openclaw-mission-control/backend/app/api at 4960d8561ba0d8e9665935bec10e107f1059c292 - openclaw-mission-control - Gitea: Git with a cup of tea

yunxiafei/openclaw-mission-control

Files

History

Hugh Brown 4960d8561b security: fix fail-open auth, streaming payload limit, and rate limiter memory leak

- agent.py: Fail closed when gateway lookup returns None instead of
  silently dropping the organization filter (cross-tenant board leak)
- board_webhooks.py: Read request body via streaming chunks so an
  oversized payload is rejected before it is fully loaded into memory
- rate_limit.py: Add periodic sweep of expired keys to prevent
  unbounded memory growth from inactive clients
- test_rate_limit.py: Add test for the new sweep behavior

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 23:35:10 +05:30

..

__init__.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

activity.py

fix(ci): resolve backend check failures in dashboard metrics

2026-03-04 16:11:14 +05:30

agent.py

security: fix fail-open auth, streaming payload limit, and rate limiter memory leak

2026-03-07 23:35:10 +05:30

agents.py

refactor: update imports to use provisioning_db and gateway_rpc modules

2026-02-11 00:00:19 +05:30

approvals.py

redesigned dashboard page

2026-03-04 16:01:56 +05:30

auth.py

feat(api): enhance authentication and health check endpoints with detailed responses and descriptions

2026-02-15 02:35:31 +05:30

board_group_memory.py

feat(config): make BASE_URL a required field and update related documentation

2026-03-05 01:36:07 +05:30

board_groups.py

fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT

2026-02-15 16:06:06 +05:30

board_memory.py

feat(config): make BASE_URL a required field and update related documentation

2026-03-05 01:36:07 +05:30

board_onboarding.py

feat(config): make BASE_URL a required field and update related documentation

2026-03-05 01:36:07 +05:30

board_webhooks.py

security: fix fail-open auth, streaming payload limit, and rate limiter memory leak

2026-03-07 23:35:10 +05:30

boards.py

redesigned dashboard page

2026-03-04 16:01:56 +05:30

deps.py

security: rename misleading require_admin to require_user_actor

2026-03-07 23:35:10 +05:30

gateway.py

security: require org-admin for gateway session message endpoint

2026-03-07 23:35:10 +05:30

gateways.py

security: redact gateway tokens from API responses

2026-03-07 23:35:10 +05:30

metrics.py

fix(ci): resolve backend check failures in dashboard metrics

2026-03-04 16:11:14 +05:30

organizations.py

fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT

2026-02-15 16:06:06 +05:30

queryset.py

refactor: replace DefaultLimitOffsetPage with LimitOffsetPage in multiple files and update timezone handling to use UTC

2026-02-09 20:40:17 +05:30

skills_marketplace.py

security: mitigate prompt injection in agent instruction strings

2026-03-07 23:35:10 +05:30

souls_directory.py

fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT

2026-02-15 16:06:06 +05:30

tags.py

feat(tags): add tag management interfaces and update related schemas

2026-02-12 18:35:48 +05:30

task_custom_fields.py

fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT

2026-02-15 16:06:06 +05:30

tasks.py

redesigned dashboard page

2026-03-04 16:01:56 +05:30

users.py

feat: add approval-task links model and related functionality for task associations

2026-02-11 20:27:07 +05:30