LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,787 Commits 634 Branches 72 Tags
8ae2d5110f6ceadef73822aa3db194fb60d2ba68
Commit Graph

12787 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Coy Geek
8ae2d5110f fix(docker): pin base images to SHA256 digests (#7734) 
* fix(docker): pin base images to SHA256 digests for supply chain security

Pin all 9 Dockerfiles to immutable SHA256 digests to prevent supply chain
attacks where a compromised upstream image could be silently pulled into
production builds.

Also add Docker ecosystem to Dependabot configuration for automated
digest updates.

Images pinned:
- node:22-bookworm@sha256:cd7bcd2e7a1e6f72052feb023c7f6b722205d3fcab7bbcbd2d1bfdab10b1e935
- node:22-bookworm-slim@sha256:3cfe526ec8dd62013b8843e8e5d4877e297b886e5aace4a59fec25dc20736e45
- debian:bookworm-slim@sha256:98f4b71de414932439ac6ac690d7060df1f27161073c5036a7553723881bffbe
- ubuntu:24.04@sha256:cd1dba651b3080c3686ecf4e3c4220f026b521fb76978881737d24f200828b2b

Fixes #7731

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* test(docker): add digest pinning regression coverage

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-19 12:42:07 -08:00
Mariano
e98ccc8e17 iOS/Gateway: stabilize background wake and reconnect behavior (#21226) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7705a7741e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 20:20:28 +00:00
Shadow
f7a8c2df2c Discord: handle gateway 4014 close 2026-02-19 13:47:28 -06:00
George Pickett
85fee30e6b fix: changelog for cross-origin redirect header stripping (#20313) (thanks @afurm) 2026-02-19 11:42:25 -08:00
George Pickett
802f043e53 Net: expand cross-origin sensitive header regression test 2026-02-19 11:42:25 -08:00
Andrii Furmanets
c0cd5a7265 Net: strip sensitive headers on cross-origin redirects 2026-02-19 11:42:25 -08:00
Shakker
eec5a6d6f1 Changelog: move prompt caching fix to unreleased 2026-02-19 19:22:46 +00:00
Shakker
45b54d90ab Changelog: add auto-reply run-start fix (#21165) (thanks @shakkernerd) 2026-02-19 19:15:09 +00:00
Shakker
7579e9511e Auto-reply: delay onAgentRunStart until real activity 2026-02-19 19:15:09 +00:00
Isis Anisoptera
4b7d89100e fix(auto-reply): restore prompt cache stability by moving per-turn ids to user context (#20597) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 175919afb6
Co-authored-by: anisoptera <768771+anisoptera@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 19:11:47 +00:00
Shakker
ff3a7e5635 chore: bump release metadata to 2026.2.20 2026-02-19 18:57:08 +00:00
Mariano
a1d5dce7ab iOS: use dedicated session key for chat sheet (#21139) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 31a27b0c5b
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 18:42:56 +00:00
Mariano
42d11a3ec5 iOS: auto-resync chat after reconnect gaps (#21135) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1beca3a76d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 18:37:13 +00:00
Peter Steinberger
bf8117ad32 fix(update): silence npm deprecation/funding noise 2026-02-19 18:19:16 +01:00
Peter Steinberger
e741a53919 chore(ci): trigger push workflows after main CI fix 2026-02-19 17:48:08 +01:00
Peter Steinberger
03d7aad0a4 fix(test): mock runDaemonInstall with vi.mocked 2026-02-19 17:43:29 +01:00
Vincent Koc
45d9b20692 fix(cli): refresh gateway service env during update (#21071) 
* changelog: add security deepMerge prototype-pollution fix entry

