admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,514 Commits 1 Branch 0 Tags
cdeedd80934051390fa848858d035cf31cbefbf3
Commit Graph

711 Commits

Author SHA1 Message Date
Peter Steinberger
683aa09b55 refactor(media): harden localRoots bypass (#16739) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 89dce69f5094bef7247b2510d27165e504cb820c
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-15 03:27:01 +01:00
Peter Steinberger
444a910d9e fix(infra): avoid req.destroy(err) in request body limiters 2026-02-15 03:19:27 +01:00
Vignesh Natarajan
dabfcbe941 Skills: clean up remote node cache on disconnect 2026-02-14 18:02:14 -08:00
Vignesh Natarajan
48fef27862 Outbound: bound directory cache memory growth 2026-02-14 17:58:07 -08:00
Peter Steinberger
d0ff8c341e refactor(usage): share claude window builder 2026-02-15 01:46:51 +00:00
Peter Steinberger
6ec1f10df0 refactor(outbound): share tool payload extraction 2026-02-15 01:46:51 +00:00
Peter Steinberger
513576b487 fix(test): disable safeBins expectations on Windows 2026-02-15 01:37:38 +00:00
Peter Steinberger
e3d5fff264 perf(test): avoid importing update-check in startup suite 2026-02-15 01:26:25 +00:00
Peter Steinberger
2ba918ac71 perf(test): remove gateway lock sleep waits 2026-02-15 01:26:25 +00:00
Peter Steinberger
b229a3de0c perf(test): reduce mkdir churn in path env suite 2026-02-15 00:45:10 +00:00
Peter Steinberger
8c3a12e011 perf(test): avoid per-test rm in update-startup suite 2026-02-15 00:45:10 +00:00
Peter Steinberger
52bfe5060c refactor: share file lock via plugin-sdk 2026-02-15 00:26:46 +00:00
Peter Steinberger
ed2ae5886d perf(test): avoid process.env cloning in update-startup suite 2026-02-15 00:26:41 +00:00
Peter Steinberger
ea0ef18704 refactor: centralize exec approval timeout 2026-02-15 01:18:53 +01:00
Peter Steinberger
096a7a571d perf(test): speed up update-startup and docker-setup suites 2026-02-14 23:51:47 +00:00
Peter Steinberger
6bc5987d6c perf(test): speed up path env suite 2026-02-14 23:16:37 +00:00
Peter Steinberger
221fe499db perf(test): speed up archive suite 2026-02-14 23:16:37 +00:00
Peter Steinberger
0465d314b0 refactor(test): table npm global update cases 2026-02-14 22:35:16 +00:00
Peter Steinberger
937e1c21f2 refactor(test): table telegram heartbeat account cases 2026-02-14 22:33:30 +00:00
Peter Steinberger
c0c0e0f9ae fix(security): block full-form IPv4-mapped IPv6 in SSRF guard 2026-02-14 22:58:38 +01:00
Peter Steinberger
28adddd760 refactor(outbound): share attachment hydration 2026-02-14 21:26:37 +00:00
Gustavo Madeira Santana
48b3d7096c fix: harden device pairing token generation and verification (#16535) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: bcbb50e3683b12643d8eb2ef3fde74dd3a3ac4a7
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-14 16:23:33 -05:00
Peter Steinberger
696a358215 perf(test): speed up update-runner suite 2026-02-14 21:20:15 +00:00
Peter Steinberger
6a361685ab perf(test): speed up control-ui-assets suite 2026-02-14 21:20:15 +00:00
Peter Steinberger
c5406e1d24 fix(security): prevent gatewayUrl SSRF 2026-02-14 22:01:11 +01:00
Peter Steinberger
9c5404d95e refactor(test): dedupe telegram heartbeat test setup 2026-02-14 19:59:58 +00:00
Peter Steinberger
24d2c6292e refactor(security): refine safeBins hardening 2026-02-14 19:59:13 +01:00
Peter Steinberger
013e8f6b3b fix: harden exec PATH handling 2026-02-14 19:53:04 +01:00
Peter Steinberger
77b89719d5 fix(security): block safeBins shell expansion 2026-02-14 19:44:14 +01:00
Peter Steinberger
4b9cb46c6e refactor(outbound): dedupe poll threading + tighten duration semantics 2026-02-14 19:03:46 +01:00
Peter Steinberger
cb3290fca3 fix(node-host): enforce system.run rawCommand/argv consistency 2026-02-14 18:53:23 +01:00
Robby
8e5689a84d feat(telegram): add sendPoll support (#16193) (#16209) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b58492cfed34eebe4b32af5292928092a11ecfed
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 18:34:30 +01:00
Peter Steinberger
571c195c54 fix: support moltbot legacy state dir 2026-02-14 17:14:21 +00:00
Peter Steinberger
9fb48f4dff refactor(scripts): make run-node main testable 2026-02-14 16:36:15 +00:00
Peter Steinberger
50645b905b refactor(outbound): centralize outbound identity 2026-02-14 16:44:43 +01:00
Peter Steinberger
64df787448 refactor(channels): share account summary helpers 2026-02-14 15:39:46 +00:00
Peter Steinberger
cc233da373 refactor(pairing): share json state helpers 2026-02-14 15:39:46 +00:00
Peter Steinberger
e9de242159 refactor(exec-approvals): share request event types 2026-02-14 15:39:46 +00:00
Peter Steinberger
4caeb203a6 refactor(install): share package dir install 2026-02-14 15:39:46 +00:00
Peter Steinberger
e1e05e57cb refactor(utils): share shell argv tokenizer 2026-02-14 15:39:46 +00:00
Robby
09e1cbc35d fix(cron): pass agent identity through delivery path (#16218) (#16242) 
* fix(cron): pass agent identity through delivery path

Cron delivery messages now include agent identity (name, avatar) in
outbound messages. Identity fields are passed best-effort for Slack
(graceful fallback if chat:write.customize scope is missing).

Fixes #16218

* fix: fix Slack cron delivery identity (#16242) (thanks @robbyczgw-cla)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-14 16:08:51 +01:00
Peter Steinberger
abf6b4997e test(archive): accept drive-path absolute tar errors 2026-02-14 15:52:38 +01:00
Peter Steinberger
4c7838e3cf refactor(archive): centralize limits and budgets 2026-02-14 15:43:44 +01:00
Peter Steinberger
5f4b29145c test(archive): cover archive size and absolute tar paths 2026-02-14 15:36:41 +01:00
Peter Steinberger
d3ee5deb87 fix(archive): enforce extraction resource limits 2026-02-14 15:36:41 +01:00
Peter Steinberger
3aa94afcfd fix(security): harden archive extraction (#16203) 
* fix(browser): confine upload paths for file chooser

* fix(browser): sanitize suggested download filenames

* chore(lint): avoid control regex in download sanitizer

* test(browser): cover absolute escape paths

* docs(browser): update upload example path

* refactor(browser): centralize upload path confinement

* fix(infra): harden tmp dir selection

* fix(security): harden archive extraction

* fix(infra): harden tar extraction filter
 2026-02-14 14:42:08 +01:00
Peter Steinberger
6f7d31c426 fix(security): harden plugin/hook npm installs 2026-02-14 14:07:14 +01:00
Peter Steinberger
eb4215d570 perf(test): speed up Vitest bootstrap 2026-02-14 12:13:27 +00:00
Peter Steinberger
e6d5b5fb11 perf(test): remove slow port inspection and reconnect sleeps 2026-02-14 04:57:28 +00:00
Peter Steinberger
7f227fc8cc perf(test): avoid heavy browser barrels in pw-ai tests 2026-02-14 03:13:32 +00:00