admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
17,445 Commits 1 Branch 0 Tags
83290c5cef0cf9f7a74136ce6b70d3cf87cb53db
Commit Graph

11092 Commits

Author SHA1 Message Date
Vincent Koc
83290c5cef Discord: format exec approval tests 2026-03-07 16:43:22 -08:00
Vincent Koc
60441c8ced Systemd: allowlist environment file fixtures 2026-03-07 16:43:21 -08:00
Vincent Koc
a56841b98c Daemon: harden WSL2 systemctl install checks (#39294) 
* Daemon: harden WSL2 systemctl install checks

* Changelog: note WSL2 daemon install hardening

* Daemon: tighten systemctl failure classification
 2026-03-07 16:43:19 -08:00
Peter Steinberger
f195af0b22 fix(sandbox): anchor fs-bridge destructive ops 2026-03-08 00:41:12 +00:00
Peter Steinberger
9d2b292998 fix(exec-approvals): honor allow-always for bash script invocations 
Landed from contributor PR #35137 by @yuweuii.

Co-authored-by: yuweuii <82372187+yuweuii@users.noreply.github.com>
 2026-03-08 00:39:54 +00:00
Peter Steinberger
c6575891c7 fix(exec): inherit ask from exec-approvals.json when tools.exec.ask unset 
Landed from contributor PR #29187 by @Bartok9.

Co-authored-by: Bartok9 <259807879+Bartok9@users.noreply.github.com>
 2026-03-08 00:35:50 +00:00
Vincent Koc
240b143bde test(telegram): cover sender-only groupAllowFrom normalization 2026-03-07 16:34:42 -08:00
Vincent Koc
13ed6afe60 telegram: restore sender-only allowFrom validation 2026-03-07 16:34:21 -08:00
Peter Steinberger
173132165d fix(exec): honor exec-approvals ask=off for gateway/node runs 
Landed from contributor PR #26789 by @pandego.

Co-authored-by: Miguel Miranda Dias <7780875+pandego@users.noreply.github.com>
 2026-03-08 00:29:34 +00:00
Josh Avant
25252ab5ab gateway: harden shared auth resolution across systemd, discord, and node host 2026-03-07 18:28:32 -06:00
Martin-Max
a7f6e0a921 fix(telegram): support negative IDs in groupAllowFrom (#36753) (#37134) 
* fix(telegram): support negative IDs in groupAllowFrom for group/channel whitelist (#36753)

When configuring Telegram group restrictions with groupAllowFrom,
negative group/channel IDs (e.g., -1001234567890) are rejected with
'authorization requires numeric Telegram sender IDs only' error,
even though the field name suggests it should accept group IDs.

Root cause:
- normalizeAllowFrom() uses regex /^\d+$/ to validate IDs
- Telegram group/channel IDs are negative integers
- Regex only matches positive integers, rejecting all group IDs

Impact:
- Users cannot whitelist specific groups using groupAllowFrom
- Workaround requires groupPolicy: "open" (security risk)
- Field name is misleading (suggests group IDs, but only accepts user IDs)

Fix:
- Change regex from /^\d+$/ to /^-?\d+$/ (support optional minus sign)
- Apply to both invalidEntries filter and ids filter
- Add comment explaining negative ID support for groups/channels

Testing:
- Positive user IDs (745123456) →  still work
- Negative group IDs (-1001234567890) →  now accepted
- Invalid entries (@username) → ⚠️  still warned

