admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,467 Commits 1 Branch 0 Tags
424c718bc5dac6ea3cff4b8eec7d79b9e36f5a93
Commit Graph

1776 Commits

Author SHA1 Message Date
Peter Steinberger
424c718bc5 fix(security): apply tools.fs.workspaceOnly to sandbox file tools 2026-02-15 03:36:31 +01:00
Peter Steinberger
914b9d1e79 fix(agents): block workspaceOnly apply_patch delete symlink escape 2026-02-15 03:28:25 +01:00
Peter Steinberger
683aa09b55 refactor(media): harden localRoots bypass (#16739) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 89dce69f5094bef7247b2510d27165e504cb820c
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-15 03:27:01 +01:00
Peter Steinberger
4a44da7d91 fix(security): default apply_patch workspace containment 2026-02-15 03:19:27 +01:00
Christian Klotz
68c78c4b43 fix: deliver tool result media when verbose is off (#16679) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6e16feb1644a81cf2b6c8ad952327d0eeeff80fd
Co-authored-by: christianklotz <69443+christianklotz@users.noreply.github.com>
Co-authored-by: christianklotz <69443+christianklotz@users.noreply.github.com>
Reviewed-by: @christianklotz
 2026-02-15 02:18:57 +00:00
Vignesh Natarajan
906c32da12 chore (exec): add PTY background abort regression test 2026-02-14 18:18:03 -08:00
Vignesh Natarajan
bbbec7a5c1 Subagents: add announce queue failure retry regressions 2026-02-14 18:14:15 -08:00
Vignesh Natarajan
2a83609287 Subagents: retain announce queue items on send failure 2026-02-14 18:14:11 -08:00
Peter Steinberger
b79e7fdb7a fix(image): propagate workspace root for image allowlist (#16722) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 24a13675cbc71b261726d83656233691e2e44b0e
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-15 03:08:28 +01:00
Tyler Yust
edb06170f5 fix(image): allow workspace and sandbox media paths (#15541) 2026-02-14 17:46:36 -08:00
Peter Steinberger
ceae46ce33 fix(test): make sandbox fs-path expectations cross-platform 2026-02-15 01:45:57 +00:00
Peter Steinberger
f58d4cad8e refactor(agents): dedupe claude oauth parsing 2026-02-15 01:15:43 +00:00
Vignesh Natarajan
726ff36fd5 Sandbox: honor bind mounts in file tools 2026-02-14 16:54:29 -08:00
Vignesh Natarajan
eafda6f526 Sandbox: add shared bind-aware fs path resolver 2026-02-14 16:53:43 -08:00
Peter Steinberger
301b3ff912 fix(ci): avoid TS2742 vitest mock export types 2026-02-15 01:30:15 +01:00
Peter Steinberger
772c03d41a refactor(test): dedupe pi-tools schema union checks 2026-02-15 00:26:46 +00:00
Peter Steinberger
20abab7c4f refactor(test): dedupe loadWorkspaceSkillEntries plugin setup 2026-02-15 00:26:46 +00:00
Gustavo Madeira Santana
28b78b25b7 fix(workspace): persist bootstrap onboarding state 2026-02-14 19:20:27 -05:00
Peter Steinberger
07fbf46091 fix(test): avoid vitest mock type inference issues 2026-02-15 01:06:02 +01:00
Peter Steinberger
25b048dc43 refactor(test): dedupe pi subscribe text_end cases 2026-02-14 23:51:42 +00:00
Peter Steinberger
5f4dda6c7c fix(test): remove unused vitest imports 2026-02-14 23:51:41 +00:00
Peter Steinberger
615f6e1e40 refactor(test): share sessions_spawn e2e mocks 2026-02-14 23:51:41 +00:00
Peter Steinberger
b744ba3410 refactor(test): share overflow compaction mocks 2026-02-14 23:51:41 +00:00
Robby
ceb934299b fix(workspace): create BOOTSTRAP.md regardless of workspace state (#16457) (#16504) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a57718c09e9b601087edcb3ee15dd7ac6b96fee2
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 18:41:35 -05:00
Charlie Greenman
