LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,312 Commits 634 Branches 72 Tags
3b8e33037ae2e12af7beb56fcf0346f1f8cbde6f
Commit Graph

339 Commits

Author SHA1 Message Date
Peter Steinberger
3b8e33037a fix(security): harden safeBins long-option validation 2026-02-23 23:58:58 +00:00
AkosCz
3a3c2da916 [Feature]: Add Gemini (Google Search grounding) as web_search provider (#13075) 
* feat: add Gemini (Google Search grounding) as web_search provider

Add Gemini as a fourth web search provider alongside Brave, Perplexity,
and Grok. Uses Gemini's built-in Google Search grounding tool to return
search results with citations.

- Add runGeminiSearch() with Google Search grounding via tools API
- Resolve Gemini's grounding redirect URLs to direct URLs via parallel
  HEAD requests (5s timeout, graceful fallback)
- Add Gemini config block (apiKey, model) with env var fallback
- Default model: gemini-2.5-flash (fast, cheap, grounding-capable)
- Strip API key from error messages for security
- Add config validation tests for Gemini provider
- Update docs/tools/web.md with Gemini provider documentation

Closes #13074

* feat: auto-detect search provider from available API keys

When no explicit provider is configured, resolveSearchProvider now
checks for available API keys in priority order (Brave → Gemini →
Perplexity → Grok) and selects the first provider with a valid key.

- Add auto-detection logic using existing resolve*ApiKey functions
- Export resolveSearchProvider via __testing_provider for tests
- Add 8 tests covering auto-detection, priority order, and explicit override
- Update docs/tools/web.md with auto-detection documentation

* fix: merge __testing exports, downgrade auto-detect log to debug

* fix: use defaultRuntime.log instead of .debug (not in RuntimeEnv type)

* fix: mark gemini apiKey as sensitive in zod schema

* fix: address Greptile review — add externalContent to Gemini payload, add Gemini/Grok entries to schema labels/help, remove dead schema-fields.ts

* fix(web-search): add JSON parse guard for Gemini API responses

Addresses Greptile review comment: add try/catch to handle non-JSON
responses from Gemini API gracefully, preventing runtime errors on
malformed responses.

Note: FIELD_HELP entries for gemini.apiKey and gemini.model were
already present in schema.help.ts, and gemini.apiKey was already
marked as sensitive in zod-schema.agent-runtime.ts (both fixed in
earlier commits).

* fix: use structured readResponseText result in Gemini error path

readResponseText returns { text, truncated, bytesRead }, not a string.
The Gemini error handler was using the result object directly, which
would always be truthy and never fall through to res.statusText.
Align with Perplexity/xAI/Brave error patterns.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* style: fix import order and formatting after rebase onto main

* Web search: send Gemini API key via header

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-23 09:30:51 -05:00
Peter Steinberger
278331c49c fix(exec): restore sandbox as implicit host default 2026-02-23 01:48:24 +01:00
Peter Steinberger
24c954d972 fix(security): harden allow-always wrapper persistence 2026-02-22 22:55:33 +01:00
Peter Steinberger
64b273a71c fix(exec): harden safe-bin trust and add explicit trusted dirs 2026-02-22 22:43:18 +01:00
Peter Steinberger
6817c0ec7b fix(security): tighten elevated allowFrom sender matching 2026-02-22 22:00:08 +01:00
Peter Steinberger
e0d4194869 docs: add missing summary/read_when metadata 2026-02-22 20:45:09 +01:00
Peter Steinberger
371a7da9c8 docs: add missing summaries and read_when hints 2026-02-22 20:37:02 +01:00
Peter Steinberger
a5e2bd4eaa docs: document verbose-gated tool error details 2026-02-22 15:26:48 +01:00
Onur
3308c86002 docs: keep channel names only in thread-support list 2026-02-22 14:39:40 +01:00
Onur
418e4e32c9 docs: clarify thread-bound subagents are Discord-only 2026-02-22 14:39:40 +01:00
Onur
c952334808 docs: list thread supporting channels in subagents guide 2026-02-22 14:39:40 +01:00
Onur
0b9b9d4301 docs: make subagents thread guidance channel-first 2026-02-22 14:39:40 +01:00
Peter Steinberger
0d0f4c6992 refactor(exec): centralize safe-bin policy checks 2026-02-22 13:18:25 +01:00
Peter Steinberger
47c3f742b6 fix(exec): require explicit safe-bin profiles 2026-02-22 12:58:55 +01:00
Peter Steinberger
e80c803fa8 fix(security): block shell env allowlist bypass in system.run 2026-02-22 12:47:05 +01:00
Peter Steinberger
1b327da6e3 fix: harden exec sandbox fallback semantics (#23398) (thanks @bmendonca3) 2026-02-22 11:12:01 +01:00
Brian Mendonca
c76a47cce2 Exec: fail closed when sandbox host is unavailable 2026-02-22 11:12:01 +01:00
Peter Steinberger
121d027229 chore: remove dead plugin hook loader 2026-02-22 08:45:24 +01:00
Peter Steinberger
817905f3a0 docs: document thread-bound subagent sessions and remove plan 2026-02-21 19:59:55 +01:00
Peter Steinberger
89aad7b922 refactor: tighten safe-bin policy model and docs parity 2026-02-21 19:24:23 +01:00
Peter Steinberger
4c1dd9d068 fix(security): harden macos rawCommand allowlist resolution 2026-02-21 19:17:56 +01:00
Peter Steinberger
57fbbaebca fix: block safeBins sort --compress-program bypass 2026-02-21 19:13:53 +01:00
Vincent Koc
59c78c105a docs: revert automated heading consistency edits (#22743) 2026-02-21 11:18:29 -05:00
Onur
8178ea472d feat: thread-bound subagents on Discord (#21805) 
* docs: thread-bound subagents plan

