LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-07 22:44:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,648 Commits 633 Branches 70 Tags
def993dbd843ff28f2b3bad5cc24603874ba9f1e
Commit Graph

14648 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
def993dbd8 refactor(tmp): harden temp boundary guardrails 2026-02-24 23:51:10 +00:00
Vincent Koc
de586373e0 Changelog: note exact do not do that stop trigger 2026-02-24 18:50:53 -05:00
Vincent Koc
cc386f4962 Telegram tests: route exact do not do that to control lane 2026-02-24 18:50:53 -05:00
Vincent Koc
83f586b93b Gateway tests: cover exact do not do that stop matching 2026-02-24 18:50:53 -05:00
Vincent Koc
91391bbe01 Auto-reply tests: assert exact do not do that behavior 2026-02-24 18:50:53 -05:00
Vincent Koc
7bb08ba945 Auto-reply: add exact stop trigger for do not do that 2026-02-24 18:50:53 -05:00
Brian Mendonca
a3c4f56b0b security(voice-call): detect Telnyx webhook replay 2026-02-24 23:50:30 +00:00
Peter Steinberger
53f9b7d4e7 fix(automation): harden announce delivery + cron coding profile (#25813 #25821 #25822) 
Co-authored-by: Shawn <shenghuikevin@shenghuideMac-mini.local>
Co-authored-by: 不做了睡大觉 <user@example.com>
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-02-24 23:49:34 +00:00
Peter Steinberger
36d1e1dcff refactor(telegram): simplify DM media auth precheck flow 2026-02-24 23:49:10 +00:00
Peter Steinberger
316fad13aa refactor(outbound): unify attachment hydration flow 2026-02-24 23:48:43 +00:00
Brian Mendonca
9924f7c84e fix(security): classify hook sessions case-insensitively 2026-02-24 23:48:09 +00:00
Brian Mendonca
43a3ff3beb Changelog: add entry for exec env sanitization 2026-02-24 23:46:39 +00:00
Brian Mendonca
48b052322b Security: sanitize inherited host exec env 2026-02-24 23:46:39 +00:00
Peter Steinberger
9514201fb9 fix(telegram): block unauthorized DM media downloads 2026-02-24 23:44:50 +00:00
Brian Mendonca
5a64f6d766 Gateway/Security: protect /api/channels plugin root 2026-02-24 23:44:32 +00:00
Peter Steinberger
453664f09d refactor(zalo): split monitor access and webhook logic 2026-02-24 23:40:51 +00:00
Peter Steinberger
58309fd8d9 refactor(matrix,tests): extract helpers and inject send-queue timing 2026-02-24 23:37:50 +00:00
Peter Steinberger
a2529c25ff test(matrix,discord,sandbox): expand breakage regression coverage 2026-02-24 23:37:50 +00:00
Peter Steinberger
13a1c46396 fix(web-search): reduce provider auto-detect log noise 2026-02-24 23:32:29 +00:00
Peter Steinberger
79a7b3d22e test(line): align tmp-root expectation after sandbox hardening 2026-02-24 23:31:54 +00:00
Peter Steinberger
79e2328935 docs: update changelog for safe-bin hardening 2026-02-24 23:30:55 +00:00
Peter Steinberger
b4010a0b62 fix(zalo): enforce group sender policy in groups 2026-02-24 23:30:43 +00:00
Peter Steinberger
4355e08262 refactor: harden safe-bin trusted dir diagnostics 2026-02-24 23:29:44 +00:00
Peter Steinberger
5c2a483375 refactor(outbound): centralize attachment media policy 2026-02-24 23:29:05 +00:00
Peter Steinberger
54648a9cf1 refactor: centralize followup origin routing helpers 2026-02-24 23:28:58 +00:00
Peter Steinberger
9b53102100 test: add routing/session isolation edge-case regressions 2026-02-24 23:28:58 +00:00
Peter Steinberger
9fccf60733 refactor(synology-chat): centralize DM auth and fail fast startup 2026-02-24 23:28:40 +00:00
Peter Steinberger
e7a5f9f4d8 fix(channels,sandbox): land hard breakage cluster from reviewed PR bases 
Lands reviewed fixes based on #25839 (@pewallin), #25841 (@joshjhall), and #25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety.

