admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
16,085 Commits 1 Branch 0 Tags
6edb512efaebcc7992baa9a30c1d1d0c44e32ea7
Commit Graph

16085 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ayaan Zaidi
6edb512efa feat(telegram): use sendMessageDraft for private chat streaming (#31824) 
* feat(telegram): use sendMessageDraft for private stream previews

* test(telegram): cover DM draft id rotation race

* fix(telegram): keep DM reasoning updates in draft preview

* fix(telegram): split DM reasoning preview transport

* fix(telegram): harden DM draft preview fallback paths

* style(telegram): normalize draft preview formatting
 2026-03-02 21:56:59 +05:30
Peter Steinberger
c973b053a5 refactor(net): unify proxy env checks and guarded fetch modes 2026-03-02 16:24:26 +00:00
Peter Steinberger
a229ae6c3e chore(lint): add registerHttpHandler usage guard script 2026-03-02 16:24:06 +00:00
Peter Steinberger
2fd8264ab0 refactor(gateway): hard-break plugin wildcard http handlers 2026-03-02 16:24:06 +00:00
Peter Steinberger
b13d48987c refactor(gateway): unify control-ui and plugin webhook routing 2026-03-02 16:18:12 +00:00
Tak Hoffman
21708f58ce fix(exec): resolve PATH key case-insensitively for Windows pathPrepend (#25399) (#31879) 
Co-authored-by: Glucksberg <markuscontasul@gmail.com>
 2026-03-02 10:14:38 -06:00
Tak Hoffman
1ea42ebe98 fix(tsgo): unblock baseline type errors (#31873) 2026-03-02 10:09:49 -06:00
Peter Steinberger
3e5762c288 fix(security): harden sms.send dangerous-node defaults 2026-03-02 16:06:52 +00:00
SidQin-cyber
c4711a9b69 fix(gateway): let POST requests pass through root-mounted Control UI to plugin handlers 
The Control UI handler checked HTTP method before path routing, causing
all POST requests (including plugin webhook endpoints like /bluebubbles-webhook)
to receive 405 Method Not Allowed.  Move the method check after path-based
exclusions so non-GET/HEAD requests reach plugin HTTP handlers.

Closes #31344

Made-with: Cursor
 2026-03-02 16:06:48 +00:00
Peter Steinberger
ea204e65a0 fix(browser): fail closed navigation guard with env proxy 2026-03-02 16:06:31 +00:00
Peter Steinberger
14fbd0e6b6 test(perf): reduce timer teardown overhead in cron issue regressions 2026-03-02 16:06:04 +00:00
Peter Steinberger
17c434f2f3 refactor: split browser context/actions and unify CDP timeout policy 2026-03-02 16:02:39 +00:00
Peter Steinberger
19f5d1345c test(perf): cache redact hints and tune guardrail scan concurrency 2026-03-02 16:01:41 +00:00
Peter Steinberger
64c443ac65 docs(changelog): credit sessions_spawn agentId validation fix (#31381) 2026-03-02 15:59:45 +00:00
Peter Steinberger
b28e472fa5 fix(agents): validate sessions_spawn agentId format (#31381) 2026-03-02 15:59:45 +00:00
root
0c6db05cc0 fix(agents): add strict format validation to sessions_spawn for agentId 
Implements a strict format validation for the agentId parameter in
sessions_spawn to fully resolve the ghost workspace creation bug reported
in #31311.

This fix introduces a regex format gate at the entry point to
immediately reject malformed agentId strings. This prevents error
messages (e.g., 'Agent not found: xyz') or path traversals from being
mangled by normalizeAgentId into seemingly valid IDs (e.g.,
'agent-not-found--xyz'), which was the root cause of the bug.

The validation is placed before normalization and does not interfere
with existing workflows, including delegating to agents that are
allowlisted but not globally configured.

New, non-redundant tests are added to
sessions-spawn.allowlist.test.ts to cover format validation and
ensure no regressions in allowlist behavior.