* docs: add exact thread-bound subagent implementation touchpoints

* Docs: prioritize auto thread-bound subagent flow

* Docs: add ACP harness thread-binding extensions

* Discord: add thread-bound session routing and auto-bind spawn flow

* Subagents: add focus commands and ACP/session binding lifecycle hooks

* Tests: cover thread bindings, focus commands, and ACP unbind hooks

* Docs: add plugin-hook appendix for thread-bound subagents

* Plugins: add subagent lifecycle hook events

* Core: emit subagent lifecycle hooks and decouple Discord bindings

* Discord: handle subagent bind lifecycle via plugin hooks

* Subagents: unify completion finalizer and split registry modules

* Add subagent lifecycle events module

* Hooks: fix subagent ended context key

* Discord: share thread bindings across ESM and Jiti

* Subagents: add persistent sessions_spawn mode for thread-bound sessions

* Subagents: clarify thread intro and persistent completion copy

* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions

* Discord: add thread-bound session TTL with auto-unfocus

* Subagents: fail session spawns when thread bind fails

* Subagents: cover thread session failure cleanup paths

* Session: add thread binding TTL config and /session ttl controls

* Tests: align discord reaction expectations

* Agent: persist sessionFile for keyed subagent sessions

* Discord: normalize imports after conflict resolution

* Sessions: centralize sessionFile resolve/persist helper

* Discord: harden thread-bound subagent session routing

* Rebase: resolve upstream/main conflicts

* Subagents: move thread binding into hooks and split bindings modules

* Docs: add channel-agnostic subagent routing hook plan

* Agents: decouple subagent routing from Discord

* Discord: refactor thread-bound subagent flows

* Subagents: prevent duplicate end hooks and orphaned failed sessions

* Refactor: split subagent command and provider phases

* Subagents: honor hook delivery target overrides

* Discord: add thread binding kill switches and refresh plan doc

* Discord: fix thread bind channel resolution

* Routing: centralize account id normalization

* Discord: clean up thread bindings on startup failures

* Discord: add startup cleanup regression tests

* Docs: add long-term thread-bound subagent architecture

* Docs: split session binding plan and dedupe thread-bound doc

* Subagents: add channel-agnostic session binding routing

* Subagents: stabilize announce completion routing tests

* Subagents: cover multi-bound completion routing

* Subagents: suppress lifecycle hooks on failed thread bind

* tests: fix discord provider mock typing regressions

* docs/protocol: sync slash command aliases and delete param models

* fix: add changelog entry for Discord thread-bound subagents (#21805) (thanks @onutc)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-02-21 16:14:55 +01:00
Peter Steinberger
c6ee14d60e fix(security): block grep safe-bin file-read bypass 2026-02-21 11:18:29 +01:00
Vincent Koc
e93e67bc8e docs: fix thinking section heading link target (#22539) 
* docs: fix thinking link and add reasoning anchor reference

