admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
18,744 Commits 1 Branch 0 Tags
0229246f3b30525cdd32aa4bf46ea2d773d6cccf
Commit Graph

12029 Commits

Author SHA1 Message Date
Peter Steinberger
0229246f3b test: share wake failure assertions 2026-03-13 23:35:27 +00:00
Peter Steinberger
a4a7958678 refactor: share outbound base session setup 2026-03-13 23:35:27 +00:00
Peter Steinberger
854df8352c refactor: share net and slack input helpers 2026-03-13 23:35:26 +00:00
Val Alexander
868fd32ee7 fix(config): avoid Anthropic startup crash (#45520) 
Co-authored-by: Val Alexander <bunsthedev@gmail.com>
 2026-03-13 18:28:33 -05:00
Robin Waslander
1803d16d5c fix(auth): make device bootstrap tokens single-use to prevent scope escalation 
Refs: GHSA-63f5-hhc7-cx6p
 2026-03-13 23:58:45 +01:00
Peter Steinberger
ae1a1fccfe fix: stabilize browser existing-session control 2026-03-13 22:41:17 +00:00
Vincent Koc
e82ba71911 fix(browser): follow up batch failure and limit handling (#45506) 
* fix(browser): propagate nested batch failures

* fix(browser): validate top-level batch limits

* test(browser): cover nested batch failures

* test(browser): cover top-level batch limits
 2026-03-13 15:39:28 -07:00
Robin Waslander
7e49e98f79 fix(telegram): validate webhook secret before reading request body 
Refs: GHSA-jq3f-vjww-8rq7
 2026-03-13 23:21:48 +01:00
Vincent Koc
f59b2b1db3 fix(browser): normalize batch act dispatch for selector and batch support (#45457) 
* feat(browser): add batch actions, CSS selector support, and click delayMs

Adds three improvements to the browser act tool:

1. CSS selector support: All element-targeting actions (click, type,
   hover, drag, scrollIntoView, select) now accept an optional
   'selector' parameter alongside 'ref'. When selector is provided,
   Playwright's page.locator() is used directly, skipping the need
   for a snapshot to obtain refs. This reduces roundtrips for agents
   that already know the DOM structure.

2. Click delay (delayMs): The click action now accepts an optional
   'delayMs' parameter. When set, the element is hovered first, then
   after the specified delay, clicked. This enables human-like
   hover-before-click in a single tool call instead of three
   (hover + wait + click).

3. Batch actions: New 'batch' action kind that accepts an array of
   actions to execute sequentially in a single tool call. Supports
   'stopOnError' (default true) to control whether execution halts
   on first failure. Results are returned as an array. This eliminates
   the AI inference roundtrip between each action, dramatically
   reducing latency and token cost for multi-step flows.

Addresses: #44431, #38844

* fix(browser): address security review — batch evaluateEnabled guard, input validation, recursion limit

Fixes all 4 issues raised by Greptile review:

1. Security: batch actions now respect evaluateEnabled flag.
   executeSingleAction and batchViaPlaywright accept evaluateEnabled
   param. evaluate and wait-with-fn inside batches are rejected
   when evaluateEnabled=false, matching the direct route guards.

2. Security: batch input validation. Each action in body.actions
   is validated as a plain object with a known kind string before
   dispatch. Applies same normalization as direct action handlers.

3. Perf: SELECTOR_ALLOWED_KINDS moved to module scope as a
   ReadonlySet<string> constant (was re-created on every request).

4. Security: max batch nesting depth of 5. Nested batch actions
   track depth and throw if MAX_BATCH_DEPTH exceeded, preventing
   call stack exhaustion from crafted payloads.

* fix(browser): normalize batch act dispatch

* fix(browser): tighten existing-session act typing

* fix(browser): preserve batch type text

* fix(browser): complete batch action execution

* test(browser): cover batch route normalization

* test(browser): cover batch interaction dispatch

* fix(browser): bound batch route action inputs

* fix(browser): harden batch interaction limits

* test(browser): cover batch security guardrails

---------

Co-authored-by: Diwakar <diwakarrankawat@gmail.com>
 2026-03-13 15:10:55 -07:00
Peter Steinberger
d0337a18b6 fix: clear typecheck backlog 2026-03-13 22:09:06 +00:00
Peter Steinberger
a66a0852bb test: cover plugin-sdk subpath imports 2026-03-13 22:09:06 +00:00
Vincent Koc
65f92fd839 Guard updater service refresh against missing invocation cwd (#45486) 
* Update: capture a stable cwd for service refresh env

