From 67f1402703bb530246cf55e023d06c982ec8d991 Mon Sep 17 00:00:00 2001 From: Shakker Date: Wed, 28 Jan 2026 23:30:29 +0000 Subject: [PATCH 01/29] fix: tts base url runtime read (#3341) (thanks @hclsys) --- CHANGELOG.md | 1 + src/tts/tts.ts | 22 +++++++++++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5909c9899..37ae5fdf2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -77,6 +77,7 @@ Status: beta. - Agents: prevent retries on oversized image errors and surface size limits. (#2871) Thanks @Suksham-sharma. - Agents: inherit provider baseUrl/api for inline models. (#2740) Thanks @lploc94. - Memory Search: keep auto provider model defaults and only include remote when configured. (#2576) Thanks @papago2355. +- TTS: read OPENAI_TTS_BASE_URL at runtime instead of module load to honor config.env. (#3341) Thanks @hclsys. - macOS: auto-scroll to bottom when sending a new message while scrolled up. (#2471) Thanks @kennyklee. - Web UI: auto-expand the chat compose textarea while typing (with sensible max height). (#2950) Thanks @shivamraut101. - Gateway: prevent crashes on transient network errors (fetch failures, timeouts, DNS). Added fatal error detection to only exit on truly critical errors. Fixes #2895, #2879, #2873. (#2980) Thanks @elliotsecops. diff --git a/src/tts/tts.ts b/src/tts/tts.ts index af3d7fda5..faa83d3a6 100644 --- a/src/tts/tts.ts +++ b/src/tts/tts.ts @@ -757,11 +757,19 @@ export const OPENAI_TTS_MODELS = ["gpt-4o-mini-tts", "tts-1", "tts-1-hd"] as con * Custom OpenAI-compatible TTS endpoint. * When set, model/voice validation is relaxed to allow non-OpenAI models. * Example: OPENAI_TTS_BASE_URL=http://localhost:8880/v1 + * + * Note: Read at runtime (not module load) to support config.env loading. */ -const OPENAI_TTS_BASE_URL = ( - process.env.OPENAI_TTS_BASE_URL?.trim() || "https://api.openai.com/v1" -).replace(/\/+$/, ""); -const isCustomOpenAIEndpoint = OPENAI_TTS_BASE_URL !== "https://api.openai.com/v1"; +function getOpenAITtsBaseUrl(): string { + return (process.env.OPENAI_TTS_BASE_URL?.trim() || "https://api.openai.com/v1").replace( + /\/+$/, + "", + ); +} + +function isCustomOpenAIEndpoint(): boolean { + return getOpenAITtsBaseUrl() !== "https://api.openai.com/v1"; +} export const OPENAI_TTS_VOICES = [ "alloy", "ash", @@ -778,13 +786,13 @@ type OpenAiTtsVoice = (typeof OPENAI_TTS_VOICES)[number]; function isValidOpenAIModel(model: string): boolean { // Allow any model when using custom endpoint (e.g., Kokoro, LocalAI) - if (isCustomOpenAIEndpoint) return true; + if (isCustomOpenAIEndpoint()) return true; return OPENAI_TTS_MODELS.includes(model as (typeof OPENAI_TTS_MODELS)[number]); } function isValidOpenAIVoice(voice: string): voice is OpenAiTtsVoice { // Allow any voice when using custom endpoint (e.g., Kokoro Chinese voices) - if (isCustomOpenAIEndpoint) return true; + if (isCustomOpenAIEndpoint()) return true; return OPENAI_TTS_VOICES.includes(voice as OpenAiTtsVoice); } @@ -1011,7 +1019,7 @@ async function openaiTTS(params: { const timeout = setTimeout(() => controller.abort(), timeoutMs); try { - const response = await fetch(`${OPENAI_TTS_BASE_URL}/audio/speech`, { + const response = await fetch(`${getOpenAITtsBaseUrl()}/audio/speech`, { method: "POST", headers: { Authorization: `Bearer ${apiKey}`, From 1c98b9dec8da59cb44c4c1c28269a9d6ec92f4b3 Mon Sep 17 00:00:00 2001 From: Shakker Date: Wed, 28 Jan 2026 23:41:33 +0000 Subject: [PATCH 02/29] fix(ui): trim whitespace from config input fields on change --- ui/src/ui/views/config-form.node.