Moltbot

Author	SHA1	Message	Date
Peter Steinberger	057233953e	test(retry): table-drive retryAfter timer cases	2026-02-21 23:58:33 +00:00
Peter Steinberger	1381c4c64a	test(telegram): replace redundant bot setup mock resets with clears	2026-02-21 23:58:33 +00:00
Peter Steinberger	5af39b051d	test(telegram): dedupe send fallback/media fixtures and trim reset overhead	2026-02-21 23:58:33 +00:00
Peter Steinberger	dfe0483d80	test(browser): table-drive scroll and click error rewrites	2026-02-21 23:58:33 +00:00
Peter Steinberger	8083cb8e0b	test(web-fetch): dedupe blocked-url SSRF assertions	2026-02-21 23:58:33 +00:00
Peter Steinberger	a97992fcf2	test(pi-tools): share safeBins e2e setup and teardown	2026-02-21 23:58:33 +00:00
Peter Steinberger	ba23d2b1fe	test(onboard): table-drive custom api flag rejection cases	2026-02-21 23:58:33 +00:00
Peter Steinberger	8cc3a5e460	test(doctor): tighten legacy migration e2e timeout budgets	2026-02-21 23:58:33 +00:00
Peter Steinberger	012654c7c5	test(sandbox): table-drive dangerous docker config rejection cases	2026-02-21 23:58:33 +00:00
Peter Steinberger	a353dae14f	test(image-tool): share temp agent dirs and table-drive validation cases	2026-02-21 23:58:33 +00:00
Peter Steinberger	150c048b0a	refactor: unify discord listener slow-log flow and test helpers	2026-02-22 00:44:56 +01:00
Peter Steinberger	f589295a0a	test(actions): table-drive discord presence mappings	2026-02-21 23:44:01 +00:00
Peter Steinberger	0afd5d38c5	test(actions): table-drive discord reaction and permission cases	2026-02-21 23:43:01 +00:00
Peter Steinberger	2595690a4d	test(actions): table-drive slack and telegram action cases	2026-02-21 23:43:01 +00:00
Peter Steinberger	7707e3406c	fix: await DiscordMessageListener handler for queued messages (#22396 ) Co-authored-by: Irene <huangxiyan2311@gmail.com>	2026-02-22 00:41:46 +01:00
Peter Steinberger	8922cb4085	test(sandbox): share sandbox-root setup across path cases	2026-02-21 23:38:43 +00:00
Peter Steinberger	548c227411	test: fix nodes camera case typing for CI	2026-02-22 00:38:36 +01:00
Peter Steinberger	6ea47c3f02	test(outbound): table-drive pre-aborted action cases	2026-02-21 23:37:12 +00:00
Peter Steinberger	8af676edb3	test: tighten web and cron cli timeout budgets	2026-02-21 23:36:24 +00:00
Peter Steinberger	204f379f6b	test(archive): share zip/tar fixture generation	2026-02-21 23:35:21 +00:00
Peter Steinberger	9aa5b5d157	test(logging): dedupe stream and state-dir env assertions	2026-02-21 23:34:38 +00:00
Peter Steinberger	ffd9b86ca4	test(ssrf): table-drive blocked hostname literal checks	2026-02-21 23:33:47 +00:00
Peter Steinberger	e84d89ab06	test(gateway): extract shared parse warning helper	2026-02-21 23:32:32 +00:00
Peter Steinberger	d3991d6aa9	fix: harden sandbox tmp media validation (#17892 ) (thanks @dashed)	2026-02-22 00:31:21 +01:00
Alberto Leal	2958a8414d	test(media): narrow result kind before sendResult assertion	2026-02-22 00:31:21 +01:00
Alberto Leal	8934da785b	test(media): verify tmpdir media paths allowed through message action runner Add integration test confirming that runMessageAction with a sandbox root now accepts media paths under os.tmpdir() through the full normalization pipeline (normalizeSandboxMediaList → resolveSandboxedMediaSource).	2026-02-22 00:31:21 +01:00
Alberto Leal	0bb81f7294	fix(media): allow os.tmpdir() paths in sandbox media source validation resolveSandboxedMediaSource() rejected all paths outside the sandbox workspace root, including /tmp. This blocked sandboxed agents from sending locally-generated temp files (e.g. images from Python scripts) via messaging actions. Add an os.tmpdir() prefix check before the strict sandbox containment assertion, consistent with buildMediaLocalRoots() which already includes os.tmpdir() in its default allowlist. Path traversal through /tmp (e.g. /tmp/../etc/passwd) is prevented by path.resolve() normalization before the prefix check. Relates-to: #16382, #14174	2026-02-22 00:31:21 +01:00
