moltbot

mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00

Author	SHA1	Message	Date
Tak Hoffman	3efe63d1ad	Cron: respect aborts in main wake-now retries (#23967 ) * Cron: respect aborts in main wake-now retries * Changelog: add main-session cron abort retry fix note * Cron tests: format post-rebase conflict resolution	2026-02-22 17:19:27 -06:00
Tak Hoffman	9bc265f379	Cron: clean run-log write queue entries (#23968 ) * Cron: clean run-log write queue entries * Changelog: add cron run-log write-queue cleanup note	2026-02-22 17:16:42 -06:00
Johann Zahlmann	22c9018303	WhatsApp: enforce allowFrom for explicit outbound sends (#20921 ) * whatsapp: enforce allowFrom in explicit outbound mode * Update CHANGELOG.md --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>	2026-02-22 18:13:23 -05:00
Vignesh Natarajan	d7747148d0	fix(memory): reindex when sources change	2026-02-22 15:12:07 -08:00
Robin Waslander	44727dc3a1	security(web_fetch): strip hidden content to prevent indirect prompt injection (#21074 ) * security(web_fetch): strip hidden content to prevent indirect prompt injection Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * security(web_fetch): address review feedback and credit author * chore(changelog): credit reporter for web_fetch security fix --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>	2026-02-22 18:10:26 -05:00
Tak Hoffman	73e5bb7635	Cron: apply timeout to startup catch-up runs (#23966 ) * Cron: apply timeout to startup catch-up runs * Changelog: add cron startup timeout catch-up note	2026-02-22 17:04:30 -06:00
Lewis	26644c4b89	fix(msteams): add SSRF protection to attachment downloads via redirect and DNS validation (#23598 ) * fix(msteams): add SSRF protection to attachment downloads via redirect and DNS validation The attachment download flow in fetchWithAuthFallback() followed redirects automatically on the initial fetch without any allowlist or IP validation. This allowed DNS rebinding attacks where an allowlisted domain (e.g. evil.trafficmanager.net) could redirect or resolve to a private IP like 169.254.169.254, bypassing the hostname allowlist entirely (issue #11811). This commit adds three layers of SSRF protection: 1. safeFetch() in shared.ts: a redirect-safe fetch wrapper that uses redirect: "manual" and validates every redirect hop against the hostname allowlist AND DNS-resolved IP before following it. 2. isPrivateOrReservedIP() + resolveAndValidateIP() in shared.ts: rejects RFC 1918, loopback, link-local, and IPv6 private ranges for both initial URLs and redirect targets. 3. graph.ts SharePoint redirect handling now also uses redirect: "manual" and validates resolved IPs, not just hostnames. The initial fetch in fetchWithAuthFallback now goes through safeFetch instead of a bare fetch(), ensuring redirects are never followed without validation. Includes 38 new tests covering IP validation, DNS resolution checks, redirect following, DNS rebinding attacks, redirect loops, and protocol downgrade blocking. * fix: address review feedback on SSRF protection - Replace hand-rolled isPrivateOrReservedIP with SDK's isPrivateIpAddress which handles IPv4-mapped IPv6, expanded notation, NAT64, 6to4, Teredo, octal IPv4, and fails closed on parse errors - Add redirect: "manual" to auth retry redirect fetch in download.ts to prevent chained redirect attacks bypassing SSRF checks - Add redirect: "manual" to SharePoint redirect fetch in graph.ts to prevent the same chained redirect bypass - Update test expectations for SDK's fail-closed behavior on malformed IPs - Add expanded IPv6 loopback (0:0:0:0:0:0:0:1) test case * fix: type fetchMock as typeof fetch to fix TS tuple index error * msteams: harden attachment auth and graph redirect fetch flow * changelog(msteams): credit redirect-safeFetch hardening contributors --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>	2026-02-22 18:00:54 -05:00
Vignesh Natarajan	a58b40e153	chore(test): stabilize mcporter assertions on Windows	2026-02-22 14:47:50 -08:00
Vignesh Natarajan	82d34b4b06	fix(memory): harden qmd collection recovery	2026-02-22 14:40:04 -08:00
Peter Steinberger	5858de6078	docs: reorder 2026.2.22 changelog by user impact	2026-02-22 23:37:44 +01:00
Peter Steinberger	84e5ab598a	fix: make windows CI path handling deterministic	2026-02-22 22:34:49 +00:00
Peter Steinberger	3b0e62d5bf	fix(doctor): warn that approvals.exec.enabled only disables forwarding Co-authored-by: nomadonwheels196 <nomadonwheels196@users.noreply.github.com>	2026-02-22 23:33:15 +01:00
Peter Steinberger	a30f9c8673	fix(sandbox): fallback docker user to workspace owner uid/gid Co-authored-by: LucasAIBuilder <LucasAIBuilder@users.noreply.github.com>	2026-02-22 23:33:15 +01:00
Peter Steinberger	394a1af70f	fix(exec): apply per-agent exec defaults for opaque session keys Co-authored-by: brin-tapcart <brin-tapcart@users.noreply.github.com>	2026-02-22 23:33:14 +01:00
