admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
14,593 Commits 1 Branch 0 Tags
75f145ebccb05947e2f6d85e0ccaea0f9b515607
Commit Graph

97 Commits

Author SHA1 Message Date
Shennan
a7518b7589 fix(feishu): pass parentPeer for topic session binding inheritance 
(cherry picked from commit bddeb1fd95d10cf18da9dca129b58828eae84cba)
 2026-02-24 04:33:51 +00:00
Peter Steinberger
75423a00d6 refactor: deduplicate shared helpers and test setup 2026-02-23 20:40:44 +00:00
Vignesh Natarajan
8d9d01447e chore: align plugin versions and harden outbound cross-provider test 2026-02-22 23:04:17 -08:00
Peter Steinberger
1bc5ba6e29 fix(feishu): prefer video file_key for inbound media 2026-02-22 19:21:42 +01:00
Peter Steinberger
95e85e627e fix(feishu): restore group command fallback and plugin deps 2026-02-22 19:13:19 +01:00
Peter Steinberger
4ed87a6672 fix(feishu): enforce id-only allowlist matching 2026-02-22 18:55:06 +01:00
Peter Steinberger
6dd36a6b77 refactor(channels): reuse runtime group policy helpers 2026-02-22 12:44:23 +01:00
Peter Steinberger
85e5ed3f78 refactor(channels): centralize runtime group policy handling 2026-02-22 12:35:41 +01:00
Peter Steinberger
5574eb6b35 fix(feishu): harden onboarding and webhook validation 2026-02-22 11:29:31 +00:00
Peter Steinberger
26763d1910 fix: resolve extension type errors and harden probe mocks 2026-02-22 12:25:58 +01:00
Peter Steinberger
777817392d fix: fail closed missing provider group policy across message channels (#23367) (thanks @bmendonca3) 2026-02-22 12:21:04 +01:00
Peter Steinberger
29e41d4c0a fix: land security audit severity + temp-path guard fixes (#23428) (thanks @bmendonca3) 2026-02-22 11:26:17 +01:00
Peter Steinberger
bf56196de3 fix: tighten feishu dedupe boundary (#23377) (thanks @SidQin-cyber) 2026-02-22 11:13:40 +01:00
SidQin-cyber
9e5e555ba3 fix(feishu): address dedup race condition, namespace isolation, and cache staleness 
- Prefix memoryCache keys with namespace to prevent cross-account false
  positives when different accounts receive the same message_id
- Add inflight tracking map to prevent TOCTOU race where concurrent
  async calls for the same message both pass the check and both proceed
- Remove expired-entry deletion from has() to avoid silent cache/disk
  divergence; actual cleanup happens probabilistically inside record()
- Add time-based cache invalidation (30s) to DedupStore.load() so
  external writes are eventually picked up
- Refresh cacheLoadedAt after flush() so we don't immediately re-read
  data we just wrote

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-22 11:13:40 +01:00
SidQin-cyber
9a8179fd59 feat(feishu): persistent message deduplication to prevent duplicate replies 
Closes #23369

Feishu may redeliver the same message during WebSocket reconnects or process
restarts.  The existing in-memory dedup map is lost on restart, so duplicates
slip through.

This adds a dual-layer dedup strategy:
- Memory cache (fast synchronous path, unchanged capacity)
- Filesystem store (~/.openclaw/feishu/dedup/) that survives restarts

TTL is extended from 30 min to 24 h.  Disk writes use atomic rename and
probabilistic cleanup to keep each per-account file under 10 k entries.
Disk errors are caught and logged — message handling falls back to
memory-only behaviour so it is never blocked.
 2026-02-22 11:13:40 +01:00
Peter Steinberger
73804abcec fix(feishu): avoid template tmpdir join in dedup state path (#23398) 2026-02-22 11:12:01 +01:00
Peter Steinberger
59807efa31 refactor(plugin-sdk): unify channel dedupe primitives 2026-02-22 10:46:34 +01:00
Peter Steinberger
0bd9f0d4ac fix: enforce strict allowlist across pairing stores (#23017) 2026-02-22 00:00:23 +01:00
Peter Steinberger
549549f6a0 fix(ci): sync plugin versions and harden install smoke 2026-02-21 20:18:37 +01:00
Peter Steinberger
9231d7d30f chore: bump version to 2026.2.21 2026-02-21 11:02:30 +01:00
Peter Steinberger
f66b23de75 chore(release): bump versions to 2026.2.20 2026-02-20 00:02:53 +01:00
Peter Steinberger
b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger
3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger
f4b288b8f7 refactor(feishu): dedupe mention regex escaping 2026-02-19 15:04:40 +01:00
Peter Steinberger
7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Jamie
7e67ab75cc fix(feishu): escape regex metacharacters in stripBotMention 
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.

Ref: GHSA-c6hr-w26q-c636
 2026-02-19 14:51:41 +01:00
Peter Steinberger
0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00
Peter Steinberger
ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
Peter Steinberger
aa267812d3 test(security): add webhook hardening regressions 2026-02-19 13:31:28 +01:00
Peter Steinberger
a23e0d5140 fix(security): harden feishu and zalo webhook ingress 2026-02-19 13:31:27 +01:00
Peter Steinberger
cdb00fe242 fix(feishu): isolate temp download writes in mkdtemp dirs 2026-02-19 11:05:04 +01:00
Mariano
a7c0aa94d9 refactor(security): share safe temp media path builder (#20810) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7a088e6801d4ec45858ba47d20a8c8615ba35389
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 09:59:21 +00:00
Mariano Belinky
c821099157 Feishu: harden temp media download paths 2026-02-19 10:13:48 +01:00
Peter Steinberger
4bf3338834 chore: bump version to 2026.2.18 unreleased 2026-02-18 04:40:06 +01:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
Peter Steinberger
9a2c39419e chore(release): bump version to 2026.2.17 2026-02-17 23:08:55 +01:00
Sebastian
7884d65687 test(feishu): cover post mentions for other users 2026-02-17 08:53:25 -05:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
Sebastian
ca19745fa2 Revert "channels: migrate extension account listing to factory" 
This reverts commit d24340d75b.
 2026-02-16 23:17:13 -05:00
cpojer
d3a36cc3b0 chore: Fix remaining extension test types, enable type checking for extension tests. 2026-02-17 10:14:01 +09:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
gaowanqi08141999
86517b8e30 feat(feishu): add bitable create app and create field tools 2026-02-17 00:02:00 +01:00
popomore
eed806ce58 f 2026-02-16 23:59:41 +01:00
popomore
a42ccb9c1d f 2026-02-16 23:59:41 +01:00
popomore
c315246971 fix(feishu): fix mention detection for post messages with embedded docs 
Parse "at" elements from post content when message.mentions is empty to
detect bot mentions in rich text messages containing documents.
 2026-02-16 23:59:41 +01:00
yinghaosang
d24340d75b channels: migrate extension account listing to factory 2026-02-16 23:53:19 +01:00
Peter Steinberger
544ffbcf7b refactor(extensions): dedupe connector helper usage 2026-02-16 14:59:30 +00:00
Peter Steinberger
39fa81dc96 chore: bump version to 2026.2.16 2026-02-16 06:08:47 +01:00