admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
14,655 Commits 1 Branch 0 Tags
97e56cb73cd3a22e6399250c02b30efe39fb74c4
Commit Graph

14655 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
97e56cb73c fix(discord): land proxy/media/reaction/model-picker regressions 
Reimplements core Discord fixes from #25277 #25523 #25575 #25588 #25731 with expanded tests.

- thread proxy-aware fetch into inbound attachment/sticker downloads
- fetch /gateway/bot via proxy dispatcher before ws connect
- wire statusReactions emojis/timing overrides into controller
- compact model-picker custom_id keys with backward-compatible parsing

Co-authored-by: openperf <openperf@users.noreply.github.com>
Co-authored-by: chilu18 <chilu18@users.noreply.github.com>
Co-authored-by: Yipsh <Yipsh@users.noreply.github.com>
Co-authored-by: lbo728 <lbo728@users.noreply.github.com>
Co-authored-by: s1korrrr <s1korrrr@users.noreply.github.com>
 2026-02-25 00:03:30 +00:00
Peter Steinberger
55cf92578d fix(security): harden system.run companion command binding 2026-02-25 00:02:03 +00:00
Peter Steinberger
8680240f7e docs(changelog): backfill landed fix PR entries 2026-02-24 23:59:04 +00:00
Fred White
b7deb062ea fix: normalize "bedrock" provider ID to "amazon-bedrock" 
Add "bedrock" and "aws-bedrock" as aliases for the canonical
"amazon-bedrock" provider ID in normalizeProviderId().

Without this mapping, configuring a model as "bedrock/..." causes
the auth resolution fallback to miss the Bedrock-specific AWS SDK
path, since the fallback check requires normalized === "amazon-bedrock".
This primarily affects the main agent when the explicit auth override
is not preserved through config merging.

Fixes #15716
 2026-02-24 23:57:11 +00:00
suko
b3e6653503 fix(onboard): avoid false 'telegram plugin not available' block 2026-02-24 23:55:27 +00:00
Peter Steinberger
b0bb3cca8a test(types): fix ts narrowing regressions in followup and matrix queue tests 2026-02-24 23:54:51 +00:00
Mark Musson
e22a2d77ba fix(whatsapp): stop retry loop on non-retryable 440 close 2026-02-24 23:52:49 +00:00
Peter Steinberger
def993dbd8 refactor(tmp): harden temp boundary guardrails 2026-02-24 23:51:10 +00:00
Vincent Koc
de586373e0 Changelog: note exact do not do that stop trigger 2026-02-24 18:50:53 -05:00
Vincent Koc
cc386f4962 Telegram tests: route exact do not do that to control lane 2026-02-24 18:50:53 -05:00
Vincent Koc
83f586b93b Gateway tests: cover exact do not do that stop matching 2026-02-24 18:50:53 -05:00
Vincent Koc
91391bbe01 Auto-reply tests: assert exact do not do that behavior 2026-02-24 18:50:53 -05:00
Vincent Koc
7bb08ba945 Auto-reply: add exact stop trigger for do not do that 2026-02-24 18:50:53 -05:00
Brian Mendonca
a3c4f56b0b security(voice-call): detect Telnyx webhook replay 2026-02-24 23:50:30 +00:00
Peter Steinberger
53f9b7d4e7 fix(automation): harden announce delivery + cron coding profile (#25813 #25821 #25822) 
Co-authored-by: Shawn <shenghuikevin@shenghuideMac-mini.local>
Co-authored-by: 不做了睡大觉 <user@example.com>
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-02-24 23:49:34 +00:00
Peter Steinberger
36d1e1dcff refactor(telegram): simplify DM media auth precheck flow 2026-02-24 23:49:10 +00:00
Peter Steinberger
316fad13aa refactor(outbound): unify attachment hydration flow 2026-02-24 23:48:43 +00:00
Brian Mendonca
9924f7c84e fix(security): classify hook sessions case-insensitively 2026-02-24 23:48:09 +00:00
Brian Mendonca
43a3ff3beb Changelog: add entry for exec env sanitization 2026-02-24 23:46:39 +00:00
Brian Mendonca
48b052322b Security: sanitize inherited host exec env 2026-02-24 23:46:39 +00:00
Peter Steinberger
9514201fb9 fix(telegram): block unauthorized DM media downloads 2026-02-24 23:44:50 +00:00
Brian Mendonca
5a64f6d766 Gateway/Security: protect /api/channels plugin root 2026-02-24 23:44:32 +00:00
Peter Steinberger
453664f09d refactor(zalo): split monitor access and webhook logic 2026-02-24 23:40:51 +00:00
Peter Steinberger
58309fd8d9 refactor(matrix,tests): extract helpers and inject send-queue timing 2026-02-24 23:37:50 +00:00
Peter Steinberger
a2529c25ff test(matrix,discord,sandbox): expand breakage regression coverage 2026-02-24 23:37:50 +00:00
Peter Steinberger
13a1c46396 fix(web-search): reduce provider auto-detect log noise 2026-02-24 23:32:29 +00:00
Peter Steinberger
79a7b3d22e test(line): align tmp-root expectation after sandbox hardening 2026-02-24 23:31:54 +00:00
Peter Steinberger
79e2328935 docs: update changelog for safe-bin hardening 2026-02-24 23:30:55 +00:00
Peter Steinberger
b4010a0b62 fix(zalo): enforce group sender policy in groups 2026-02-24 23:30:43 +00:00
Peter Steinberger
4355e08262 refactor: harden safe-bin trusted dir diagnostics 2026-02-24 23:29:44 +00:00
Peter Steinberger
5c2a483375 refactor(outbound): centralize attachment media policy 2026-02-24 23:29:05 +00:00
Peter Steinberger
54648a9cf1 refactor: centralize followup origin routing helpers 2026-02-24 23:28:58 +00:00
Peter Steinberger
9b53102100 test: add routing/session isolation edge-case regressions 2026-02-24 23:28:58 +00:00
Peter Steinberger
9fccf60733 refactor(synology-chat): centralize DM auth and fail fast startup 2026-02-24 23:28:40 +00:00
Peter Steinberger
e7a5f9f4d8 fix(channels,sandbox): land hard breakage cluster from reviewed PR bases 
Lands reviewed fixes based on #25839 (@pewallin), #25841 (@joshjhall), and #25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety.

