moltbot

mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00

Author	SHA1	Message	Date
Peter Steinberger	a67689a7e3	fix: harden allow-always shell multiplexer wrapper handling	2026-02-24 03:06:51 +00:00
Peter Steinberger	4a3f8438e5	fix(gateway): bind node exec approvals to nodeId	2026-02-24 03:05:58 +00:00
Peter Steinberger	9530c01085	refactor(exec): split safe-bin policy modules and dedupe allowlist flow	2026-02-24 03:05:03 +00:00
Peter Steinberger	c5ac90ab92	docs(changelog): add shell-env fallback hardening note	2026-02-24 03:04:49 +00:00
Peter Steinberger	60f1d1959a	test: stabilize invoke-system-run env-wrapper assertion on Windows	2026-02-24 03:02:38 +00:00
Peter Steinberger	d0ef4c75c7	docs(changelog): credit safeBins advisory reporters	2026-02-24 02:59:17 +00:00
Peter Steinberger	ff10fe8b91	fix(security): require /etc/shells for shell env fallback	2026-02-24 02:58:24 +00:00
Shakker	71f4b93656	docs: refresh clawtributors list	2026-02-24 02:55:02 +00:00
Shakker	ef1ffacfb2	scripts: exclude unresolved clawtributors from README	2026-02-24 02:55:02 +00:00
Peter Steinberger	90383e00e9	fix(security): harden autoAllowSkills exec matching	2026-02-24 02:53:47 +00:00
Peter Steinberger	e578521ef4	fix(security): harden session export image data-url handling	2026-02-24 02:53:39 +00:00
Peter Steinberger	fefc414576	fix(security): harden structural session path fallback	2026-02-24 02:52:48 +00:00
Peter Steinberger	ff4e6ca0d9	fix(ios): gate agent deep links with local confirmation	2026-02-24 02:51:58 +00:00
Peter Steinberger	f8524ec77a	fix(security): harden exported session html rendering	2026-02-24 02:40:29 +00:00
Peter Steinberger	f6afc8c5b6	docs(security): clarify host-side exec trust model defaults	2026-02-24 02:40:18 +00:00
Peter Steinberger	1d28da55a5	fix(voice-call): block Twilio webhook replay and stale transitions	2026-02-24 02:37:24 +00:00
Gustavo Madeira Santana	4663d68384	Tests: make model-catalog fixtures type-valid	2026-02-23 21:36:34 -05:00
Peter Steinberger	ce02ad9643	refactor(agents): centralize sandbox media and fs policy helpers	2026-02-24 02:32:01 +00:00
Gustavo Madeira Santana	207ec7cfae	chore(provider): remove unused pruning functions	2026-02-23 21:31:12 -05:00
Peter Steinberger	4032390572	docs(security): clarify trusted user-triggered local actions	2026-02-24 02:29:09 +00:00
Peter Steinberger	3f923e8313	test: add env -S allowlist bypass regressions	2026-02-24 02:28:00 +00:00
Peter Steinberger	6634030be3	fix: enforce apply_patch workspaceOnly in sandbox mounts	2026-02-24 02:23:56 +00:00
Peter Steinberger	c070be1bc4	fix(sandbox): harden fs bridge path checks and bind mount policy	2026-02-24 02:21:43 +00:00
Peter Steinberger	dd9d9c1c60	fix(security): enforce workspaceOnly for sandbox image tool	2026-02-24 02:17:55 +00:00
Peter Steinberger	0026255def	refactor(security): harden system.run wrapper enforcement	2026-02-24 02:17:41 +00:00
Gustavo Madeira Santana	5239b55c0a	Config: expand Kilo catalog and persist selected Kilo models (#24921 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `f5a7e1a385` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-23 21:17:37 -05:00
Peter Steinberger	6c441ea797	fix: support legacy and beta prerelease version formats	2026-02-24 02:05:37 +00:00
Peter Steinberger	08e2aa44e7	fix(commands): restrict commands.allowFrom to sender principals	2026-02-24 02:01:01 +00:00
Peter Steinberger	223d7dc23d	feat(gateway)!: require explicit non-loopback control-ui origins	2026-02-24 01:57:11 +00:00
Peter Steinberger	edfefdff7d	docs(changelog): mark ACP hardening as next npm release	2026-02-24 01:56:22 +00:00
Peter Steinberger	a1c4bf07c6	fix(security): harden exec wrapper allowlist execution parity	2026-02-24 01:52:17 +00:00
Peter Steinberger	5eb72ab769	fix(security): harden browser SSRF defaults and migrate legacy key	2026-02-24 01:52:01 +00:00
Peter Steinberger	8779b523dc	test(sandbox): speed up agent-config coverage with pure resolvers	2026-02-24 01:46:12 +00:00
Peter Steinberger	467666adc7	test(sandbox): use focused modules in lightweight suites	2026-02-24 01:46:12 +00:00
Peter Steinberger	f0f886ecc4	docs(security): clarify gateway-node trust boundary in docs	2026-02-24 01:35:44 +00:00
Peter Steinberger	1f81677093	docs(changelog): note dangerous name-matching audit unification	2026-02-24 01:33:08 +00:00
Peter Steinberger	161d9841dc	refactor(security): unify dangerous name matching handling	2026-02-24 01:33:08 +00:00
Peter Steinberger	6a7c303dcc	test(msteams): fix allowlist name-match expectations	2026-02-24 01:26:53 +00:00
Peter Steinberger	2e36bdda85	docs(changelog): credit ACP security reporter	2026-02-24 01:19:03 +00:00
Peter Steinberger	22467902ea	fix(doctor): inherit dangerous name-matching flag in mutable allowlist scan	2026-02-24 01:18:38 +00:00
Peter Steinberger	e5931554bf	test: tighten slow test timeouts and cleanup	2026-02-24 01:16:53 +00:00
Peter Steinberger	6c43d0a08e	test(gateway): move sessions_send error paths to unit tests	2026-02-24 01:16:53 +00:00
Peter Steinberger	63dcd28ae0	fix(acp): harden permission tool-name validation	2026-02-24 01:11:34 +00:00
Peter Steinberger	f97c0922e1	fix(security): harden account-key handling against prototype pollution	2026-02-24 01:09:31 +00:00
Peter Steinberger	12cc754332	fix(acp): harden permission auto-approval policy	2026-02-24 01:03:30 +00:00
Peter Steinberger	ddf93d9845	docs(security): add vps trust-boundary guidance	2026-02-24 01:02:11 +00:00
Peter Steinberger	cfa44ea6b4	fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907 ) * fix(channels): default allowFrom to id-only; add dangerous name opt-in * docs(security): align channel allowFrom docs with id-only default	2026-02-24 01:01:51 +00:00
Peter Steinberger	41b0568b35	docs(security): clarify shared-agent trust boundaries	2026-02-24 01:00:05 +00:00
Peter Steinberger	0cc327546b	test(gateway): speed up slow e2e test setup	2026-02-24 00:59:52 +00:00
Peter Steinberger	13478cc79a	refactor(config): harden catchall hint mapping and array fallback	2026-02-24 00:59:44 +00:00

1 2 3 4 5 ...

14373 Commits