admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
12,947 Commits 1 Branch 0 Tags
0bee3f337ae5d089dee294fde2beb3d4e5f52a3b
Commit Graph

581 Commits

Author SHA1 Message Date
Takayuki Maeda
0bee3f337a MSTeams: dedupe sent-message cache storage (#22514) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 88e14dcbe13006c4d1f353c0e7e196175747a4c8
Co-authored-by: TaKO8Ki <41065217+TaKO8Ki@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 13:27:50 +05:30
Vincent Koc
f4a59eb5d8 Chore: harden A2UI bundle dependency resolution (#22507) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: d84c5bde518a4b2f3d192b0446672afeecf3fa3d
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 13:16:31 +05:30
Vincent Koc
187f4ea41f deadcode: remove unused extension dev dependencies (#22495) 
* Chore: remove unused extension dev dependencies

* Chore: fix changelog PR reference

* Chore: restore dropped deadcode changelog entries

* Chore: retag unused-dependency changelog entries
 2026-02-21 02:15:43 -05:00
Vincent Koc
569191fff1 extensions: fix MSTeams OneDrive fallback mention handling (#22472) 2026-02-21 01:30:33 -05:00
Vincent Koc
d94d21f9b0 test: isolate local media regression fixtures to allowed roots (#22369) 
* fix(tui): strip inbound metadata blocks from user text

* chore: clean up metadata-strip format and changelog credit

* chore: format tui metadata-strip tests

* test(web): isolate local media fixture paths to allow-listed roots
 2026-02-20 21:50:50 -05:00
Shadow
f555835b09 Channels: add thread-aware model overrides 2026-02-20 19:26:25 -06:00
Tyler Yust
2dba150c16 Fix path-root flaky tests and restore status emoji defaults (#22274) 2026-02-20 15:45:33 -08:00
Kirill Shchetynin
ee519086f6 Feature/default messenger delivery target (openclaw#16985) thanks @KirillShchetinin 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: KirillShchetinin <13061871+KirillShchetinin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:37:19 -06:00
Peter Steinberger
f66b23de75 chore(release): bump versions to 2026.2.20 2026-02-20 00:02:53 +01:00
Peter Steinberger
b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger
10379e7dcd fix: harden voice-call tts deep merge 2026-02-19 15:37:01 +01:00
Peter Steinberger
3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger
f4b288b8f7 refactor(feishu): dedupe mention regex escaping 2026-02-19 15:04:40 +01:00
Peter Steinberger
29118995ad refactor(lobster): remove lobsterPath overrides 2026-02-19 14:58:13 +01:00
Peter Steinberger
7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Jamie
7e67ab75cc fix(feishu): escape regex metacharacters in stripBotMention 
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.

Ref: GHSA-c6hr-w26q-c636
 2026-02-19 14:51:41 +01:00
Peter Steinberger
0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00
Peter Steinberger
ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
Peter Steinberger
aa267812d3 test(security): add webhook hardening regressions 2026-02-19 13:31:28 +01:00
Peter Steinberger
a23e0d5140 fix(security): harden feishu and zalo webhook ingress 2026-02-19 13:31:27 +01:00
zerone0x
3feb7fc3a3 fix(matrix): detect mentions in formatted_body matrix.to links (#16941) 
* fix(matrix): detect mentions in formatted_body matrix.to links

Many Matrix clients (including Element) send mentions using HTML links
in formatted_body instead of or in addition to the m.mentions field:

```json
{
  "formatted_body": "<a href=\"https://matrix.to/#/@bot:matrix.org\">Bot</a>: hello",
  "m.mentions": null
}
```

This change adds detection for matrix.to links in formatted_body,
supporting both plain and URL-encoded user IDs.

