Peter Steinberger
73804abcec
fix(feishu): avoid template tmpdir join in dedup state path ( #23398 )
2026-02-22 11:12:01 +01:00
Peter Steinberger
59807efa31
refactor(plugin-sdk): unify channel dedupe primitives
2026-02-22 10:46:34 +01:00
Peter Steinberger
0bd9f0d4ac
fix: enforce strict allowlist across pairing stores ( #23017 )
2026-02-22 00:00:23 +01:00
Peter Steinberger
3d7ad1cfca
fix(security): centralize owner-only tool gating and scope maps
2026-02-19 15:29:23 +01:00
Peter Steinberger
f4b288b8f7
refactor(feishu): dedupe mention regex escaping
2026-02-19 15:04:40 +01:00
Peter Steinberger
7426848913
test(feishu): add mention regex injection regressions
2026-02-19 14:51:41 +01:00
Jamie
7e67ab75cc
fix(feishu): escape regex metacharacters in stripBotMention
...
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.
Ref: GHSA-c6hr-w26q-c636
2026-02-19 14:51:41 +01:00
Peter Steinberger
0e85380e56
style: format files and fix safe-bins e2e typing
2026-02-19 14:26:12 +01:00
Peter Steinberger
ec232a9e2d
refactor(security): harden temp-path handling for inbound media
2026-02-19 14:06:37 +01:00
Peter Steinberger
aa267812d3
test(security): add webhook hardening regressions
2026-02-19 13:31:28 +01:00
Peter Steinberger
a23e0d5140
fix(security): harden feishu and zalo webhook ingress
2026-02-19 13:31:27 +01:00
Peter Steinberger
cdb00fe242
fix(feishu): isolate temp download writes in mkdtemp dirs
2026-02-19 11:05:04 +01:00
Mariano
a7c0aa94d9
refactor(security): share safe temp media path builder ( #20810 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7a088e6801132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-02-19 09:59:21 +00:00
Mariano Belinky
c821099157
Feishu: harden temp media download paths
2026-02-19 10:13:48 +01:00
Peter Steinberger
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
Sebastian
7884d65687
test(feishu): cover post mentions for other users
2026-02-17 08:53:25 -05:00
cpojer
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
Sebastian
ca19745fa2
Revert "channels: migrate extension account listing to factory"
...
This reverts commit d24340d75b
2026-02-16 23:17:13 -05:00
cpojer
d3a36cc3b0
chore: Fix remaining extension test types, enable type checking for extension tests.
2026-02-17 10:14:01 +09:00
cpojer
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
gaowanqi08141999
86517b8e30
feat(feishu): add bitable create app and create field tools
2026-02-17 00:02:00 +01:00
popomore
eed806ce58
f
2026-02-16 23:59:41 +01:00
popomore
a42ccb9c1d
f
2026-02-16 23:59:41 +01:00
popomore
c315246971
fix(feishu): fix mention detection for post messages with embedded docs
...
Parse "at" elements from post content when message.mentions is empty to
detect bot mentions in rich text messages containing documents.
2026-02-16 23:59:41 +01:00
yinghaosang
d24340d75b
channels: migrate extension account listing to factory
2026-02-16 23:53:19 +01:00
Peter Steinberger
544ffbcf7b
refactor(extensions): dedupe connector helper usage
2026-02-16 14:59:30 +00:00
Peter Steinberger
342e9cac03
refactor(status): reuse plugin-sdk status helpers
2026-02-15 19:37:40 +00:00
Peter Steinberger
bdfa2b490b
refactor(media): reuse buildAgentMediaPayload
2026-02-15 19:37:40 +00:00
Shadow
c6b3736fe7
fix: dedupe probe/token base types ( #16986 ) (thanks @iyoda)
2026-02-15 11:36:54 -06:00
Peter Steinberger
fef86e475b
refactor: dedupe shared helpers across ui/gateway/extensions
2026-02-15 03:34:14 +00:00
Peter Steinberger
65aac6494a
refactor(feishu): share download buffer reader
2026-02-15 01:46:52 +00:00
Peter Steinberger
5b4121d601
fix: harden Feishu media URL fetching ( #16285 ) (thanks @mbelinky)
...
