sync: roll up fork main into upstream main#15
Merged
Conversation
Remove the hardcoded archived fallback agent for fresh installs and extend workspace path allowlisting to permit /_archived_workspace_main when it is intentionally present.
Add OPENCLAW_PATH_REMAP_PREFIXES support to normalize host-absolute workspace paths into virtual paths before allowlist/forwarding, keep archived fallback agent, and add integration coverage for remap + fallback behavior.
Implement API-side OpenClaw path normalization for both /home/node/.openclaw and ~/.openclaw prefixes, preserving allowlist enforcement. Add main/default agent workspace mapping to '/' when workspace is omitted to avoid /workspace-main lookups. Update integration tests and env/docs defaults so remap behavior and deployment config are consistent.
Always include built-in OpenClaw host-path remap prefixes, treat OPENCLAW_PATH_REMAP_PREFIXES as additive extras, and resolve remaps by longest prefix first to avoid nested /workspace path compounding. Also normalize explicit agent workspace values in /openclaw/agents output and align fallback archived workspace to virtual path semantics. Updated integration tests and API docs/env examples to reflect additive behavior and precedence.
- remap host workspace prefixes (~/.openclaw/workspace, /home/node/.openclaw/workspace) into /workspace/*\n- treat missing main/default agent workspaces as /workspace and align fallback COO path\n- allow /workspace and /workspace/* in strict path policy while rejecting bare /<file> paths\n- keep sub-agent/shared/config path rules unchanged\n- update integration tests for remap, allowlist, and agents mapping behavior
…porate defaults - Replace broken extractOrgChart (which looked for nonexistent agent.orgChart fields) with buildOrgChartFromAgentsList that generates a flat org chart from standard agents.list identity fields - Remove hardcoded COO fallback in /openclaw/agents endpoint — return empty array when no agents are configured - Make title field optional in PUT/POST /org-chart/agents endpoints - Update tests to match new behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use secret for Gitleaks license
fix: use backend identity for remote OpenClaw gateway fallback
docs: fix stale OpenClaw and guide references
…roots-api feat(openclaw): normalize host paths for split-root workspace routing
Signed-off-by: Holden Omans <holden.omans@gmail.com>
feat: rename org-chart → agents across API layer
fix: disable workspace calls when OPENCLAW_WORKSPACE_URL is unset
Codex/fix openclaw ci
Typed docs link reconciliation for workspace lifecycle
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When useInsecureAuth=true, the open handler already calls doConnectAndRpc immediately. If the gateway also sends a connect.challenge event, the message handler was triggering a second doConnectAndRpc call, sending connect as id=2 instead of id=1 — causing the gateway to reject it with INVALID_REQUEST "connect is only valid as the first request". Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds docker/ as a self-contained test environment for running the full MosBot + OpenClaw stack locally. Isolates integration testing from the existing 3-service compose used for regular development. docker/ contains: - docker-compose.yml: 6-service stack (openclaw-gateway, openclaw-cli, workspace, api, dashboard, postgres) with paths adjusted for docker/ - docker-setup.sh: adapted from OpenClaw's setup script; generates all secrets automatically; adds `reset` subcommand to nuke and start fresh - Makefile: setup, up, down, reset, logs, ps targets - .env.example: reference for what docker-setup.sh generates - openclaw-config/.gitkeep: placeholder for runtime-generated OpenClaw config Also removes the now-obsolete docker-compose.override.yml and docker-compose.prod.yml overlay files, and consolidates the root docker-compose.yml dashboard service to use the dev target directly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Podman's build engine doesn't support BuildKit's h2c protocol, causing `listing workers for Build` errors. Setting DOCKER_BUILDKIT=0 falls back to the legacy builder which works with Podman. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat: full-stack Docker test harness in docker/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
moltar-forge:mainis 38 commits ahead ofbymosbot:main.50 files changed, 2366 insertions(+), 424 deletions(-).What was merged in the fork
main<-gitleaksmain<-fix/openclaw-remote-gateway-authmain<-fix/docs-reference-linksmain<-codex/feature-openclaw-split-roots-apimain<-feature/simplify-org-chartmain<-fix/workspace-url-requiredmain<-codex/fix-openclaw-cimain<-codex/fix-openclaw-cimain<-codex/typed-per-agent-linksmain<-feature/docker-full-stackCommit-level delta
Features and behavior
0e58a96feat: add full-stack Docker test harness in docker/36cf2b2feat: add system-managed docs link reconciliation0b29bcefeat: simplify org chart — auto-generate from agents.list, remove corporate defaultsb3d9318feat(openclaw): support split roots and native ~/.openclaw path remapbaef1e9feat(openclaw): remap absolute paths before workspace allowlistFixes and reliability
54e74cdfix: disable BuildKit for compose up (Podman compatibility)49b1360fix: skip connect.challenge handler when using insecure-auth path5fe0065fix: reconcile docs links for configured agents on startup3a19c68fix tests for new behavior6b9dc49fix(openclaw): remove /workspace alias and normalize main fallback66ae5a5fix(openclaw): make remap defaults additive and longest-prefix4e3688efix(openclaw): simplify fallback agents and allow legacy archived pathc80f7c0fix: use backend client identity for gateway auth fallback7f0785efix: disable workspace client when URL is unsetDocumentation
24283e8docs: fix stale OpenClaw documentation referencesCI, tooling, and maintenance
b530b16chore: change workspace-service default port from 8080 to 18780e10d15echore: update engines.node to >=25.0.0Other changes
b7e03f8dont deploy to s3 on forks112f819update .gitignored91cdcathis behavior was removedd8a01e7remove url50c0d1aupdate changelog2fa72cbUse secret for Gitleaks license291e8b6rename org-chart to agentscd357ecNormalize main OpenClaw workspace paths to /workspaceWhy this supersedes existing open upstream PRs
This rollup PR contains all commits currently on
moltar-forge:mainrelative tobymosbot:mainand therefore supersedes the following still-open incremental PRs:After this rollup merges, those incremental PRs would be duplicate history.