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ui/src/ui/views/config-form.node.ts b/ui/src/ui/views/config-form.node.ts index 9d121d7f1..17a182281 100644 --- a/ui/src/ui/views/config-form.node.ts +++ b/ui/src/ui/views/config-form.node.ts @@ -260,6 +260,11 @@ function renderTextInput(params: { } onPatch(path, raw); }} + @change=${(e: Event) => { + if (inputType === "number") return; + const raw = (e.target as HTMLInputElement).value; + onPatch(path, raw.trim()); + }} /> ${schema.default !== undefined ? html` @@ -132,15 +138,47 @@ export function renderChatControls(state: AppViewState) { `; } -function resolveSessionOptions(sessionKey: string, sessions: SessionsListResult | null) { +type SessionDefaultsSnapshot = { + mainSessionKey?: string; + mainKey?: string; +}; + +function resolveMainSessionKey( + hello: AppViewState["hello"], + sessions: SessionsListResult | null, +): string | null { + const snapshot = hello?.snapshot as { sessionDefaults?: SessionDefaultsSnapshot } | undefined; + const mainSessionKey = snapshot?.sessionDefaults?.mainSessionKey?.trim(); + if (mainSessionKey) return mainSessionKey; + const mainKey = snapshot?.sessionDefaults?.mainKey?.trim(); + if (mainKey) return mainKey; + if (sessions?.sessions?.some((row) => row.key === "main")) return "main"; + return null; +} + +function resolveSessionOptions( + sessionKey: string, + sessions: SessionsListResult | null, + mainSessionKey?: string | null, +) { const seen = new Set(); const options: Array<{ key: string; displayName?: string }> = []; + const resolvedMain = + mainSessionKey && sessions?.sessions?.find((s) => s.key === mainSessionKey); const resolvedCurrent = sessions?.sessions?.find((s) => s.key === sessionKey); - // Add current session key first - seen.add(sessionKey); - options.push({ key: sessionKey, displayName: resolvedCurrent?.displayName }); + // Add main session key first + if (mainSessionKey) { + seen.add(mainSessionKey); + options.push({ key: mainSessionKey, displayName: resolvedMain?.displayName }); + } + + // Add current session key next + if (!seen.has(sessionKey)) { + seen.add(sessionKey); + options.push({ key: sessionKey, displayName: resolvedCurrent?.displayName }); + } // Add sessions from the result if (sessions?.sessions) { diff --git a/ui/src/ui/app.ts b/ui/src/ui/app.ts index 26f4a5836..50ffcdf76 100644 --- a/ui/src/ui/app.ts +++ b/ui/src/ui/app.ts @@ -258,6 +258,7 @@ export class MoltbotApp extends LitElement { private logsScrollFrame: number | null = null; private toolStreamById = new Map(); private toolStreamOrder: string[] = []; + refreshSessionsAfterChat = false; basePath = ""; private popStateHandler = () => onPopStateInternal( diff --git a/ui/src/ui/controllers/sessions.ts b/ui/src/ui/controllers/sessions.ts index 5c5077037..7e87f1911 100644 --- a/ui/src/ui/controllers/sessions.ts +++ b/ui/src/ui/controllers/sessions.ts @@ -14,18 +14,29 @@ export type SessionsState = { sessionsIncludeUnknown: boolean; }; -export async function loadSessions(state: SessionsState) { +export async function loadSessions( + state: SessionsState, + overrides?: { + activeMinutes?: number; + limit?: number; + includeGlobal?: boolean; + includeUnknown?: boolean; + }, +) { if (!state.client || !state.connected) return; if (state.sessionsLoading) return; state.sessionsLoading = true; state.sessionsError = null; try { + const includeGlobal = overrides?.includeGlobal ?? state.sessionsIncludeGlobal; + const includeUnknown = overrides?.includeUnknown ?? state.sessionsIncludeUnknown; + const activeMinutes = + overrides?.activeMinutes ?? toNumber(state.sessionsFilterActive, 0); + const limit = overrides?.limit ?? toNumber(state.sessionsFilterLimit, 0); const params: Record = { - includeGlobal: state.sessionsIncludeGlobal, - includeUnknown: state.sessionsIncludeUnknown, + includeGlobal, + includeUnknown, }; - const activeMinutes = toNumber(state.sessionsFilterActive, 0); - const limit = toNumber(state.sessionsFilterLimit, 0); if (activeMinutes > 0) params.activeMinutes = activeMinutes; if (limit > 0) params.limit = limit; const res = (await state.client.request("sessions.list", params)) as From c41ea252b0451c9342638c746f4db3098cd5ef26 Mon Sep 17 00:00:00 2001 From: Josh Palmer Date: Thu, 29 Jan 2026 11:05:11 +0100 Subject: [PATCH 26/29] fix flaky web-fetch tests + lock cleanup What: - stub resolvePinnedHostname in web-fetch tests to avoid DNS flake - close lock file handles via FileHandle.close during cleanup to avoid EBADF Why: - make CI deterministic without network/DNS dependence - prevent double-close errors from GC Tests: - pnpm vitest run --config vitest.unit.config.ts src/agents/tools/web-tools.fetch.test.ts src/agents/session-write-lock.test.ts (failed: missing @aws-sdk/client-bedrock) --- src/agents/session-write-lock.ts | 4 ++-- src/agents/tools/web-tools.fetch.test.ts | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/agents/session-write-lock.ts b/src/agents/session-write-lock.ts index 832d368a6..82a2428da 100644 --- a/src/agents/session-write-lock.ts +++ b/src/agents/session-write-lock.ts @@ -35,8 +35,8 @@ function isAlive(pid: number): boolean { function releaseAllLocksSync(): void { for (const [sessionFile, held] of HELD_LOCKS) { try { - if (typeof held.handle.fd === "number") { - fsSync.closeSync(held.handle.fd); + if (typeof held.handle.close === "function") { + void held.handle.close().catch(() => {}); } } catch { // Ignore errors during cleanup - best effort diff --git a/src/agents/tools/web-tools.fetch.test.ts b/src/agents/tools/web-tools.fetch.test.ts index 04923b607..86bdeb7a2 100644 --- a/src/agents/tools/web-tools.fetch.test.ts +++ b/src/agents/tools/web-tools.fetch.test.ts @@ -1,5 +1,6 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import * as ssrf from "../../infra/net/ssrf.js"; import { createWebFetchTool } from "./web-tools.js"; type MockResponse = { @@ -73,6 +74,18 @@ function requestUrl(input: RequestInfo): string { describe("web_fetch extraction fallbacks", () => { const priorFetch = global.fetch; + beforeEach(() => { + vi.spyOn(ssrf, "resolvePinnedHostname").mockImplementation(async (hostname) => { + const normalized = hostname.trim().toLowerCase().replace(/\.$/, ""); + const addresses = ["93.184.216.34", "93.184.216.35"]; + return { + hostname: normalized, + addresses, + lookup: ssrf.createPinnedLookup({ hostname: normalized, addresses }), + }; + }); + }); + afterEach(() => { // @ts-expect-error restore global.fetch = priorFetch; From 5f4715acfc907420f0629545da9dbbcf695653a3 Mon Sep 17 00:00:00 2001 From: Josh Palmer Date: Thu, 29 Jan 2026 12:14:27 +0100 Subject: [PATCH 27/29] fix flaky gateway tests in CI What: - resolve shell from PATH in bash-tools tests (avoid /bin/bash dependency) - mock DNS for web-fetch SSRF tests (no real