Moltbot

Author	SHA1	Message	Date
oneaix	216d99e585	fix(browser): derive relay auth token from gateway token in Chrome extension The extension relay server authenticates using an HMAC-SHA256 derived token (`openclaw-extension-relay-v1:<port>`), but the Chrome extension was sending the raw gateway token. This caused both the WebSocket connection and the options page validation to fail with 401 Unauthorized. Additionally, the options page validation request triggered a CORS preflight (due to the custom `x-openclaw-relay-token` header) which the relay rejects because OPTIONS requests lack auth headers. The options page now delegates the check to the background service worker which has host_permissions and bypasses CORS preflight. Fixes #23842 Co-authored-by: Cursor <cursoragent@cursor.com> (cherry picked from commit bbc654b9f063ef24e7d511275e7d8c670414970b)	2026-02-23 18:56:14 +00:00
Mustafa Kemal	bb8f538cd4	Browser relay: accept raw gateway token in extension auth (cherry picked from commit e682a768d0ebe65f9818c6d47fd79e18c38d650f)	2026-02-23 18:56:14 +00:00
Peter Steinberger	1c753ea786	test: dedupe fixtures and test harness setup	2026-02-23 05:45:54 +00:00
Peter Steinberger	8af19ddc5b	refactor: extract shared dedupe helpers for runtime paths	2026-02-23 05:43:43 +00:00
Peter Steinberger	2081b3a3c4	refactor(channels): dedupe hook and monitor execution paths	2026-02-22 21:19:09 +00:00
Peter Steinberger	8af6d1a186	refactor(test): dedupe repeated fixture setup helpers	2026-02-22 20:04:51 +00:00
Peter Steinberger	53ed7a0f5c	test: dedupe repeated test fixtures and assertions	2026-02-22 18:37:25 +00:00
Peter Steinberger	772cf7df33	test: load chrome extension background utils across module modes	2026-02-22 18:29:20 +00:00
Peter Steinberger	2858901441	test(flaky): harden slow vmFork unit suites Co-authored-by: Ho Lim <166576253+HOYALIM@users.noreply.github.com>	2026-02-22 19:08:59 +01:00
Peter Steinberger	9ea5228f42	fix(browser): recover stale remote target ids Co-authored-by: Ilya Strelov <10761735+strelov1@users.noreply.github.com>	2026-02-22 19:08:38 +01:00
Peter Steinberger	1fe2043742	fix(browser): harden extension relay worker recovery Co-authored-by: codexGW <9350182+codexGW@users.noreply.github.com>	2026-02-22 19:08:38 +01:00
Peter Steinberger	40494d67f2	fix(browser): harden extension relay reconnect race Co-authored-by: Ho Lim <166576253+HOYALIM@users.noreply.github.com>	2026-02-22 19:08:38 +01:00
Peter Steinberger	78220db2be	refactor(browser): dedupe control-server test harness	2026-02-22 17:54:51 +00:00
Peter Steinberger	296b19e413	test: dedupe gateway browser discord and channel coverage	2026-02-22 17:11:54 +00:00
Peter Steinberger	f14ebd743c	refactor(security): unify local-host and tailnet CIDR checks	2026-02-22 17:20:27 +01:00
tyler	9b23e5ce1f	test: fix flaky auth tests when OPENCLAW_GATEWAY_TOKEN is present	2026-02-22 15:17:37 +01:00
Peter Steinberger	4a2492496e	test: move browser and web auto-reply local suites out of e2e	2026-02-22 11:05:26 +00:00
Peter Steinberger	6c2e999776	refactor(security): unify secure id paths and guard weak patterns	2026-02-22 10:16:19 +01:00
Peter Steinberger	ccc00d874c	test(core): reduce mock reset overhead in targeted suites	2026-02-22 08:40:29 +00:00
Peter Steinberger	8a0a28763e	test(core): reduce mock reset overhead across unit and e2e specs	2026-02-22 08:22:58 +00:00
Peter Steinberger	2557945a8d	test(core): use lightweight clears in subagent and browser setup	2026-02-22 08:07:41 +00:00
