Moltbot

Author	SHA1	Message	Date
Peter Steinberger	fae8de9ae0	fix(browser): land PR #27617 relay reconnect resilience	2026-02-26 15:08:55 +00:00
Peter Steinberger	79659b2b14	fix(browser): land PR #11880 decodeURIComponent guardrails Guard malformed percent-encoding in relay target routes and browser dispatcher params, add regression tests, and update changelog. Landed from contributor @Yida-Dev (PR #11880). Co-authored-by: Yida-Dev <reyifeijun@gmail.com>	2026-02-26 14:37:48 +00:00
Peter Steinberger	5416cabdf8	fix(browser): land PR #21277 dedupe concurrent relay init Add shared per-port relay initialization dedupe so concurrent callers await a single startup lifecycle, with regression coverage and changelog entry. Landed from contributor @HOYALIM (PR #21277). Co-authored-by: Ho Lim <subhoya@gmail.com>	2026-02-26 14:30:46 +00:00
Peter Steinberger	ce833cd6de	fix(browser): land PR #24142 flush relay pending timers on stop Flush pending extension request timers/rejections during relay shutdown and document in changelog. Landed from contributor @kevinWangSheng (PR #24142). Co-authored-by: Shawn <118158941+kevinWangSheng@users.noreply.github.com>	2026-02-26 14:20:43 +00:00
Peter Steinberger	42cf32c386	fix(browser): land PR #26015 query-token auth for /json relay routes Align relay HTTP /json auth with websocket auth by accepting query-param tokens, add regression coverage, and update changelog. Landed from contributor @Sid-Qin (PR #26015). Co-authored-by: SidQin-cyber <sidqin0410@gmail.com>	2026-02-26 14:17:41 +00:00
Peter Steinberger	4c75eca580	fix(browser): land PR #23962 extension relay CORS fix Reworks browser relay CORS handling for extension-origin preflight and JSON responses, adds regression tests, and updates changelog. Landed from contributor @miloudbelarebia (PR #23962). Co-authored-by: Miloud Belarebia <miloudbelarebia@users.noreply.github.com>	2026-02-26 14:14:30 +00:00
Peter Steinberger	f41715a18f	refactor(browser): split act route modules and dedupe path guards	2026-02-26 01:21:34 +01:00
Peter Steinberger	496a76c03b	fix(security): harden browser trace/download temp path handling	2026-02-26 01:04:05 +01:00
Peter Steinberger	ef326f5cd0	fix(browser): revalidate upload paths at use time	2026-02-26 00:40:56 +01:00
Peter Steinberger	31f2bf9519	test: fix gate regressions	2026-02-24 04:39:53 +00:00
Peter Steinberger	f9de17106a	refactor(browser): share relay token + options validation tests	2026-02-24 04:23:22 +00:00
Peter Steinberger	3f923e8313	test: add env -S allowlist bypass regressions	2026-02-24 02:28:00 +00:00
Peter Steinberger	5eb72ab769	fix(security): harden browser SSRF defaults and migrate legacy key	2026-02-24 01:52:01 +00:00
oneaix	216d99e585	fix(browser): derive relay auth token from gateway token in Chrome extension The extension relay server authenticates using an HMAC-SHA256 derived token (`openclaw-extension-relay-v1:<port>`), but the Chrome extension was sending the raw gateway token. This caused both the WebSocket connection and the options page validation to fail with 401 Unauthorized. Additionally, the options page validation request triggered a CORS preflight (due to the custom `x-openclaw-relay-token` header) which the relay rejects because OPTIONS requests lack auth headers. The options page now delegates the check to the background service worker which has host_permissions and bypasses CORS preflight. Fixes #23842 Co-authored-by: Cursor <cursoragent@cursor.com> (cherry picked from commit bbc654b9f063ef24e7d511275e7d8c670414970b)	2026-02-23 18:56:14 +00:00
Mustafa Kemal	bb8f538cd4	Browser relay: accept raw gateway token in extension auth (cherry picked from commit e682a768d0ebe65f9818c6d47fd79e18c38d650f)	2026-02-23 18:56:14 +00:00
Peter Steinberger	1c753ea786	test: dedupe fixtures and test harness setup	2026-02-23 05:45:54 +00:00
Peter Steinberger	8af19ddc5b	refactor: extract shared dedupe helpers for runtime paths	2026-02-23 05:43:43 +00:00
Peter Steinberger	2081b3a3c4	refactor(channels): dedupe hook and monitor execution paths	2026-02-22 21:19:09 +00:00