Changes:
- Add checkFormattedBodyMention() helper function
- Check formatted_body in resolveMentions()
- Add comprehensive test coverage

Fixes #6982

* Update extensions/matrix/src/matrix/monitor/mentions.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: zerone0x <zerone0x@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-02-19 03:40:21 -08:00
Vincent Koc
de656e3194 fix(otel): complete diagnostics-otel OpenTelemetry v2 API migration (#12897) 
* fix(otel): complete diagnostics-otel OpenTelemetry v2 API migration

* chore(format): align otel files with updated oxfmt config

* chore(format): apply updated oxfmt spacing to otel diagnostics
 2026-02-19 02:36:47 -08:00
Vincent Koc
1faa7a87a0 lobster: parse windows cmd shim paths with rooted tokens (#20833) 2026-02-19 02:34:08 -08:00
Peter Steinberger
e8e343aeee test(ci): fix launchd and diagnostics-otel test harnesses 2026-02-19 10:17:48 +00:00
Mariano
45db2aa0cd Security: disable plugin runtime command execution primitive (#20828) 
Co-authored-by: mbelinky <mbelinky@users.noreply.github.com>
 2026-02-19 10:17:29 +00:00
Peter Steinberger
771af40913 chore(ci): fix main check blockers and stabilize tests 2026-02-19 10:15:25 +00:00
Peter Steinberger
53aecf7a8e test(bluebubbles): merge typing start stop method checks 2026-02-19 10:09:34 +00:00
Peter Steinberger
cdb00fe242 fix(feishu): isolate temp download writes in mkdtemp dirs 2026-02-19 11:05:04 +01:00
Vincent Koc
88f698974a fix(otel): sanitize OTLP endpoint URL resolution (#13791) 
* fix(otel): sanitize OTLP endpoint signal URL resolution

* fix(otel): preserve signal URLs with query params

* fix(otel): accept case-insensitive signal paths
 2026-02-19 02:02:57 -08:00
Mariano
a7c0aa94d9 refactor(security): share safe temp media path builder (#20810) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7a088e6801d4ec45858ba47d20a8c8615ba35389
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 09:59:21 +00:00
Peter Steinberger
c06ad38a71 test(voice-call): merge provider credential source cases 2026-02-19 09:55:43 +00:00
Peter Steinberger
32ba62dc69 test(bluebubbles): merge setGroupIcon credential checks 2026-02-19 09:51:35 +00:00
Peter Steinberger
0c1d3b866c test(bluebubbles): collapse duplicate credential and chatGuid cases 2026-02-19 09:48:47 +00:00
Peter Steinberger
02123e591c refactor(lobster): extract windows spawn resolver 2026-02-19 10:44:22 +01:00
Peter Steinberger
6b14498d2f test(lobster): use lobster.exe in windows plugin path case 2026-02-19 09:35:38 +00:00
Peter Steinberger
8b34719b3a style: apply oxfmt import ordering for ci 2026-02-19 09:26:29 +00:00
Peter Steinberger
c241bf0049 test: dedupe voice-call provider config validation cases 2026-02-19 09:24:09 +00:00
Peter Steinberger
ba7be018da fix(security): remove lobster windows shell fallback 2026-02-19 10:22:59 +01:00
Mariano Belinky
c821099157 Feishu: harden temp media download paths 2026-02-19 10:13:48 +01:00
Peter Steinberger
d51929ecb5 fix: block ISATAP SSRF bypass via shared host/ip guard 2026-02-19 09:59:47 +01:00
Peter Steinberger
983a68c23e test(matrix): cover directory context and group exact-match resolution 2026-02-18 16:22:20 +00:00
Peter Steinberger
eb4f1e765c refactor(matrix): dedupe directory/target match helpers 2026-02-18 16:22:20 +00:00
Peter Steinberger
98fac87a9e test(matrix): add coverage for deduped action helpers 2026-02-18 16:18:01 +00:00
Peter Steinberger
f5c3702191 refactor(matrix): dedupe action limit and pin/reaction helpers 2026-02-18 16:18:01 +00:00
Peter Steinberger
29d3bb278f refactor(device-pair): reduce duplicated gateway parsing 2026-02-18 16:08:38 +00:00
Peter Steinberger
95d52b06d5 refactor(mattermost): dedupe reaction flow and test fixtures 2026-02-18 16:08:38 +00:00
Peter Steinberger
fa4772b4ce perf(test): dedupe telegram allowlist and speed twitch probe 2026-02-18 04:16:36 +00:00
Peter Steinberger
4bf3338834 chore: bump version to 2026.2.18 unreleased 2026-02-18 04:40:06 +01:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00