LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-26 16:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: rename clawdbot to moltbot with legacy compat

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-27 12:19:58 +00:00
parent 83460df96f
commit 6d16a658e5
1839 changed files with 11250 additions and 11199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/security/audit-extra.ts
View File

@@ -3,7 +3,7 @@ import path from "node:path";
import JSON5 from "json5";
import type { ClawdbotConfig, ConfigFileSnapshot } from "../config/config.js";
import type { MoltbotConfig, ConfigFileSnapshot } from "../config/config.js";
import { createConfigIO } from "../config/config.js";
import { resolveNativeSkillsEnabled } from "../config/commands.js";
import { resolveOAuthDir } from "../config/paths.js";
@@ -48,7 +48,7 @@ function expandTilde(p: string, env: NodeJS.ProcessEnv): string | null {
return null;
}
function summarizeGroupPolicy(cfg: ClawdbotConfig): {
function summarizeGroupPolicy(cfg: MoltbotConfig): {
open: number;
allowlist: number;
other: number;
@@ -69,7 +69,7 @@ function summarizeGroupPolicy(cfg: ClawdbotConfig): {
return { open, allowlist, other };
}
export function collectAttackSurfaceSummaryFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
export function collectAttackSurfaceSummaryFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
const group = summarizeGroupPolicy(cfg);
const elevated = cfg.tools?.elevated?.enabled !== false;
const hooksEnabled = cfg.hooks?.enabled === true;
@@ -116,7 +116,7 @@ export function collectSyncedFolderFindings(params: {
severity: "warn",
title: "State/config path looks like a synced folder",
detail: `stateDir=${params.stateDir}, configPath=${params.configPath}. Synced folders (iCloud/Dropbox/OneDrive/Google Drive) can leak tokens and transcripts onto other devices.`,
remediation: `Keep CLAWDBOT_STATE_DIR on a local-only volume and re-run "${formatCliCommand("clawdbot security audit --fix")}".`,
remediation: `Keep CLAWDBOT_STATE_DIR on a local-only volume and re-run "${formatCliCommand("moltbot security audit --fix")}".`,
});
}
return findings;
@@ -127,7 +127,7 @@ function looksLikeEnvRef(value: string): boolean {
return v.startsWith("${") && v.endsWith("}");
}
export function collectSecretsInConfigFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
export function collectSecretsInConfigFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const password =
typeof cfg.gateway?.auth?.password === "string" ? cfg.gateway.auth.password.trim() : "";
@@ -157,7 +157,7 @@ export function collectSecretsInConfigFindings(cfg: ClawdbotConfig): SecurityAud
return findings;
}
export function collectHooksHardeningFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
export function collectHooksHardeningFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
if (cfg.hooks?.enabled !== true) return findings;
@@ -215,7 +215,7 @@ function addModel(models: ModelRef[], raw: unknown, source: string) {
models.push({ id, source });
}
function collectModels(cfg: ClawdbotConfig): ModelRef[] {
function collectModels(cfg: MoltbotConfig): ModelRef[] {
const out: ModelRef[] = [];
addModel(out, cfg.agents?.defaults?.model?.primary, "agents.defaults.model.primary");
for (const f of cfg.agents?.defaults?.model?.fallbacks ?? [])
@@ -283,7 +283,7 @@ function isClaude45OrHigher(id: string): boolean {
return /\bclaude-[^\s/]*?(?:-4-5\b|4\.5\b)/i.test(id);
}
export function collectModelHygieneFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
export function collectModelHygieneFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const models = collectModels(cfg);
if (models.length === 0) return findings;
@@ -378,7 +378,7 @@ function pickToolPolicy(config?: { allow?: string[]; deny?: string[] }): Sandbox
}
function resolveToolPolicies(params: {
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
agentTools?: AgentToolsConfig;
sandboxMode?: "off" | "non-main" | "all";
agentId?: string | null;
@@ -402,7 +402,7 @@ function resolveToolPolicies(params: {
