Moltbot

Author	SHA1	Message	Date
Peter Steinberger	66979bcc2f	refactor: share self hosted provider auth flow	2026-03-13 23:35:28 +00:00
Peter Steinberger	46d4fe2fa1	refactor: share embedded run and discord test helpers	2026-03-13 23:35:28 +00:00
Peter Steinberger	0201f3ff7b	refactor: share auto reply helper fixtures	2026-03-13 23:35:28 +00:00
Peter Steinberger	fd5243c27e	refactor: share discord exec approval helpers	2026-03-13 23:35:28 +00:00
Peter Steinberger	fd340a88d6	test: dedupe discord preflight helpers	2026-03-13 23:35:28 +00:00
Peter Steinberger	6a44ca9f76	test: dedupe discord queue preflight setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	a7c293b8ef	test: dedupe discord bound slash dispatch setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	6cabcf3fd2	test: dedupe session idle timeout assertions	2026-03-13 23:35:27 +00:00
Peter Steinberger	f15abb657a	test: dedupe discord listener deferred setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	58a51e2746	refactor: share discord preflight shared fields	2026-03-13 23:35:27 +00:00
Peter Steinberger	801113b46a	refactor: share session entry persistence update	2026-03-13 23:35:27 +00:00
Peter Steinberger	f8ee528174	refactor: share discord channel override config type	2026-03-13 23:35:27 +00:00
Peter Steinberger	809785dcd7	test: dedupe discord provider account config harness	2026-03-13 23:35:27 +00:00
Peter Steinberger	aed626ed96	test: dedupe discord gateway proxy register flow	2026-03-13 23:35:27 +00:00
Peter Steinberger	ee80b4be69	test: dedupe discord retry delivery setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	3eb039c554	test: dedupe discord forwarded media assertions	2026-03-13 23:35:27 +00:00
Peter Steinberger	cad1c95405	test: dedupe inline action skip assertions	2026-03-13 23:35:27 +00:00
Peter Steinberger	8cd48c2896	test: dedupe model info reply setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	c59ae1527c	refactor: share discord trailing media delivery	2026-03-13 23:35:27 +00:00
Peter Steinberger	1b91fa9358	test: dedupe discord route fixture setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	97ce1503fd	refactor: share discord binding update loop	2026-03-13 23:35:27 +00:00
Peter Steinberger	301594b448	refactor: share discord auto thread params	2026-03-13 23:35:27 +00:00
Peter Steinberger	0f9e16ca46	refactor: share provider chunk context resolution	2026-03-13 23:35:27 +00:00
Peter Steinberger	da51e40638	refactor: share auth label suffix formatting	2026-03-13 23:35:27 +00:00
Peter Steinberger	bd758bb438	refactor: share abort target apply params	2026-03-13 23:35:27 +00:00
Peter Steinberger	aaea0b2f28	test: dedupe directive auth ref label setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	07b3f5233e	test: dedupe post compaction legacy fallback checks	2026-03-13 23:35:27 +00:00
Peter Steinberger	91c94c8b95	test: dedupe elevated permission assertions	2026-03-13 23:35:27 +00:00
Peter Steinberger	b9e5f23914	test: dedupe route reply slack no-op cases	2026-03-13 23:35:27 +00:00
Peter Steinberger	36e9a811cc	test: dedupe discord auto thread harness	2026-03-13 23:35:27 +00:00
Peter Steinberger	7b70fa26e6	test: dedupe discord thread starter setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	22e976574c	test: dedupe inbound main scope fixtures	2026-03-13 23:35:27 +00:00
Peter Steinberger	1d99401b8b	refactor: share telegram voice send path	2026-03-13 23:35:27 +00:00
Peter Steinberger	41fa63a49e	refactor: share anthropic compat flag checks	2026-03-13 23:35:27 +00:00
Peter Steinberger	07900303f4	refactor: share outbound poll and signal route helpers	2026-03-13 23:35:27 +00:00
Peter Steinberger	c5dc61e795	test: share session target and outbound mirror helpers	2026-03-13 23:35:27 +00:00
Peter Steinberger	0229246f3b	test: share wake failure assertions	2026-03-13 23:35:27 +00:00
Peter Steinberger	a4a7958678	refactor: share outbound base session setup	2026-03-13 23:35:27 +00:00
Peter Steinberger	854df8352c	refactor: share net and slack input helpers	2026-03-13 23:35:26 +00:00
