Conversation
added 3 commits
March 26, 2026 16:36
…ed deletion, MCP agent identity
- message patch: new bundle uses '= async () => await runMessageAction({'
instead of 'const result = await runMessageAction({'
- web_fetch patch: new bundle uses 'readStringParam$1' instead of 'readStringParam'
- doctor: check ask mode at tools.exec.ask in addition to top-level ask
Found during dogfooding on OpenClaw 2026.3.24.
added 2 commits
March 29, 2026 17:25
…plugin - Extract BuildAllowPattern and HashPattern to internal/policy/glob.go for shared use by bridge and API handlers - New POST /v1/rules/learn endpoint with admin auth, smart glob computation, atomic file writes, duplicate detection (409), and automatic policy reload - Tests for learn handler (create, duplicate, missing fields, auth) and shared glob functions - Plugin integration and openclaw policy profile
added 7 commits
March 30, 2026 01:12
…law.yaml profile, doctor checks - POST /v1/rules/learn: always-allow writeback API for OpenClaw plugin - BuildAllowPattern extracted to internal/policy/glob.go (shared) - rampart setup openclaw --plugin: installs plugin, configures OpenClaw - rampart setup openclaw --migrate: removes old dist patches, installs plugin - policies/openclaw.yaml: 13-policy profile for OpenClaw tool surface - rampart doctor: plugin health check - Bridge audit sink restored and struct fixes - All bridge tests passing
…haler
- tests/e2e.yaml: replace deprecated 'require_approval' expect values with
'ask' (renamed in v0.9.9)
- internal/proxy/learn_handlers.go: add toolList type with custom YAML
unmarshaler so tool: accepts both scalar ('exec') and sequence (['exec'])
forms in user override rules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v1.0 Readiness Sprint
This PR addresses every blocker and major quality issue identified in the pre-v1.0 audit. It's a significant quality jump.
Code Changes
Reliability
rampart serverestarts. JSONL file at~/.rampart/pending-approvals.jsonl, atomic writes, graceful on missing file. 4 new tests.UX fixes
sudo apt-get install nmapnow writessudo apt-get install *instead of an exact match. No more re-prompting for every package variant. 14-case table-driven test.rampart doctorchecksask: on-miss— the most common silent failure mode now produces a clear warning with the exact fix. Silently skips if openclaw.json doesn't exist.API improvements
DELETE /v1/rules/auto-allowed/{name}replaces fragile index-based deletion. No more TOCTOU race.--agent-idand--session-idflags onrampart mcp. Agent-scoped policies now work for MCP users.GoReleaser
homebrew_casksback tobrews— casks schema doesn't supportinstall/testfields. Homebrew auto-update now works with the secret in place.Docs Changes
rampart-proxy→rampart-serve, fixed JSON config example, added verify sectionrequire_approvalreferencesTest Status
All packages pass with
-race -count=1.