* update: refresh gateway service env during update restart

* test(cli): fix daemon install mock assertion

* test(cli): guard update restart false path
 2026-02-19 08:32:56 -08:00
Peter Steinberger
7880947bb5 fix(ci): restore actionlint rules and add blacksmith 16 ignore 2026-02-19 17:29:51 +01:00
Peter Steinberger
e500110ef7 fix(ci): allow blacksmith 16vcpu labels in actionlint 2026-02-19 17:29:20 +01:00
Peter Steinberger
ce1f0c0a10 ci: move workflows to blacksmith 16vcpu runners 2026-02-19 17:25:15 +01:00
Peter Steinberger
2c05cbb43e fix(ci): use versioned actionlint checksum asset v2026.2.19 v2026.2.19-beta.1 2026-02-19 17:07:20 +01:00
Peter Steinberger
2435499862 ci: move blacksmith runners to 8 vcpu 2026-02-19 16:50:22 +01:00
Peter Steinberger
9f5429e528 docs: trim refactor-only and duplicate changelog entries 2026-02-19 16:34:10 +01:00
Peter Steinberger
869ebbce46 fix(ci): verify actionlint release checksum before install 2026-02-19 16:33:32 +01:00
Peter Steinberger
3077c35831 fix(ui): unblock docker onboarding build 2026-02-19 16:32:33 +01:00
Peter Steinberger
30e36c30d4 fix(ci): tighten test typing for browser and cron cli 2026-02-19 15:29:57 +00:00
Peter Steinberger
018370e827 fix(ci): normalize path assertions across platforms 2026-02-19 15:28:14 +00:00
Peter Steinberger
035832b4c5 refactor(daemon): extract windows cmd argv helpers 2026-02-19 16:22:28 +01:00
Peter Steinberger
a1cb700a05 test: dedupe and optimize test suites 2026-02-19 15:19:38 +00:00
Peter Steinberger
b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger
280c6b117b fix(daemon): harden windows schtasks script quoting 2026-02-19 16:16:51 +01:00
Peter Steinberger
3a258e7ca8 fix(ci): add explicit mock export types for harnesses 2026-02-19 15:16:09 +00:00
Peter Steinberger
e96c6a7a3e fix(ci): format cron tool imports 2026-02-19 15:13:02 +00:00
Peter Steinberger
bc6f983f85 fix(ci): resolve format drift and acp mock typing 2026-02-19 15:11:27 +00:00
Peter Steinberger
cc9be84b9c refactor(runtime): split runtime builders and stabilize cron tool seam 2026-02-19 16:09:56 +01:00
Peter Steinberger
e1e91bdb4a test: cover plugin status helper branches 2026-02-19 15:09:19 +00:00
Peter Steinberger
d3bf6e1b90 test: harden mock order and shell path coverage 2026-02-19 15:09:19 +00:00
Peter Steinberger
4574f3279b test: cover npm pack install drift branches 2026-02-19 15:08:54 +00:00
Peter Steinberger
dcd592a601 refactor: eliminate jscpd clones and boost tests 2026-02-19 15:08:54 +00:00
Peter Steinberger
71983716ff test: share channels command mock harness 2026-02-19 15:08:14 +00:00
Peter Steinberger
0213a09211 test: share temp home env harness 2026-02-19 15:08:14 +00:00
Peter Steinberger
edf92f1cb0 refactor: share npm integrity drift handling 2026-02-19 15:08:14 +00:00
Peter Steinberger
72e426be60 test: reuse isolated agent mock module 2026-02-19 15:08:14 +00:00
Peter Steinberger
e1059e95aa refactor(daemon): extract schtasks cmd-set codec helpers 2026-02-19 16:07:15 +01:00
Peter Steinberger
a688ccf24a refactor(security): unify safe-bin argv parsing and harden regressions 2026-02-19 16:04:58 +01:00
Peter Steinberger
2e421f32df fix(security): restore trusted plugin runtime exec default 2026-02-19 16:01:29 +01:00
Peter Steinberger
8288702f51 docs(changelog): add Windows schtasks injection fix note 2026-02-19 15:57:42 +01:00
Peter Steinberger
dafe52e8cf fix(daemon): escape schtasks environment assignments 2026-02-19 15:52:13 +01:00
Peter Steinberger
c45f3c5b00 fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
Peter Steinberger
f76f98b268 chore: fix formatting drift and stabilize cron tool mocks 2026-02-19 15:41:38 +01:00