return policies;
}
function hasWebSearchKey(cfg: ClawdbotConfig, env: NodeJS.ProcessEnv): boolean {
function hasWebSearchKey(cfg: MoltbotConfig, env: NodeJS.ProcessEnv): boolean {
const search = cfg.tools?.web?.search;
return Boolean(
search?.apiKey ||
@@ -413,20 +413,20 @@ function hasWebSearchKey(cfg: ClawdbotConfig, env: NodeJS.ProcessEnv): boolean {
);
}
function isWebSearchEnabled(cfg: ClawdbotConfig, env: NodeJS.ProcessEnv): boolean {
function isWebSearchEnabled(cfg: MoltbotConfig, env: NodeJS.ProcessEnv): boolean {
const enabled = cfg.tools?.web?.search?.enabled;
if (enabled === false) return false;
if (enabled === true) return true;
return hasWebSearchKey(cfg, env);
}
function isWebFetchEnabled(cfg: ClawdbotConfig): boolean {
function isWebFetchEnabled(cfg: MoltbotConfig): boolean {
const enabled = cfg.tools?.web?.fetch?.enabled;
if (enabled === false) return false;
return true;
}
function isBrowserEnabled(cfg: ClawdbotConfig): boolean {
function isBrowserEnabled(cfg: MoltbotConfig): boolean {
try {
return resolveBrowserConfig(cfg.browser, cfg).enabled;
} catch {
@@ -435,7 +435,7 @@ function isBrowserEnabled(cfg: ClawdbotConfig): boolean {
}
export function collectSmallModelRiskFindings(params: {
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
env: NodeJS.ProcessEnv;
}): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
@@ -514,7 +514,7 @@ export function collectSmallModelRiskFindings(params: {
}
export async function collectPluginsTrustFindings(params: {
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
stateDir: string;
}): Promise<SecurityAuditFinding[]> {
const findings: SecurityAuditFinding[] = [];
@@ -747,7 +747,7 @@ export async function collectIncludeFilePermFindings(params: {
}
export async function collectStateDeepFilesystemFindings(params: {
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
env: NodeJS.ProcessEnv;
stateDir: string;
platform?: NodeJS.Platform;
@@ -902,7 +902,7 @@ export async function collectStateDeepFilesystemFindings(params: {
return findings;
}
function listGroupPolicyOpen(cfg: ClawdbotConfig): string[] {
function listGroupPolicyOpen(cfg: MoltbotConfig): string[] {
const out: string[] = [];
const channels = cfg.channels as Record<string, unknown> | undefined;
if (!channels || typeof channels !== "object") return out;
@@ -923,7 +923,7 @@ function listGroupPolicyOpen(cfg: ClawdbotConfig): string[] {
return out;
}
export function collectExposureMatrixFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
export function collectExposureMatrixFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const openGroups = listGroupPolicyOpen(cfg);
if (openGroups.length === 0) return findings;

110
src/security/audit.test.ts
View File

@@ -1,6 +1,6 @@
import { afterEach, beforeEach, describe, expect, it } from "vitest";
import type { ClawdbotConfig } from "../config/config.js";
import type { MoltbotConfig } from "../config/config.js";
import type { ChannelPlugin } from "../channels/plugins/types.js";
import { runSecurityAudit } from "./audit.js";
import { discordPlugin } from "../../extensions/discord/src/channel.js";
@@ -14,7 +14,7 @@ const isWindows = process.platform === "win32";
describe("security audit", () => {
it("includes an attack surface summary (info)", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
channels: { whatsapp: { groupPolicy: "open" }, telegram: { groupPolicy: "allowlist" } },
tools: { elevated: { enabled: true, allowFrom: { whatsapp: ["+1"] } } },
hooks: { enabled: true },
@@ -35,7 +35,7 @@ describe("security audit", () => {
});
it("flags non-loopback bind without auth as critical", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
bind: "lan",
auth: {},
@@ -55,7 +55,7 @@ describe("security audit", () => {
});
it("warns when loopback control UI lacks trusted proxies", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
bind: "loopback",
controlUi: { enabled: true },
@@ -79,7 +79,7 @@ describe("security audit", () => {
});
it("flags loopback control UI without auth as critical", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
