LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,243 Commits 634 Branches 72 Tags
dependabot/github_actions/actions/setup-python-6
Commit Graph

17243 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
680a15a69c chore(deps): bump actions/setup-python from 5 to 6 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-07 18:12:53 +00:00
Vincent Koc
912f7a5525 CI: enable Windows pnpm side-effects cache 2026-03-07 10:11:52 -08:00
Vincent Koc
de7848e227 CI: cache Python and Windows pnpm stores 2026-03-07 10:11:51 -08:00
Vincent Koc
61273c072c Docs: remove MDX-breaking secret markers 2026-03-07 10:09:00 -08:00
Vincent Koc
e4d80ed556 CI: restore main detect-secrets scan (#38438) 
* Tests: stabilize detect-secrets fixtures

* Tests: fix rebased detect-secrets false positives

* Docs: keep snippets valid under detect-secrets

* Tests: finalize detect-secrets false-positive fixes

* Tests: reduce detect-secrets false positives

* Tests: keep detect-secrets pragmas inline

* Tests: remediate next detect-secrets batch

* Tests: tighten detect-secrets allowlists

* Tests: stabilize detect-secrets formatter drift
 2026-03-07 10:06:35 -08:00
Peter Steinberger
46e324e269 docs(changelog): credit hook auth throttling report 2026-03-07 18:05:11 +00:00
Peter Steinberger
44820dcead fix(hooks): gate methods before auth lockout accounting 2026-03-07 18:05:09 +00:00
jsk
262fef6ac8 fix(discord): honor commands.allowFrom in guild slash auth (#38794) 
* fix(discord): honor commands.allowFrom in guild slash auth

* Update native-command.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update native-command.commands-allowfrom.test.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix(discord): address slash auth review feedback

* test(discord): add slash auth coverage for allowFrom variants

* fix: add changelog entry for discord slash auth fix (#38794) (thanks @jskoiz)

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
 2026-03-07 12:03:52 -06:00
Peter Steinberger
278e5220ec test: narrow pairing setup helper token type 2026-03-07 17:58:31 +00:00
Peter Steinberger
9dc759023b refactor(agents): share skill plugin fixture writer in tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
7eb48d3cf8 refactor(auto-reply): share discord auth registry test fixture 2026-03-07 17:58:31 +00:00
Peter Steinberger
ce9719c654 refactor(test-utils): share direct channel plugin test fixture 2026-03-07 17:58:31 +00:00
Peter Steinberger
5f56333016 refactor(commands): dedupe config-only channel status fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
bcb587a3bc refactor(commands): dedupe channel plugin test fixture builders 2026-03-07 17:58:31 +00:00
Peter Steinberger
66de964c59 refactor(tui): dedupe mode-specific exec secret fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
e60b28fd1f refactor(tui): dedupe gateway token resolution path 2026-03-07 17:58:31 +00:00
Peter Steinberger
a96ef12061 refactor(memory): dedupe local embedding init concurrency fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
98ed7f57c6 refactor(feishu): dedupe non-streaming reply dispatcher setup 2026-03-07 17:58:31 +00:00
Peter Steinberger
6b0785028f refactor(feishu): dedupe accounts env secret-ref checks 2026-03-07 17:58:31 +00:00
Peter Steinberger
7fddb357cb refactor(feishu): dedupe client timeout assertion scaffolding 2026-03-07 17:58:31 +00:00
Peter Steinberger
ac5f018877 refactor(feishu): dedupe onboarding status env setup tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
72df4bd624 refactor(web): dedupe self-chat response-prefix tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
7e94dec679 refactor(pairing): dedupe inferred auth token fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
19245dd547 refactor(gateway): dedupe blocked chat reply mock setup 2026-03-07 17:58:31 +00:00
Peter Steinberger
4cdf867cb1 refactor(gateway): dedupe maintenance timer test setup 2026-03-07 17:58:31 +00:00
Peter Steinberger
0de6778f13 refactor(gateway): dedupe legacy migration validation assertions 2026-03-07 17:58:31 +00:00
Peter Steinberger
f7a7f08e15 refactor(gateway): dedupe probe route assertion loops 2026-03-07 17:58:31 +00:00
Peter Steinberger
25efbdafce refactor(gateway): dedupe missing-local-token fixture tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
49df8ab7b6 refactor(gateway): dedupe invalid image request assertions 2026-03-07 17:58:31 +00:00
Peter Steinberger
b7733d6f5c refactor(agents): dedupe oauth token env setup tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
ca49372a8d refactor(agents): dedupe anthropic turn validation fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
02b3e85eac refactor(agents): dedupe embedded fallback e2e helpers 2026-03-07 17:58:31 +00:00
Peter Steinberger
2d4a0c79a3 refactor(agents): dedupe nodes photos_latest camera tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
2891c6c93c refactor(agents): dedupe model fallback probe failure tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
e41613f6ec refactor(agents): dedupe kilocode fetch-path tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
53c1ae229f refactor(agents): dedupe minimax api-key normalization tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
4e8fcc1d3d refactor(cli): dedupe command secret gateway env fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
c1a8f8150e refactor(commands): dedupe gateway status token secret fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
4113a0f39e refactor(gateway): dedupe readiness healthy snapshot fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
3d18c6ecec refactor(googlechat): dedupe outbound media runtime fixture setup 2026-03-07 17:58:31 +00:00
Peter Steinberger
6b778c4048 refactor(zalouser): reuse shared QR temp file writer 2026-03-07 17:58:31 +00:00
Peter Steinberger
c5bb6db85b refactor(cron): share isolated-agent turn core test setup 2026-03-07 17:58:31 +00:00
Peter Steinberger
41e0c35b61 refactor(cron): reuse cron job builder in issue-13992 tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
d918fe3ecf refactor(mattermost): dedupe interaction callback test flows 2026-03-07 17:58:31 +00:00
Peter Steinberger
90a41aa1f7 refactor(discord): dedupe resolve channels fallback tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
1fc11ea7d8 refactor(daemon): dedupe systemd restart test scaffolding 2026-03-07 17:58:30 +00:00
Peter Steinberger
a31d3cad96 refactor(fetch-guard): clarify cross-origin redirect header filtering 2026-03-07 17:58:05 +00:00
Peter Steinberger
c6472c189f chore: land #39056 Node version hint sync (thanks @onstash) 
Land contributor change from #39056 and append changelog credit for @onstash.

