adb400f9b1
Plugins/msteams: migrate to scoped plugin-sdk imports
2026-03-04 02:35:12 -05:00
10bd6ae3c8
Extensions: migrate msteams plugin-sdk imports
2026-03-04 01:21:30 -05:00
646817dd80
fix(outbound): unify resolved cfg threading across send paths ( #33987 )
2026-03-04 00:20:44 -06:00
1c200ca7ae
follow-up: align ingress, atomic paths, and channel tests with credential semantics ( #33733 )
...
Merged via squash.
Prepared head SHA: c290c2ab6a
2026-03-03 20:29:46 -06:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
0750fc2de1
test: consolidate extension runtime mocks and split bluebubbles webhook auth suite
2026-03-03 02:37:23 +00:00
866bd91c65
refactor: harden msteams lifecycle and attachment flows
2026-03-02 21:19:23 +00:00
089a8785b9
fix: harden msteams revoked-context fallback delivery ( #27224 ) (thanks @openperf)
2026-03-02 20:49:03 +00:00
e0b91067e3
fix(msteams): add proactive fallback for revoked turn context
...
Fixes #27189
When an inbound message is debounced, the Bot Framework turn context is
revoked before the debouncer flushes and the reply is dispatched. Any
attempt to use the revoked context proxy throws a TypeError, causing the
reply to fail silently.
This commit fixes the issue by adding a fallback to proactive messaging
when the turn context is revoked:
- `isRevokedProxyError()`: New error utility to reliably detect when a
proxy has been revoked.
- `reply-dispatcher.ts`: `sendTypingIndicator` now catches revoked proxy
errors and falls back to sending the typing indicator via
`adapter.continueConversation`.
- `messenger.ts`: `sendMSTeamsMessages` now catches revoked proxy errors
when `replyStyle` is `thread` and falls back to proactive messaging.
This ensures that replies are delivered reliably even when the inbound
message was debounced, resolving the core issue where the bot appeared
to ignore messages.
2026-03-02 20:49:03 +00:00
4a414c5e53
fix(msteams): scope auth across media redirects
2026-03-02 20:45:09 +00:00
da22a9113c
test(msteams): cover auth stripping on graph redirect hops
2026-03-02 20:45:09 +00:00
8937c10f1f
fix(msteams): scope graph auth redirects
2026-03-02 20:45:09 +00:00
c582a54554
fix(msteams): preserve guarded dispatcher redirects
2026-03-02 20:37:47 +00:00
cceecc8bd4
msteams: enforce guarded redirect ownership in safeFetch
2026-03-02 20:37:47 +00:00
6945ba189d
msteams: harden webhook ingress timeouts
2026-03-02 20:34:05 +00:00
15677133c1
test(msteams): remove tuple-unsafe spread in lifecycle mocks
2026-03-02 20:31:26 +00:00
c9d0e345cb
fix(msteams): keep monitor alive until shutdown
2026-03-02 20:31:26 +00:00
c0bf42f2a8
refactor: centralize delivery/path/media/version lifecycle
2026-03-02 04:04:36 +00:00
8e48520d74
fix(channels): align command-body parsing sources
2026-03-01 23:11:48 +00:00
c53b11dccd
test: fix pairing/daemon assertion drift
2026-02-26 21:24:50 +00:00
a0c5e28f3b
refactor(extensions): use scoped pairing helper
2026-02-26 21:57:52 +01:00
64de4b6d6a
fix: enforce explicit group auth boundaries across channels
2026-02-26 18:49:16 +01:00
cd80c7e7ff
refactor: unify dm policy store reads and reason codes
2026-02-26 17:47:57 +01:00
273973d374
refactor: unify typing dispatch lifecycle and policy boundaries
2026-02-26 17:36:16 +01:00
37a138c554
fix: harden typing lifecycle and cross-channel suppression
2026-02-26 17:01:09 +01:00
57334cd7d8
refactor: unify channel/plugin ssrf fetch policy and auth fallback
2026-02-26 16:44:13 +01:00
2e97d0dd95
fix: finalize teams file-consent timeout landing ( #27641 ) (thanks @scz2011)
2026-02-26 15:42:08 +00:00
773ab319ef
fix(msteams): Fix code formatting
...
Remove trailing whitespace to pass oxfmt format check.
2026-02-26 15:42:08 +00:00
ecbb3bcc1a
fix(msteams): Fix test timing for async file upload handling
...
Update tests to properly wait for async file upload operations:
- Use vi.waitFor() to wait for async upload completion in success case
- Use vi.waitFor() to wait for error message in cross-conversation case
- Add setTimeout delay for decline case to ensure async handler completes
- Adjust assertion order to match new execution flow (invokeResponse first)
The tests were failing because the file upload now happens asynchronously
after sending the invokeResponse, so we need to explicitly wait for the
async operations to complete before making assertions.
2026-02-26 15:42:08 +00:00
09f4abdd61
fix(msteams): Send invokeResponse immediately to prevent Teams timeout ( #27632 )
...
Fix file upload 'Something went wrong' error by sending the invoke
acknowledgement before performing the file upload, rather than after.