Fixes #25836
Fixes #25840
Fixes #25824
Fixes #25868

Co-authored-by: Peter Wallin <pwallin@gmail.com>
Co-authored-by: Joshua Hall <josh@yaplabs.com>
Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com>
Co-authored-by: peteragility <peteragility@users.noreply.github.com>
 2026-02-24 23:27:56 +00:00
Peter Steinberger
5552f9073f refactor(sandbox): centralize network mode policy helpers 2026-02-24 23:26:46 +00:00
Peter Steinberger
14b6eea6e3 feat(sandbox): block container namespace joins by default 2026-02-24 23:20:34 +00:00
Peter Steinberger
ccbeb332e0 fix: harden routing/session isolation for followups and heartbeat 2026-02-24 23:20:27 +00:00
Peter Steinberger
7655c0cb3a docs(changelog): add synology-chat allowlist fail-closed note 2026-02-24 23:18:18 +00:00
Peter Steinberger
0ee30361b8 fix(synology-chat): fail closed empty allowlist 2026-02-24 23:18:17 +00:00
Peter Steinberger
270ab03e37 fix: enforce local media root checks for attachment hydration 2026-02-24 23:17:48 +00:00
Peter Steinberger
b67e600bff fix(security): restrict default safe-bin trusted dirs 2026-02-24 23:13:37 +00:00
Peter Steinberger
2d159e5e87 docs(security): document openclaw temp-folder boundary 2026-02-24 23:11:19 +00:00
Peter Steinberger
d3da67c7a9 fix(security): lock sandbox tmp media paths to openclaw roots 2026-02-24 23:10:19 +00:00
Peter Steinberger
bf8ca07deb fix(config): soften antigravity removal fallout (#25538) 
Land #25538 by @chilu18 to keep legacy google-antigravity-auth config entries non-fatal after removal (see #25862).

Co-authored-by: chilu18 <chilu.machona@icloud.com>
 2026-02-24 23:02:45 +00:00
Shakker
039ae0b77c chore: refresh lockfile after plugin devDependency cleanup 2026-02-24 22:50:47 +00:00
Shakker
955cc9029f chore: sync plugin versions to 2026.2.24 2026-02-24 22:45:46 +00:00
Peter Steinberger
f4e6f87303 refactor(ios): drop legacy talk payload and keychain fallbacks 2026-02-24 22:39:37 +00:00
Shakker
853f75592f changelog: include #25847 in chat image safety entry (#25847) (thanks @shakkernerd) 2026-02-24 22:28:58 +00:00
Shakker
30cb849b10 test(ui): reject base64 SVG data URLs 2026-02-24 22:28:58 +00:00
Shakker
e7298b844f changelog: credit both chat-image fix contributors 2026-02-24 22:28:58 +00:00
Shakker
e9750104b2 ui: block svg data image opens and harden tests 2026-02-24 22:28:58 +00:00
Peter Steinberger
9ef0fc2ff8 fix(sandbox): block @-prefixed workspace path bypass 2026-02-24 17:23:14 +00:00
Ayaan Zaidi
f154926cc0 fix: land telegram empty-html fallback hardening (#25096) (thanks @Glucksberg) 2026-02-24 22:34:21 +05:30
Ayaan Zaidi
6e31bca198 fix(telegram): fail loud on empty text fallback 2026-02-24 22:34:21 +05:30
Glucksberg
566a8e7137 chore(telegram): suppress handled empty-text retry logs 2026-02-24 22:34:21 +05:30
Glucksberg
51b3e23680 fix(telegram): fallback to plain text when threaded markdown renders empty 
Minimal fix path for Telegram empty-text failures in threaded replies.

- fallback to plain text when formatted htmlText is empty
- retry plain text on parse/empty-text API errors
- add focused regression test for threaded mode case

Related: #25091
Supersedes alternative fix path in #17629 if maintainers prefer minimal scope.
 2026-02-24 22:34:21 +05:30