bind: "loopback",
controlUi: { enabled: true },
@@ -105,7 +105,7 @@ describe("security audit", () => {
});
it("flags logging.redactSensitive=off", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
logging: { redactSensitive: "off" },
};
@@ -123,10 +123,10 @@ describe("security audit", () => {
});
it("treats Windows ACL-only perms as secure", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-win-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-win-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "clawdbot.json");
const configPath = path.join(stateDir, "moltbot.json");
await fs.writeFile(configPath, "{}\n", "utf-8");
const user = "DESKTOP-TEST\\Tester";
@@ -160,10 +160,10 @@ describe("security audit", () => {
});
it("flags Windows ACLs when Users can read the state dir", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-win-open-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-win-open-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "clawdbot.json");
const configPath = path.join(stateDir, "moltbot.json");
await fs.writeFile(configPath, "{}\n", "utf-8");
const user = "DESKTOP-TEST\\Tester";
@@ -200,7 +200,7 @@ describe("security audit", () => {
});
it("warns when small models are paired with web/browser tools", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
agents: { defaults: { model: { primary: "ollama/mistral-8b" } } },
tools: {
web: {
@@ -226,7 +226,7 @@ describe("security audit", () => {
});
it("treats small models as safe when sandbox is on and web tools are disabled", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
agents: { defaults: { model: { primary: "ollama/mistral-8b" }, sandbox: { mode: "all" } } },
tools: {
web: {
@@ -250,7 +250,7 @@ describe("security audit", () => {
});
it("flags tools.elevated allowFrom wildcard as critical", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
tools: {
elevated: {
allowFrom: { whatsapp: ["*"] },
@@ -275,7 +275,7 @@ describe("security audit", () => {
});
it("warns when remote CDP uses HTTP", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
browser: {
profiles: {
remote: { cdpUrl: "http://example.com:9222", color: "#0066CC" },
@@ -297,7 +297,7 @@ describe("security audit", () => {
});
it("warns when control UI allows insecure auth", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
controlUi: { allowInsecureAuth: true },
},
@@ -320,7 +320,7 @@ describe("security audit", () => {
});
it("warns when control UI device auth is disabled", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
controlUi: { dangerouslyDisableDeviceAuth: true },
},
@@ -343,7 +343,7 @@ describe("security audit", () => {
});
it("warns when multiple DM senders share the main session", async () => {
const cfg: ClawdbotConfig = { session: { dmScope: "main" } };
const cfg: MoltbotConfig = { session: { dmScope: "main" } };
const plugins: ChannelPlugin[] = [
{
id: "whatsapp",
@@ -392,11 +392,11 @@ describe("security audit", () => {
it("flags Discord native commands without a guild user allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-discord-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-discord-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
channels: {
discord: {
enabled: true,
@@ -437,12 +437,12 @@ describe("security audit", () => {
it("does not flag Discord slash commands when dm.allowFrom includes a Discord snowflake id", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(
path.join(os.tmpdir(), "clawdbot-security-audit-discord-allowfrom-snowflake-"),
path.join(os.tmpdir(), "moltbot-security-audit-discord-allowfrom-snowflake-"),
);
process.env.CLAWDBOT_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
channels: {
discord: {
enabled: true,
@@ -482,11 +482,11 @@ describe("security audit", () => {
it("flags Discord slash commands when access-group enforcement is disabled and no users allowlist exists", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-discord-open-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-discord-open-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
