lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,128 Commits 12 Branches 15 Tags
fcb69860c4807bbe1da4ef9144fc38fbcaf49fd9
Commit Graph

1128 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
wenjie fcb69860c4 feat(web): add configurable cron command execution settings (#1647) 
- add tools.cron.allow_command config with a default value of true
- require command_confirm only when cron command execution is disabled
- expose cron command permission and timeout settings in the config UI
- add backend tests and update i18n strings
 2026-03-17 09:44:32 +08:00
Cytown be4a33cc15 refactor gateway/helpers and add server.pid to health (#1646) 2026-03-17 09:35:52 +08:00
Mauro 79b0568d75 Merge pull request #1536 from alexhoshina/fix/allow-picoclaw-media-tempdir 
Fix: allow picoclaw media tempdir
 2026-03-16 21:30:42 +01:00
Mauro dfafdf7c53 Merge pull request #1570 from alexhoshina/fix/cron-deliver-default-false 
fix(cron): default scheduled jobs to agent execution
 2026-03-16 21:05:06 +01:00
Mauro 2f61440269 Merge pull request #1645 from dimonb/fix/mask-bot-tokens-in-logger 
Fix/mask bot tokens in logger
 2026-03-16 20:55:24 +01:00
Dmitrii Balabanov 64ceb5ab76 fix(logger): show first/last 4 chars of bot token for identification 2026-03-16 12:48:28 +02:00
Dmitrii Balabanov 8fc36a4f9b fix(logger): mask bot tokens in 3rd-party logger output 2026-03-16 12:48:28 +02:00
wenjie c513ad22d7 fix(web): refactor pico chat flow and fix proxied websocket URLs (#1639) 
- move chat controller, state, protocol, history, and websocket logic into a dedicated chat feature module
- improve chat reconnection, session hydration, and send gating based on actual websocket state
- preserve gateway status during transient SSE disconnects and update stop state immediately
- generate wss websocket URLs behind HTTPS proxies and add backend tests for forwarded proto handling
 2026-03-16 16:25:16 +08:00
dependabot[bot] 0c94e6f7b3 chore(deps): bump docker/login-action from 3 to 4 (#1604) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 14:11:22 +08:00
dependabot[bot] b7b8d1eeca chore(deps): bump docker/build-push-action from 6 to 7 (#1602) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 14:10:19 +08:00
dependabot[bot] f247c3bc00 chore(deps): bump actions/setup-go from 5 to 6 (#1600) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 14:09:36 +08:00
dependabot[bot] 44ac304e5b chore(deps): bump actions/setup-node from 4 to 6 (#1597) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 14:09:01 +08:00
dependabot[bot] 4d4243b919 chore(deps): bump docker/setup-buildx-action from 3 to 4 (#1595) 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 14:08:29 +08:00
sky5454 2f10b47f59 feat(credential): part1 add AES-GCM encryption, SecureStore, and onboard ke… (#1521) 
* feat(credential): add AES-GCM encryption, SecureStore, and onboard keygen

- pkg/credential: new package with AES-256-GCM enc:// credential format,
  HKDF-SHA256 key derivation (passphrase + optional SSH key binding),
  ErrPassphraseRequired / ErrDecryptionFailed sentinel errors,
  and PassphraseProvider hook for runtime passphrase injection

- pkg/credential/store: lock-free SecureStore via atomic.Pointer[string];
  passphrase never written to disk or os.Environ

- pkg/credential/keygen: ed25519 SSH key generation helper used by onboard

- pkg/config: replace os.Getenv(PassphraseEnvVar) with
  credential.PassphraseProvider() at all three call sites so that
  LoadConfig and SaveConfig use whatever passphrase source is active

- cmd/picoclaw/onboard: prompt for passphrase with echo-off, generate
  picoclaw-specific SSH key, re-encrypt existing config on re-onboard

- docs/credential_encryption.md: design doc for the enc:// format

* fix(credential): address Copilot review comments on PR #1521

- credential.go: decouple ErrPassphraseRequired from env var name;
  message is now 'enc:// passphrase required' since PassphraseProvider
  may come from any source, not just os.Environ

- credential.go: Resolver resolves symlinks via EvalSymlinks before the
  isWithinDir containment check, preventing symlink-based path traversal
  for file:// credential references

- store.go: tighten comment to describe only what SecureStore guarantees
  (in-memory only); remove claims about how callers transport the value

- store_test.go: replace the meaningless GetReturnsCopy test (Go strings
  are immutable, equality across two calls proves nothing) with
  TestSecureStore_ConcurrentSetGet that exercises atomic.Pointer under
  10-goroutine concurrent Set/Get load

- config_test.go: update error-message assertion to match new sentinel text

- docs/credential_encryption.md: remove reference to non-existent
  'picoclaw encrypt' subcommand; describe the onboard flow instead

* fix(config): encryptPlaintextAPIKeys: struct-based encryption, fail-fast, remove raw []byte

* fix(credential): require SSH private key for encryption/decryption, remove passphrase-only mode

* lint: fix credential keygen lint, fix test keygen

* onboard: make encryption opt-in via --enc flag

Encryption (passphrase prompt + SSH key generation) is now only
triggered when the user passes --enc to 'picoclaw onboard'.
Without the flag, onboard skips the credential-encryption setup and
writes a plain config + workspace templates directly.