network) - stub a2ui bundle in canvas-host server test when missing Why: - keep gateway test suite deterministic on Nix/Garnix Linux Tests: - not run locally (known missing deps in unit test run) --- src/agents/bash-tools.test.ts | 23 +++++++++++++++++++++-- src/agents/tools/web-fetch.ssrf.test.ts | 15 ++++++++++----- src/canvas-host/server.test.ts | 13 +++++++++++++ 3 files changed, 44 insertions(+), 7 deletions(-) diff --git a/src/agents/bash-tools.test.ts b/src/agents/bash-tools.test.ts index 6990d3a76..6747aadc8 100644 --- a/src/agents/bash-tools.test.ts +++ b/src/agents/bash-tools.test.ts @@ -1,3 +1,4 @@ +import fs from "node:fs"; import path from "node:path"; import { afterEach, beforeEach, describe, expect, it } from "vitest"; @@ -8,6 +9,24 @@ import { buildDockerExecArgs } from "./bash-tools.shared.js"; import { sanitizeBinaryOutput } from "./shell-utils.js"; const isWin = process.platform === "win32"; +const resolveShellFromPath = (name: string) => { + const envPath = process.env.PATH ?? ""; + if (!envPath) return undefined; + const entries = envPath.split(path.delimiter).filter(Boolean); + for (const entry of entries) { + const candidate = path.join(entry, name); + try { + fs.accessSync(candidate, fs.constants.X_OK); + return candidate; + } catch { + // ignore missing or non-executable entries + } + } + return undefined; +}; +const defaultShell = isWin + ? undefined + : process.env.CLAWDBOT_TEST_SHELL || resolveShellFromPath("bash") || process.env.SHELL || "sh"; // PowerShell: Start-Sleep for delays, ; for command separation, $null for null device const shortDelayCmd = isWin ? "Start-Sleep -Milliseconds 50" : "sleep 0.05"; const yieldDelayCmd = isWin ? "Start-Sleep -Milliseconds 200" : "sleep 0.2"; @@ -52,7 +71,7 @@ describe("exec tool backgrounding", () => { const originalShell = process.env.SHELL; beforeEach(() => { - if (!isWin) process.env.SHELL = "/bin/bash"; + if (!isWin && defaultShell) process.env.SHELL = defaultShell; }); afterEach(() => { @@ -282,7 +301,7 @@ describe("exec PATH handling", () => { const originalShell = process.env.SHELL; beforeEach(() => { - if (!isWin) process.env.SHELL = "/bin/bash"; + if (!isWin && defaultShell) process.env.SHELL = defaultShell; }); afterEach(() => { diff --git a/src/agents/tools/web-fetch.ssrf.test.ts b/src/agents/tools/web-fetch.ssrf.test.ts index 24e4dfe41..b5c1936b1 100644 --- a/src/agents/tools/web-fetch.ssrf.test.ts +++ b/src/agents/tools/web-fetch.ssrf.test.ts @@ -1,10 +1,9 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; + +import * as ssrf from "../../infra/net/ssrf.js"; const lookupMock = vi.fn(); - -vi.mock("node:dns/promises", () => ({ - lookup: lookupMock, -})); +const resolvePinnedHostname = ssrf.resolvePinnedHostname; function makeHeaders(map: Record): { get: (key: string) => string | null } { return { @@ -33,6 +32,12 @@ function textResponse(body: string): Response { describe("web_fetch SSRF protection", () => { const priorFetch = global.fetch; + beforeEach(() => { + vi.spyOn(ssrf, "resolvePinnedHostname").mockImplementation((hostname) => + resolvePinnedHostname(hostname, lookupMock), + ); + }); + afterEach(() => { // @ts-expect-error restore global.fetch = priorFetch; diff --git a/src/canvas-host/server.test.ts b/src/canvas-host/server.test.ts index e460b2630..4577a16ea 100644 --- a/src/canvas-host/server.test.ts +++ b/src/canvas-host/server.test.ts @@ -202,6 +202,16 @@ describe("canvas