LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-09 15:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,846 Commits 662 Branches 74 Tags
40a68a89362a75685f29efbbbd730aa228cdcec5
Commit Graph

2495 Commits

Author SHA1 Message Date
Peter Steinberger
a5e2bd4eaa docs: document verbose-gated tool error details 2026-02-22 15:26:48 +01:00
Peter Steinberger
adfbbcf1f6 chore: merge origin/main into main 2026-02-22 13:42:52 +00:00
Onur
3308c86002 docs: keep channel names only in thread-support list 2026-02-22 14:39:40 +01:00
Onur
418e4e32c9 docs: clarify thread-bound subagents are Discord-only 2026-02-22 14:39:40 +01:00
Onur
c952334808 docs: list thread supporting channels in subagents guide 2026-02-22 14:39:40 +01:00
Onur
0b9b9d4301 docs: make subagents thread guidance channel-first 2026-02-22 14:39:40 +01:00
Peter Steinberger
0d0f4c6992 refactor(exec): centralize safe-bin policy checks 2026-02-22 13:18:25 +01:00
Peter Steinberger
47c3f742b6 fix(exec): require explicit safe-bin profiles 2026-02-22 12:58:55 +01:00
Peter Steinberger
e80c803fa8 fix(security): block shell env allowlist bypass in system.run 2026-02-22 12:47:05 +01:00
Peter Steinberger
6fda04e938 refactor: tighten onboarding dmScope typing and docs links 2026-02-22 12:46:09 +01:00
Peter Steinberger
65dccbdb4b fix: document onboarding dmScope default as breaking change (#23468) (thanks @bmendonca3) 2026-02-22 12:36:49 +01:00
Peter Steinberger
85e5ed3f78 refactor(channels): centralize runtime group policy handling 2026-02-22 12:35:41 +01:00
Peter Steinberger
777817392d fix: fail closed missing provider group policy across message channels (#23367) (thanks @bmendonca3) 2026-02-22 12:21:04 +01:00
Brian Mendonca
3700151ec0 Channels: fail closed when Slack/Discord config is missing 2026-02-22 12:18:43 +01:00
Peter Steinberger
b98d3330f6 docs: update pty supervision test command paths 2026-02-22 10:48:37 +00:00
Glucksberg
2739328508 fix(telegram): classify undici fetch errors as recoverable for retry (#16699) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 67b5bce44f
Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 16:16:11 +05:30
Peter Steinberger
c995f9be07 test: reclassify mocked announce and sandbox suites as unit tests 2026-02-22 10:28:43 +00:00
Brian Mendonca
bc78b343ba Security: expand audit checks for mDNS and real-IP fallback 2026-02-22 11:26:17 +01:00
maweibin
98a03c490b Feat/logger support log level validation0222 (#23436) 
* 1、环境变量**:新增 `OPENCLAW_LOG_LEVEL`,可取值 `silent|fatal|error|warn|info|debug|trace`。设置后同时覆盖**文件日志**与**控制台**的级别,优先级高于配置文件。
2、启动参数**:在 `openclaw gateway run` 上新增 `--log-level <level>`,对该次进程同时生效于文件与控制台;未传时仍使用环境变量或配置文件。

* fix(logging): make log-level override global and precedence-safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-22 11:15:13 +01:00
Peter Steinberger
1b327da6e3 fix: harden exec sandbox fallback semantics (#23398) (thanks @bmendonca3) 2026-02-22 11:12:01 +01:00
Brian Mendonca
c76a47cce2 Exec: fail closed when sandbox host is unavailable 2026-02-22 11:12:01 +01:00
Peter Steinberger
8887f41d7d refactor(gateway)!: remove legacy v1 device-auth handshake 2026-02-22 09:27:03 +01:00
Peter Steinberger
008a8c9dc6 chore(docs): normalize security finding table formatting 2026-02-22 08:03:29 +00:00
Peter Steinberger
265da4dd2a fix(security): harden gateway command/audit guardrails 2026-02-22 08:45:48 +01:00
Peter Steinberger
121d027229 chore: remove dead plugin hook loader 2026-02-22 08:45:24 +01:00
Peter Steinberger
049b8b14bc fix(security): flag open-group runtime/fs exposure in audit 2026-02-22 08:22:51 +01:00
Peter Steinberger
817905f3a0 docs: document thread-bound subagent sessions and remove plan 2026-02-21 19:59:55 +01:00
Peter Steinberger
2c14b0cf4c refactor(config): unify streaming config across channels 2026-02-21 19:53:42 +01:00
Peter Steinberger
f97c45c5b5 fix(security): warn on Discord name-based allowlists in audit 2026-02-21 19:45:17 +01:00
Peter Steinberger
89aad7b922 refactor: tighten safe-bin policy model and docs parity 2026-02-21 19:24:23 +01:00
Peter Steinberger
4c1dd9d068 fix(security): harden macos rawCommand allowlist resolution 2026-02-21 19:17:56 +01:00
Peter Steinberger
57fbbaebca fix: block safeBins sort --compress-program bypass 2026-02-21 19:13:53 +01:00
Vincent Koc
59c78c105a docs: revert automated heading consistency edits (#22743) 2026-02-21 11:18:29 -05:00
Onur
8178ea472d feat: thread-bound subagents on Discord (#21805) 
* docs: thread-bound subagents plan