Peter Steinberger	427b4360b9	build: update deps and stabilize tests	2026-02-22 23:32:38 +01:00
Peter Steinberger	a5917e4ad8	test(exec): resolve rebase artifact in bash-tools test	2026-02-22 22:25:47 +00:00
Peter Steinberger	1d8968c8a8	fix(voice-call): harden media stream pre-start websocket handling	2026-02-22 23:25:32 +01:00
Vignesh Natarajan	1ad9f9af5a	fix(memory): resolve qmd Windows shim commands	2026-02-22 14:24:49 -08:00
Peter Steinberger	cd919ebd2d	refactor(exec): unify wrapper resolution and split approvals tests	2026-02-22 23:20:09 +01:00
mudrii	3645420a33	perf: skip cache-busting for bundled hooks, use mtime for workspace hooks (openclaw#16960) thanks @mudrii Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: mudrii <220262+mudrii@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>	2026-02-22 16:14:51 -06:00
Peter Steinberger	84303f6a78	test: make exec timeout coverage deterministic	2026-02-22 22:14:01 +00:00
Peter Steinberger	13db0b88f5	refactor(gateway): share safe avatar file open checks	2026-02-22 23:12:45 +01:00
Peter Steinberger	7b229decdd	test(perf): dedupe fixtures and reduce flaky waits	2026-02-22 22:06:01 +00:00
Peter Steinberger	b534dfa3e0	fix(slack,web): harden thread hints and monitor tuning	2026-02-22 22:06:01 +00:00
Peter Steinberger	57b75678d4	test(security): consolidate runtime guardrail scans	2026-02-22 22:06:01 +00:00
Peter Steinberger	fe58839ed1	docs(changelog): thank ghsa reporter for exec fix	2026-02-22 23:04:29 +01:00
Peter Steinberger	498138e77e	docs(changelog): record avatar security hardening	2026-02-22 23:04:23 +01:00
Peter Steinberger	9a6a4131ba	docs(changelog): note shell-wrapper line-continuation exec hardening	2026-02-22 23:03:53 +01:00
Peter Steinberger	c677be9d5f	fix(exec): skip default timeout for background sessions	2026-02-22 23:03:44 +01:00
Peter Steinberger	4b0fddc075	fix(test): prevent env leak causing models.json CI flake	2026-02-22 22:00:44 +00:00
Peter Steinberger	862975507a	refactor(exec): split command resolution and trusted-dir normalization	2026-02-22 23:00:33 +01:00
Peter Steinberger	70cac824b1	perf(test): optimize parallel vitest worker budget	2026-02-22 21:59:22 +00:00
Peter Steinberger	24c954d972	fix(security): harden allow-always wrapper persistence	2026-02-22 22:55:33 +01:00
Peter Steinberger	4adfe80027	fix(extensions): preserve mediaLocalRoots in telegram/discord sendMedia	2026-02-22 22:53:57 +01:00
Peter Steinberger	1e582dcc6f	fix: harden windows path handling in CI tests	2026-02-22 21:52:10 +00:00
Tak Hoffman	556af3f08b	fix(cron): cancel timed-out runs before side effects (openclaw#22411) thanks @Takhoffman Verified: - pnpm check - pnpm vitest run src/memory/qmd-manager.test.ts src/cron/service.issue-regressions.test.ts src/cron/isolated-agent.delivers-response-has-heartbeat-ok-but-includes.test.ts --maxWorkers=1 Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>	2026-02-22 15:45:27 -06:00
Peter Steinberger	64b273a71c	fix(exec): harden safe-bin trust and add explicit trusted dirs	2026-02-22 22:43:18 +01:00
Vignesh Natarajan	08fb38f729	Fix: resolve pnpm check type regressions	2026-02-22 13:40:51 -08:00
Peter Steinberger	6970c2c2db	fix(gateway): harden control-ui avatar reads	2026-02-22 22:40:22 +01:00
Peter Steinberger	e16f93af0c	fix: stabilize ci test typings and mocks	2026-02-22 21:38:47 +00:00
Peter Steinberger	3f0b9dbb36	fix(security): block shell-wrapper line-continuation allowlist bypass	2026-02-22 22:36:29 +01:00
Peter Steinberger	7c109f5737	fix: resolve ci type errors and reconnect test flake	2026-02-22 21:35:20 +00:00
Vignesh Natarajan	d75b594e07	Agents/Replies: scope done fallback to direct sessions	2026-02-22 13:30:30 -08:00
Peter Steinberger	e4d67137db	fix(node): default mac headless system.run to local host Co-authored-by: aethnova <262512133+aethnova@users.noreply.github.com>	2026-02-22 22:24:28 +01:00
Peter Steinberger	d24f5c1e3a	fix(gateway): fail fast exec approvals when no approvers are reachable Co-authored-by: fanxian831-netizen <262880470+fanxian831-netizen@users.noreply.github.com>	2026-02-22 22:24:27 +01:00
Peter Steinberger	73fab7e445	fix(agents): map container workdir paths in workspace guard Co-authored-by: Explorer1092 <32663226+Explorer1092@users.noreply.github.com>	2026-02-22 22:24:27 +01:00
Peter Steinberger	7bbd597383	fix(media): enforce agent media roots in plugin send actions Co-authored-by: Oliver Drobnik <333270+odrobnik@users.noreply.github.com> Co-authored-by: thisischappy <257418353+thisischappy@users.noreply.github.com>	2026-02-22 22:24:27 +01:00
Peter Steinberger	33a43a151d	refactor(security): split elevated allowFrom matcher internals	2026-02-22 22:20:04 +01:00
Peter Steinberger	2081b3a3c4	refactor(channels): dedupe hook and monitor execution paths	2026-02-22 21:19:09 +00:00
Peter Steinberger	06b0a60bef	refactor(daemon): share runtime and service probe helpers	2026-02-22 21:19:09 +00:00

1 2 3 4 5 ...

14109 Commits