host", () => { it("serves the gateway-hosted A2UI scaffold", async () => { const dir = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-canvas-")); + const a2uiRoot = path.resolve(process.cwd(), "src/canvas-host/a2ui"); + const bundlePath = path.join(a2uiRoot, "a2ui.bundle.js"); + let createdBundle = false; + + try { + await fs.stat(bundlePath); + } catch { + await fs.writeFile(bundlePath, "window.moltbotA2UI = {};", "utf8"); + createdBundle = true; + } const server = await startCanvasHost({ runtime: defaultRuntime, @@ -226,6 +236,9 @@ describe("canvas host", () => { expect(js).toContain("moltbotA2UI"); } finally { await server.close(); + if (createdBundle) { + await fs.rm(bundlePath, { force: true }); + } await fs.rm(dir, { recursive: true, force: true }); } }); From 4b5514a25996b4aef33003a87283bd62611be619 Mon Sep 17 00:00:00 2001 From: Josh Palmer Date: Thu, 29 Jan 2026 17:14:14 +0100 Subject: [PATCH 28/29] Tests: default-disable plugins in VITEST --- src/gateway/tools-invoke-http.ts | 39 +++++++++++++++++++ src/plugins/config-state.ts | 66 ++++++++++++++++++++++++++++++++ src/plugins/loader.ts | 3 +- 3 files changed, 107 insertions(+), 1 deletion(-) diff --git a/src/gateway/tools-invoke-http.ts b/src/gateway/tools-invoke-http.ts index fa45bf3dc..bf05e2822 100644 --- a/src/gateway/tools-invoke-http.ts +++ b/src/gateway/tools-invoke-http.ts @@ -18,6 +18,7 @@ import { import { loadConfig } from "../config/config.js"; import { resolveMainSessionKey } from "../config/sessions.js"; import { logWarn } from "../logger.js"; +import { isTestDefaultMemorySlotDisabled } from "../plugins/config-state.js"; import { getPluginToolMeta } from "../plugins/tools.js"; import { isSubagentSessionKey } from "../routing/session-key.js"; import { normalizeMessageChannel } from "../utils/message-channel.js"; @@ -33,6 +34,7 @@ import { } from "./http-common.js"; const DEFAULT_BODY_BYTES = 2 * 1024 * 1024; +const MEMORY_TOOL_NAMES = new Set(["memory_search", "memory_get"]); type ToolsInvokeBody = { tool?: unknown; @@ -47,6 +49,26 @@ function resolveSessionKeyFromBody(body: ToolsInvokeBody): string | undefined { return undefined; } +function resolveMemoryToolDisableReasons(cfg: ReturnType): string[] { + if (!process.env.VITEST) return []; + const reasons: string[] = []; + const plugins = cfg.plugins; + const slotRaw = plugins?.slots?.memory; + const slotDisabled = + slotRaw === null || (typeof slotRaw === "string" && slotRaw.trim().toLowerCase() === "none"); + const pluginsDisabled = plugins?.enabled === false; + const defaultDisabled = isTestDefaultMemorySlotDisabled(cfg); + + if (pluginsDisabled) reasons.push("plugins.enabled=false"); + if (slotDisabled) { + reasons.push(slotRaw === null ? "plugins.slots.memory=null" : 'plugins.slots.memory="none"'); + } + if (!pluginsDisabled && !slotDisabled && defaultDisabled) { + reasons.push("memory plugin disabled by test default"); + } + return reasons; +} + function mergeActionIntoArgsIfSupported(params: { toolSchema: unknown; action: string | undefined; @@ -103,6 +125,23 @@ export async function handleToolsInvokeHttpRequest( return true; } + if (process.env.VITEST && MEMORY_TOOL_NAMES.has(toolName)) { + const reasons = resolveMemoryToolDisableReasons(cfg); + if (reasons.length > 0) { + const suffix = reasons.length > 0 ? ` (${reasons.join(", ")})` : ""; + sendJson(res, 400, { + ok: false, + error: { + type: "invalid_request", + message: + `memory tools are