Peter Steinberger	8af6d1a186	refactor(test): dedupe repeated fixture setup helpers	2026-02-22 20:04:51 +00:00
Peter Steinberger	53ed7a0f5c	test: dedupe repeated test fixtures and assertions	2026-02-22 18:37:25 +00:00
Peter Steinberger	772cf7df33	test: load chrome extension background utils across module modes	2026-02-22 18:29:20 +00:00
Peter Steinberger	2858901441	test(flaky): harden slow vmFork unit suites Co-authored-by: Ho Lim <166576253+HOYALIM@users.noreply.github.com>	2026-02-22 19:08:59 +01:00
Peter Steinberger	9ea5228f42	fix(browser): recover stale remote target ids Co-authored-by: Ilya Strelov <10761735+strelov1@users.noreply.github.com>	2026-02-22 19:08:38 +01:00
Peter Steinberger	1fe2043742	fix(browser): harden extension relay worker recovery Co-authored-by: codexGW <9350182+codexGW@users.noreply.github.com>	2026-02-22 19:08:38 +01:00
Peter Steinberger	40494d67f2	fix(browser): harden extension relay reconnect race Co-authored-by: Ho Lim <166576253+HOYALIM@users.noreply.github.com>	2026-02-22 19:08:38 +01:00
Peter Steinberger	78220db2be	refactor(browser): dedupe control-server test harness	2026-02-22 17:54:51 +00:00
Peter Steinberger	296b19e413	test: dedupe gateway browser discord and channel coverage	2026-02-22 17:11:54 +00:00
Peter Steinberger	f14ebd743c	refactor(security): unify local-host and tailnet CIDR checks	2026-02-22 17:20:27 +01:00
tyler	9b23e5ce1f	test: fix flaky auth tests when OPENCLAW_GATEWAY_TOKEN is present	2026-02-22 15:17:37 +01:00
Peter Steinberger	4a2492496e	test: move browser and web auto-reply local suites out of e2e	2026-02-22 11:05:26 +00:00
Peter Steinberger	6c2e999776	refactor(security): unify secure id paths and guard weak patterns	2026-02-22 10:16:19 +01:00
Peter Steinberger	ccc00d874c	test(core): reduce mock reset overhead in targeted suites	2026-02-22 08:40:29 +00:00
Peter Steinberger	8a0a28763e	test(core): reduce mock reset overhead across unit and e2e specs	2026-02-22 08:22:58 +00:00
Peter Steinberger	2557945a8d	test(core): use lightweight clears in subagent and browser setup	2026-02-22 08:07:41 +00:00
Peter Steinberger	6e253096ed	test(core): use lightweight clears in command and dispatch setup	2026-02-22 08:06:06 +00:00
Peter Steinberger	96674ca301	fix(ci): add explicit mock types in pw-session mock setup	2026-02-22 08:05:12 +00:00
Peter Steinberger	0194d50339	test: stabilize pw-session cdp mocking in parallel runs	2026-02-22 08:03:29 +00:00
Peter Steinberger	0c1a52307c	fix: align draft/outbound typings and tests	2026-02-22 08:03:29 +00:00
Peter Steinberger	d7f01c2c55	test(browser): use lightweight clears in server lifecycle setup	2026-02-22 08:01:15 +00:00
Peter Steinberger	639b2f5f5b	test(browser): dedupe pw-session playwright mock wiring	2026-02-22 07:44:57 +00:00
Peter Steinberger	6bc753624f	test(browser): dedupe generated-token persistence assertions	2026-02-22 07:44:57 +00:00
Peter Steinberger	4c8545ad53	test(browser): dedupe relay probe server scaffolding	2026-02-22 07:44:57 +00:00
Vignesh Natarajan	54e5f80424	Browser: accept canonical upload paths for symlinked roots	2026-02-21 21:54:57 -08:00
Peter Steinberger	dfe0483d80	test(browser): table-drive scroll and click error rewrites	2026-02-21 23:58:33 +00:00
Peter Steinberger	b1c50cc5c0	test(browser): tighten relay test watchdog timeouts	2026-02-21 23:07:58 +00:00
Peter Steinberger	cc2ff68947	test: optimize gateway infra memory and security coverage	2026-02-21 21:44:50 +00:00
Peter Steinberger	e2a50228a1	test(browser): dedupe chrome mocks and cover SIGKILL escalation	2026-02-21 21:40:39 +00:00
Peter Steinberger	59189750e4	test(browser): dedupe path fixture calls and cover root resolvers	2026-02-21 21:40:39 +00:00
Peter Steinberger	6fd31fc0b0	test(browser): dedupe invalid-path assertions and cover blank path rejection	2026-02-21 21:40:39 +00:00
Peter Steinberger	ac6c344d9b	test(browser): dedupe fixture lifecycle and cover directory-path rejection	2026-02-21 21:40:38 +00:00

1 2 3 4 5 ...

309 Commits