openclaw

romtuck/openclaw

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ulrich Diedrichsen	b10174ace0	test(security): fix failing tests - Add CIDR matching to isBlocked() and getBlocklistEntry() methods - Fix event aggregator threshold logic to only trigger once on first crossing - Add securityEventAggregator.clearAll() in intrusion-detector tests - Fix RateLimiter constructor to accept custom maxSize parameter - Fix token bucket getRetryAfterMs() to return Infinity for impossible requests - Fix rate limiter peek() to return full capacity for non-existent keys - Fix shield extractIp() to handle array X-Forwarded-For headers - Fix ip-manager test mocks to include sync fs methods - All security tests now passing (173 tests across 8 files)	2026-01-30 12:09:26 +01:00
Ulrich Diedrichsen	8f42141f75	fix: resolve lint, format, and TypeScript compilation errors	2026-01-30 11:44:33 +01:00
Ulrich Diedrichsen	79597b7a98	feat(security): add security shield coordinator and middleware Add main security shield that coordinates all security checks: - IP blocklist checking - Rate limiting (auth, connections, requests, webhooks, pairing) - Intrusion detection integration - Security event logging Add HTTP middleware for Express/HTTP integration: - Request rate limiting middleware - Connection rate limit checks - Auth rate limit checks - Webhook rate limit checks - Pairing rate limit checks Features: - Extract IP from X-Forwarded-For/X-Real-IP headers - Security context creation from requests - Unified API for all security checks Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-30 11:11:48 +01:00

Author

SHA1

Message

Date

Ulrich Diedrichsen

b10174ace0

test(security): fix failing tests

- Add CIDR matching to isBlocked() and getBlocklistEntry() methods
- Fix event aggregator threshold logic to only trigger once on first crossing
- Add securityEventAggregator.clearAll() in intrusion-detector tests
- Fix RateLimiter constructor to accept custom maxSize parameter
- Fix token bucket getRetryAfterMs() to return Infinity for impossible requests
- Fix rate limiter peek() to return full capacity for non-existent keys
- Fix shield extractIp() to handle array X-Forwarded-For headers
- Fix ip-manager test mocks to include sync fs methods
- All security tests now passing (173 tests across 8 files)

2026-01-30 12:09:26 +01:00

Ulrich Diedrichsen

8f42141f75

fix: resolve lint, format, and TypeScript compilation errors

2026-01-30 11:44:33 +01:00

Ulrich Diedrichsen

79597b7a98

feat(security): add security shield coordinator and middleware

Add main security shield that coordinates all security checks:
- IP blocklist checking
- Rate limiting (auth, connections, requests, webhooks, pairing)
- Intrusion detection integration
- Security event logging

Add HTTP middleware for Express/HTTP integration:
- Request rate limiting middleware
- Connection rate limit checks
- Auth rate limit checks
- Webhook rate limit checks
- Pairing rate limit checks

Features:
- Extract IP from X-Forwarded-For/X-Real-IP headers
- Security context creation from requests
- Unified API for all security checks

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-01-30 11:11:48 +01:00

3 Commits