commands: { useAccessGroups: false },
channels: {
discord: {
@@ -527,11 +527,11 @@ describe("security audit", () => {
it("flags Slack slash commands without a channel users allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-slack-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-slack-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
channels: {
slack: {
enabled: true,
@@ -566,11 +566,11 @@ describe("security audit", () => {
it("flags Slack slash commands when access-group enforcement is disabled", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-slack-open-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-slack-open-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
commands: { useAccessGroups: false },
channels: {
slack: {
@@ -606,11 +606,11 @@ describe("security audit", () => {
it("flags Telegram group commands without a sender allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-telegram-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-telegram-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
channels: {
telegram: {
enabled: true,
@@ -643,7 +643,7 @@ describe("security audit", () => {
});
it("adds a warning when deep probe fails", async () => {
const cfg: ClawdbotConfig = { gateway: { mode: "local" } };
const cfg: MoltbotConfig = { gateway: { mode: "local" } };
const res = await runSecurityAudit({
config: cfg,
@@ -672,7 +672,7 @@ describe("security audit", () => {
});
it("adds a warning when deep probe throws", async () => {
const cfg: ClawdbotConfig = { gateway: { mode: "local" } };
const cfg: MoltbotConfig = { gateway: { mode: "local" } };
const res = await runSecurityAudit({
config: cfg,
@@ -695,7 +695,7 @@ describe("security audit", () => {
});
it("warns on legacy model configuration", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
agents: { defaults: { model: { primary: "openai/gpt-3.5-turbo" } } },
};
@@ -713,7 +713,7 @@ describe("security audit", () => {
});
it("warns on weak model tiers", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
agents: { defaults: { model: { primary: "anthropic/claude-haiku-4-5" } } },
};
@@ -731,7 +731,7 @@ describe("security audit", () => {
});
it("warns when hooks token looks short", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
hooks: { enabled: true, token: "short" },
};
@@ -751,7 +751,7 @@ describe("security audit", () => {
it("warns when hooks token reuses the gateway env token", async () => {
const prevToken = process.env.CLAWDBOT_GATEWAY_TOKEN;
process.env.CLAWDBOT_GATEWAY_TOKEN = "shared-gateway-token-1234567890";
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
hooks: { enabled: true, token: "shared-gateway-token-1234567890" },
};
@@ -774,14 +774,14 @@ describe("security audit", () => {
});
it("warns when state/config look like a synced folder", async () => {
const cfg: ClawdbotConfig = {};
const cfg: MoltbotConfig = {};
const res = await runSecurityAudit({
config: cfg,
includeFilesystem: false,
includeChannelSecurity: false,
stateDir: "/Users/test/Dropbox/.clawdbot",
configPath: "/Users/test/Dropbox/.clawdbot/clawdbot.json",
configPath: "/Users/test/Dropbox/.clawdbot/moltbot.json",
});
expect(res.findings).toEqual(
@@ -792,7 +792,7 @@ describe("security audit", () => {
});
it("flags group/world-readable config include files", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true, mode: 0o700 });
@@ -806,12 +806,12 @@ describe("security audit", () => {
await fs.chmod(includePath, 0o644);
}
const configPath = path.join(stateDir, "clawdbot.json");
const configPath = path.join(stateDir, "moltbot.json");
await fs.writeFile(configPath, `{ "$include": "./extra.json5" }\n`, "utf-8");
await fs.chmod(configPath, 0o600);
try {
const cfg: ClawdbotConfig = { logging: { redactSensitive: "off" } };
const cfg: MoltbotConfig = { logging: { redactSensitive: "off" } };
const user = "DESKTOP-TEST\\Tester";
const execIcacls = isWindows
? async (_cmd: string, args: string[]) => {
@@ -865,7 +865,7 @@ describe("security audit", () => {
delete process.env.TELEGRAM_BOT_TOKEN;
delete process.env.SLACK_BOT_TOKEN;