* docs: add exact thread-bound subagent implementation touchpoints

* Docs: prioritize auto thread-bound subagent flow

* Docs: add ACP harness thread-binding extensions

* Discord: add thread-bound session routing and auto-bind spawn flow

* Subagents: add focus commands and ACP/session binding lifecycle hooks

* Tests: cover thread bindings, focus commands, and ACP unbind hooks

* Docs: add plugin-hook appendix for thread-bound subagents

* Plugins: add subagent lifecycle hook events

* Core: emit subagent lifecycle hooks and decouple Discord bindings

* Discord: handle subagent bind lifecycle via plugin hooks

* Subagents: unify completion finalizer and split registry modules

* Add subagent lifecycle events module

* Hooks: fix subagent ended context key

* Discord: share thread bindings across ESM and Jiti

* Subagents: add persistent sessions_spawn mode for thread-bound sessions

* Subagents: clarify thread intro and persistent completion copy

* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions

* Discord: add thread-bound session TTL with auto-unfocus

* Subagents: fail session spawns when thread bind fails

* Subagents: cover thread session failure cleanup paths

* Session: add thread binding TTL config and /session ttl controls

* Tests: align discord reaction expectations

* Agent: persist sessionFile for keyed subagent sessions

* Discord: normalize imports after conflict resolution

* Sessions: centralize sessionFile resolve/persist helper

* Discord: harden thread-bound subagent session routing

* Rebase: resolve upstream/main conflicts

* Subagents: move thread binding into hooks and split bindings modules

* Docs: add channel-agnostic subagent routing hook plan

* Agents: decouple subagent routing from Discord

* Discord: refactor thread-bound subagent flows

* Subagents: prevent duplicate end hooks and orphaned failed sessions

* Refactor: split subagent command and provider phases

* Subagents: honor hook delivery target overrides

* Discord: add thread binding kill switches and refresh plan doc

* Discord: fix thread bind channel resolution

* Routing: centralize account id normalization

* Discord: clean up thread bindings on startup failures

* Discord: add startup cleanup regression tests

* Docs: add long-term thread-bound subagent architecture

* Docs: split session binding plan and dedupe thread-bound doc

* Subagents: add channel-agnostic session binding routing

* Subagents: stabilize announce completion routing tests

* Subagents: cover multi-bound completion routing

* Subagents: suppress lifecycle hooks on failed thread bind

* tests: fix discord provider mock typing regressions

* docs/protocol: sync slash command aliases and delete param models

* fix: add changelog entry for Discord thread-bound subagents (#21805) (thanks @onutc)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-02-21 16:14:55 +01:00
Peter Steinberger
166068dfbe test: add byteplus coding-plan live test 2026-02-21 15:42:44 +01:00
Peter Steinberger
581868365d fix: finish volcengine/byteplus landing polish (#7967) (thanks @funmore123) 2026-02-21 15:05:09 +01:00
fanziqing
559736a5a0 feat(volcengine): integrate Volcengine & Byteplus Provider 2026-02-21 15:05:09 +01:00
Peter Steinberger
f48698a50b fix(security): harden sandbox browser network defaults 2026-02-21 14:02:53 +01:00
Peter Steinberger
8c1518f0f3 fix(sandbox): use one-time noVNC observer tokens 2026-02-21 13:56:58 +01:00
Peter Steinberger
621d8e1312 fix(sandbox): require noVNC observer password auth 2026-02-21 13:44:24 +01:00
Peter Steinberger
be7f825006 refactor(gateway): harden proxy client ip resolution 2026-02-21 13:36:23 +01:00
Peter Steinberger
1835dec200 fix(security): force sandbox browser hash migration and audit stale labels 2026-02-21 13:25:41 +01:00
Peter Steinberger
14b0d2b816 refactor: harden control-ui auth flow and add insecure-flag audit summary 2026-02-21 13:18:23 +01:00
Peter Steinberger
f265d45840 fix(tts): make model provider overrides opt-in 2026-02-21 13:16:07 +01:00
Peter Steinberger
356d61aacf fix(gateway): scope tailscale tokenless auth to websocket 2026-02-21 13:03:13 +01:00
Peter Steinberger
073651fb57 docs: add sponsors section to README 2026-02-21 13:00:02 +01:00
Peter Steinberger
99048dbec2 fix(gateway): align insecure-auth toggle messaging 2026-02-21 12:57:22 +01:00
Peter Steinberger
810218756d docs(security): clarify trusted-host deployment assumptions 2026-02-21 12:53:12 +01:00
Peter Steinberger
ede496fa1a docs: clarify trusted-host assumption for tokenless tailscale 2026-02-21 12:52:49 +01:00
Peter Steinberger
6b2f2811dc fix(security): require BlueBubbles webhook auth 2026-02-21 11:41:50 +01:00