Val Alexander	868fd32ee7	fix(config): avoid Anthropic startup crash (#45520 ) Co-authored-by: Val Alexander <bunsthedev@gmail.com>	2026-03-13 18:28:33 -05:00
Robin Waslander	1803d16d5c	fix(auth): make device bootstrap tokens single-use to prevent scope escalation Refs: GHSA-63f5-hhc7-cx6p	2026-03-13 23:58:45 +01:00
Peter Steinberger	ae1a1fccfe	fix: stabilize browser existing-session control	2026-03-13 22:41:17 +00:00
Vincent Koc	e82ba71911	fix(browser): follow up batch failure and limit handling (#45506 ) * fix(browser): propagate nested batch failures * fix(browser): validate top-level batch limits * test(browser): cover nested batch failures * test(browser): cover top-level batch limits	2026-03-13 15:39:28 -07:00
Robin Waslander	7e49e98f79	fix(telegram): validate webhook secret before reading request body Refs: GHSA-jq3f-vjww-8rq7	2026-03-13 23:21:48 +01:00
Vincent Koc	f59b2b1db3	fix(browser): normalize batch act dispatch for selector and batch support (#45457 ) * feat(browser): add batch actions, CSS selector support, and click delayMs Adds three improvements to the browser act tool: 1. CSS selector support: All element-targeting actions (click, type, hover, drag, scrollIntoView, select) now accept an optional 'selector' parameter alongside 'ref'. When selector is provided, Playwright's page.locator() is used directly, skipping the need for a snapshot to obtain refs. This reduces roundtrips for agents that already know the DOM structure. 2. Click delay (delayMs): The click action now accepts an optional 'delayMs' parameter. When set, the element is hovered first, then after the specified delay, clicked. This enables human-like hover-before-click in a single tool call instead of three (hover + wait + click). 3. Batch actions: New 'batch' action kind that accepts an array of actions to execute sequentially in a single tool call. Supports 'stopOnError' (default true) to control whether execution halts on first failure. Results are returned as an array. This eliminates the AI inference roundtrip between each action, dramatically reducing latency and token cost for multi-step flows. Addresses: #44431, #38844 * fix(browser): address security review — batch evaluateEnabled guard, input validation, recursion limit Fixes all 4 issues raised by Greptile review: 1. Security: batch actions now respect evaluateEnabled flag. executeSingleAction and batchViaPlaywright accept evaluateEnabled param. evaluate and wait-with-fn inside batches are rejected when evaluateEnabled=false, matching the direct route guards. 2. Security: batch input validation. Each action in body.actions is validated as a plain object with a known kind string before dispatch. Applies same normalization as direct action handlers. 3. Perf: SELECTOR_ALLOWED_KINDS moved to module scope as a ReadonlySet<string> constant (was re-created on every request). 4. Security: max batch nesting depth of 5. Nested batch actions track depth and throw if MAX_BATCH_DEPTH exceeded, preventing call stack exhaustion from crafted payloads. * fix(browser): normalize batch act dispatch * fix(browser): tighten existing-session act typing * fix(browser): preserve batch type text * fix(browser): complete batch action execution * test(browser): cover batch route normalization * test(browser): cover batch interaction dispatch * fix(browser): bound batch route action inputs * fix(browser): harden batch interaction limits * test(browser): cover batch security guardrails --------- Co-authored-by: Diwakar <diwakarrankawat@gmail.com>	2026-03-13 15:10:55 -07:00
Peter Steinberger	d0337a18b6	fix: clear typecheck backlog	2026-03-13 22:09:06 +00:00
Peter Steinberger	a66a0852bb	test: cover plugin-sdk subpath imports	2026-03-13 22:09:06 +00:00
Vincent Koc	65f92fd839	Guard updater service refresh against missing invocation cwd (#45486 ) * Update: capture a stable cwd for service refresh env * Test: cover service refresh when cwd disappears	2026-03-13 18:09:01 -04:00
Peter Steinberger	fac754041c	fix: tighten executable path coverage	2026-03-13 22:07:14 +00:00
Peter Steinberger	0826feb94d	test: tighten path prepend helper coverage	2026-03-13 22:06:01 +00:00

1 2 3 4 5 ...

12065 Commits