nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/extensions/mattermost
History
Echo fb720193d9 fix(mattermost): fail closed on empty tokens + per-account slash state 
Address Codex review findings:

1. slash-http.ts: Token validation now rejects when commandTokens set is
   empty (e.g. registration failure). Previously an empty set meant any
   token was accepted — fail-open vulnerability.

2. slash-state.ts: Replaced global singleton with per-account state Map
   keyed by accountId. Multi-account deployments no longer overwrite each
   other's tokens, registered commands, or handlers. The HTTP route
   dispatcher matches inbound tokens to the correct account.

3. monitor.ts: Updated getSlashCommandState/deactivateSlashCommands calls
   to pass accountId.
 		2026-03-03 07:07:19 +00:00
..
src fix(mattermost): fail closed on empty tokens + per-account slash state 2026-03-03 07:07:19 +00:00
index.ts feat(mattermost): add native slash command support 2026-03-03 07:07:19 +00:00
openclaw.plugin.json chore: Run `pnpm format:fix`. 2026-01-31 21:13:13 +09:00
package.json fix: scope extension runtime deps to plugin manifests 2026-03-03 05:33:12 +00:00