Moltbot

Author	SHA1	Message	Date
Marcus Widing	fa4e4efd92	fix(gateway): restore localhost Control UI pairing when allowInsecureAuth is set (#22996 ) * fix(gateway): allow localhost Control UI without device identity when allowInsecureAuth is set * fix(gateway): pass isLocalClient to evaluateMissingDeviceIdentity * test: add regression tests for localhost Control UI pairing * fix(gateway): require pairing for legacy metadata upgrades * test(gateway): fix legacy metadata e2e ws typing --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-02-22 00:04:52 +01:00
Peter Steinberger	51149fcaf1	refactor(gateway): extract connect and role policy logic	2026-02-21 19:47:22 +01:00
Peter Steinberger	ddcb2d79b1	fix(gateway): block node role when device identity is missing	2026-02-21 19:34:13 +01:00
Peter Steinberger	8588183abe	test: stabilize docker e2e suites for pairing and model updates	2026-02-21 16:38:48 +01:00
Nachx639	868fe48d58	fix(gateway): allow health method for all authenticated roles (#19699 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: b9764432672d15d63061df2d2e58542e5c777479 Co-authored-by: Nachx639 <71144023+Nachx639@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky	2026-02-20 17:48:44 +00:00
Coy Geek	40a292619e	fix: Control UI Insecure Auth Bypass Allows Token-Only Auth Over HTTP (#20684 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: ad9be4b4d65698785ad7ea9ad650f54d16c89c4a Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky	2026-02-20 17:34:34 +00:00
Nimrod Gutman	8775d34fba	fix(pairing): simplify pending merge and harden mixed-role onboarding	2026-02-20 14:47:20 +02:00
Shakker	525d6e0671	Gateway: align pairing scope checks for read access	2026-02-20 05:12:05 +00:00
Josh Avant	29ad0736f4	fix(gateway): tolerate legacy paired metadata in ws upgrade checks (#21447 ) Fixes the pairing required regression from #21236 for legacy paired devices created without roles/scopes metadata. Detects legacy paired metadata shape and skips upgrade enforcement while backfilling metadata in place on reconnect. Co-authored-by: Josh Avant <830519+joshavant@users.noreply.github.com> Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>	2026-02-19 17:45:56 -06:00
Peter Steinberger	0bda0202fd	fix(security): require explicit approval for device access upgrades	2026-02-19 14:49:09 +01:00
Gustavo Madeira Santana	c5698caca3	Security: default gateway auth bootstrap and explicit mode none (#20686 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: be1b73182cdca9c2331e2113bd1a08b977181974 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-19 02:35:50 -05:00
Peter Steinberger	12ad708ce5	test: dedupe gateway auth and sessions patch coverage	2026-02-18 05:30:59 +00:00
Gustavo Madeira Santana	07fdceb5fd	refactor: centralize presence routing and version precedence coverage (#19609 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 10d9df5263f5e14712fa4f9f62b7a686dc55e6ae Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-18 00:02:51 -05:00
cpojer	8d6e345338	chore: Fix types in tests 22/N.	2026-02-17 12:23:12 +09:00
Peter Steinberger	93ca0ed54f	refactor(channels): dedupe transport and gateway test scaffolds	2026-02-16 14:59:31 +00:00
Vignesh Natarajan	eed02a2b57	fix (security/gateway): preserve control-ui scopes in bypass mode	2026-02-15 19:12:06 -08:00
Peter Steinberger	8ba16a894f	refactor(test): reuse withGatewayServer in auth/http suites	2026-02-15 23:06:34 +00:00
Peter Steinberger	c1d2f74bc5	refactor(test): dedupe gateway auth e2e lockout setup	2026-02-14 23:51:42 +00:00
Peter Steinberger	c06a962bb6	test(e2e): stabilize suite	2026-02-14 22:01:11 +01:00
Peter Steinberger	35c0e66ed0	fix(security): harden hooks module loading	2026-02-14 15:03:27 +01:00
Peter Steinberger	3d0a41b584	test(gateway): isolate device identity in auth e2e	2026-02-14 14:57:19 +01:00
Harald Buerbaumer	30b6eccae5	feat(gateway): add auth rate-limiting & brute-force protection (#15035 ) * feat(gateway): add auth rate-limiting & brute-force protection Add a per-IP sliding-window rate limiter to Gateway authentication endpoints (HTTP, WebSocket upgrade, and WS message-level auth). When gateway.auth.rateLimit is configured, failed auth attempts are tracked per client IP. Once the threshold is exceeded within the sliding window, further attempts are blocked with HTTP 429 + Retry-After until the lockout period expires. Loopback addresses are exempt by default so local CLI sessions are never locked out. The limiter is only created when explicitly configured (undefined otherwise), keeping the feature fully opt-in and backward-compatible. * fix(gateway): isolate auth rate-limit scopes and normalize 429 responses --------- Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-02-13 15:32:38 +01:00
Peter Steinberger	cfd112952e	fix(gateway): default-deny missing connect scopes	2026-02-11 12:04:30 +01:00
Peter Steinberger	fe81b1d712	fix(gateway): require shared auth before device bypass	2026-02-02 16:56:38 -08:00
cpojer	935a0e5708	chore: Enable `typescript/no-explicit-any` rule.	2026-02-02 16:18:09 +09:00
cpojer	f06dd8df06	chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.	2026-02-01 10:03:47 +09:00
cpojer	5ceff756e1	chore: Enable "curly" rule to avoid single-statement if confusion/errors.	2026-01-31 16:19:20 +09:00
Peter Steinberger	9a7160786a	refactor: rename to openclaw	2026-01-30 03:16:21 +01:00
Peter Steinberger	6d16a658e5	refactor: rename clawdbot to moltbot with legacy compat	2026-01-27 12:21:02 +00:00
Peter Steinberger	3314b3996e	fix: harden gateway auth defaults	2026-01-26 18:24:26 +00:00
Peter Steinberger	e6bdffe568	feat: add control ui device auth bypass	2026-01-26 17:40:28 +00:00
Peter Steinberger	c4a80f4edb	fix: require gateway auth by default	2026-01-26 12:56:33 +00:00
Jamieson O'Reilly	6aec34bc60	fix(gateway): prevent auth bypass when behind unconfigured reverse proxy (#1795 ) * fix(gateway): prevent auth bypass when behind unconfigured reverse proxy When proxy headers (X-Forwarded-For, X-Real-IP) are present but gateway.trustedProxies is not configured, the gateway now treats connections as non-local. This prevents a scenario where all proxied requests appear to come from localhost and receive automatic trust. Previously, running behind nginx/Caddy without configuring trustedProxies would cause isLocalClient=true for all external connections, potentially bypassing authentication and auto-approving device pairing. The gateway now logs a warning when this condition is detected, guiding operators to configure trustedProxies for proper client IP detection. Also adds documentation for reverse proxy security configuration. * fix: harden reverse proxy auth (#1795) (thanks @orlyjamie) --------- Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-01-25 15:08:03 +00:00
Peter Steinberger	8f3da653b0	fix: allow control ui token auth without pairing	2026-01-25 12:47:17 +00:00
Peter Steinberger	9eaaadf8ee	fix: clarify control ui auth hints (fixes #1690 )	2026-01-25 04:46:42 +00:00
Peter Steinberger	37e5f077b8	test: move gateway server coverage to e2e	2026-01-23 18:34:33 +00:00

36 Commits