dec6859702 agents: reduce prompt token bloat from exec and context (#16539) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 8e1635fa3fdfb199a58bd53e816abc41cd400d44
Co-authored-by: CharlieGreenman <8540141+CharlieGreenman@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 18:32:45 -05:00
Peter Steinberger
6da69255fa fix(process): satisfy tool execute typing 2026-02-14 22:54:37 +00:00
Bin Deng
c0cd3c3c08 fix: add safety timeout to session.compact() to prevent lane deadlock (#16533) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 21e4045addca7a424828478d84dd5e4b202cbcfd
Co-authored-by: BinHPdev <219093083+BinHPdev@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 17:54:12 -05:00
Peter Steinberger
5e7c3250cb fix(security): add optional workspace-only path guards for fs tools 2026-02-14 23:50:24 +01:00
Peter Steinberger
adc4e0940c refactor(process): share stdin/session guards 2026-02-14 22:38:23 +00:00
Peter Steinberger
a99ad11a41 fix: validate state for manual Chutes OAuth 2026-02-14 23:33:56 +01:00
Peter Steinberger
200aa441df test: fix vitest harness typing 2026-02-14 23:25:32 +01:00
Peter Steinberger
e63dcc320b refactor(test): share pi embedded model fixtures 2026-02-14 22:06:04 +00:00
Bruno Škvorc
dbdcbe03e7 fix: preserve bootstrap paths and expose failed mutations (#16131) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 385dcbd8a9d3fd1bd67b5cb439b699a98728a679
Co-authored-by: Swader <1430603+Swader@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 17:01:16 -05:00
Peter Steinberger
153601f98b refactor(schema): share gemini union cleanup 2026-02-14 21:57:31 +00:00
Peter Steinberger
123ae82fca refactor(auth): dedupe legacy auth store migration 2026-02-14 21:48:02 +00:00
Peter Steinberger
182afe9f59 refactor(sandbox): share workspace layout setup 2026-02-14 21:46:43 +00:00
Peter Steinberger
5db579f2e0 refactor(test): reuse sanitize session history fixtures 2026-02-14 21:39:58 +00:00
Peter Steinberger
96f80d6d82 refactor(test): share models-config e2e setup 2026-02-14 21:20:43 +00:00
Peter Steinberger
d73f3336de fix(exec): close stdin for non-pty runs 2026-02-14 22:01:54 +01:00
Peter Steinberger
c06a962bb6 test(e2e): stabilize suite 2026-02-14 22:01:11 +01:00
Peter Steinberger
ee8d8be2e3 fix(chutes): accept manual OAuth code input 2026-02-14 22:01:11 +01:00
Peter Steinberger
c5406e1d24 fix(security): prevent gatewayUrl SSRF 2026-02-14 22:01:11 +01:00
Peter Steinberger
e95ce05c1e chore(security): soften gatewayUrl override messaging 2026-02-14 21:53:30 +01:00
Peter Steinberger
2d5647a804 fix(security): restrict tool gatewayUrl overrides 2026-02-14 21:53:14 +01:00
Peter Steinberger
0ab4ac6468 test: drop duplicate isMessagingToolDuplicate suite 2026-02-14 20:25:11 +00:00
Peter Steinberger
e4d63818f5 fix: ignore tools.exec.pathPrepend for node hosts 2026-02-14 20:45:05 +01:00
Michael Verrilli
e6f67d5f31 fix(agent): prevent session lock deadlock on timeout during compaction (#9855) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 64a28900f183941a496a6fd5baaa9efcfb38f0f8
Co-authored-by: mverrilli <816450+mverrilli@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 14:24:20 -05:00
Mariano
5544646a09 security: block apply_patch path traversal outside workspace (#16405) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8c3a15993980eb89ecdae3e76de4f3f72d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-14 19:11:12 +00:00
Peter Steinberger
222b2d7c3c refactor(test): trim pi-embedded-runner e2e scaffolding 2026-02-14 19:04:39 +00:00
Peter Steinberger
24d2c6292e refactor(security): refine safeBins hardening 2026-02-14 19:59:13 +01:00