disabled in tests${suffix}. ` + + 'Enable by setting plugins.slots.memory="memory-core" (and ensure plugins.enabled is not false).', + }, + }); + return true; + } + } + const action = typeof body.action === "string" ? body.action.trim() : undefined; const argsRaw = body.args; diff --git a/src/plugins/config-state.ts b/src/plugins/config-state.ts index bf44b5fe4..6b1a6c54a 100644 --- a/src/plugins/config-state.ts +++ b/src/plugins/config-state.ts @@ -64,6 +64,72 @@ export const normalizePluginsConfig = ( }; }; +const hasExplicitMemorySlot = (plugins?: MoltbotConfig["plugins"]) => + Boolean(plugins?.slots && Object.prototype.hasOwnProperty.call(plugins.slots, "memory")); + +const hasExplicitMemoryEntry = (plugins?: MoltbotConfig["plugins"]) => + Boolean(plugins?.entries && Object.prototype.hasOwnProperty.call(plugins.entries, "memory-core")); + +const hasExplicitPluginConfig = (plugins?: MoltbotConfig["plugins"]) => { + if (!plugins) return false; + if (typeof plugins.enabled === "boolean") return true; + if (Array.isArray(plugins.allow) && plugins.allow.length > 0) return true; + if (Array.isArray(plugins.deny) && plugins.deny.length > 0) return true; + if (plugins.load?.paths && Array.isArray(plugins.load.paths) && plugins.load.paths.length > 0) + return true; + if (plugins.slots && Object.keys(plugins.slots).length > 0) return true; + if (plugins.entries && Object.keys(plugins.entries).length > 0) return true; + return false; +}; + +export function applyTestPluginDefaults( + cfg: MoltbotConfig, + env: NodeJS.ProcessEnv = process.env, +): MoltbotConfig { + if (!env.VITEST) return cfg; + const plugins = cfg.plugins; + const explicitConfig = hasExplicitPluginConfig(plugins); + if (explicitConfig) { + if (hasExplicitMemorySlot(plugins) || hasExplicitMemoryEntry(plugins)) { + return cfg; + } + return { + ...cfg, + plugins: { + ...plugins, + slots: { + ...plugins?.slots, + memory: null, + }, + }, + }; + } + + return { + ...cfg, + plugins: { + ...plugins, + enabled: false, + slots: { + ...plugins?.slots, + memory: null, + }, + }, + }; +} + +export function isTestDefaultMemorySlotDisabled( + cfg: MoltbotConfig, + env: NodeJS.ProcessEnv = process.env, +): boolean { + if (!env.VITEST) return false; + const plugins = cfg.plugins; + if (hasExplicitMemorySlot(plugins) || hasExplicitMemoryEntry(plugins)) { + return false; + } + return true; +} + export function resolveEnableState( id: string, origin: PluginRecord["origin"], diff --git a/src/plugins/loader.ts b/src/plugins/loader.ts index 174441bfc..79c785f27 100644 --- a/src/plugins/loader.ts +++ b/src/plugins/loader.ts @@ -10,6 +10,7 @@ import { resolveUserPath } from "../utils.js"; import { discoverMoltbotPlugins } from "./discovery.js"; import { loadPluginManifestRegistry } from "./manifest-registry.js"; import { + applyTestPluginDefaults, normalizePluginsConfig, resolveEnableState, resolveMemorySlotDecision, @@ -162,7 +163,7 @@ function pushDiagnostics(diagnostics: PluginDiagnostic[], append: PluginDiagnost } export function loadMoltbotPlugins(options: PluginLoadOptions = {}): PluginRegistry { - const cfg = options.config ?? {}; + const cfg = applyTestPluginDefaults(options.config ?? {}); const logger = options.logger ?? defaultLogger(); const validateOnly = options.mode === "validate"; const normalized = normalizePluginsConfig(cfg.plugins); From 06289b36da72a65f8d1cafd7cbab5f3d8654df98 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Thu, 