LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-05-17 02:37:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
35,912 Commits 1,642 Branches 197 Tags
27aedcfd568bf5671887bf2eb2507e4cd6cd0735
Commit Graph

343 Commits

Author SHA1 Message Date
Peter Steinberger
5f2273e81e fix(gateway): unify chat display projection 2026-04-26 05:33:58 +01:00
Shakker
2e7635f4f9 fix: scope web provider ownership to plugin index 2026-04-26 04:39:12 +01:00
Shakker
1a193b2d96 fix: scope cold plugin manifests to index 2026-04-26 03:47:45 +01:00
Vincent Koc
10763781fd fix(config): resolve plugin contracts cold 2026-04-25 19:33:56 -07:00
Vincent Koc
6afac5208a fix(secrets): resolve plugin env metadata cold 2026-04-25 19:18:30 -07:00
Peter Steinberger
0ca952cdd5 feat(tts): add per-agent voice overrides 2026-04-26 02:54:13 +01:00
Shakker
c19f8a5223 refactor: consolidate plugin install index store 2026-04-26 01:03:12 +01:00
Vincent Koc
74059aaa29 fix(secrets): honor plugin install ledger for web fetch discovery 2026-04-25 13:55:00 -07:00
Vincent Koc
70d1871db7 fix(secrets): honor plugin install ledger in web search risk 2026-04-25 13:50:44 -07:00
Peter Steinberger
7a71a66571 perf: cache provider env var lookups 2026-04-25 08:35:57 +01:00
Peter Steinberger
9e5d09c962 fix(config): reject legacy secretref env markers 2026-04-25 03:48:11 +01:00
Vincent Koc
7536993397 feat(plugins): read setup provider env vars (#71226) 
* feat(plugins): read setup provider env vars

* fix(plugins): mark provider env compat deprecation
 2026-04-24 12:59:02 -07:00
Peter Steinberger
11fa1d2dc7 test: mock secrets apply runtime preflight 2026-04-24 12:22:49 +01:00
Peter Steinberger
9faa9d33e6 test: mock web tools manifest lookup 2026-04-24 12:19:50 +01:00
zhang-guiping
c1f423f845 fix(secrets): harden Windows ACL fallback and strip BOM (#70662) 
Fail closed when Windows ACL checks cannot be verified for file and exec secret providers unless the provider explicitly opts into allowInsecurePath. Strip UTF-8 BOMs from file-backed secrets and document the trusted-path override.\n\nThanks @zhanggpcsu.
 2026-04-23 19:32:15 +01:00
Peter Steinberger
158a0d4ab4 test: trim duplicate runtime smoke work 2026-04-23 11:28:26 +01:00
Peter Steinberger
3fd2a94404 refactor: generalize command sender identity checks 2026-04-22 06:11:49 +01:00
Peter Steinberger
6639bbbc2e refactor: generalize conversation id labels 2026-04-22 06:11:49 +01:00
Peter Steinberger
e20a5eeddb refactor: keep legacy web search config in doctor 2026-04-22 06:11:49 +01:00
Peter Steinberger
a6dce7cf19 refactor: resolve web search secrets by target path 2026-04-22 06:11:49 +01:00
Peter Steinberger
89741c7a23 refactor: use generic web search runtime credential hooks 2026-04-22 06:11:49 +01:00
Peter Steinberger
94f670b893 refactor: use generic web search credential hooks 2026-04-22 06:11:49 +01:00
Peter Steinberger
0c863124bb refactor: derive setup promotion rules from plugins 2026-04-22 06:11:49 +01:00
Peter Steinberger
db055a5c0d refactor: move WhatsApp group inference out of core 2026-04-22 06:11:49 +01:00
Peter Steinberger
bdcbb6b49d refactor: move Feishu model override parsing to plugin 2026-04-22 06:11:49 +01:00
Peter Steinberger
7189b49f81 refactor: move media defaults into plugin manifests 2026-04-22 06:11:49 +01:00
Peter Steinberger
2e775fb03e refactor: move stale socket modes to channel status 2026-04-22 06:11:49 +01:00
Peter Steinberger
0a027ff591 refactor: derive CLI web credential targets 2026-04-22 06:11:49 +01:00
Peter Steinberger
bc9c2cc162 refactor: derive web credential secret targets from manifests 2026-04-22 06:11:49 +01:00
Gustavo Madeira Santana
24db09a19b fix(cli): keep channel status checks off plugin runtimes (#69479) 
Merged via squash.

