yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,005 Commits 16 Branches 0 Tags
af094ad11a56b47653dc3f84dddbc8471c5f9811
Commit Graph

177 Commits

Author SHA1 Message Date
Hugh Brown
fcbde9b0e1 test: remove duplicate rate limiter tests from test_security_fixes 
These two tests were exact subsets of the dedicated test_rate_limit.py
suite. Consolidating to a single file avoids maintenance drift.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-07 23:35:10 +05:30
Hugh Brown
86229038eb Update backend/tests/test_security_fixes.py 
Seems like a simpler fix.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-07 23:35:10 +05:30
Hugh Brown
916dace3c8 Address ruff / formatting errors 2026-03-07 23:35:10 +05:30
Hugh Brown
4960d8561b security: fix fail-open auth, streaming payload limit, and rate limiter memory leak 
- agent.py: Fail closed when gateway lookup returns None instead of
  silently dropping the organization filter (cross-tenant board leak)
- board_webhooks.py: Read request body via streaming chunks so an
  oversized payload is rejected before it is fully loaded into memory
- rate_limit.py: Add periodic sweep of expired keys to prevent
  unbounded memory growth from inactive clients
- test_rate_limit.py: Add test for the new sweep behavior

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-07 23:35:10 +05:30
Hugh Brown
858575cf6c test: add comprehensive tests for all security fixes 
Add 20 tests covering:
- require_user_actor: rejects agents and null users, passes valid users
- Webhook HMAC: rejects missing/invalid signatures, accepts valid ones,
  allows unsigned when no secret configured
- Prompt injection: sanitized skill name/URL, fenced external data in
  dispatch messages, system instructions precede data
- Security headers: verify nosniff, DENY, referrer-policy defaults
- Payload size: rejects oversized body and content-length
- Rate limiting: blocks after threshold, independent per-key
- Gateway token: has_token field present, token field absent
- Agent auth logs: no token_prefix in source

Also fix deprecated HTTP_413_REQUEST_ENTITY_TOO_LARGE status code.

All 407 tests pass.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-07 23:35:10 +05:30
Hugh Brown
94988deef2 security: add rate limiting to agent auth and webhook ingest 
Agent token auth performed O(n) PBKDF2 operations per request with no
rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no
rate limits either. Add an in-memory token-bucket rate limiter:
- Agent auth: 20 requests/minute per IP
- Webhook ingest: 60 requests/minute per IP

