LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,778 Commits 634 Branches 72 Tags
6532757cdfb80047ad261590d0fdf5f3eae877ef
Commit Graph

15778 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gustavo Madeira Santana
6532757cdf Diffs: add viewer payload validation and presentation defaults 2026-03-01 22:38:14 -05:00
Peter Steinberger
0202d79df4 fix(inbound-meta): land #30984 include account_id context (@Stxle2) 
Landed from contributor PR #30984 by @Stxle2.

Co-authored-by: Stxle2 <166609401+Stxle2@users.noreply.github.com>
 2026-03-02 03:36:48 +00:00
Ayaan Zaidi
c13b35b83d feat(telegram): improve DM topics support (#30579) (thanks @kesor) 2026-03-02 09:06:45 +05:30
Peter Steinberger
aafc4d56e3 docs(changelog): credit fixes from PRs #31058 #31211 #30941 #31047 #31205 2026-03-02 03:35:49 +00:00
Peter Steinberger
00dcd931cb test(fs-safe): assert directory-read errors never leak EISDIR text 2026-03-02 03:35:20 +00:00
倪汉杰0668001185
6398a0ba8f fix(infra): avoid EISDIR leak to messaging when Read targets directory (Closes #31186) 2026-03-02 03:35:20 +00:00
Dale Babiy
8a4d8c889c fix(secrets): normalize inline SecretRef token/key to tokenRef/keyRef in runtime snapshot (#31047) 
* fix(secrets): normalize inline SecretRef token/key to tokenRef/keyRef in runtime snapshot

When auth-profiles.json uses an inline SecretRef as the token or key
value directly (e.g. `"token": {"source":"file",...}`), the resolved
plaintext was written back to disk on every updateAuthProfileStoreWithLock
call, overwriting the SecretRef.

Root cause: collectTokenProfileAssignment and collectApiKeyProfileAssignment
detected inline SecretRefs but did not promote them to the canonical
tokenRef/keyRef fields. saveAuthProfileStore only strips plaintext when
tokenRef/keyRef is set, so the inline case fell through and persisted
plaintext on every save.

Fix: when an inline SecretRef is detected and no explicit tokenRef/keyRef
exists, promote it to the canonical field and delete the inline form.
saveAuthProfileStore then correctly strips the resolved plaintext on write.

Fixes #29108

* fix test: cast inline SecretRef loadAuthStore mocks to AuthProfileStore

* fix(secrets): fix TypeScript type error in runtime test loadAuthStore lambda

* test(secrets): keep explicit keyRef precedence over inline key ref

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-03-02 03:34:23 +00:00
Peter Steinberger
d446722f2f docs(changelog): merge post-v2026.2.26 release notes 2026-03-02 03:34:00 +00:00
Peter Steinberger
edd9319552 fix(feishu): land #31209 prevent system preview leakage (@stakeswky) 
Landed from contributor PR #31209 by @stakeswky.

Co-authored-by: stakeswky <stakeswky@users.noreply.github.com>
 2026-03-02 03:33:48 +00:00
Peter Steinberger
072e1e9e38 test(session): cover internal route without external fallback 2026-03-02 03:33:12 +00:00
graysurf
95db5bb5e8 fix(session): preserve external lastTo routing for internal turns 2026-03-02 03:33:12 +00:00
Peter Steinberger
0fa5d6ed2e test(usage): cover negative prompt_tokens alias clamp 2026-03-02 03:31:47 +00:00
scoootscooob
20467d987d fix(usage): clamp negative input token counts to zero 
Some OpenAI-format providers (via pi-ai) pre-subtract cached_tokens from
prompt_tokens upstream.  When cached_tokens exceeds prompt_tokens due to
provider inconsistencies the subtraction produces a negative input value
that flows through to the TUI status bar and /usage dashboard.

Clamp rawInput to 0 in normalizeUsage() so downstream consumers never
see nonsensical negative token counts.

Closes #30765

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-02 03:31:47 +00:00
Glucksberg
08c35eb13f fix(cron): re-arm one-shot at-jobs when rescheduled after completion (openclaw#28915) thanks @Glucksberg 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 21:31:24 -06:00
lbo728
904016b7de fix(origin-check): honour "*" wildcard in gateway.controlUi.allowedOrigins 
When gateway.controlUi.allowedOrigins is set to ["*"], the Control UI
WebSocket was still rejected with "origin not allowed" for any non-
loopback origin (e.g. Tailscale IPs, LAN addresses).

Root cause: checkBrowserOrigin() compared each allowedOrigins entry
against the parsed request origin via a literal Array#includes(). The
entry "*" never equals an actual origin string, so the wildcard was
silently ignored and all remote connections were blocked.

