Commit Graph

8313 Commits

Author SHA1 Message Date
ronitchidara
9dd38535e4 chore: regenerate A2UI bundle hash 2026-01-28 17:07:35 +05:30
ronitchidara
d5cd25f24d fix: update ClawdbotConfig to MoltbotConfig for upstream compatibility 2026-01-28 17:05:10 +05:30
ronitchidara
0652049c3d docs: add Phase 4-7 changelog entries for upstream PR 2026-01-28 17:03:46 +05:30
ronitchidara
5aae2aa197 security: comprehensive pre-PR security audit fixes (rebased) 2026-01-28 17:03:07 +05:30
ronitchidara
01b5a757d9 security: remove unnecessary sanitization from chat.inject
chat.inject is a privileged operation that injects assistant messages into
transcripts. The injection sanitization was being called but its result was
ignored - the original message was used anyway.

Rather than using the sanitized text (which would be identical since
useBoundaries=false for assistant content), remove the sanitization entirely
because:
1. This injects assistant content, not user input - boundary markers are inappropriate
2. Injection patterns detect user prompt manipulations, not assistant responses
3. This is a privileged gateway operation requiring authenticated access

This addresses the new finding in the post-fix audit.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 17:01:41 +05:30
ronitchidara
56926e73ec security: wire transformation phase audit fixes
Fix all 7 issues identified in the ChatGPT audit of transformation work:

1. Android build break: Remove duplicate normalizeMainKey/isCanonicalMainSessionKey
   from NodeGatewaySync.kt (they're already in SessionKey.kt). Align both Android
   and iOS implementations to use "main" as canonical (case-insensitive match).

2. Rate limiting: Wire rateLimiter through GatewayRequestContext and enforce:
   - Auth failure backoff (recordAuthFailure on auth failure, clearAuthFailure on success)
   - Request rate limiting before handleGatewayRequest
   - Channel message rate limiting in send handler
   - Add TOO_MANY_REQUESTS error code

3. Injection defenses: Call sanitizeIncomingMessage in chat.send and chat.inject
   handlers to detect prompt injection attempts.

4. RBAC enforcement: Add canAccessAgent check in chat.send handler and
   canExecuteCommand check in node-host runner for exec commands.

5. WhatsApp encrypted backup restore: Update maybeRestoreCredsFromBackup to
   handle encrypted backup files (.bak.enc -> .json.enc restoration).

6. Exec blocklist bypass: Add evaluateBlocklist check in argv-only code path
   in runner.ts (previously only checked for rawCommand path).

7. iOS voice transcript: Fix line 329 in NodeAppModel.swift to use computed
   'key' variable instead of original 'sessionKey' parameter.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 17:01:41 +05:30
ronitchidara
676e3a1254 fix: resolve lint errors from transformation phases
- Remove unnecessary escape character in exec-blocklist regex
- Fix header spread in clawdhub client to handle all HeadersInit types
- Remove unused InjectionSeverity import from chat-sanitize test

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 17:01:41 +05:30
ronitchidara
8e00cbf27d community: add Phase 6 marketplace integration and contribution guides
ClawdHub Web UI Integration:
- Add ClawdHub API client (search, details, install, updates)
- Add Gateway RPC handlers with auth scopes
- Add Marketplace tab with browse/installed views
- Add state management and Lit HTML components

Documentation:
- Add feature maturity matrix classifying 100+ features
- Add skills contribution guide (SKILL.md format, gating, publishing)
- Add plugins contribution guide (manifest, API, distribution)
- Update CONTRIBUTING.md with links to new guides
- Add Contributing section to docs navigation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 17:01:41 +05:30
ronitchidara
7ff1dc3bba compliance: add Phase 7 governance and procedure documentation
Add SOC2/ISO 27001 compliance documentation suite:
- incident-response.md: P1-P4 severity, 5-phase response, templates
- access-control-policy.md: RBAC governance, provisioning/revocation
- readiness-checklist.md: Self-assessment for all SOC2 TSC criteria
- change-management.md: Standard/normal/emergency change workflows
- vulnerability-disclosure.md: Safe harbor, reporting channels
- security-metrics.md: KPIs, Prometheus alerts, Grafana dashboard
- index.md: Navigation hub with control mapping

Documents reference existing technical controls (audit-log.ts, rbac.ts)
and provide practical audit log queries and alerting configurations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 17:01:41 +05:30
ronitchidara
1546fb5c04 enterprise: add Phase 5 observability and enterprise features
Observability:
- HTTP health endpoints (/health, /ready, /health/deep)
- Prometheus metrics endpoint (/metrics) with prom-client
- W3C traceparent request tracing with AsyncLocalStorage
- Trace ID propagation to logs and diagnostic events

Enterprise:
- JSONL audit logging with daily rotation and 7-day retention
- RBAC permission engine with flat roles (admin, operator, user, viewer)
- Tool and agent access restrictions per role
- Audit integration with pairing, auth, and exec approval flows