Includes unit tests for the rate limiter.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-07 23:35:10 +05:30
Abhimanyu Saharan
532fbf1dc5 feat(config): make BASE_URL a required field and update related documentation 2026-03-05 01:36:07 +05:30
Abhimanyu Saharan
3acc276d8d fix(agent): address webhook payload read review feedback 2026-03-04 23:26:31 +05:30
Abhimanyu Saharan
3fc96baa10 feat(agent): add read-only webhook payload fetch endpoint for backfill 2026-03-04 23:22:27 +05:30
Abhimanyu Saharan
f5e3b8923a test: assert blocked precondition in dependency-only update test 2026-03-04 23:09:56 +05:30
Abhimanyu Saharan
636c130a3b test: harden blocked-task regression tests per review 2026-03-04 23:01:24 +05:30
Abhimanyu Saharan
130947dcea test: format blocked-task schema regression assertions 2026-03-04 22:52:43 +05:30
Abhimanyu Saharan
6f7867872b test: fix import order for blocked dependency regression test 2026-03-04 22:50:47 +05:30
Abhimanyu Saharan
e9ce004e70 test: address PR review feedback for blocked-task schema 2026-03-04 22:46:44 +05:30
Abhimanyu Saharan
8b77eae0f2 Document blocked-task 409 error code in OpenAPI + add regression tests 2026-03-04 22:46:44 +05:30
Abhimanyu Saharan
4378d354f4 fix(ci): resolve backend check failures in dashboard metrics 2026-03-04 16:11:14 +05:30
Abhimanyu Saharan
bdc9fc3f01 redesigned dashboard page 2026-03-04 16:01:56 +05:30
Abhimanyu Saharan
d4f9831ecb fix(agent): refine agent update retry logic to handle creation race conditions #193 2026-03-03 03:19:11 +05:30
Abhimanyu Saharan
94ae59d6aa refactor(gateway): update gateway parameters to use None as default #169 2026-03-03 01:51:52 +05:30
Abhimanyu Saharan
348b0515ac feat(boards): implement lead notification on board updates with detailed change messages 2026-02-26 01:58:55 +05:30
Abhimanyu Saharan
bc71d5ba38 refactor(page): improve code formatting for better readability in event handlers 2026-02-26 00:36:33 +05:30
Abhimanyu Saharan
6b21ea6f99 feat(boards): add 'comment_required_for_review' rule and update related logic 2026-02-26 00:31:47 +05:30
Abhimanyu Saharan
adad72373c feat(tasks): add notification messages for task assignment and rework 2026-02-25 18:29:59 +05:30
Abhimanyu Saharan
5b0ddcc7cd refactor(tests): format code for better readability in test files 2026-02-25 03:41:03 +05:30
Abhimanyu Saharan
58db8be117 fix(security): update security header names to lowercase and add tests 2026-02-25 03:39:49 +05:30
Abhimanyu Saharan
d9af5d3bc7 Merge branch 'master' into master 2026-02-25 00:42:48 +05:30
Abhimanyu Saharan
0795f78eff feat: implement unified agent lifecycle orchestration and metadata tracking 2026-02-25 00:34:04 +05:30
Simone
3fd5fe5f8c fix: make security headers configurable and add tests 2026-02-24 17:36:44 +01:00
copilot-swe-agent[bot]
1967e9583d feat: upgrade FastAPI to 0.130.0 and implement ORJSONResponse for performance 
Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com>
 2026-02-22 22:13:52 +00:00
Abhimanyu Saharan
2d3c3ee3e4 feat: add config fallback for gateway version compatibility check 2026-02-23 01:23:09 +05:30
Abhimanyu Saharan
6b09f124e6 refactor: rename compatibility check function and update version extraction logic #159 2026-02-22 22:05:39 +05:30
Abhimanyu Saharan
62e3c267b5 feat: add allow_insecure_tls parameter to agent configuration 2026-02-22 20:24:41 +05:30
Abhimanyu Saharan
56f4964332 feat: add support for allowing self-signed TLS certificates in gateway configuration 2026-02-22 20:20:19 +05:30
Abhimanyu Saharan
374d5a0c37 Merge branch 'master' into copilot/feature-allow-self-signed-tls 
# Conflicts:
#	backend/app/api/gateways.py
#	backend/app/schemas/gateways.py
#	backend/app/services/openclaw/admin_service.py
#	backend/app/services/openclaw/gateway_resolver.py
#	backend/app/services/openclaw/gateway_rpc.py
#	backend/app/services/openclaw/provisioning.py
#	backend/app/services/openclaw/provisioning_db.py
#	frontend/src/api/generated/model/gatewayCreate.ts
#	frontend/src/api/generated/model/gatewayRead.ts
#	frontend/src/api/generated/model/gatewayUpdate.ts
 2026-02-22 19:51:27 +05:30
Abhimanyu Saharan
ab7a3c66ce feat: add disable_device_pairing parameter to agent configuration 2026-02-22 19:41:26 +05:30
Abhimanyu Saharan
3dfb70cd90 feat: add disable_device_pairing option to gateway configuration 2026-02-22 19:19:26 +05:30
Abhimanyu Saharan
e39b2069fb feat: add openclaw_connect_metadata function and update compatibility check logic, fixes #156 2026-02-22 13:37:01 +05:30
copilot-swe-agent[bot]
42a6a42902 test: Add tests for SSL context configuration 
Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com>
 2026-02-22 05:29:32 +00:00
Abhimanyu Saharan
6c3c9913db feat: update agent heartbeat endpoint to require no request payload 2026-02-16 01:46:06 +05:30
Abhimanyu Saharan
7a3a2366da feat: update wakeup text to include reading BOOTSTRAP.md before AGENTS.md 2026-02-16 01:45:02 +05:30
Abhimanyu Saharan
5912048b85 feat: add validation for gateway main agent requirement on board mutations 2026-02-16 01:25:44 +05:30
Abhimanyu Saharan
47dfc1b52f feat: ensure deletion of custom fields and values when a board is deleted 2026-02-16 00:44:40 +05:30
Abhimanyu Saharan
1d63bd0148 feat: add health check endpoint for agent authentication status 2026-02-16 00:42:15 +05:30
Abhimanyu Saharan
cd68446c42 feat: add BoardWebhook updates on agent deletion 2026-02-16 00:21:21 +05:30
Abhimanyu Saharan
24731667d4 feat: add gateway runtime compatibility checks and minimum version enforcement 2026-02-15 15:59:55 +05:30
Abhimanyu Saharan
f1d8da7008 refactor: enhance user context handling and update template mappings 2026-02-15 14:21:49 +05:30
Abhimanyu Saharan
1996e21695 refactor: add overwrite option to various services and update documentation 2026-02-15 13:55:47 +05:30
Abhimanyu Saharan
aebd487270 refactor: add agent_id to various interfaces and improve field organization 2026-02-15 13:36:57 +05:30
Abhimanyu Saharan
aa825863c2 refactor: reorganize imports and improve code formatting for readability 2026-02-15 13:20:46 +05:30
Abhimanyu Saharan
f9b14af477 refactor: migrate webhook queue to RQ with updated configuration 2026-02-15 13:02:55 +05:30