29 Jan 2026 16:33:36 +0000 Subject: [PATCH 29/29] fix(security): harden SSH target handling (#4001) Thanks @YLChen-007. Co-authored-by: Edward-x --- CHANGELOG.md | 1 + src/commands/gateway-status.test.ts | 39 +++++++++++++++++++++++++++++ src/commands/gateway-status.ts | 4 ++- src/infra/ssh-config.test.ts | 2 ++ src/infra/ssh-config.ts | 3 ++- src/infra/ssh-tunnel.test.ts | 27 ++++++++++++++++++++ src/infra/ssh-tunnel.ts | 7 +++++- src/plugins/config-state.ts | 4 +-- 8 files changed, 82 insertions(+), 5 deletions(-) create mode 100644 src/infra/ssh-tunnel.test.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c5321870..1b13b7835 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ Docs: https://docs.molt.bot Status: beta. ### Changes +- Security: harden SSH tunnel target parsing to prevent option injection/DoS. (#4001) Thanks @YLChen-007. - Rebrand: rename the npm package/CLI to `moltbot`, add a `moltbot` compatibility shim, and move extensions to the `@moltbot/*` scope. - Commands: group /help and /commands output with Telegram paging. (#2504) Thanks @hougangdev. - macOS: limit project-local `node_modules/.bin` PATH preference to debug builds (reduce PATH hijacking risk). diff --git a/src/commands/gateway-status.test.ts b/src/commands/gateway-status.test.ts index 09547a83d..5e816f581 100644 --- a/src/commands/gateway-status.test.ts +++ b/src/commands/gateway-status.test.ts @@ -192,6 +192,45 @@ describe("gateway-status command", () => { expect(targets.some((t) => t.kind === "sshTunnel")).toBe(true); }); + it("skips invalid ssh-auto discovery targets", async () => { + const runtimeLogs: string[] = []; + const runtime = { + log: (msg: string) => runtimeLogs.push(msg), + error: (_msg: string) => {}, + exit: (code: number) => { + throw new Error(`__exit__:${code}`); + }, + }; + + const originalUser = process.env.USER; + try { + process.env.USER = "steipete"; + loadConfig.mockReturnValueOnce({ + gateway: { + mode: "remote", + remote: {}, + }, + }); + discoverGatewayBeacons.mockResolvedValueOnce([ + { tailnetDns: "-V" }, + { tailnetDns: "goodhost" }, + ]); + + startSshPortForward.mockClear(); + const { gatewayStatusCommand } = await import("./gateway-status.js"); + await gatewayStatusCommand( + { timeout: "1000", json: true, sshAuto: true }, + runtime as unknown as import("../runtime.js").RuntimeEnv, + ); + + expect(startSshPortForward).toHaveBeenCalledTimes(1); + const call = startSshPortForward.mock.calls[0]?.[0] as { target: string }; + expect(call.target).toBe("steipete@goodhost"); + } finally { + process.env.USER = originalUser; + } + }); + it("infers SSH target from gateway.remote.url and ssh config", async () => { const runtimeLogs: string[] = []; const runtime = { diff --git a/src/commands/gateway-status.ts b/src/commands/gateway-status.ts index 3a51a7886..a5a34d6e4 100644 --- a/src/commands/gateway-status.ts +++ b/src/commands/gateway-status.ts @@ -107,7 +107,9 @@ export async function gatewayStatusCommand( const base = user ? `${user}@${host.trim()}` : host.trim(); return sshPort !== 22 ? `${base}:${sshPort}` : base; }) - .filter((x): x is string => Boolean(x)); + .filter((candidate): candidate is string => + Boolean(candidate && parseSshTarget(candidate)), + ); if (candidates.length > 0) sshTarget = candidates[0] ?? null; } diff --git a/src/infra/ssh-config.test.ts b/src/infra/ssh-config.test.ts index 8f3248e0c..48a8bf310 100644 --- a/src/infra/ssh-config.test.ts +++ b/src/infra/ssh-config.test.ts @@ -54,6 +54,8 @@ describe("ssh-config", () => { expect(config?.host).toBe("peters-mac-studio-1.sheep-coho.ts.net"); expect(config?.port).toBe(2222); expect(config?.identityFiles).toEqual(["/tmp/id_ed25519"]); + const args = spawnMock.mock.calls[0]?.