Documentation:
- Enterprise deployment guide (single/multi-tenant, K8s, Docker)
- Security hardening guide (TLS, RBAC, rate limiting)
- Observability guide (Prometheus, Grafana, alerting)
- Self-healing behaviors documentation

Load Testing:
- Connection stress test (WebSocket saturation)
- Chat throughput test (sustained message load)
- Auth stress test (rate limit verification)
- Configurable scenarios with p50/p95/p99 latency metrics

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 17:01:41 +05:30
ronitchidara
fdc7e11891 mobile: Phase 4 polish - refactoring, app store prep, and infrastructure
Tier 5 - Code Refactoring:
- iOS: Split NodeAppModel.swift (988→493 LOC) into focused modules
  - NodeCommandHandlers.swift: command routing (372 LOC)
  - NodeGatewaySync.swift: gateway sync, branding (153 LOC)
- Android: Split NodeRuntime.kt (1268→756 LOC, 40% reduction)
  - NodeCommandHandlers.kt: command routing (326 LOC)
  - NodeGatewaySync.kt: gateway sync, A2UI helpers (294 LOC)

Tier 6 - App Store Preparation:
- iOS: Add PrivacyInfo.xcprivacy (iOS 17+ privacy manifest)
- Android: Add ProGuard rules and enable minification for release builds

Infrastructure (from earlier tiers):
- iOS: Add OfflineMessageQueue for disconnected message queueing
- iOS: Add PushManager for VoIP push foundation
- iOS: Add TTSVoiceSettingsView for voice selection
- Android: Add ClawdbotMessagingService for FCM push
- Android: Add SyncWorker for background chat sync
- Both: Deep linking support (clawdbot:// URL scheme)
- Both: Empty states and loading indicators in settings

Testing:
- iOS: Add OfflineMessageQueueTests (8 tests)
- Android: Add NodeGatewaySyncTest (11 tests)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 17:01:20 +05:30
ronitchidara
e7728ff037 Web UI: add Phase 3 UX improvements
- Add onboarding wizard progress indicator with step visualization
- Add skills quick-toggle panel in topbar for fast enable/disable
- Add config presets system (Fast Chat, Coding Agent, Voice Assistant, Privacy First)
- Add config view levels (Basic/Standard/Advanced) to reduce complexity
- Add voice input button for mobile WebChat using Web Speech API
- Improve mobile responsiveness (safe-area insets, 44px touch targets, bottom sheets)
2026-01-28 16:58:11 +05:30
ronitchidara
1755ba52df chore: remove security worktree plan 2026-01-28 16:57:22 +05:30
ronitchidara
13b6e4102f docs: add changelog entries for security and architecture work
Phase 1 Security:
- Prompt injection defense system
- Command execution blocklist
- Cross-platform secrets manager
- Gateway rate limiting and warnings
- Pairing hardening with nonces
- Doctor credential security check

Phase 2 Architecture:
- Split session-utils.ts into focused modules
- Centralized error utilities

Phase 2.5 Memory:
- Extract EmbeddingService from manager.ts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:57:22 +05:30
ronitchidara
395cebab8a refactor(memory): extract EmbeddingService from manager.ts
Extract embedding-related responsibilities into focused EmbeddingService class:
- Batch embedding orchestration (OpenAI/Gemini batch APIs)
- Embedding cache management (read/write/prune/seed)
- Retry logic with exponential backoff
- Batch failure tracking with automatic fallback

Reduces manager.ts from 2178 to 1623 LOC (~25% reduction).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:56:56 +05:30
ronitchidara
6008724277 docs(architecture): add large file analysis for refactoring
Analyze 9 TypeScript files over 700 LOC for refactoring opportunities:

High priority:
- memory/manager.ts (2178 LOC) - Split by responsibility

Medium priority:
- bash-tools.exec.ts (1495 LOC) - Extract validation/sanitization
- tts/tts.ts (1473 LOC) - Split by provider
- exec-approvals.ts (1267 LOC) - Extract approval strategies
- node-host/runner.ts (1199 LOC) - Extract message handlers
- media-understanding/runner.ts (1118 LOC) - Extract provider adapters

Leave as-is:
- line/flex-templates.ts - Static templates
- cli/update-cli.ts - Sequential workflow
- config/schema.ts - Declarative schemas

Part of Phase 2: Architecture Cleanup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:56:56 +05:30
ronitchidara
9adfa99956 feat(errors): add centralized error utilities and index
Create a unified error module (src/errors/index.ts) that provides:

- ClawdbotError: Base error class with code and metadata support
- Common utilities: getErrorMessage, getErrorCode, getErrorStatus,
  formatErrorForLog, formatErrorForUser, wrapError
- Type guards: isClawdbotError, isError
- Re-exports of domain-specific errors for discoverability

Domain errors remain co-located with their modules for cohesion.
This index provides a single discovery point without creating coupling.