- Add --enc BoolFlag in NewOnboardCommand()
- Pass encrypt bool into onboard()
- Guard passphrase prompt, SSH key generation, and related env-var
  setup behind the encrypt branch
- Adjust 'Next steps' output so the passphrase reminder only appears
  when --enc was used
 2026-03-16 14:06:32 +08:00
wenjie c8065989b0 chore(web): upgrade eslint deps to resolve flatted vulnerability (#1629) 2026-03-16 11:58:06 +08:00
dependabot[bot] 4178b2cec5 chore(deps): bump @tanstack/react-router in /web/frontend (#1609) 
Bumps [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router) from 1.163.3 to 1.167.0.
- [Release notes](https://github.com/TanStack/router/releases)
- [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router@1.167.0/packages/react-router)

---
updated-dependencies:
- dependency-name: "@tanstack/react-router"
  dependency-version: 1.167.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 11:05:31 +08:00
dependabot[bot] 99304d1f8e chore(deps): bump dayjs from 1.11.19 to 1.11.20 in /web/frontend (#1608) 
Bumps [dayjs](https://github.com/iamkun/dayjs) from 1.11.19 to 1.11.20.
- [Release notes](https://github.com/iamkun/dayjs/releases)
- [Changelog](https://github.com/iamkun/dayjs/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/iamkun/dayjs/compare/v1.11.19...v1.11.20)

---
updated-dependencies:
- dependency-name: dayjs
  dependency-version: 1.11.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 11:05:17 +08:00
dependabot[bot] 3bf8a27570 chore(deps): bump react-i18next from 16.5.4 to 16.5.8 in /web/frontend (#1607) 
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 16.5.4 to 16.5.8.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v16.5.4...v16.5.8)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 16.5.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 11:05:03 +08:00
dependabot[bot] a93bd01329 chore(deps-dev): bump @vitejs/plugin-react in /web/frontend (#1606) 
Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 5.1.4 to 5.2.0.
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/plugin-react@5.2.0/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.2.0/packages/plugin-react)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 5.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 11:04:50 +08:00
dependabot[bot] b8dfd0befc chore(deps): bump jotai from 2.18.0 to 2.18.1 in /web/frontend (#1605) 
Bumps [jotai](https://github.com/pmndrs/jotai) from 2.18.0 to 2.18.1.
- [Release notes](https://github.com/pmndrs/jotai/releases)
- [Commits](https://github.com/pmndrs/jotai/compare/v2.18.0...v2.18.1)

---
updated-dependencies:
- dependency-name: jotai
  dependency-version: 2.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 10:58:48 +08:00
dependabot[bot] 43eb6fe20c chore(deps): bump github.com/github/copilot-sdk/go from 0.1.23 to 0.1.32 (#1603) 
Bumps [github.com/github/copilot-sdk/go](https://github.com/github/copilot-sdk) from 0.1.23 to 0.1.32.
- [Release notes](https://github.com/github/copilot-sdk/releases)
- [Changelog](https://github.com/github/copilot-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/copilot-sdk/compare/v0.1.23...v0.1.32)

---
updated-dependencies:
- dependency-name: github.com/github/copilot-sdk/go
  dependency-version: 0.1.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 10:58:18 +08:00
dependabot[bot] 2f40a8c165 chore(deps): bump github.com/anthropics/anthropic-sdk-go (#1601) 
Bumps [github.com/anthropics/anthropic-sdk-go](https://github.com/anthropics/anthropic-sdk-go) from 1.22.1 to 1.26.0.
- [Release notes](https://github.com/anthropics/anthropic-sdk-go/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/anthropics/anthropic-sdk-go/compare/v1.22.1...v1.26.0)

---
updated-dependencies:
- dependency-name: github.com/anthropics/anthropic-sdk-go
  dependency-version: 1.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 10:51:55 +08:00
dependabot[bot] e9d240d760 chore(deps): bump github.com/caarlos0/env/v11 from 11.3.1 to 11.4.0 (#1599) 
Bumps [github.com/caarlos0/env/v11](https://github.com/caarlos0/env) from 11.3.1 to 11.4.0.
- [Release notes](https://github.com/caarlos0/env/releases)
- [Commits](https://github.com/caarlos0/env/compare/v11.3.1...v11.4.0)