Prepared head SHA: 63f6e416a9
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-21 13:53:08 -04:00
Peter Steinberger
982b1c9464 test(ci): reduce channel contract import cost 2026-04-21 00:40:07 +01:00
Peter Steinberger
88d97c55c7 test: share secrets runtime file fixture 2026-04-20 22:28:49 +01:00
Peter Steinberger
9cba6672d6 refactor: share inactive web provider warnings 2026-04-20 22:28:49 +01:00
Peter Steinberger
19525e1dd0 test: share media auth snapshot setup 2026-04-20 22:28:49 +01:00
Peter Steinberger
cf4354ad83 test: share plugin secret collector setup 2026-04-20 22:28:49 +01:00
Peter Steinberger
382201acf0 test: share gateway password inactive assertion 2026-04-20 22:21:34 +01:00
Peter Steinberger
de404de321 test: share secrets exec resolver fixtures 2026-04-20 22:17:34 +01:00
Peter Steinberger
f3e6eeb643 perf(gateway): fast path startup secrets 2026-04-20 21:30:06 +01:00
Peter Steinberger
975b989de6 test: reduce module reload churn 2026-04-20 20:28:47 +01:00
Peter Steinberger
17fcbcefbc refactor: share plugin config trust helpers 2026-04-18 23:55:05 +01:00
Peter Steinberger
1f1ff0567a refactor(lint): reduce map spread patterns 2026-04-18 19:27:43 +01:00
Peter Steinberger
df525b90f2 chore(lint): enable unnecessary type parameter rule 2026-04-18 18:31:13 +01:00
Gustavo Madeira Santana
a464f5926b Secrets: avoid broad web search discovery for single plugin config 
Add an Exa web-search contract artifact and use single bundled plugin-scoped webSearch config as a provider hint. This keeps runtime secret resolution on metadata-only surfaces instead of importing full provider tool implementations.
 2026-04-17 13:38:24 -04:00
Vincent Koc
7320dfc1ff test(perf): speed up slow cron infra and secrets specs 2026-04-15 10:22:43 +01:00
Josh Avant
1769fb2aa1 fix(secrets): align SecretRef inspect/strict behavior across preload/runtime paths (#66818) 
* Config: add inspect/strict SecretRef string resolver

* CLI: pass resolved/source config snapshots to plugin preload

* Slack: keep HTTP route registration config-only

* Providers: normalize SecretRef handling for auth and web tools

* Secrets: add Exa web search target to registry and docs

* Telegram: resolve env SecretRef tokens at runtime

* Agents: resolve custom provider env SecretRef ids

* Providers: fail closed on blocked SecretRef fallback

* Telegram: enforce env SecretRef policy for runtime token refs

* Status/Providers/Telegram: tighten SecretRef preload and fallback handling

* Providers: enforce env SecretRef policy checks in fallback auth paths

* fix: add SecretRef lifecycle changelog entry (#66818) (thanks @joshavant)
 2026-04-14 17:59:28 -05:00
Vincent Koc
c6c222ba84 perf(tests): trim hot wizard and infra setup work 2026-04-14 22:42:32 +01:00
Vincent Koc
bd20a920a2 perf(config): use generated SecretRef policy metadata 2026-04-13 20:19:04 +01:00
Vincent Koc
961eb95e9a perf(secrets): lazy-load provider env var exports 2026-04-13 19:52:02 +01:00
Vincent Koc
b051b0511c perf(secrets): fast-path explicit channel target lookup 2026-04-13 15:49:23 +01:00
scoootscooob
94ef2f1b0d CLI: detect env-backed audio providers (#65491) 
* CLI: detect env-backed audio providers

* fix(cli): trust audio provider env detection

* Secrets: keep default provider env lookups stable

* Plugins: harden env-backed auth defaults

* Plugins: tighten trusted env var lookups

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-04-12 14:04:44 -07:00