yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
858575cf6c767760c009bc73a16926379ea91cd8
openclaw-mission-control/backend/app/api
History
Hugh Brown 858575cf6c test: add comprehensive tests for all security fixes 
Add 20 tests covering:
- require_user_actor: rejects agents and null users, passes valid users
- Webhook HMAC: rejects missing/invalid signatures, accepts valid ones,
  allows unsigned when no secret configured
- Prompt injection: sanitized skill name/URL, fenced external data in
  dispatch messages, system instructions precede data
- Security headers: verify nosniff, DENY, referrer-policy defaults
- Payload size: rejects oversized body and content-length
- Rate limiting: blocks after threshold, independent per-key
- Gateway token: has_token field present, token field absent
- Agent auth logs: no token_prefix in source

Also fix deprecated HTTP_413_REQUEST_ENTITY_TOO_LARGE status code.

All 407 tests pass.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 23:35:10 +05:30
..
__init__.py
refactor: update module docstrings for clarity and consistency
2026-02-09 15:49:50 +05:30
activity.py
fix(ci): resolve backend check failures in dashboard metrics
2026-03-04 16:11:14 +05:30
agent.py
security: scope agent board listing to organization
2026-03-07 23:35:10 +05:30
agents.py
refactor: update imports to use provisioning_db and gateway_rpc modules
2026-02-11 00:00:19 +05:30
approvals.py
redesigned dashboard page
2026-03-04 16:01:56 +05:30
auth.py
feat(api): enhance authentication and health check endpoints with detailed responses and descriptions
2026-02-15 02:35:31 +05:30
board_group_memory.py
feat(config): make BASE_URL a required field and update related documentation
2026-03-05 01:36:07 +05:30
board_groups.py
fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT
2026-02-15 16:06:06 +05:30
board_memory.py
feat(config): make BASE_URL a required field and update related documentation
2026-03-05 01:36:07 +05:30
board_onboarding.py
feat(config): make BASE_URL a required field and update related documentation
2026-03-05 01:36:07 +05:30
board_webhooks.py
test: add comprehensive tests for all security fixes
2026-03-07 23:35:10 +05:30
boards.py
redesigned dashboard page
2026-03-04 16:01:56 +05:30
deps.py
security: rename misleading require_admin to require_user_actor
2026-03-07 23:35:10 +05:30
gateway.py
security: require org-admin for gateway session message endpoint
2026-03-07 23:35:10 +05:30
gateways.py
security: redact gateway tokens from API responses
2026-03-07 23:35:10 +05:30
metrics.py
fix(ci): resolve backend check failures in dashboard metrics
2026-03-04 16:11:14 +05:30
organizations.py
fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT
2026-02-15 16:06:06 +05:30
queryset.py
refactor: replace DefaultLimitOffsetPage with LimitOffsetPage in multiple files and update timezone handling to use UTC
2026-02-09 20:40:17 +05:30
skills_marketplace.py
security: mitigate prompt injection in agent instruction strings
2026-03-07 23:35:10 +05:30
souls_directory.py
fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT
2026-02-15 16:06:06 +05:30
tags.py
feat(tags): add tag management interfaces and update related schemas
2026-02-12 18:35:48 +05:30
task_custom_fields.py
fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT
2026-02-15 16:06:06 +05:30
tasks.py
redesigned dashboard page
2026-03-04 16:01:56 +05:30
users.py
feat: add approval-task links model and related functionality for task associations
2026-02-11 20:27:07 +05:30