Fixes #36753

* test(telegram): add signed ID runtime regression

---------

Co-authored-by: Martin Qiu <qiuyuemartin@gmail.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 19:27:25 -05:00
Vincent Koc
27b6b0c119 Gateway Secrets: allowlist unresolved secret ref label 2026-03-07 16:27:00 -08:00
Vincent Koc
a7c605ec4a Gateway Credentials: allowlist precedence fixtures 2026-03-07 16:27:00 -08:00
Vincent Koc
ace64831e0 Gateway Credentials: allowlist password fixtures 2026-03-07 16:27:00 -08:00
Vincent Koc
889a60e122 Gateway Auth: allowlist bootstrap password references 2026-03-07 16:27:00 -08:00
Vincent Koc
475b0cb49a Docker Setup: allowlist dotenv token fixtures 2026-03-07 16:27:00 -08:00
Peter Steinberger
eed403dc74 refactor(agents): unify spawned metadata and extract attachments service 2026-03-08 00:23:45 +00:00
Peter Steinberger
61000b8e4d fix(acp): block sandboxed slash spawns 2026-03-08 00:23:07 +00:00
Peter Steinberger
bda035768f fix(plugins): fall back to src plugin-sdk aliases 2026-03-08 00:18:45 +00:00
Peter Steinberger
4e07bdbdfd fix(cron): restore isolated delivery defaults 2026-03-08 00:18:45 +00:00
Peter Steinberger
8a469a12b2 test(exec): dedupe wrapper boundary regressions 2026-03-08 00:12:08 +00:00
Peter Steinberger
5f50823abf refactor(exec): share wrapper depth classification 2026-03-08 00:12:08 +00:00
Vincent Koc
168c65aa26 Allowlists: type test runtime mocks 2026-03-07 16:09:57 -08:00
Vincent Koc
3b1be1a08c Plugin SDK: align allowFrom helper test input 2026-03-07 16:08:39 -08:00
Peter Steinberger
990fc36cbd refactor: share sampled entry summary formatting 2026-03-08 00:05:24 +00:00
Peter Steinberger
cc03c097c5 refactor: share provider group-policy warning collectors 2026-03-08 00:05:24 +00:00
Peter Steinberger
566a821e5d refactor: share missing-sender matched allowlist evaluation 2026-03-08 00:05:24 +00:00
Peter Steinberger
2b54070526 refactor: share allowlist provider warning resolution 2026-03-08 00:05:24 +00:00
Peter Steinberger
846ec320e2 refactor: share account-scoped config adapter accessors 2026-03-08 00:05:24 +00:00
Peter Steinberger
b6318d4df4 fix: narrow dm shared group policy typing 2026-03-08 00:05:24 +00:00
Peter Steinberger
b0d9246768 refactor: share matched group policy evaluation 2026-03-08 00:05:24 +00:00
Peter Steinberger
f319ec2dac refactor: share onboarding allowlist entry parsing 2026-03-08 00:05:24 +00:00
Vincent Koc
766d76ef9a Wizard: type-safe onboarding install plan assertions 2026-03-07 16:02:37 -08:00
Vincent Koc
029fdd4208 Daemon CLI: type-safe install plan assertions 2026-03-07 16:02:27 -08:00
Vincent Koc
c5fb661742 Daemon CLI: resolve token drift from gateway credentials 2026-03-07 16:02:18 -08:00
Vincent Koc
936f0a7f22 Update gateway-status.test.ts 2026-03-07 15:59:11 -08:00
Vincent Koc
3ae61d57a3 Gateway Status: allowlist missing token test fixture 2026-03-07 15:58:01 -08:00
Peter Steinberger
ab54532c8f fix(agents): land #39247 from @jasonQin6 (subagent workspace inheritance) 
Propagate parent workspace directories into spawned subagent runs, keep workspace override internal-only, and add regression tests for forwarding boundaries.

Co-authored-by: jasonQin6 <991262382@qq.com>
 2026-03-07 23:56:37 +00:00
Peter Steinberger
eeba93d63d fix(discord): pass gateway auth to exec approvals 
Pass resolved gateway token/password into the Discord exec approvals GatewayClient startup path so token-auth installs stop failing approvals with gateway token mismatch.

Fixes #38179
Adjacent investigation: #35147 by @0riginal-claw
Co-authored-by: 0riginal-claw <0rginal_claw@0rginal-claws-Mac-mini.local>
 2026-03-07 23:47:48 +00:00
Peter Steinberger
f304ca09b1 fix(agents): sanitize strict openai-compatible turn ordering from #39252 (thanks @scoootscooob) 
Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-03-07 23:42:19 +00:00
Peter Steinberger
ada4ee08d9 fix(docker): land #33097 from @chengzhichao-xydt 
Landed from contributor PR #33097 by @chengzhichao-xydt.

Co-authored-by: Zhichao Cheng <cheng.zhichao@xydigit.com>
 2026-03-07 23:41:57 +00:00
Peter Steinberger
2fc95a7cfc fix(exec): close dispatch-wrapper boundary drift 2026-03-07 23:40:38 +00:00
Peter Steinberger
adf4eb487b fix(signal): forward all inbound attachments from #39212 (thanks @joeykrug) 
Co-authored-by: Joey Krug <joeykrug@gmail.com>
 2026-03-07 23:35:55 +00:00
Peter Steinberger
939b18475d fix(exec): honor shell comments in allow-always analysis 2026-03-07 23:31:25 +00:00
Peter Steinberger
1aaca517e3 fix(media): harden unknown mime handling from #39199 (thanks @nicolasgrasset) 
Co-authored-by: Nicolas Grasset <nicolas.grasset@gmail.com>
 2026-03-07 23:30:32 +00:00
Peter Steinberger
dc92f2e19d refactor: share nextcloud onboarding allowFrom lookup 2026-03-07 23:27:51 +00:00
Peter Steinberger
4956271da1 refactor: share provider allowlist input normalization 2026-03-07 23:27:51 +00:00
Peter Steinberger
c9128e1f3f refactor: share trimmed list normalization in provider helpers 2026-03-07 23:27:51 +00:00
Peter Steinberger
c5bd84309a refactor: share allowFrom stringification helpers 2026-03-07 23:27:51 +00:00
Peter Steinberger
99d14a820a refactor: share route policy evaluation in chat monitors 2026-03-07 23:27:51 +00:00