Fixes #25836
Fixes #25840
Fixes #25824
Fixes #25868

Co-authored-by: Peter Wallin <pwallin@gmail.com>
Co-authored-by: Joshua Hall <josh@yaplabs.com>
Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com>
Co-authored-by: peteragility <peteragility@users.noreply.github.com>
 2026-02-24 23:27:56 +00:00
Peter Steinberger
5552f9073f refactor(sandbox): centralize network mode policy helpers 2026-02-24 23:26:46 +00:00
Peter Steinberger
14b6eea6e3 feat(sandbox): block container namespace joins by default 2026-02-24 23:20:34 +00:00
Peter Steinberger
ccbeb332e0 fix: harden routing/session isolation for followups and heartbeat 2026-02-24 23:20:27 +00:00
Peter Steinberger
7655c0cb3a docs(changelog): add synology-chat allowlist fail-closed note 2026-02-24 23:18:18 +00:00
Peter Steinberger
0ee30361b8 fix(synology-chat): fail closed empty allowlist 2026-02-24 23:18:17 +00:00
Peter Steinberger
270ab03e37 fix: enforce local media root checks for attachment hydration 2026-02-24 23:17:48 +00:00
Peter Steinberger
b67e600bff fix(security): restrict default safe-bin trusted dirs 2026-02-24 23:13:37 +00:00
Peter Steinberger
2d159e5e87 docs(security): document openclaw temp-folder boundary 2026-02-24 23:11:19 +00:00
Peter Steinberger
d3da67c7a9 fix(security): lock sandbox tmp media paths to openclaw roots 2026-02-24 23:10:19 +00:00
Peter Steinberger
bf8ca07deb fix(config): soften antigravity removal fallout (#25538) 
Land #25538 by @chilu18 to keep legacy google-antigravity-auth config entries non-fatal after removal (see #25862).

Co-authored-by: chilu18 <chilu.machona@icloud.com>
 2026-02-24 23:02:45 +00:00
Shakker
039ae0b77c chore: refresh lockfile after plugin devDependency cleanup 2026-02-24 22:50:47 +00:00
Shakker
955cc9029f chore: sync plugin versions to 2026.2.24 2026-02-24 22:45:46 +00:00
Peter Steinberger
f4e6f87303 refactor(ios): drop legacy talk payload and keychain fallbacks 2026-02-24 22:39:37 +00:00
Shakker
853f75592f changelog: include #25847 in chat image safety entry (#25847) (thanks @shakkernerd) 2026-02-24 22:28:58 +00:00
Shakker
30cb849b10 test(ui): reject base64 SVG data URLs 2026-02-24 22:28:58 +00:00