---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v11
  dependency-version: 11.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 10:47:46 +08:00
dependabot[bot] dd936302d1 chore(deps): bump github.com/mymmrac/telego from 1.6.0 to 1.7.0 (#1598) 
Bumps [github.com/mymmrac/telego](https://github.com/mymmrac/telego) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/mymmrac/telego/releases)
- [Commits](https://github.com/mymmrac/telego/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/mymmrac/telego
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 10:46:54 +08:00
dependabot[bot] 45c01f4d91 chore(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 (#1596) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.35.0 to 0.36.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 10:42:04 +08:00
BitToby 71e2b636d6 fix: Use secure defaults for Pico channel setup and stop leaking the token in the URL (#1563) 
* fix: Use secure defaults for Pico channel setup and stop leaking the token in the URL

* fix: Derive default allow_origins from the setup request's Origin header instead of hardcoding localhost ports
 2026-03-16 09:58:37 +08:00
Caize Wu f2addff099 Merge pull request #1590 from sky5454/main 
feat/sec add github's dependabot to scan the lib sec.
 2026-03-15 18:56:54 +08:00
sky5454 54f870c255 feat/sec add github's dependabot to scan the lib sec. 2026-03-15 18:02:26 +08:00
Caize Wu 96fd4e0519 Merge pull request #1583 from alexhoshina/fix/#1422-lint-err 
fix(provider/azure): lint err
 2026-03-15 13:13:43 +08:00
Hoshina f7dd040ae4 fix(provider/azure): lint err 2026-03-15 12:45:11 +08:00
Mauro 5a251b46af Merge pull request #1442 from afjcjsbx/feat/logger-stdout-formatting 
feat(logger): Custom console formatter for JSON and multiline strings
 2026-03-14 22:04:51 +01:00
Kunal Karmakar 5fb4b3bedf feat(provider): add support for azure openai provider (#1422) 
* Add support for azure openai provider

* Add checks for deployment model name

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Addressing @Copilot suggestion to remove the init() function which seemed redundant

* Fix readme

* Fix linting checks

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-14 22:52:34 +08:00
Hoshina f71eaaf7f8 fix(cron): default scheduled jobs to agent execution 2026-03-14 21:03:23 +08:00
Hoshina bb1a414527 fix(tools): harden whitelist path resolution 2026-03-14 19:58:23 +08:00
Guoguo 0f700a6bf0 docs: update wechat qrcode (#1564) 2026-03-14 18:36:19 +08:00
Caize Wu 9ab1450ab5 Merge pull request #1531 from horsley/chore/add-deepwiki-badge-readmes 
docs: add Ask DeepWiki badge to all README variants
 2026-03-14 17:28:18 +08:00
horsley 93369c0011 docs: reorganize README badge layout with docs and wiki links 2026-03-14 09:20:49 +00:00
dataCenter430 0c5d7500e8 feat: expose local file paths for non-image media to enable agent file tools (#1516) 
* feat: expose local file paths for non-image media to enable agent file tools

* fix: Golang Lint error
 2026-03-14 12:09:11 +08:00
Hoshina 345452fba8 refactor(tools): remove unused validatePath wrapper 2026-03-14 12:08:11 +08:00
Hoshina 1bc05e8392 fix(tools): allow sandbox access to temp media files 2026-03-14 12:02:06 +08:00
Hoshina b9aaad95cd refactor(media): centralize temp media dir path 2026-03-14 12:01:47 +08:00
horsley de0dd241b9 docs: add Ask DeepWiki badge to all README variants 2026-03-14 02:52:06 +00:00
GPER 555af137b4 添加使用火山coding plain配置参数 (#1511) 2026-03-14 09:30:02 +08:00
Alix-007 c68b4f3903 fix(qq): populate account bindings metadata (#1456) 
Co-authored-by: XYSK-lilong007 <267018309+XYSK-lilong007@users.noreply.github.com>
 2026-03-13 23:08:55 +08:00
afjcjsbx 78c9b86d7e added tests 2026-03-13 14:02:28 +01:00
iMil 86da6a7d56 #434 added NetBSD support for picoclaw, but since then, picoclaw-launcher{-tui} appeared (#1508) 2026-03-13 19:52:32 +08:00
wenjie 4d8fdb0b3d feat(web): use a global WebSocket for Pico chat sessions (#1507) 
- centralize Pico chat connection and session state in a shared store
- move chat lifecycle control out of usePicoChat
- hydrate and restore the active session across the app
 2026-03-13 19:04:18 +08:00
Meng Zhuo 27fef9eab8 Merge pull request #1441 from Alix-007/fix/issue-1269-weather-skill-reliability 
fix(skill): tighten weather location matching guidance
 2026-03-13 18:10:56 +08:00
lxowalle 2f83c185ae Fix the issue where the cursor moves inaccurately left and right after entering Chinese when running the picoclaw agent. (#1505) 2026-03-13 17:58:34 +08:00
wenjie c69c48ad46 refactor(web): split gateway logs out of the status endpoint (#1504) 
- add a dedicated /api/gateway/logs endpoint for incremental log polling
- keep /api/gateway/status focused on runtime and health data only
- update frontend log fetching to use the new API and add backend tests covering the status/logs separation and cleared-log behavior
 2026-03-13 17:58:20 +08:00