lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,550 Commits 12 Branches 15 Tags
cd3f6600ca6661d6fffaae3ac0bc60f05e3fb233
Commit Graph

11 Commits

Author SHA1 Message Date
zeed zhao 6ea364e67d feat(web): protect launcher dashboard with token and SPA login (#1953) 
Add token-based authentication for the Launcher's embedded Web Dashboard.

- Ephemeral token generated in-memory each run (or via PICOCLAW_LAUNCHER_TOKEN env var)
- HMAC-SHA256 session cookie (HttpOnly, SameSite=Lax, Secure when HTTPS)
- Bearer token support for API/script access
- Rate limiting on login (10 attempts/IP/min)
- Referrer-Policy: no-referrer on all responses
- POST-only logout with JSON content-type (CSRF-safe)
- System tray "Copy dashboard token" action
- Login page shows contextual help (console/tray/log file path)
- Path traversal protection via path.Clean
- X-Forwarded-Host/Port/Proto support for reverse proxy deployments
- Full i18n support (English, Chinese)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-29 13:11:43 +08:00
Alix-007 9d6a445bb1 docs: clarify gateway.log_level default and options (#2013) (#2015) 
Co-authored-by: Alix-007 <267018309+Alix-007@users.noreply.github.com>
 2026-03-26 09:32:56 +08:00
Cytown de11f95b65 update security migration documents 2026-03-24 13:38:13 +08:00
uiyzzi 16d23d8cdc feat(security): add sensitive data filtering for tool results sent to 
LLM

Prevent LLM from seeing its own credentials (API keys, tokens, secrets)
by filtering sensitive values from tool call results before sending to
the
model. Values are collected from .security.yml and replaced with
[FILTERED] using an efficient strings.Replacer (O(n+m)).

- Add FilterSensitiveData and FilterMinLength to ToolsConfig
- Implement SensitiveDataReplacer() with sync.Once caching in
  SecurityConfig
- Use reflection to collect all sensitive values (Model API keys,
  channel
  tokens, web tool API keys, skills tokens)
- Apply filtering in agent loop at 4 tool result locations
- Add comprehensive tests covering all token types
 2026-03-23 20:55:41 +08:00
Mauro 054b55fdfc Merge pull request #1893 from afjcjsbx/feat/skill-channel-commands 
feat(skills): add channel commands to list and force installed skills
 2026-03-23 09:04:06 +01:00
BeaconCat 60a7098fd3 feat(search): add Baidu Qianfan AI Search provider with i18n docs 
- Add BaiduSearchConfig struct and register in WebToolsConfig/defaults
- Insert Baidu Search in priority chain: DuckDuckGo > Baidu > GLM Search
- Use perplexityTimeout (30s) — Qianfan is LLM-based
- Fix response parsing: use references[] field per API spec
- Add baidu_search block to config.example.json

docs: sync configuration.md and README Documentation table across all languages

- Complete truncated configuration.md for fr/ja/pt-br/vi/zh: add Spawn
  async flow diagram, Providers table, Model Configuration (all vendors,
  examples, load balancing, migration), Provider Architecture, Scheduled
  Tasks, and Advanced Topics links
- Add Hooks/Steering/SubTurn entries to Documentation table in all 8
  READMEs (en/zh/fr/id/it/ja/pt-br/vi), ordered before Troubleshooting
- Add Baidu Search row to web search table in all 8 READMEs and
  tools_configuration.md (en + 5 i18n); zh README reorders search
  engines with China-friendly options first
- Add Matrix channel docs translations (fr/ja/pt-br/vi)
- Add Weixin channel to chat-apps.md and all README Channels tables