* docs(channels): rename LINE setup heading to onboarding

* docs(channels): normalize Nextcloud Talk onboarding headings

* docs(channels): use onboarding heading for Matrix setup

* docs(channels): standardize Discord onboarding heading

* docs(channels): standardize Telegram onboarding heading

* docs(channels): standardize WhatsApp onboarding heading

* docs(channels): rename iMessage onboarding and configuration sections

* docs(channels): rename Slack onboarding and configuration sections

* docs(channels): rename Signal onboarding heading

* docs(channels): standardize Nostr onboarding and configuration headings

* docs(channels): standardize Zalo onboarding and configuration headings

* docs(channels): standardize Twitch onboarding heading

* docs(channels): standardize Google Chat onboarding heading

* docs(channels): standardize Mattermost onboarding heading

* docs(channels): standardize Zalo Personal onboarding heading

* docs(channels): normalize Discord configuration heading

* docs(channels): standardize Microsoft Teams onboarding heading

* docs(channels): rename Signal configuration reference heading

* docs(channels): rename Matrix configuration reference heading

* docs(channels): normalize WhatsApp configuration heading

* docs(thinking): link reasoning section heading to in-page anchor
 2026-02-21 03:33:06 -05:00
Vincent Koc
325992b777 docs: small docs sweep consistency updates (#22531) 
* docs: fix thinking link and add reasoning anchor reference

* docs(channels): rename LINE setup heading to onboarding

* docs(channels): normalize Nextcloud Talk onboarding headings

* docs(channels): use onboarding heading for Matrix setup
 2026-02-21 03:29:17 -05:00
Shadow
b7644d61a2 fix: restore Discord model picker UX (#21458) (thanks @pejmanjohn) 2026-02-20 21:04:04 -06:00
Shadow
f555835b09 Channels: add thread-aware model overrides 2026-02-20 19:26:25 -06:00
Tyler Yust
fe57bea088 Subagents: restore announce chain + fix nested retry/drop regressions (#22223) 
* Subagents: restore announce flow and fix nested delivery retries

* fix: prep subagent announce + docs alignment (#22223) (thanks @tyler6204)
 2026-02-20 15:39:09 -08:00
Shadow
4ab946eebf Discord VC: voice channels, transcription, and TTS (#18774) 2026-02-20 16:06:07 -06:00
Peter Steinberger
81b19aaa1a fix(security): enforce plugin and hook path containment 2026-02-19 15:37:29 +01:00
Peter Steinberger
b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger
3561442a9f fix(plugins): harden discovery trust checks 2026-02-19 15:14:12 +01:00
Peter Steinberger
5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger
29118995ad refactor(lobster): remove lobsterPath overrides 2026-02-19 14:58:13 +01:00
Peter Steinberger
bafdbb6f11 fix(security): eliminate safeBins file-existence oracle 2026-02-19 14:18:11 +01:00
Peter Steinberger
cfe8457a0f fix(security): harden safeBins stdin-only enforcement 2026-02-19 14:10:45 +01:00
Peter Steinberger
b4dbe03298 refactor: unify restart gating and update availability sync 2026-02-19 10:00:41 +01:00
Peter Steinberger
7e54b6c96f fix(browser): unify extension relay auth on gateway token 2026-02-19 08:40:40 +01:00
Peter Steinberger
ac0db68235 refactor(security): extract safeBins trust resolver 2026-02-18 05:01:31 +01:00
Peter Steinberger
28bac46c92 fix(security): harden safeBins path trust 2026-02-18 04:55:31 +01:00
Peter Steinberger
edf7d6af61 fix: harden subagent completion announce retries 2026-02-18 03:19:50 +01:00
Gustavo Madeira Santana
985ec71c55 CLI: resolve parent/subcommand option collisions (#18725) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b7e51cf909
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-17 20:57:09 -05:00
Peter Steinberger
fa4f66255c fix(subagents): return completion message for manual session spawns 2026-02-18 02:52:35 +01:00
Peter Steinberger
01672a8f25 Revert "Add mesh auto-planning with chat command UX and hardened auth/session behavior" 
This reverts commit 16e59b26a6.

# Conflicts:
#	src/auto-reply/reply/commands-mesh.ts
#	src/gateway/server-methods/mesh.ts
#	src/gateway/server-methods/server-methods.test.ts
 2026-02-18 02:18:02 +01:00
Peter Steinberger
0978d63edd docs: add community plugins guide 2026-02-17 17:42:37 +01:00
Sebastian
6070116382 revert(exec): undo accidental merge of PR #18521 2026-02-16 21:47:18 -05:00
Peter Steinberger
170e6f33b9 docs(commands): add export-session aliases to slash command list 2026-02-16 23:48:43 +00:00