Fix: check for the literal "*" entry before the per-origin comparison
and return ok:true immediately when found.

Closes #30990
 2026-03-02 03:30:20 +00:00
Peter Steinberger
08f8aea32e fix(signal): land #31138 syncMessage presence filtering (@Sid-Qin) 
Landed from contributor PR #31138 by @Sid-Qin.

Co-authored-by: Sid-Qin <sidqin0410@gmail.com>
 2026-03-02 03:28:25 +00:00
Peter Steinberger
22666034a0 docs(changelog): credit feishu fix contributors 2026-03-02 03:24:21 +00:00
Vincent Koc
1a42ea3abf fix(auto-reply): normalize block-reply callback to Promise for timeout path (#31200) 
* Auto-reply: wrap block reply callback in Promise.resolve for timeout safety

* Build: add strict smoke build script for CI regression gating

* CI: gate strict TS smoke build in check workflow

* docs(changelog): add auto-reply block reply timeout fix under Unreleased

* docs(changelog): credit original #19779 contributor and vincentkoc
 2026-03-01 19:23:38 -08:00
Vincent Koc
030565b18c Docker: add OCI base-image labels and document base-image metadata (#31196) 
* Docker: add OCI base image labels

* Docs(Docker): document base image metadata context

* Changelog: note Docker base annotation docs update

* Changelog: add author credit for Docker base annotations

* Update docker.md

* Docker: add OCI source and docs labels

* CI(Docker): publish OCI revision/version labels

* Docs(Docker): list OCI image annotations

* Changelog: expand OCI annotation coverage note

* Docker: set OCI license annotation to MIT

* Docs(Docker): align OCI license annotation to MIT

* Docker: note docs sync path for OCI annotations

* Docker: normalize OCI label block indentation
 2026-03-01 19:22:44 -08:00
Peter Steinberger
6ea3a47dae fix(feishu): harden routing, parsing, and media delivery 2026-03-02 03:22:07 +00:00
Peter Steinberger
cdbed3c9b1 fix(googlechat): land #30965 thread reply option support (@novan) 
Landed from contributor PR #30965 by @novan.

Co-authored-by: novan <novan@users.noreply.github.com>
 2026-03-02 03:16:48 +00:00
Peter Steinberger
355b4c62bc fix(mattermost): land #30891 route private channels as group (@BlueBirdBack) 
Landed from contributor PR #30891 by @BlueBirdBack.

Co-authored-by: BlueBirdBack <BlueBirdBack@users.noreply.github.com>
 2026-03-02 03:14:17 +00:00
Peter Steinberger
6bea38b21f fix(models): land #31202 normalize custom provider keys (@stakeswky) 
Landed from contributor PR #31202 by @stakeswky.

Co-authored-by: stakeswky <stakeswky@users.noreply.github.com>
 2026-03-02 03:11:55 +00:00
Peter Steinberger
342bf4838e fix(cli): preserve json stdout while keeping doctor migration (#24368) (thanks @altaywtf) 2026-03-02 03:10:02 +00:00
Altay
67b98139b9 test(cli): avoid brittle mock call indexing in json-mode checks 2026-03-02 03:10:02 +00:00
Altay
9e4a366ee6 fix(cli): keep json preflight stdout machine-readable 2026-03-02 03:10:02 +00:00
Peter Steinberger
493ebb915b refactor: simplify telegram delivery and outbound session resolver flow 2026-03-02 03:09:40 +00:00
Peter Steinberger
166ae8f002 fix(matrix): land #31201 preserve room ID casing (@williamos-dev) 
Landed from contributor PR #31201 by @williamos-dev.

Co-authored-by: williamos-dev <williamos-dev@users.noreply.github.com>
 2026-03-02 03:09:23 +00:00
Peter Steinberger
efd303dbc4 fix: normalize Discord wildcard sentinel parsing (#29459) (thanks @Sid-Qin) 2026-03-02 03:08:32 +00:00
SidQin-cyber
6210d2e238 fix(discord): prevent wildcard component registration collisions 
Assign distinct sentinel registration ids to Discord wildcard handlers while preserving wildcard parser keys, so select/menu/modal handlers no longer get dropped on runtimes that dedupe by raw customId.
 2026-03-02 03:08:32 +00:00
Peter Steinberger
c869ca4bbf fix: harden discord agent cid parsing (#29013) (thanks @Jacky1n7) 2026-03-02 03:07:48 +00:00
李肖然
c14c17403e style: oxfmt for agent-components 2026-03-02 03:07:48 +00:00
李肖然
e95f96f77a fix(discord): guard cid decode to avoid URIError 2026-03-02 03:07:48 +00:00
李肖然
9aba8422ca fix(discord): accept cid in agent component interactions 2026-03-02 03:07:48 +00:00
Peter Steinberger
25b731c34a fix: harden discord media fallback regressions (#28906) (thanks @Sid-Qin) 2026-03-02 03:05:12 +00:00
SidQin-cyber
0a67033fe3 fix(discord): keep attachment metadata when media fetch is blocked 
Preserve inbound attachment/sticker metadata in Discord message context when media download fails (for example due to SSRF blocking), so agents still see file references instead of silent drops.