* Test: cover service refresh when cwd disappears
 2026-03-13 18:09:01 -04:00
Peter Steinberger
fac754041c fix: tighten executable path coverage 2026-03-13 22:07:14 +00:00
Peter Steinberger
0826feb94d test: tighten path prepend helper coverage 2026-03-13 22:06:01 +00:00
Peter Steinberger
56e5b8b9e8 test: tighten secret file error coverage 2026-03-13 22:04:54 +00:00
Peter Steinberger
c04ea0eac5 test: tighten tmp dir security coverage 2026-03-13 22:03:17 +00:00
Peter Steinberger
cb99a23d84 test: tighten shell env helper coverage 2026-03-13 22:02:18 +00:00
Peter Steinberger
fb4aa7eaba fix: tighten shared chat envelope coverage 2026-03-13 22:00:22 +00:00
Peter Steinberger
2fe4c4f8e5 test: tighten shared auth store coverage 2026-03-13 21:59:35 +00:00
Peter Steinberger
6a9e141c7a test: tighten shared config eval helper coverage 2026-03-13 21:58:23 +00:00
Peter Steinberger
b7ff8256ef test: guard plugin-sdk shared-bundle regression (#45426) (thanks @TarasShyn) 2026-03-13 21:57:43 +00:00
Peter Steinberger
592d93211f test: tighten shared manifest metadata coverage 2026-03-13 21:57:16 +00:00
Peter Steinberger
25e900f64a test: tighten shared requirements coverage 2026-03-13 21:55:40 +00:00
Val Alexander
158d970e2b [codex] Polish sidebar status, agent skills, and chat rendering (#45451) 
* style: update chat layout and spacing for improved UI consistency

- Adjusted margin and padding for .chat-thread and .content--chat to enhance layout.
- Consolidated CSS selectors for better readability and maintainability.
- Introduced new test for log parsing functionality to ensure accurate message extraction.

* UI: polish agent skills, chat images, and sidebar status

* test: stabilize vitest helper export types

* UI: address review feedback on agents refresh and chat styles

* test: update outbound gateway client fixture values

* test: narrow shared ip fixtures to IPv4
 2026-03-13 16:53:40 -05:00
Peter Steinberger
52900b48ad test: tighten shared policy helper coverage 2026-03-13 21:53:11 +00:00
Peter Steinberger
4de268587c test: tighten shared tailscale fallback coverage 2026-03-13 21:52:01 +00:00
Peter Steinberger
e665888a45 test: tighten shared usage aggregate coverage 2026-03-13 21:51:01 +00:00
Peter Steinberger
fbcea506ba test: tighten shared gateway bind and avatar coverage 2026-03-13 21:49:50 +00:00
Peter Steinberger
daca6c9df2 test: tighten small shared helper coverage 2026-03-13 21:48:40 +00:00
Peter Steinberger
9b590c9f67 test: tighten shared reasoning tag coverage 2026-03-13 21:47:33 +00:00
Peter Steinberger
ae5563dd18 test: tighten shared join and message content coverage 2026-03-13 21:46:20 +00:00
Peter Steinberger
2d7a061161 test: tighten shared ip parsing coverage 2026-03-13 21:45:30 +00:00
Peter Steinberger
c659f6c959 fix: improve onboarding install diagnostics 2026-03-13 21:44:29 +00:00
Peter Steinberger
eea41f308e fix: tighten shared subagent format coverage 2026-03-13 21:44:11 +00:00
Peter Steinberger
dd54b6f4c7 test: tighten shared node match coverage 2026-03-13 21:43:01 +00:00
Peter Steinberger
73c2edbc0c test: tighten shared code region coverage 2026-03-13 21:42:07 +00:00
Peter Steinberger
fa04e62201 test: tighten shared tailscale and sample coverage 2026-03-13 21:40:59 +00:00
Peter Steinberger
7235ee55c6 test: share APNs direct send fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger
29bc011ec7 test: share heartbeat retry fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger
ed3dd6a1a0 test: share install flow failure harness 2026-03-13 21:40:54 +00:00
Peter Steinberger
84a50acb55 refactor: share portable env entry normalization 2026-03-13 21:40:54 +00:00
Peter Steinberger
ef15600b3e refactor: share request body chunk accounting 2026-03-13 21:40:54 +00:00
Peter Steinberger
8f852ef82f refactor: share system run success delivery 2026-03-13 21:40:54 +00:00
Peter Steinberger
a2fcaf9774 test: share plugin install path fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger
f06ae90884 test: share process respawn launchd assertions 2026-03-13 21:40:54 +00:00
Peter Steinberger
25eb3d5209 refactor: share openclaw root package parsing 2026-03-13 21:40:54 +00:00
Peter Steinberger
95f8b91c8a test: share memory search manager fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger
7eb38e8f7b test: share temporal decay vector fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger
a879ad7547 test: share node host credential assertions 2026-03-13 21:40:54 +00:00
Peter Steinberger
ba34266e89 test: dedupe cron config setup 2026-03-13 21:40:53 +00:00