delete process.env.SLACK_APP_TOKEN;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(path.join(stateDir, "extensions", "some-plugin"), {
recursive: true,
@@ -873,13 +873,13 @@ describe("security audit", () => {
});
try {
const cfg: ClawdbotConfig = {};
const cfg: MoltbotConfig = {};
const res = await runSecurityAudit({
config: cfg,
includeFilesystem: true,
includeChannelSecurity: false,
stateDir,
configPath: path.join(stateDir, "clawdbot.json"),
configPath: path.join(stateDir, "moltbot.json"),
});
expect(res.findings).toEqual(
@@ -902,7 +902,7 @@ describe("security audit", () => {
it("flags unallowlisted extensions as critical when native skill commands are exposed", async () => {
const prevDiscordToken = process.env.DISCORD_BOT_TOKEN;
delete process.env.DISCORD_BOT_TOKEN;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(path.join(stateDir, "extensions", "some-plugin"), {
recursive: true,
@@ -910,7 +910,7 @@ describe("security audit", () => {
});
try {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
channels: {
discord: { enabled: true, token: "t" },
},
@@ -920,7 +920,7 @@ describe("security audit", () => {
includeFilesystem: true,
includeChannelSecurity: false,
stateDir,
configPath: path.join(stateDir, "clawdbot.json"),
configPath: path.join(stateDir, "moltbot.json"),
});
expect(res.findings).toEqual(
@@ -938,7 +938,7 @@ describe("security audit", () => {
});
it("flags open groupPolicy when tools.elevated is enabled", async () => {
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
tools: { elevated: { enabled: true, allowFrom: { whatsapp: ["+1"] } } },
channels: { whatsapp: { groupPolicy: "open" } },
};
@@ -983,7 +983,7 @@ describe("security audit", () => {
it("uses local auth when gateway.mode is local", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
mode: "local",
auth: { token: "local-token-abc123" },
@@ -1018,7 +1018,7 @@ describe("security audit", () => {
it("prefers env token over local config token", async () => {
process.env.CLAWDBOT_GATEWAY_TOKEN = "env-token";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
mode: "local",
auth: { token: "local-token" },
@@ -1052,7 +1052,7 @@ describe("security audit", () => {
it("uses local auth when gateway.mode is undefined (default)", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
auth: { token: "default-local-token" },
},
@@ -1085,7 +1085,7 @@ describe("security audit", () => {
it("uses remote auth when gateway.mode is remote with URL", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
mode: "remote",
auth: { token: "local-token-should-not-use" },
@@ -1124,7 +1124,7 @@ describe("security audit", () => {
it("ignores env token when gateway.mode is remote", async () => {
process.env.CLAWDBOT_GATEWAY_TOKEN = "env-token";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
mode: "remote",
auth: { token: "local-token-should-not-use" },
@@ -1162,7 +1162,7 @@ describe("security audit", () => {
it("uses remote password when env is unset", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
mode: "remote",
remote: {
@@ -1200,7 +1200,7 @@ describe("security audit", () => {
it("prefers env password over remote password", async () => {
process.env.CLAWDBOT_GATEWAY_PASSWORD = "env-pass";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
mode: "remote",
remote: {
@@ -1237,7 +1237,7 @@ describe("security audit", () => {
it("falls back to local auth when gateway.mode is remote but URL is missing", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: ClawdbotConfig = {
const cfg: MoltbotConfig = {
gateway: {
mode: "remote",
auth: { token: "fallback-local-token" },

24
src/security/audit.ts
View File

@@ -1,7 +1,7 @@
import { listChannelPlugins } from "../channels/plugins/index.js";
import { resolveChannelDefaultAccountId } from "../channels/plugins/helpers.js";
import type { ChannelId } from "../channels/plugins/types.js";
import type { ClawdbotConfig } from "../config/config.js";
import type { MoltbotConfig } from "../config/config.js";
import { resolveBrowserConfig, resolveProfile } from "../browser/config.js";