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-23 00:51:27 +08:00
afjcjsbx d7d2bf69bf feat(skills): add channel commands to list and force installed skills 2026-03-22 15:33:25 +01:00
BeaconCat 403ceb39be docs: fix inaccuracies, add translations, and expand channel docs (#1837) 
## Config field fixes (cross-verified against Go source)
- MaixCam: server_address → host + port
- IRC: use_tls → tls, channels_to_join → channels (all 6 languages)
- WeCom AI Bot: callback port 18791 → 18790
- credential_encryption: base_url → api_base, add required model field,
  remove incorrect passphrase-only mode docs
- providers.md: agents.defaults.model → model_name (×4), remove
  non-existent session.backlog_limit
- migration guide, troubleshooting: agents.defaults.model → model_name
- ANTIGRAVITY_AUTH: fix file path, Go 1.21 → 1.25, model → model_name
- spawn-tasks: fix truncated file, add Heartbeat introduction
- tools_configuration: add Tavily/SearXNG/GLMSearch, exec allow_remote/
  timeout_seconds/custom_allow_patterns, cron allow_command, skills
  github/search_cache, clawhub timeout/max_zip_size/max_response_size
- configuration: fix builtin skills path (build-time embedded, not cwd),
  HEARTBEAT.md marked auto-generated

## Broken link fixes (15 total)
- chat-apps.md: WeCom/Matrix links with wrong relative paths
- providers.md: migration link with extra docs/ prefix
- hardware-compatibility.md: README links with wrong depth (all 5 langs)
- chat-apps.md: WhatsApp dead links → anchor links (zh/ja)

## Getting-started accuracy
- README (all 6 langs): add picoclaw.io as recommended download,
  add missing picoclaw model CLI command
- docker.md: clarify first-run trigger condition (all 6 langs)
- configuration.md: fix builtin skills path description (all 6 langs)

## QQ channel
- Add quick setup via q.qq.com/qqbot/openclaw (one-click bot creation)
- Add manual setup as fallback (all 6 languages)

## Feishu channel
- Update setup flow: WebSocket/SDK mode, no webhook URL needed
- Preserve Lark international domain note (all 6 languages)

## chat-apps.md
- Add Feishu, Slack, IRC, OneBot detail sections (all 6 languages)
- Add MaixCam section to ja/fr/pt-br/vi
- Fix all channel doc links to point to correct language version

## New translations (25 files, 5 docs × 5 languages)
debug.md, credential_encryption.md, hardware-compatibility.md,
ANTIGRAVITY_AUTH.md, ANTIGRAVITY_USAGE.md → zh/ja/fr/pt-br/vi

## Channel docs (6 languages each, 60 new files)
telegram, discord, qq, feishu, maixcam, dingtalk, line, slack, onebot,
wecom/wecom_aibot, wecom/wecom_app, wecom/wecom_bot

Co-authored-by: BeaconCat <BeaconCat@users.noreply.github.com>
 2026-03-20 22:37:05 +08:00
美電球 d715ff5031 docs: expand bindings guide with recipes and troubleshooting (#1788) 2026-03-19 23:30:25 +08:00
Mauro 14a28ae93e docs: note that workspace config files are hot-reloaded (#1747) 
* docs: note that workspace config files are hot-reloaded via mtime tracking

* refactor files

* refactor files
 2026-03-19 11:30:08 +08:00
BeaconCat 363861c917 docs: restructure READMEs and add i18n documentation (#1729) 
Restructure all 6 README files (en, zh, ja, fr, pt-br, vi) from
~1200-1580 lines down to ~250 lines each. Long sections (Chat Apps,
Providers, Configuration, Docker, Spawn Tasks, Troubleshooting, Tools)
are extracted into dedicated docs under docs/{lang}/ subdirectories.

Changes:
- Split README content into 7 sub-documents per language (42 new files)
- Update News section with v0.2.3/v0.2.1/v0.2.0/20K milestones
- Add 3 new Features (MCP Support, Vision Pipeline, Smart Routing)
- Complete CLI reference (14 commands, was 7)
- Fix Go badge 1.21+ -> 1.25+ (matches go.mod)
- Add LoongArch to architecture badge
- Fix Install section: hardcoded v0.1.1 -> latest/download URL
- Add Termux GitHub links
- Fix currency symbol placement ($599 not 599$)
- Add missing channels (Feishu, Slack, IRC, OneBot, MaixCam, Pico)
- Add missing providers (Kimi, Minimax, Avian, Mistral, Longcat, ModelScope)
- Add missing security docs (allow_read/write_paths, allow_remote, symlink)
- Remove incorrect azure from Providers table (azure uses model_list only)
- Cross-verified all claims against source code

Co-authored-by: BeaconCat <BeaconCat@users.noreply.github.com>
 2026-03-18 15:26:39 +08:00