Commit Graph

7805 Commits

Author SHA1 Message Date
Peter Steinberger
a688ccf24a refactor(security): unify safe-bin argv parsing and harden regressions 2026-02-19 16:04:58 +01:00
Peter Steinberger
2e421f32df fix(security): restore trusted plugin runtime exec default 2026-02-19 16:01:29 +01:00
Peter Steinberger
dafe52e8cf fix(daemon): escape schtasks environment assignments 2026-02-19 15:52:13 +01:00
Peter Steinberger
c45f3c5b00 fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
Peter Steinberger
f76f98b268 chore: fix formatting drift and stabilize cron tool mocks 2026-02-19 15:41:38 +01:00
Peter Steinberger
63e39d7f57 fix(security): harden ACP prompt size guardrails 2026-02-19 15:41:01 +01:00
Aether AI Agent
ebcf19746f fix(security): OC-53 validate prompt size before string concatenation to prevent memory exhaustion — Aether AI Agent 2026-02-19 15:41:01 +01:00
Aether AI Agent
732e53151e fix(security): OC-53 enforce 2MB prompt size limit to prevent ACP DoS — Aether AI Agent 2026-02-19 15:41:01 +01:00
Peter Steinberger
c9dee59266 refactor(security): centralize trusted sender checks for discord moderation 2026-02-19 15:39:56 +01:00
Peter Steinberger
81b19aaa1a fix(security): enforce plugin and hook path containment 2026-02-19 15:37:29 +01:00
Peter Steinberger
b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger
3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger
efca61e3ac test: share cron tool mock harness 2026-02-19 14:27:37 +00:00
Peter Steinberger
eb9861b20a test: share memory manager bootstrap helper 2026-02-19 14:27:37 +00:00
Peter Steinberger
2581b67cdb refactor: share exec approval request helper 2026-02-19 14:27:37 +00:00
Peter Steinberger
3179097a1f refactor: dedupe redact snapshot restore prelude 2026-02-19 14:27:37 +00:00
Peter Steinberger
ffd4e85873 refactor: share allow-from merge and sender-id checks 2026-02-19 14:27:37 +00:00
Peter Steinberger
ba538c98c7 refactor: share plain object guard across config and utils 2026-02-19 14:27:36 +00:00
Peter Steinberger
397f243ded refactor: dedupe gateway session guards and agent test fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger
a99fd8f2dd refactor: reuse daemon action response type in lifecycle core 2026-02-19 14:27:36 +00:00
Peter Steinberger
672b1c5084 refactor: dedupe slack monitor mrkdwn and modal event base 2026-02-19 14:27:36 +00:00
Peter Steinberger
cb6b835a49 test: dedupe heartbeat and action-runner fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger
26c9b37f5b fix(security): enforce strict IPv4 SSRF literal handling 2026-02-19 15:24:47 +01:00
Peter Steinberger
77c748304b refactor(plugins): extract safety and provenance helpers 2026-02-19 15:24:14 +01:00
Peter Steinberger
775816035e fix(security): enforce trusted sender auth for discord moderation 2026-02-19 15:18:24 +01:00
Peter Steinberger
baa335f258 fix(security): harden SSRF IPv4 literal parsing 2026-02-19 15:14:46 +01:00
Peter Steinberger
3561442a9f fix(plugins): harden discovery trust checks 2026-02-19 15:14:12 +01:00
Peter Steinberger
5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger
2777d8ad93 refactor(security): unify gateway scope authorization flows 2026-02-19 15:06:38 +01:00
Peter Steinberger
f8b61bb4ed refactor(acp): split session tests and share rate limiter 2026-02-19 14:55:06 +01:00
Peter Steinberger
19348050be style: normalize acp translator import ordering 2026-02-19 13:54:40 +00:00
Peter Steinberger
7a89049d1d refactor: dedupe pending pairing request flow and add reuse tests 2026-02-19 13:54:35 +00:00
Peter Steinberger
d900d5efbd style: normalize ws message handler import ordering 2026-02-19 13:51:53 +00:00
Peter Steinberger
79ab4927c1 test: dedupe extracted-size budget assertions in archive tests 2026-02-19 13:51:53 +00:00
Peter Steinberger
e01011e3e4 fix(acp): harden session lifecycle against flooding 2026-02-19 14:50:17 +01:00
Peter Steinberger
4ddc4dfd76 test: dedupe fetch cleanup-throw signal harness 2026-02-19 13:50:07 +00:00
Peter Steinberger
0bda0202fd fix(security): require explicit approval for device access upgrades 2026-02-19 14:49:09 +01:00
Peter Steinberger
182ffdf557 test: dedupe zai env test setup and cover blank legacy key 2026-02-19 13:48:21 +00:00
Peter Steinberger
177654f526 refactor: dedupe APNs push send flow and add wake default test 2026-02-19 13:45:34 +00:00
Peter Steinberger
722a898f20 refactor: dedupe openclaw root traversal and add coverage 2026-02-19 13:43:31 +00:00
Peter Steinberger
758ea3c5a1 style: apply oxfmt import ordering for check 2026-02-19 14:38:55 +01:00
Peter Steinberger
08a7967936 fix(security): fail closed on gateway bind fallback and tighten canvas IP fallback 2026-02-19 14:38:55 +01:00
Peter Steinberger
a40c10d3e2 fix: harden agent gateway authorization scopes 2026-02-19 14:37:56 +01:00
Peter Steinberger
165c18819e refactor(security): simplify safe-bin validation structure 2026-02-19 14:33:58 +01:00
Peter Steinberger
74c51aeb1e style: format gateway server methods 2026-02-19 13:32:58 +00:00
Peter Steinberger
268b0dc921 style: fix formatting drift in security allowlist checks 2026-02-19 13:31:01 +00:00
Peter Steinberger
ff74d89e86 fix: harden gateway control-plane restart protections 2026-02-19 14:30:15 +01:00
Peter Steinberger
14b4c7fd56 refactor: dedupe provider usage auth/fetch logic and expand coverage 2026-02-19 13:28:18 +00:00
Peter Steinberger
2d485cd47a refactor(security): extract safe-bin policy and dedupe tests 2026-02-19 14:28:03 +01:00
Peter Steinberger
0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00