Closes #28816
 2026-03-02 03:05:12 +00:00
Peter Steinberger
e4e5d9c98c fix(model): land #30932 auth-profile @ parsing for /model (@haosenwang1018) 
Landed from contributor PR #30932 by @haosenwang1018.

Co-authored-by: haosenwang1018 <haosenwang1018@users.noreply.github.com>
 2026-03-02 03:05:03 +00:00
Peter Steinberger
15c1c93a95 docs: add missing changelog entry for #31064 2026-03-02 03:04:10 +00:00
Hyup
9c03f8be08 telegram: retry media fetch with IPv4 fallback on connect errors (#30554) 
* telegram: retry fetch once with IPv4 fallback on connect errors

* test(telegram): format fetch fallback test

* style(telegram): apply oxfmt for fetch test

* fix(telegram): retry ipv4 fallback per request

* test: harden telegram ipv4 fallback coverage (#30554)

---------

Co-authored-by: root <root@vultr.guest>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-03-02 03:00:33 +00:00
Peter Steinberger
31c4722e90 docs: credit telegram empty-final regression coverage (#30746) 2026-03-02 02:59:08 +00:00
Rylen Anil
48d369749c fix(telegram): skip null/undefined final text payloads 2026-03-02 02:59:08 +00:00
liuxiaopai-ai
e6e3a7b497 fix(telegram): retry DM thread sends without message_thread_id [AI-assisted] 2026-03-02 02:58:15 +00:00
Peter Steinberger
ef9085927b test: cover voice fallback first-chunk reply behavior (#31077) 2026-03-02 02:57:10 +00:00
scoootscooob
2a381e6d7b fix(telegram): replyToMode 'first' now only applies reply-to to first chunk 
The `replyToMessageIdForPayload` was computed once outside the chunk
and media loops, so all chunks received the same reply-to ID even when
replyToMode was set to "first". This replaces the static binding with
a lazy `resolveReplyTo()` function that checks `hasReplied` at each
send site, and updates `hasReplied` immediately after the first
successful send.

Fixes #31039

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-02 02:57:10 +00:00
Brian Le
f64d25bd3e fix(telegram): scope DM topic thread keys by chat id (#31064) 
* fix(telegram): scope DM topic thread keys by chat id

* test(telegram): update dm topic session-key expectation

* fix(telegram): parse scoped dm thread ids in outbound recovery

* chore(telegram): format accounts config merge block

* test(nodes): simplify mocked exports for ts tuple spreads
 2026-03-02 02:54:45 +00:00
Tak Hoffman
bbab94c1fe security(feishu): bind doc create grants to trusted requester context (#31184) 
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 20:51:45 -06:00
不做了睡大觉
e482da6682 fix(ollama): prioritize provider baseUrl for embedded runner (#30964) 
* fix(ollama): honor provider baseUrl in embedded runner

* Embedded Ollama: clarify provider baseUrl precedence comment

* Changelog: note embedded Ollama baseUrl precedence fix

* Telegram: apply required formatter update in accounts config merge

* Revert "Telegram: apply required formatter update in accounts config merge"

This reverts commit d372b26975.

* Update CHANGELOG.md

---------

Co-authored-by: User <user@example.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-01 18:38:42 -08:00
Gustavo Madeira Santana
fd341d0d3f docs(changelog): add diffs entry 2026-03-01 21:36:42 -05:00
Peter Steinberger
b0c7f1ebe2 fix: harden sessions_spawn delivery params and telegram account routing (#31000, #31110) 2026-03-02 02:35:48 +00:00
Peter Steinberger
684ac44b71 fix(ui): land #31133 cron edit form viewport scrolling (@Sid-Qin) 
Landed from contributor PR #31133 by @Sid-Qin.

Co-authored-by: Sid-Qin <Sid-Qin@users.noreply.github.com>
 2026-03-02 02:34:43 +00:00