import { resolveConfigPath, resolveStateDir } from "../config/paths.js";
import { resolveGatewayAuth } from "../gateway/auth.js";
@@ -62,7 +62,7 @@ export type SecurityAuditReport = {
};
export type SecurityAuditOptions = {
config: ClawdbotConfig;
config: MoltbotConfig;
env?: NodeJS.ProcessEnv;
platform?: NodeJS.Platform;
deep?: boolean;
@@ -145,7 +145,7 @@ async function collectFilesystemFindings(params: {
checkId: "fs.state_dir.perms_world_writable",
severity: "critical",
title: "State dir is world-writable",
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; other users can write into your Clawdbot state.`,
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; other users can write into your Moltbot state.`,
remediation: formatPermissionRemediation({
targetPath: params.stateDir,
perms: stateDirPerms,
@@ -159,7 +159,7 @@ async function collectFilesystemFindings(params: {
checkId: "fs.state_dir.perms_group_writable",
severity: "warn",
title: "State dir is group-writable",
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; group users can write into your Clawdbot state.`,
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; group users can write into your Moltbot state.`,
remediation: formatPermissionRemediation({
targetPath: params.stateDir,
perms: stateDirPerms,
@@ -248,7 +248,7 @@ async function collectFilesystemFindings(params: {
}
function collectGatewayConfigFindings(
cfg: ClawdbotConfig,
cfg: MoltbotConfig,
env: NodeJS.ProcessEnv,
): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
@@ -356,7 +356,7 @@ function collectGatewayConfigFindings(
return findings;
}
function collectBrowserControlFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
function collectBrowserControlFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
let resolved: ReturnType<typeof resolveBrowserConfig>;
@@ -368,7 +368,7 @@ function collectBrowserControlFindings(cfg: ClawdbotConfig): SecurityAuditFindin
severity: "warn",
title: "Browser control config looks invalid",
detail: String(err),
remediation: `Fix browser.cdpUrl in ${resolveConfigPath()} and re-run "${formatCliCommand("clawdbot security audit --deep")}".`,
remediation: `Fix browser.cdpUrl in ${resolveConfigPath()} and re-run "${formatCliCommand("moltbot security audit --deep")}".`,
});
return findings;
}
@@ -398,7 +398,7 @@ function collectBrowserControlFindings(cfg: ClawdbotConfig): SecurityAuditFindin
return findings;
}
function collectLoggingFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
function collectLoggingFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
const redact = cfg.logging?.redactSensitive;
if (redact !== "off") return [];
return [
@@ -412,7 +412,7 @@ function collectLoggingFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
];
}
function collectElevatedFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
function collectElevatedFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const enabled = cfg.tools?.elevated?.enabled;
const allowFrom = cfg.tools?.elevated?.allowFrom ?? {};
@@ -444,7 +444,7 @@ function collectElevatedFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {
}
async function collectChannelSecurityFindings(params: {
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
plugins: ReturnType<typeof listChannelPlugins>;
}): Promise<SecurityAuditFinding[]> {
const findings: SecurityAuditFinding[] = [];
@@ -797,7 +797,7 @@ async function collectChannelSecurityFindings(params: {
}
async function maybeProbeGateway(params: {
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
timeoutMs: number;
probe: typeof probeGateway;
}): Promise<SecurityAuditReport["deep"]> {
@@ -923,7 +923,7 @@ export async function runSecurityAudit(opts: SecurityAuditOptions): Promise<Secu
severity: "warn",
title: "Gateway probe failed (deep)",
detail: deep.gateway.error ?? "gateway unreachable",
remediation: `Run "${formatCliCommand("clawdbot status --all")}" to debug connectivity/auth, then re-run "${formatCliCommand("clawdbot security audit --deep")}".`,
