LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-18 12:14:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fb720193d95113a3202bbfeeef4109e4e9880e35
moltbot/extensions/mattermost
History
Echo fb720193d9 fix(mattermost): fail closed on empty tokens + per-account slash state 
Address Codex review findings:

1. slash-http.ts: Token validation now rejects when commandTokens set is
   empty (e.g. registration failure). Previously an empty set meant any
   token was accepted — fail-open vulnerability.

2. slash-state.ts: Replaced global singleton with per-account state Map
   keyed by accountId. Multi-account deployments no longer overwrite each
   other's tokens, registered commands, or handlers. The HTTP route
   dispatcher matches inbound tokens to the correct account.

3. monitor.ts: Updated getSlashCommandState/deactivateSlashCommands calls
   to pass accountId.
2026-03-03 07:07:19 +00:00
..
src
fix(mattermost): fail closed on empty tokens + per-account slash state
2026-03-03 07:07:19 +00:00
index.ts
feat(mattermost): add native slash command support
2026-03-03 07:07:19 +00:00
openclaw.plugin.json
chore: Run pnpm format:fix.
2026-01-31 21:13:13 +09:00
package.json
fix: scope extension runtime deps to plugin manifests
2026-03-03 05:33:12 +00:00