Part of Phase 2: Architecture Cleanup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:56:56 +05:30
ronitchidara
50186056d0 refactor(gateway): split session-utils.ts into focused modules
Extract cohesive functionality from session-utils.ts (644 LOC) into
focused submodules while maintaining full backwards compatibility:

- session-utils.avatar.ts: Avatar resolution (data URIs, files, URLs)
- session-utils.agents.ts: Agent listing and discovery
- session-utils.store.ts: Store resolution and loading

The main session-utils.ts now orchestrates and re-exports all functions
preserving the existing public API. Core session listing functions
(deriveSessionTitle, loadSessionEntry, classifySessionKey, etc.) remain
in the main file.

Part of Phase 2: Architecture Cleanup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:56:56 +05:30
ronitchidara
2fd698d137 security: add security documentation and doctor credential check
Security Documentation:
- docs/security/threat-model.md: Comprehensive threat model covering
  channels, tools, gateway, local files, browser automation, and plugins
- docs/security/data-handling.md: Data handling policy covering storage,
  retention, user rights (access, export, delete), and compliance

Doctor Security Check:
- Added credential encryption check to doctor-security.ts
- Warns about unencrypted WhatsApp/Web credentials

This completes Phase 1 Security Hardening (Tasks 1.1-1.6).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:55:18 +05:30
ronitchidara
bec5c1b10a security: add pairing hardening and exec approval nonces
Pairing Store Hardening:
- Increased pairing code length from 8 to 16 chars (80-bit entropy)
- Added HMAC-SHA256 signatures for store integrity verification
- Added rate limiting (10 attempts/minute per channel)
- Store is automatically reset if signature verification fails
- New ApproveChannelPairingCodeResult type includes rateLimited case

Exec Approval Nonces (Replay Protection):
- Added one-time-use nonces for approval socket requests
- Nonces are generated with 32 bytes of entropy (base64url encoded)
- Nonces expire after 5 minutes with automatic cleanup
- Responses must include matching nonce to be accepted
- Exported functions for testing: generateApprovalNonce, verifyAndConsumeNonce, isNonceValid

Tests:
- 11 pairing store tests (6 new security tests)
- 38 exec-approvals tests (8 new nonce tests)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:55:04 +05:30
ronitchidara
874caa32bc security: add gateway rate limiting and security warnings
- Implement token bucket rate limiter with per-client tracking
- Add configurable limits: unauthenticated (60/min), authenticated (unlimited)
- Add channel message rate limiting (200/min per channel)
- Implement exponential backoff after auth failures (1s base, 60s max)
- Add startup security warnings for non-loopback binding without auth
- Add GatewayRateLimitConfig type to config schema
- All settings configurable via gateway.rateLimit in clawdbot.json

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:55:04 +05:30
ronitchidara
9d26cd5db2 security: integrate secrets-manager with all token stores
- Discord: secrets-manager as Priority 1 source, added "secrets" token source type
- Telegram: secrets-manager as Priority 1 source, added "secrets" token source type
- Slack: secrets-manager as Priority 1 source for both bot and app tokens
- WhatsApp: encrypted credentials support (.enc files) via readPossiblyEncryptedFile
- Added file encryption utilities: encryptFile, decryptFile, writePossiblyEncryptedFile
- Added migrateWebCredsToEncrypted() for WhatsApp credential migration
- All token tests updated with skipSecrets option for isolation testing

Priority order for all token resolution:
1. Secure secrets storage (keychain/encrypted file)
2. Config file (existing behavior)
3. Environment variables (default account only)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:55:04 +05:30
ronitchidara
86261f4860 security: add cross-platform secrets manager
- Support macOS Keychain via `security` command
- Support Linux Secret Service via `secret-tool` (libsecret)
- Fallback to AES-256-GCM encrypted files with PBKDF2 key derivation
- Machine-derived encryption key for file fallback
- Utilities: generateSecureToken, hashSecret, verifySecretHash
- Migration helpers for moving plain-text credentials to secure storage
- Comprehensive test suite (27 tests)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:53:58 +05:30
ronitchidara
6a960c5137 security: add command execution blocklist
- Add tiered blocklist (critical/high/medium) for dangerous commands
- Block: rm -rf /, dd to disk, mkfs, halt/reboot, fork bombs, etc.
- Block: sudo, passwd, visudo, iptables, user management
- Warn but allow: command substitution, eval, curl POST, chmod 777
- Integrate blocklist into evaluateShellAllowlist (checked before allowlist)
- Add comprehensive test suite (47 tests)
- Export blocklist utilities for use by other modules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:53:58 +05:30
ronitchidara
988950f845 security: add prompt injection defense system
- Add regex-based jailbreak detection with severity levels (critical/high/medium/low)
- