admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
Files
e9216cb7dc0e4a7fb3ade7933e57d71016e73349
Moltbot/src
History
SidQin-cyber 20523b918a fix(gateway): allow trusted-proxy control-ui auth to skip device pairing 
Control UI connections authenticated via gateway.auth.mode=trusted-proxy were
still forced through device pairing because pairing bypass only considered
shared token/password auth (sharedAuthOk). In trusted-proxy deployments,
this produced persistent "pairing required" failures despite valid trusted
proxy headers.

Treat authenticated trusted-proxy control-ui connections as pairing-bypass
eligible and allow missing device identity in that mode.

Fixes #25293

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-24 14:17:54 +00:00
..
acp
fix(acp): harden permission tool-name validation
2026-02-24 01:11:34 +00:00
agents
fix(agents): await block-reply flush before tool execution starts
2026-02-24 14:11:40 +00:00
auto-reply
Auto-reply: normalize stop matching and add multilingual triggers (#25103)
2026-02-24 01:07:25 -05:00
browser
test: fix gate regressions
2026-02-24 04:39:53 +00:00
canvas-host
test: tighten canvas host websocket watchdog timeouts
2026-02-21 23:02:44 +00:00
channels
fix: harden legacy plugin schema compatibility tests (#24933) (thanks @pandego)
2026-02-24 03:50:53 +00:00
cli
fix(cli): replace stale doctor/restart command hints (#24485)
2026-02-24 14:49:59 +05:30
commands
fix(cli): replace stale doctor/restart command hints (#24485)
2026-02-24 14:49:59 +05:30
compat
config
test: fix gate regressions
2026-02-24 04:39:53 +00:00
cron
fix(cron): treat embedded error payloads as run failures
2026-02-24 04:33:50 +00:00
daemon
fix: back up existing systemd unit before overwriting on update (#24350) (#24937)
2026-02-24 03:22:55 +00:00
discord
test(discord): add regression tests for reasoning tag stripping in stream
2026-02-24 04:37:30 +00:00
docs
gateway
fix(gateway): allow trusted-proxy control-ui auth to skip device pairing
2026-02-24 14:17:54 +00:00
hooks
fix(agents): include SOUL.md, IDENTITY.md, USER.md in subagent/cron bootstrap allowlist
2026-02-24 04:04:35 +00:00
imessage
fix(security): harden account-key handling against prototype pollution
2026-02-24 01:09:31 +00:00
infra
test: make shell-env trust-path test platform-safe (#24991) (thanks @stakeswky)
2026-02-24 04:34:49 +00:00
line
fix(security): harden account-key handling against prototype pollution
2026-02-24 01:09:31 +00:00
link-understanding
chore: remove verified dead code paths
2026-02-22 09:21:09 +01:00
logging
fix(security): harden regex compilation for filters and redaction
2026-02-23 23:54:50 +00:00
markdown
test: dedupe channel and transport adapters
2026-02-21 21:44:01 +00:00
media
fix(security): harden session export image data-url handling
2026-02-24 02:53:39 +00:00
media-understanding
refactor: de-duplicate channel runtime and payload helpers
2026-02-23 21:25:28 +00:00
memory
refactor: deduplicate shared helpers and test setup
2026-02-23 20:40:44 +00:00
node-host
fix(security): trust resolved skill-bin paths in allowlist auto-allow
2026-02-24 03:12:43 +00:00
pairing
refactor: de-duplicate channel runtime and payload helpers
2026-02-23 21:25:28 +00:00
plugin-sdk
refactor(security): unify dangerous name matching handling
2026-02-24 01:33:08 +00:00
plugins
fix(plugins): pass session context to before_compaction hook in subscribe handler
2026-02-24 04:33:50 +00:00
process
test: fix gate regressions
2026-02-24 04:39:53 +00:00
providers
Config: expand Kilo catalog and persist selected Kilo models (#24921)
2026-02-23 21:17:37 -05:00
routing
fix: normalize input peer.kind in resolveAgentRoute (#22730)
2026-02-24 04:33:50 +00:00
scripts
security
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
sessions
Agents/Replies: scope done fallback to direct sessions
2026-02-22 13:30:30 -08:00
shared
fix: scope Telegram RFC2544 SSRF exception to policy opt-in (#24982) (thanks @stakeswky)
2026-02-24 03:28:00 +00:00
signal
fix(security): harden account-key handling against prototype pollution
2026-02-24 01:09:31 +00:00
slack
refactor(security): unify dangerous name matching handling
2026-02-24 01:33:08 +00:00
telegram
Auto-reply: normalize stop matching and add multilingual triggers (#25103)
2026-02-24 01:07:25 -05:00
terminal
test(core): use lightweight clears in runtime and telegram setup
2026-02-22 08:09:14 +00:00
test-helpers
refactor: dedupe media and request-body test scaffolding
2026-02-22 18:37:25 +00:00
test-utils
test: dedupe fixtures and test harness setup
2026-02-23 05:45:54 +00:00
tts
test: streamline auto-reply and tts suites
2026-02-21 21:44:01 +00:00
tui
test: fix post-merge config and tui command-handler tests
2026-02-24 04:38:21 +00:00
types
utils
refactor!: remove google-antigravity provider support
2026-02-23 05:20:14 +01:00
web
fix(whatsapp): groupAllowFrom sender filter bypassed when groupPolicy is allowlist (#24670)
2026-02-24 04:20:30 +00:00
whatsapp
WhatsApp: enforce allowFrom for explicit outbound sends (#20921)
2026-02-22 18:13:23 -05:00
wizard
test: dedupe gateway browser discord and channel coverage
2026-02-22 17:11:54 +00:00
channel-web.ts
docker-image-digests.test.ts
docker-setup.test.ts
Docker: precreate identity dir in docker setup
2026-02-22 16:33:53 -08:00
dockerfile.test.ts
entry.ts
refactor(gateway): simplify restart flow and expand lock tests
2026-02-22 10:44:47 +01:00
extensionAPI.ts
globals.ts
index.ts
logger.test.ts
logger.ts
logging.ts
polls.test.ts
polls.ts
runtime.ts
utils.test.ts
fix(utils): guard resolveUserPath for missing workspace input
2026-02-22 13:19:25 +01:00
utils.ts
fix(utils): guard resolveUserPath for missing workspace input
2026-02-22 13:19:25 +01:00
version.test.ts
test(core): increase coverage for sessions, auth choice, and model listing
2026-02-22 14:08:51 +00:00
version.ts