remediation: `Run "${formatCliCommand("moltbot status --all")}" to debug connectivity/auth, then re-run "${formatCliCommand("moltbot security audit --deep")}".`,
});
}

20
src/security/fix.test.ts
View File

@@ -18,12 +18,12 @@ const expectPerms = (actual: number, expected: number) => {
describe("security fix", () => {
it("tightens groupPolicy + filesystem perms", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
await fs.chmod(stateDir, 0o755);
const configPath = path.join(stateDir, "clawdbot.json");
const configPath = path.join(stateDir, "moltbot.json");
await fs.writeFile(
configPath,
`${JSON.stringify(
@@ -90,11 +90,11 @@ describe("security fix", () => {
});
it("applies allowlist per-account and seeds WhatsApp groupAllowFrom from store", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "clawdbot.json");
const configPath = path.join(stateDir, "moltbot.json");
await fs.writeFile(
configPath,
`${JSON.stringify(
@@ -140,11 +140,11 @@ describe("security fix", () => {
});
it("does not seed WhatsApp groupAllowFrom if allowFrom is set", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "clawdbot.json");
const configPath = path.join(stateDir, "moltbot.json");
await fs.writeFile(
configPath,
`${JSON.stringify(
@@ -183,12 +183,12 @@ describe("security fix", () => {
});
it("returns ok=false for invalid config but still tightens perms", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
await fs.chmod(stateDir, 0o755);
const configPath = path.join(stateDir, "clawdbot.json");
const configPath = path.join(stateDir, "moltbot.json");
await fs.writeFile(configPath, "{ this is not json }\n", "utf-8");
await fs.chmod(configPath, 0o644);
@@ -209,7 +209,7 @@ describe("security fix", () => {
});
it("tightens perms for credentials + agent auth/sessions + include files", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
@@ -219,7 +219,7 @@ describe("security fix", () => {
await fs.writeFile(includePath, "{ logging: { redactSensitive: 'off' } }\n", "utf-8");
await fs.chmod(includePath, 0o644);
const configPath = path.join(stateDir, "clawdbot.json");
const configPath = path.join(stateDir, "moltbot.json");
await fs.writeFile(
configPath,
`{ "$include": "./includes/extra.json5", channels: { whatsapp: { groupPolicy: "open" } } }\n`,

14
src/security/fix.ts
View File

@@ -3,7 +3,7 @@ import path from "node:path";
import JSON5 from "json5";
import type { ClawdbotConfig } from "../config/config.js";
import type { MoltbotConfig } from "../config/config.js";
import { createConfigIO } from "../config/config.js";
import { resolveConfigPath, resolveOAuthDir, resolveStateDir } from "../config/paths.js";
import { resolveDefaultAgentId } from "../agents/agent-scope.js";
@@ -187,13 +187,13 @@ async function safeAclReset(params: {
}
function setGroupPolicyAllowlist(params: {
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
channel: string;
changes: string[];
policyFlips: Set<string>;
}): void {
if (!params.cfg.channels) return;
const section = params.cfg.channels[params.channel as keyof ClawdbotConfig["channels"]] as
const section = params.cfg.channels[params.channel as keyof MoltbotConfig["channels"]] as
| Record<string, unknown>
| undefined;
if (!section || typeof section !== "object") return;
@@ -222,7 +222,7 @@ function setGroupPolicyAllowlist(params: {
}
function setWhatsAppGroupAllowFromFromStore(params: {
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
storeAllowFrom: string[];
changes: string[];
policyFlips: Set<string>;
@@ -252,8 +252,8 @@ function setWhatsAppGroupAllowFromFromStore(params: {
}
}
function applyConfigFixes(params: { cfg: ClawdbotConfig; env: NodeJS.ProcessEnv }): {
cfg: ClawdbotConfig;
function applyConfigFixes(params: { cfg: MoltbotConfig; env: NodeJS.ProcessEnv }): {
cfg: MoltbotConfig;
changes: string[];
policyFlips: Set<string>;
} {
@@ -349,7 +349,7 @@ async function collectIncludePathsRecursive(params: {
async function chmodCredentialsAndAgentState(params: {
env: NodeJS.ProcessEnv;
stateDir: string;
cfg: ClawdbotConfig;
cfg: MoltbotConfig;
actions: SecurityFixAction[];
applyPerms: (params: {
path: string;