Closes #18 )
- Cap unbounded limit params to Math.min(limit, 200) on 12 endpoints (Closes #19 )
- Add CSRF Origin header validation for mutating requests in middleware (Closes #20 )
2026-02-27 14:04:09 +07:00
5e94d79e66
Merge pull request #26 from builderz-labs/fix/p2-quality
...
fix: P2 quality — strict mode, tests, pagination, N+1, CSP
2026-02-27 14:03:34 +07:00
nyk
Nyk
rezero-household