Alberto Leal	4cf5c3e109	test: add unit tests for resolveSandboxedMediaSource Add baseline test coverage for the previously untested resolveSandboxedMediaSource() function, covering sandbox-relative path resolution, rejection of paths outside the sandbox root, path traversal prevention, file:// URL handling, HTTP URL passthrough, and empty input edge cases.	2026-02-22 00:31:21 +01:00
Peter Steinberger	59563847e4	test(web): table-drive SSRF and voice input rejection cases	2026-02-21 23:30:13 +00:00
Peter Steinberger	d748657265	test(gateway): table-drive runtime config validation matrix	2026-02-21 23:29:29 +00:00
Peter Steinberger	4ab85cee0b	test(cli): table-drive repeated argv and byte-size checks	2026-02-21 23:28:07 +00:00
Peter Steinberger	fc2ed0b843	test(cron): dedupe webhook patch validation cases	2026-02-21 23:28:07 +00:00
Peter Steinberger	bcfae0434b	test(fetch): table-drive sync throw cleanup coverage	2026-02-21 23:28:07 +00:00
Peter Steinberger	833144fd72	test(gateway): tighten e2e timeout budget	2026-02-21 23:28:07 +00:00
Peter Steinberger	dd4e8f8098	test(cli): table-drive camera url failure cases	2026-02-21 23:28:07 +00:00
Peter Steinberger	c9593c4c87	test(sandbox): table-drive bind and network validation cases	2026-02-21 23:28:07 +00:00
Peter Steinberger	7c248cca4a	test(targets): table-drive slack and discord parse cases	2026-02-21 23:28:07 +00:00
Peter Steinberger	98790339ef	test: dedupe repeated validation and throw assertions	2026-02-21 23:28:07 +00:00
Peter Steinberger	01ec832f78	test(actions): table-drive telegram and signal mappings	2026-02-21 23:28:06 +00:00
Peter Steinberger	884c6afc26	test(telegram): table-drive channel override and id helper cases	2026-02-21 23:28:06 +00:00
Peter Steinberger	b97691f3a7	test(config): avoid duplicate include resolution in throw assertions	2026-02-21 23:28:06 +00:00
Peter Steinberger	c78ea8ec3f	test(gateway): tighten health e2e timeout ceilings	2026-02-21 23:28:06 +00:00
Peter Steinberger	8cdb184f10	test(actions): table-drive discord forwarding cases	2026-02-21 23:28:06 +00:00
Peter Steinberger	95dab6e019	fix: harden config prototype-key guards (#22968 ) (thanks @Clawborn)	2026-02-22 00:25:22 +01:00
Clawborn	e23c08b5f4	Fix prototype pollution in applyMergePatch via blocked key filter applyMergePatch in merge-patch.ts iterates Object.entries(patch) without filtering dangerous keys. When a caller passes a JSON-parsed object with a "__proto__" key, the loop assigns result["__proto__"] = value, which replaces the prototype of result and pollutes Object.prototype for the entire process. Add a BLOCKED_KEYS set ({"__proto__", "constructor", "prototype"}) and skip those keys during iteration, matching the guard already present in deepMerge (includes.ts) via isBlockedObjectKey. Adds four tests covering __proto__, constructor, prototype, and nested __proto__ injection. Co-authored-by: Clawborn <tianrun.yang103@gmail.com>	2026-02-22 00:25:22 +01:00
Peter Steinberger	780bbbd062	fix: restore CI checks after #23012 (thanks @druide67)	2026-02-22 00:16:15 +01:00
Peter Steinberger	1ef30b82b2	fix(test): guard optional forum topic options	2026-02-22 00:10:07 +01:00
Peter Steinberger	843a037532	fix(test): repair readonly case table typing	2026-02-22 00:10:07 +01:00
Peter Steinberger	8394f0e30e	fix(test): resolve outbound envelope case typing	2026-02-22 00:10:07 +01:00
Peter Steinberger	8752203f59	refactor(test): stabilize case tables and readonly helper inputs	2026-02-22 00:10:07 +01:00

1 2 3 4 5 ...

13331 Commits