Fixes #31311
 2026-03-02 15:59:45 +00:00
Liu Yuan
ade46d8ab7 fix(logging): log timestamps use local time instead of UTC (#28434) 
* fix(logging): log timestamps use local time instead of UTC

Problem: Log timestamps used UTC, but docs say they should use host local timezone

* test(logging): add test for logger timestamp format

Verify logger uses local time (not UTC) in file logs

* changelog: note logger timestamp local-time fix

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-02 07:57:03 -08:00
Peter Steinberger
82247f09a7 test(perf): remove redundant module reset in system presence version tests 2026-03-02 15:56:30 +00:00
Peter Steinberger
d01e82d54a test(perf): avoid module reload churn in config guard tests 2026-03-02 15:56:30 +00:00
Peter Steinberger
93b0724025 fix(gateway): fail closed plugin auth path canonicalization 2026-03-02 15:55:32 +00:00
Peter Steinberger
44270c533b docs(changelog): credit sandbox mkdirp boundary fix (#31547) 2026-03-02 15:55:00 +00:00
Peter Steinberger
dec2c9e74d fix(sandbox): allow mkdirp boundary checks on existing directories (#31547) 2026-03-02 15:55:00 +00:00
User
6135eb3353 fix(sandbox): allow mkdirp boundary check on existing directories 2026-03-02 15:55:00 +00:00
Peter Steinberger
345abf0b20 fix: preserve dns pinning for strict web SSRF fetches 2026-03-02 15:54:46 +00:00
Peter Steinberger
a3d2021eea test(cron): stabilize model precedence mocks in bun runs (#31594) 2026-03-02 15:47:21 +00:00
Peter Steinberger
e08ba063d8 test(android): fix GatewaySessionInvokeTest coroutine job typing (#31594) 2026-03-02 15:47:21 +00:00
Peter Steinberger
998d477f5e test: stabilize cross-platform regression suites (#31594) 2026-03-02 15:47:21 +00:00
Peter Steinberger
a49afd25ea fix(secrets): ignore stdin EPIPE from fast-exit exec resolvers 2026-03-02 15:47:21 +00:00
Peter Steinberger
d86c1a67e0 fix(slack): correct typed message event overloads (#31701) 2026-03-02 15:47:21 +00:00
Peter Steinberger
05b84e718b fix(feishu): preserve explicit target routing hints (#31594) (thanks @liuxiaopai-ai) 2026-03-02 15:47:21 +00:00
liuxiaopai-ai
07b419a0e7 Feishu: honor group/dm prefixes in target parsing 2026-03-02 15:47:21 +00:00
Gustavo Madeira Santana
12be9a08fe refactor(diffs): dedupe functions 2026-03-02 10:46:45 -05:00
Peter Steinberger
ee1b147631 fix(zalouser): harden inbound sender id handling 2026-03-02 15:44:07 +00:00
Peter Steinberger
208a9b1ad1 docs(zalouser): document js-native migration and breaking change 2026-03-02 15:44:07 +00:00
Peter Steinberger
0f00110f5d test(zalouser): expand native runtime regression coverage 2026-03-02 15:44:07 +00:00
Peter Steinberger
174f2de447 feat(zalouser): migrate runtime to native zca-js 2026-03-02 15:44:07 +00:00
Peter Steinberger
db3d8d82c1 test(perf): avoid module reset churn in daemon lifecycle tests 2026-03-02 15:43:20 +00:00
Peter Steinberger
3f2848433a test(perf): reuse suite temp-home fixture in config io write tests 2026-03-02 15:43:20 +00:00
Peter Steinberger
663c1858b8 refactor(browser): split server context and unify CDP transport 2026-03-02 15:43:05 +00:00
Peter Steinberger
729ddfd7c8 fix: add zalo webhook account-scope regression assertions (#26121) (thanks @bmendonca3) 2026-03-02 15:38:36 +00:00
bmendonca3
f39882d57e zalo: update pairing-store read assertion to scoped params object 2026-03-02 15:38:36 +00:00
bmendonca3
6b7d3fb011 security(zalo): scope pairing store by account 2026-03-02 15:38:36 +00:00
Peter Steinberger
c63c179278 chore: add changelog note for adapter sendPayload rollout (#30144) (thanks @nohat) 2026-03-02 15:35:47 +00:00
David Friedland
dd3f7d57ee sendPayload: add chunking, empty-payload guard, and tests 2026-03-02 15:35:47 +00:00
David Friedland
47ef180fb7 sendPayload: explicit text fallback in text-only path 2026-03-02 15:35:47 +00:00
David Friedland
ebe54e6903 fix(adapters): restructure sendPayload media loop to avoid uninitialized lastResult 2026-03-02 15:35:47 +00:00
David Friedland
d06ee86292 feat(adapters): add sendPayload to batch-d adapters 2026-03-02 15:35:47 +00:00
Peter Steinberger
f1cab9c5e5 fix: stabilize zalouser account-scope regression hook (#26672) (thanks @bmendonca3) 2026-03-02 15:34:17 +00:00
bmendonca3
f4c3e483fe zalouser: update account-scope test for scoped store API 2026-03-02 15:34:17 +00:00
bmendonca3
6aa20e91d9 security(zalouser): scope pairing-store auth to accountId 2026-03-02 15:34:17 +00:00