Changes:
- Move invokeResponse to fire immediately upon receiving fileConsent/invoke
- Handle file upload asynchronously without blocking the response
- Update test to wait for async upload completion using vi.waitFor
This prevents Teams from timing out while waiting for the HTTP 200
acknowledgement during slow file uploads to OneDrive.
Fixes #27632
2026-02-26 15:42:08 +00:00
051fdcc428
fix(security): centralize dm/group allowlist auth composition
2026-02-26 16:35:33 +01:00
892a9c24b0
refactor(security): centralize channel allowlist auth policy
2026-02-26 13:06:33 +01:00
fec3fdf7ef
test(msteams): align silent-prefix expectation with exact NO_REPLY semantics
2026-02-26 11:42:38 +00:00
347f7b9550
fix(msteams): bind file consent invokes to conversation
2026-02-26 02:49:50 +01:00
107bda27c9
security(msteams): isolate group allowlist from pairing-store entries
2026-02-25 04:49:52 +00:00
d42ef2ac62
refactor: consolidate typing lifecycle and queue policy
2026-02-25 02:16:03 +00:00
e0201c2774
fix: keep channel typing active during long inference ( #25886 , thanks @stakeswky)
...
Co-authored-by: stakeswky <stakeswky@users.noreply.github.com>
2026-02-25 02:03:27 +00:00
161d9841dc
refactor(security): unify dangerous name matching handling
2026-02-24 01:33:08 +00:00
6a7c303dcc
test(msteams): fix allowlist name-match expectations
2026-02-24 01:26:53 +00:00
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
0183610db3
refactor: de-duplicate channel runtime and payload helpers
2026-02-23 21:25:28 +00:00
47723b646d
refactor(test): de-duplicate msteams and bash test helpers
2026-02-23 19:12:27 +00:00
cc7a498ace
refactor(tests): deduplicate repeated fixtures in msteams and bash tests
2026-02-23 17:59:56 +00:00
a8a4fa5b88
test: de-duplicate attachment and bash tool tests
2026-02-23 17:19:34 +00:00
3f03cdea56
test: optimize redundant suites for faster runtime
2026-02-23 13:57:34 +00:00
1c753ea786
test: dedupe fixtures and test harness setup
2026-02-23 05:45:54 +00:00
48f327c206
test: consolidate redundant suites and speed attachment tests
2026-02-23 04:55:43 +00:00
0371646a61
test: fix msteams shared attachment fetch mock typing
2026-02-23 00:19:40 +00:00
26644c4b89
fix(msteams): add SSRF protection to attachment downloads via redirect and DNS validation ( #23598 )
...
* fix(msteams): add SSRF protection to attachment downloads via redirect and DNS validation
The attachment download flow in fetchWithAuthFallback() followed
redirects automatically on the initial fetch without any allowlist
or IP validation. This allowed DNS rebinding attacks where an
allowlisted domain (e.g. evil.trafficmanager.net) could redirect
or resolve to a private IP like 169.254.169.254, bypassing the
hostname allowlist entirely (issue #11811 ).
This commit adds three layers of SSRF protection:
1. safeFetch() in shared.ts: a redirect-safe fetch wrapper that uses
redirect: "manual" and validates every redirect hop against the
hostname allowlist AND DNS-resolved IP before following it.
2. isPrivateOrReservedIP() + resolveAndValidateIP() in shared.ts:
rejects RFC 1918, loopback, link-local, and IPv6 private ranges
for both initial URLs and redirect targets.
3. graph.ts SharePoint redirect handling now also uses redirect:
"manual" and validates resolved IPs, not just hostnames.
The initial fetch in fetchWithAuthFallback now goes through safeFetch
instead of a bare fetch(), ensuring redirects are never followed
without validation.
Includes 38 new tests covering IP validation, DNS resolution checks,
redirect following, DNS rebinding attacks, redirect loops, and
protocol downgrade blocking.
* fix: address review feedback on SSRF protection
- Replace hand-rolled isPrivateOrReservedIP with SDK's isPrivateIpAddress
which handles IPv4-mapped IPv6, expanded notation, NAT64, 6to4, Teredo,
octal IPv4, and fails closed on parse errors
- Add redirect: "manual" to auth retry redirect fetch in download.ts to
prevent chained redirect attacks bypassing SSRF checks
- Add redirect: "manual" to SharePoint redirect fetch in graph.ts to
prevent the same chained redirect bypass
- Update test expectations for SDK's fail-closed behavior on malformed IPs
- Add expanded IPv6 loopback (0:0:0:0:0:0:0:1) test case
* fix: type fetchMock as typeof fetch to fix TS tuple index error
* msteams: harden attachment auth and graph redirect fetch flow
* changelog(msteams): credit redirect-safeFetch hardening contributors
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 18:00:54 -05:00
6dd36a6b77
refactor(channels): reuse runtime group policy helpers
2026-02-22 12:44:23 +01:00
Gustavo Madeira Santana
Josh Avant
Peter Steinberger
root
bmendonca3
chilu18
AI Assistant
Brian Mendonca
Peter Steinberger
Lewis