Co-authored-by: Santosh Venkatraman <santosh.venk@gmail.com>
 2026-03-07 17:51:54 +00:00
Byungsker
7735a0b85c fix(security): use icacls /sid for locale-independent Windows ACL audit (#38900) 
* fix(security): use icacls /sid for locale-independent Windows ACL audit

On non-English Windows editions (Russian, Chinese, etc.) icacls prints
account names in the system locale.  When Node.js reads the output in a
different code page the strings are garbled (e.g. "NT AUTHORITY\???????"
for "NT AUTHORITY\СИСТЕМА"), causing summarizeWindowsAcl to classify SYSTEM
and Administrators as untrusted and flag the config files as "others
writable" — a false-positive security alert.

Fix:
1. Pass /sid to icacls so it outputs security identifiers (*S-1-5-X-...)
   instead of locale-dependent account names.
2. Extend SID_RE to accept the leading * that icacls prepends to SIDs in
   /sid mode: /^\*?s-\d+-\d+(-\d+)+$/i
3. Strip the * before looking up the bare SID in TRUSTED_SIDS / the
   per-user USERSID set so *S-1-5-18 is correctly classified as SYSTEM
   (trusted) and *S-1-5-32-544 as Administrators (trusted).

Tests:
- Update the inspectWindowsAcl "returns parsed ACL entries" assertion to
  expect the /sid flag in the icacls call.
- Add "classifies *S-1-5-18 (icacls /sid prefix form of SYSTEM) as trusted"
  SID classification test.
- Add "classifies *S-1-5-32-544 (icacls /sid Administrators) as trusted".
- Add inspectWindowsAcl end-to-end test with /sid-format mock output
  (*S-1-5-18, *S-1-5-32-544, user SID) — all three classified as trusted.

Fixes #35834

* fix(security): classify world-equivalent SIDs as 'world' when using icacls /sid

When icacls is invoked with /sid, world-equivalent principals like
Everyone, Authenticated Users, and BUILTIN\Users are emitted as raw
SIDs (*S-1-1-0, *S-1-5-11, *S-1-5-32-545). classifyPrincipal() had
no SID-based mapping for these, so they fell through to the generic
'group' category instead of 'world', silently downgrading security
findings that should trigger world-write/world-readable alerts.

Fix: add a WORLD_SIDS constant and check it before falling back to
'group'. Add three regression tests to lock in the behaviour.

* Security: resolve owner SID fallback for Windows ACL audit

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 12:49:33 -05:00
Peter Steinberger
4de697f8fa fix(ci): refresh detect-secrets baseline offsets 2026-03-07 17:42:17 +00:00