[1] as string[] | undefined; + expect(args?.slice(-2)).toEqual(["--", "me@alias"]); }); it("returns null when ssh -G fails", async () => { diff --git a/src/infra/ssh-config.ts b/src/infra/ssh-config.ts index 037405e8c..0b0e95015 100644 --- a/src/infra/ssh-config.ts +++ b/src/infra/ssh-config.ts @@ -58,7 +58,8 @@ export async function resolveSshConfig( args.push("-i", opts.identity.trim()); } const userHost = target.user ? `${target.user}@${target.host}` : target.host; - args.push(userHost); + // Use "--" so userHost can't be parsed as an ssh option. + args.push("--", userHost); return await new Promise((resolve) => { const child = spawn(sshPath, args, { diff --git a/src/infra/ssh-tunnel.test.ts b/src/infra/ssh-tunnel.test.ts new file mode 100644 index 000000000..d31f25d1a --- /dev/null +++ b/src/infra/ssh-tunnel.test.ts @@ -0,0 +1,27 @@ +import { describe, expect, it } from "vitest"; + +import { parseSshTarget } from "./ssh-tunnel.js"; + +describe("parseSshTarget", () => { + it("parses user@host:port targets", () => { + expect(parseSshTarget("me@example.com:2222")).toEqual({ + user: "me", + host: "example.com", + port: 2222, + }); + }); + + it("parses host-only targets with default port", () => { + expect(parseSshTarget("example.com")).toEqual({ + user: undefined, + host: "example.com", + port: 22, + }); + }); + + it("rejects hostnames that start with '-'", () => { + expect(parseSshTarget("-V")).toBeNull(); + expect(parseSshTarget("me@-badhost")).toBeNull(); + expect(parseSshTarget("-oProxyCommand=echo")).toBeNull(); + }); +}); diff --git a/src/infra/ssh-tunnel.ts b/src/infra/ssh-tunnel.ts index 8b3c7693b..399dc22e3 100644 --- a/src/infra/ssh-tunnel.ts +++ b/src/infra/ssh-tunnel.ts @@ -41,10 +41,14 @@ export function parseSshTarget(raw: string): SshParsedTarget | null { const portRaw = hostPart.slice(colonIdx + 1).trim(); const port = Number.parseInt(portRaw, 10); if (!host || !Number.isFinite(port) || port <= 0) return null; + // Security: Reject hostnames starting with '-' to prevent argument injection + if (host.startsWith("-")) return null; return { user: userPart, host, port }; } if (!hostPart) return null; + // Security: Reject hostnames starting with '-' to prevent argument injection + if (hostPart.startsWith("-")) return null; return { user: userPart, host: hostPart, port: 22 }; } @@ -134,7 +138,8 @@ export async function startSshPortForward(opts: { if (opts.identity?.trim()) { args.push("-i", opts.identity.trim()); } - args.push(userHost); + // Security: Use '--' to prevent userHost from being interpreted as an option + args.push("--", userHost); const stderr: string[] = []; const child = spawn("/usr/bin/ssh", args, { diff --git a/src/plugins/config-state.ts b/src/plugins/config-state.ts index 6b1a6c54a..5bfff7dbc 100644 --- a/src/plugins/config-state.ts +++ b/src/plugins/config-state.ts @@ -99,7 +99,7 @@ export function applyTestPluginDefaults( ...plugins, slots: { ...plugins?.slots, - memory: null, + memory: "none", }, }, }; @@ -112,7 +112,7 @@ export function applyTestPluginDefaults( enabled: false, slots: { ...plugins?.slots, - memory: null, + memory: "none", }, }, };