Peter Steinberger	6e253096ed	test(core): use lightweight clears in command and dispatch setup	2026-02-22 08:06:06 +00:00
Peter Steinberger	96674ca301	fix(ci): add explicit mock types in pw-session mock setup	2026-02-22 08:05:12 +00:00
Peter Steinberger	0194d50339	test: stabilize pw-session cdp mocking in parallel runs	2026-02-22 08:03:29 +00:00
Peter Steinberger	0c1a52307c	fix: align draft/outbound typings and tests	2026-02-22 08:03:29 +00:00
Peter Steinberger	d7f01c2c55	test(browser): use lightweight clears in server lifecycle setup	2026-02-22 08:01:15 +00:00
Peter Steinberger	639b2f5f5b	test(browser): dedupe pw-session playwright mock wiring	2026-02-22 07:44:57 +00:00
Peter Steinberger	6bc753624f	test(browser): dedupe generated-token persistence assertions	2026-02-22 07:44:57 +00:00
Peter Steinberger	4c8545ad53	test(browser): dedupe relay probe server scaffolding	2026-02-22 07:44:57 +00:00
Vignesh Natarajan	54e5f80424	Browser: accept canonical upload paths for symlinked roots	2026-02-21 21:54:57 -08:00
Peter Steinberger	dfe0483d80	test(browser): table-drive scroll and click error rewrites	2026-02-21 23:58:33 +00:00
Peter Steinberger	b1c50cc5c0	test(browser): tighten relay test watchdog timeouts	2026-02-21 23:07:58 +00:00
Peter Steinberger	cc2ff68947	test: optimize gateway infra memory and security coverage	2026-02-21 21:44:50 +00:00
Peter Steinberger	e2a50228a1	test(browser): dedupe chrome mocks and cover SIGKILL escalation	2026-02-21 21:40:39 +00:00
Peter Steinberger	59189750e4	test(browser): dedupe path fixture calls and cover root resolvers	2026-02-21 21:40:39 +00:00
Peter Steinberger	6fd31fc0b0	test(browser): dedupe invalid-path assertions and cover blank path rejection	2026-02-21 21:40:39 +00:00
Peter Steinberger	ac6c344d9b	test(browser): dedupe fixture lifecycle and cover directory-path rejection	2026-02-21 21:40:38 +00:00
Peter Steinberger	e588e3cc20	refactor(test): standardize env helpers across suites	2026-02-21 19:13:46 +00:00
Peter Steinberger	764b1f2932	refactor: simplify relay runtime state	2026-02-21 19:31:30 +01:00
Peter Steinberger	afa22acc4a	fix: harden extension relay auth token flow	2026-02-21 19:24:42 +01:00
Peter Steinberger	8c1518f0f3	fix(sandbox): use one-time noVNC observer tokens	2026-02-21 13:56:58 +01:00
Peter Steinberger	4cd7d95746	style(browser): apply oxfmt cleanup for gate	2026-02-21 13:16:07 +01:00
Peter Steinberger	55aaeb5085	refactor(browser): centralize navigation guard enforcement	2026-02-21 11:46:11 +01:00
Peter Steinberger	220bd95eff	fix(browser): block non-network navigation schemes	2026-02-21 11:31:53 +01:00
Mariano	8e4f6c0384	fix(browser): block upload symlink escapes (#21972 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 4381ef9a4d9107798c9c7c00aac62ee81a878789 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky	2026-02-20 16:36:25 +00:00
Peter Steinberger	a1cb700a05	test: dedupe and optimize test suites	2026-02-19 15:19:38 +00:00
Peter Steinberger	dcd592a601	refactor: eliminate jscpd clones and boost tests	2026-02-19 15:08:54 +00:00
Peter Steinberger	9f9cd5cbb2	refactor(browser): unify navigation guard path and error typing	2026-02-19 14:04:18 +01:00
Peter Steinberger	6195660b1a	fix(browser): unify SSRF guard path for navigation	2026-02-19 13:44:01 +01:00
Peter Steinberger	cdee433332	test(browser): dedupe explicit auth-mode auto-token checks	2026-02-19 08:32:58 +00:00

1 2 3 4 5 ...

296 Commits