admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
10,119 Commits 1 Branch 0 Tags
65eefd65e145be39eba557b76cd272d87884903e
Commit Graph

5651 Commits

Author SHA1 Message Date
Mariano
5544646a09 security: block apply_patch path traversal outside workspace (#16405) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8c3a15993980eb89ecdae3e76de4f3f72d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-14 19:11:12 +00:00
Bin Deng
4734f99108 Fix: Add type safety to models status command (#16395) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1554137ae34b8183a924d48e3894e9d60c4e2dde
Co-authored-by: BinHPdev <219093083+BinHPdev@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 14:07:38 -05:00
Peter Steinberger
01ec81dae4 refactor(test): migrate web auto-reply tests to harness 2026-02-14 19:04:39 +00:00
Peter Steinberger
222b2d7c3c refactor(test): trim pi-embedded-runner e2e scaffolding 2026-02-14 19:04:39 +00:00
Peter Steinberger
eb594a090d refactor(test): dedupe trigger-handling e2e setup 2026-02-14 19:04:39 +00:00
Peter Steinberger
b4e406b6c4 refactor(test): share iMessage monitor test harness 2026-02-14 19:04:39 +00:00
Peter Steinberger
5faba6a48c refactor(test): reuse web auto-reply harness in more tests 2026-02-14 19:04:39 +00:00
Peter Steinberger
0e824a178a refactor(test): share runReplyAgent typing heartbeat harness 2026-02-14 19:04:39 +00:00
Peter Steinberger
4d8a4fbb48 refactor(test): share runReplyAgent memory flush harness 2026-02-14 19:04:39 +00:00
Peter Steinberger
95b077ad2a refactor(test): reuse web auto-reply harness 2026-02-14 19:04:39 +00:00
Peter Steinberger
186ecd2161 refactor(test): reuse browser control server harness 2026-02-14 19:04:39 +00:00
Peter Steinberger
03ff4960b3 refactor(test): share web auto-reply harness 2026-02-14 19:04:39 +00:00
Peter Steinberger
24d2c6292e refactor(security): refine safeBins hardening 2026-02-14 19:59:13 +01:00
Peter Steinberger
eed6113359 refactor(skills): stabilize watcher targets and include agents skills 2026-02-14 19:54:11 +01:00
Peter Steinberger
013e8f6b3b fix: harden exec PATH handling 2026-02-14 19:53:04 +01:00
Peter Steinberger
8719f381d1 test: split WhatsApp inbound access control tests 2026-02-14 19:52:39 +01:00
Peter Steinberger
b1dd23f61d perf(test): mock config stack in tools invoke http tests 2026-02-14 18:46:24 +00:00
Peter Steinberger
9a01d2bba7 perf(test): use tiny fixture for browser extension install test 2026-02-14 18:46:24 +00:00
Peter Steinberger
4d4296cae5 perf(test): speed up gateway tools invoke HTTP tests 2026-02-14 18:46:24 +00:00
Peter Steinberger
12565661a3 perf(test): simplify update-check mock in update CLI tests 2026-02-14 18:46:24 +00:00
Peter Steinberger
d5a724fbee perf(test): mock chokidar in memory tests 2026-02-14 18:46:24 +00:00
Peter Steinberger
77e8a80908 chore: fix lint after compaction handler split 2026-02-14 18:46:24 +00:00
Peter Steinberger
a3c695faae perf(test): speed up compaction hook wiring tests 2026-02-14 18:46:24 +00:00
Vincent Koc
a042b32d2f fix: Docker installation keeps hanging on MacOS (#12972) 
* Onboarding: avoid stdin resume after wizard finish

* Changelog: remove Docker hang entry from PR

* Terminal: make stdin resume behavior explicit at call sites

* CI: rerun format check

* Onboarding: restore terminal before cancel exit

* test(onboard): align restoreTerminalState expectation

* chore(format): align onboarding restore test with updated oxfmt config

* chore(format): enforce updated oxfmt on restore test

* chore(format): apply updated oxfmt spacing to restore test

* fix: avoid stdin resume after onboarding (#12972) (thanks @vincentkoc)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-14 19:46:07 +01:00
Robby
cab0abf52a fix(sessions): resolve transcript paths with explicit agent context (#16288) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7cbe9deca9b7fc9efa5d2320acb058bc9fbea48c
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 13:44:51 -05:00
Peter Steinberger
77b89719d5 fix(security): block safeBins shell expansion 2026-02-14 19:44:14 +01:00
Shadow
a73ccf2b53 fix: deliver cron output to explicit targets (#16360) (thanks @rubyrunsstuff) 2026-02-14 12:43:11 -06:00
Marcus Castro
d14be8472e fix(whatsapp): honor account-level dmPolicy override (#10082) (thanks @mcaxtr) 
Fixes openclaw#10082 (issue #8736): inbound WhatsApp DM policy now respects account-level dmPolicy overrides.
 2026-02-14 19:41:42 +01:00
青雲
80407cbc6a fix: recompute all cron next-run times after job update (openclaw#15905) thanks @echoVic 
Verified:
- pnpm check
- pnpm vitest src/cron/service.issue-regressions.test.ts src/cron/service.issue-13992-regression.test.ts

Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-14 12:37:22 -06:00
Peter Steinberger
9409942de4 test(skills): run skills watcher test in unit suite 2026-02-14 19:26:20 +01:00
Peter Steinberger
0e046f61ab fix(skills): avoid skills watcher FD exhaustion 
Watch SKILL.md only (and one-level SKILL.md in skill roots) to prevent chokidar from tracking huge unrelated trees.

Co-authored-by: household-bard <shakespeare@hessianinformatics.com>
 2026-02-14 19:26:20 +01:00
Peter Steinberger
01b3226ecb fix(gateway): block node.invoke exec approvals 2026-02-14 19:22:37 +01:00
Peter Steinberger
4133f4bd37 refactor(tui): clarify searchable select list width layout (#16378) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: fecbade822f8163f12b7da441b567acb42e6f809
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 19:15:38 +01:00
Peter Steinberger
f19eabee54 fix(slack): gate DM slash command authorization 2026-02-14 19:10:29 +01:00
Gustavo Madeira Santana
7d4078c704 CLI: fix lazy maintenance command registration (#16374) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 29d7cca6742bc33793fe8a38df456214fef0da3d
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 13:10:10 -05:00
Shadow
5ba72bd9bf fix: add discord exec approval channel targeting (#16051) (thanks @leonnardo) 2026-02-14 12:05:53 -06:00
Peter Steinberger
4b9cb46c6e refactor(outbound): dedupe poll threading + tighten duration semantics 2026-02-14 19:03:46 +01:00
yinghaosang
8852250192 fix(cli): stop agents command from being unrecognized (#16267) (#16293) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: d7288f57fada313b3f474f28d9fc62075025ae81
Co-authored-by: yinghaosang <261132136+yinghaosang@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 13:01:47 -05:00
Peter Steinberger
f5a4a202e5 perf(test): speed up discord proxy test 2026-02-14 17:56:39 +00:00
Peter Steinberger
240cdd3749 perf(test): speed up cron read ops test 2026-02-14 17:56:39 +00:00
Peter Steinberger
d3483590fb perf(test): stub readability in cf-markdown tests 2026-02-14 17:56:39 +00:00
Peter Steinberger
7582e93a8e perf(test): speed up raw-body reply test 2026-02-14 17:56:39 +00:00
Peter Steinberger
7cc6add9b8 test(web): add SSRF guard cases 2026-02-14 18:53:23 +01:00
Peter Steinberger
cb3290fca3 fix(node-host): enforce system.run rawCommand/argv consistency 2026-02-14 18:53:23 +01:00
Mariano
71f357d949 bluebubbles: harden local media path handling against LFI (#16322) 
* bluebubbles: harden local media path handling

* bluebubbles: remove racy post-open symlink lstat

* fix: bluebubbles mediaLocalRoots docs + typing fix (#16322) (thanks @mbelinky)
 2026-02-14 17:43:44 +00:00
Peter Steinberger
bfa7d21e99 fix(security): harden tlon Urbit requests against SSRF 2026-02-14 18:42:10 +01:00
Robby
5a313c83b7 fix(tui): use available terminal width for session name display (#16109) (#16238) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 19c18977e0d2350825502d07adfcc00dbde6e073
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 18:39:05 +01:00
Robby
8e5689a84d feat(telegram): add sendPoll support (#16193) (#16209) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b58492cfed34eebe4b32af5292928092a11ecfed
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 18:34:30 +01:00
Peter Steinberger
fc5d147d1b fix(test-harness): annotate vitest mocks to avoid TS2742 2026-02-14 18:26:46 +01:00
Robby
baa3bf270b fix(webchat): filter NO_REPLY token from streaming and final replies (#16286) 
The webchat channel sent NO_REPLY as visible text to clients instead
of suppressing it. Other channels (Telegram, Discord) already filter
this token via the reply dispatcher, but the webchat streaming path
bypassed this check.

Fixes #16269
 2026-02-14 18:26:19 +01:00