admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
15,402 Commits 1 Branch 0 Tags
d6552998e9631c66f4759be90102ea877c74aa42
Commit Graph

60 Commits

Author SHA1 Message Date
Peter Steinberger
61b3246a7f fix(ssrf): unify ipv6 special-use blocking 2026-02-26 03:43:42 +01:00
Peter Steinberger
baf656bc6f fix: block IPv6 multicast SSRF bypass 2026-02-26 03:35:10 +01:00
Peter Steinberger
3af9d1f8e9 fix: scope Telegram RFC2544 SSRF exception to policy opt-in (#24982) (thanks @stakeswky) 2026-02-24 03:28:00 +00:00
User
9df80b73e2 fix: allow RFC2544 benchmark range (198.18.0.0/15) through SSRF filter 
Telegram's API and file servers resolve to IPs in the 198.18.0.0/15
range (RFC 2544 benchmarking range). The SSRF filter was blocking these
addresses because ipaddr.js classifies them as 'reserved', and the
filter also had an explicit RFC2544_BENCHMARK_PREFIX check that blocked
them unconditionally.

Fix: exempt 198.18.0.0/15 from the 'reserved' range block in
isBlockedSpecialUseIpv4Address(). Other 'reserved' ranges (TEST-NET-2,
TEST-NET-3, documentation prefixes) remain blocked. The explicit
RFC2544_BENCHMARK_PREFIX check is repurposed as the exemption guard.

Closes #24973
 2026-02-24 03:28:00 +00:00
Peter Steinberger
cd5f3fe0c1 test(config): consolidate env/include scenario coverage 2026-02-23 22:16:30 +00:00
Peter Steinberger
0183610db3 refactor: de-duplicate channel runtime and payload helpers 2026-02-23 21:25:28 +00:00
Peter Steinberger
8af19ddc5b refactor: extract shared dedupe helpers for runtime paths 2026-02-23 05:43:43 +00:00
Peter Steinberger
98427453ba fix(network): normalize SSRF IP parsing and monitor typing 2026-02-22 18:55:34 +01:00
Peter Steinberger
3286791316 refactor(agents): dedupe config and truncation guards 2026-02-22 17:54:51 +00:00
Peter Steinberger
333fbb8634 refactor(net): consolidate IP checks with ipaddr.js 2026-02-22 17:02:44 +01:00
Peter Steinberger
dd07c06d00 fix: tighten gateway restart loop handling (#23416) (thanks @jeffwnli) 2026-02-22 10:38:32 +01:00
jeffr
6eaf2baa57 fix: detect zombie processes in isPidAlive on Linux 
kill(pid, 0) succeeds for zombie processes, causing the gateway lock
to treat a zombie lock owner as alive. Read /proc/<pid>/status on
Linux to check for 'Z' (zombie) state before reporting the process
as alive. This prevents the lock from being held indefinitely by a
zombie process during gateway restart.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 10:38:32 +01:00
Peter Steinberger
a32edf423b refactor(text): share code-region parsing for reasoning tags 2026-02-22 07:44:57 +00:00
Peter Steinberger
e0db04a50d fix(security): harden avatar validation and size limits 2026-02-22 08:35:32 +01:00
Vignesh Natarajan
55d492b4cd Gateway: allow operator admin scope for pairing and approvals 2026-02-21 19:37:04 -08:00
vignesh07
426d97797d fix(pairing): treat operator.admin as satisfying operator.write 2026-02-21 18:25:13 -08:00
Peter Steinberger
cc2ff68947 test: optimize gateway infra memory and security coverage 2026-02-21 21:44:50 +00:00
Vincent Koc
35be87b09b fix(tui): strip inbound metadata blocks from user messages (clean rewrite) (#22345) 
* fix(tui): strip inbound metadata blocks from user text

* chore: clean up metadata-strip format and changelog credit

* chore: format tui metadata-strip tests

* test: align metadata-strip regression expectations

* refactor: reuse canonical inbound metadata stripper

* test: allow tmp media fixture paths in media-understanding tests

* refactor: reuse canonical inbound metadata stripper

* format: fix changelog blank line after headings

* test: fix unrelated check typing regressions

* test: align memory async mock embedding signatures

* test: avoid tsgo mock typing pitfall

* test: restore async search mock typings in merge tree

* test: trigger ci rerun without behavior change

* chore: dedupe todays changelog entries

* fix: dedupe sqlite mock keys in qmd manager test

* Update qmd-manager.test.ts

* test: align chat metadata sanitization expectation
 2026-02-20 23:52:43 -05:00
hcoj
5dae5e6ef2 fix(tools): forward senderIsOwner to embedded runner so owner-only tools work (#22296) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0baca5ccc11c83727fe3db02b6ef6b11b421e698
Co-authored-by: hcoj <1169805+hcoj@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 08:33:58 +05:30
Vincent Koc
9a6b26d427 fix(ui): strip inbound metadata blocks and guard reply-tag streaming (clean rewrite) (#22346) 
* fix(ui): strip inbound metadata blocks from user messages

* chore: clean up metadata-strip format and changelog credit

* Update src/shared/chat-envelope.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-02-20 21:41:32 -05:00
Mariano
5828708343 iOS/Gateway: harden pairing resolution and settings-driven capability refresh (#22120) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 55b8a93a999b7458c98f9d3b31abbd3665929b31
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 18:57:04 +00:00
Shakker
525d6e0671 Gateway: align pairing scope checks for read access 2026-02-20 05:12:05 +00:00
Peter Steinberger
26c9b37f5b fix(security): enforce strict IPv4 SSRF literal handling 2026-02-19 15:24:47 +01:00
Peter Steinberger
2f6b8663ff refactor(shared): reuse outbound text chunking core 2026-02-19 07:01:54 +00:00
Peter Steinberger
b2c2737452 refactor(shared): reuse runtime entry requirement evaluator 2026-02-19 00:17:24 +00:00
Peter Steinberger
136bd59ba5 refactor(shared): centralize @/# slug normalization 2026-02-18 23:34:15 +00:00
Peter Steinberger
b366279030 refactor(shared): reuse node list parsers across cli and tools 2026-02-18 23:34:15 +00:00
Peter Steinberger
8b48e0c615 refactor(shared): reuse requirement remote context type 2026-02-18 17:48:02 +00:00
Peter Steinberger
8a9fddedc9 refactor: extract shared install and embedding utilities 2026-02-18 04:49:22 +00:00
Peter Steinberger
91e9684e8c test: add normalization coverage for shared and slack allow-list 2026-02-18 03:17:54 +00:00
Peter Steinberger
8407eeb33c refactor: extract shared string normalization helpers 2026-02-18 03:17:54 +00:00
Peter Steinberger
f452a7a60b refactor(shared): reuse chat content extractor for assistant text 2026-02-17 00:53:44 +00:00
Peter Steinberger
7687f6cfcd refactor: reuse runtime requires evaluation 2026-02-17 00:45:02 +00:00
Peter Steinberger
7147cd9cc0 refactor: dedupe process-scoped lock maps 2026-02-17 00:45:02 +00:00
Peter Steinberger
04892ee230 refactor(core): dedupe shared config and runtime helpers 2026-02-16 14:59:30 +00:00
Peter Steinberger
ae1880acf6 refactor(frontmatter): share openclaw manifest parsing 2026-02-16 00:23:33 +00:00
Peter Steinberger
3a7b1b36b6 perf(test): consolidate shared utility suites 2026-02-16 00:18:27 +00:00
Peter Steinberger
5248b759fe refactor(shared): reuse isPidAlive 2026-02-15 19:06:54 +00:00
Peter Steinberger
137079fc21 refactor(shared): share entry requirements evaluation 2026-02-15 12:45:46 -06:00
Peter Steinberger
b74c3d80cc refactor(shared): dedupe chat content text extraction 2026-02-15 17:21:36 +00:00
Peter Steinberger
34b6c743f5 refactor(shared): share requirements eval for remote context 2026-02-15 14:26:10 +00:00
Peter Steinberger
b838429e2f refactor(status): share emoji/homepage resolver 2026-02-15 13:01:39 +00:00
Peter Steinberger
dec28e5384 refactor(subagents): share token usage formatting 2026-02-15 07:06:54 +00:00
Peter Steinberger
4950fcfb33 refactor(gateway): share IPv4 input validator 2026-02-15 06:37:41 +00:00
Peter Steinberger
bdc3e447e9 refactor(subagents): share formatting helpers 2026-02-15 06:15:30 +00:00
Peter Steinberger
bbe3b2b55d refactor(models): share param-B inference 2026-02-15 05:12:49 +00:00
Peter Steinberger
f3a474af30 refactor(device-auth): share store types + normalization 2026-02-15 04:22:44 +00:00
Peter Steinberger
d31e0dee55 refactor: dedupe chat envelope + daemon output + skills UI 2026-02-15 03:41:11 +00:00
Peter Steinberger
fef86e475b refactor: dedupe shared helpers across ui/gateway/extensions 2026-02-15 03:34:14 +00:00
Peter Steinberger
76e4e9d176 perf(test): reduce skills + update + memory suite overhead 2026-02-14 16:36:15 +00:00