Security fix for Feishu extension media fetching.
2026-02-14 16:42:35 +01:00
Peter Steinberger
6543ce717c
perf(test): avoid plugin-sdk barrel imports
2026-02-14 12:42:19 +00:00
Artale
3a330e681b
fix(feishu): remove typing indicator on NO_REPLY cleanup (openclaw#15508) thanks @arosstale
...
Verified:
- pnpm build
- pnpm check
- pnpm test
Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-14 05:24:27 -06:00
Peter Steinberger
a750a195e5
refactor(extensions): extract feishu dedup and mattermost onchar helpers
2026-02-13 19:08:37 +00:00
Peter Steinberger
3cbcba10cf
fix(security): enforce bounded webhook body handling
2026-02-13 19:14:54 +01:00
Peter Steinberger
daf13dbb06
fix: enforce feishu dm policy + pairing flow ( #14876 ) (thanks @coygeek)
2026-02-13 05:48:22 +01:00
Coy Geek
f05553413d
fix(aa-01): apply security fix
...
Generated by staged fix workflow.
2026-02-13 05:48:22 +01:00
LeftX
65be9ccf63
feat(feishu): add streaming card support via Card Kit API (openclaw#10379) thanks @xzq-xu
...
Verified:
- pnpm build
- pnpm check
- pnpm test
Co-authored-by: xzq-xu <53989315+xzq-xu@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-12 20:19:27 -06:00
0xRain
af172742a3
fix(feishu): use msg_type 'media' for video/audio messages ( #14648 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: e8044cb208190923101+0xRaini@users.noreply.github.com >
Co-authored-by: steipete <58493+steipete@users.noreply.github.com >
Reviewed-by: @steipete
2026-02-12 19:05:09 +01:00
Tak Hoffman
cf6e8e18d2
fix: preserve top-level feishu doc block order (openclaw#13994) thanks @Cynosure159
...
Co-authored-by: Cynosure159 <29699738+Cynosure159@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-11 22:53:40 -06:00
Tak Hoffman
a028c0512c
fix: use resolved feishu account in status probe (openclaw#11233) thanks @onevcat
...
Co-authored-by: Wei Wang <1019875+onevcat@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-11 22:53:40 -06:00
Tak Hoffman
3d771afe79
fix: tighten feishu mention trigger matching (openclaw#11088) thanks @openperf
...
Co-authored-by: 王春跃 <80630709+openperf@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-11 22:53:40 -06:00
Tak Hoffman
8fdb2e64a7
fix: buffer upload path for feishu SDK (openclaw#10345) thanks @youngerstyle
...
Co-authored-by: zhiyi <7426274+youngerstyle@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-11 22:53:40 -06:00
Peter Steinberger
53273b490b
fix(auto-reply): prevent sender spoofing in group prompts
2026-02-10 00:44:38 -06:00
cpojer
49fb8f74e4
chore: Fix types after ChatType changes.
2026-02-10 09:20:39 +09:00
Yifeng Wang
5c2cb6c591
feat(feishu): sync community contributions from clawdbot-feishu ( #12662 )
...
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-10 09:19:44 +09:00
max
40b11db80e
TypeScript: add extensions to tsconfig and fix type errors ( #12781 )
...
* TypeScript: add extensions to tsconfig and fix type errors
- Add extensions/**/* to tsconfig.json includes
- Export ProviderAuthResult, AnyAgentTool from plugin-sdk
- Fix optional chaining for messageActions across channels
- Add missing type imports (MSTeamsConfig, GroupPolicy, etc.)
- Add type annotations for provider auth handlers
- Fix undici/fetch type compatibility in zalo proxy
- Correct ChannelAccountSnapshot property usage
- Add type casts for tool registrations
- Extract usage view styles and types to separate files
* TypeScript: fix optional debug calls and handleAction guards
2026-02-09 10:05:38 -08:00
