lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,965 Commits 12 Branches 15 Tags
e613258fa5655a2c5d9eb75cd1006005dc7cdcee
Commit Graph

9 Commits

Author SHA1 Message Date
lxowalle 0425cd4d77 refactor skills registries and add GitHub-backed skill discovery (#2442) 
* refactor skills registries and add GitHub-backed skill discovery

* fix ci

* fix command error

* fix default skills install registry behavior

* fix github registry URL parsing and versioned skill links

* fix skills registry config compatibility and URL installs

* * fix lint

* fix deprecated github base url compatibility

* fix skills registry yaml and github default branch handling

* fix github skills registry fallback and install metadata

* fix cli skills install origin metadata

* fix clawhub registry env compatibility

* fix skills registry config merge compatibility

* fix skill install metadata consistency and onboard template copy

* fix yaml overrides for default skills registries

* fix install_skill registry metadata normalization

* fix github skill URL parsing for slash branch names

* fix skills registry install/search validation and github URLs

* fix github skill URL host validation

* fix install_skill validation for invalid registry archives

* fix redundant skills registry names in saved config

* fix github blob skill URL installs and metadata links

* fix github registry URL scheme validation

* fix v0 skills migration preserving github registry defaults

* fix github blob skill install directory resolution

* fix install_skill rollback on origin metadata write failure

* fix github skill URL validation and registry JSON merging

* fix github registry target resolution and metadata links

* fix install_skill force reinstall rollback

* fix skills config compatibility and legacy security overlays

* fix ci
 2026-04-14 15:14:16 +08:00
Cytown 667fc85d54 refactor(config): make config.Channel to multiple instance support 
add new field type to Channel struct
config.channels refactor to channel_list
update config version to 3
update the docs
 2026-04-13 22:21:21 +08:00
zeed zhao 6ea364e67d feat(web): protect launcher dashboard with token and SPA login (#1953) 
Add token-based authentication for the Launcher's embedded Web Dashboard.

- Ephemeral token generated in-memory each run (or via PICOCLAW_LAUNCHER_TOKEN env var)
- HMAC-SHA256 session cookie (HttpOnly, SameSite=Lax, Secure when HTTPS)
- Bearer token support for API/script access
- Rate limiting on login (10 attempts/IP/min)
- Referrer-Policy: no-referrer on all responses
- POST-only logout with JSON content-type (CSRF-safe)
- System tray "Copy dashboard token" action
- Login page shows contextual help (console/tray/log file path)
- Path traversal protection via path.Clean
- X-Forwarded-Host/Port/Proto support for reverse proxy deployments
- Full i18n support (English, Chinese)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-29 13:11:43 +08:00
Cytown b646d3b8fe refactor config and security to simplified the structure (#2068) 2026-03-28 00:03:34 +08:00
lxowalle 6bd8fec87a Fix security config precedence during migration (#1984) 
* Fix security config precedence during migration

* add doc

* fix ci

* add baidu search
 2026-03-25 15:29:43 +08:00
Hoshina a1f95f02bc refactor(wecom): rebuild ai bot channel 2026-03-24 20:23:29 +08:00
wenjie d23c24ce72 fix(config): normalize empty security config before save/load (#1956) 
Normalize missing security sections when attaching, loading, and saving
security config so existing config files without `.security.yml` can still
be updated safely. This fixes Pico channel setup for legacy/existing configs
and adds coverage for the missing security file path and unexported JSON
field behavior.
 2026-03-24 17:03:28 +08:00
Cytown 310f788f5f rename security.yml to .security.yml 2026-03-23 11:20:42 +08:00
Cytown e455eb5e67 refactor: seperate security.yml for store keys 2026-03-22 01:55:00 +08:00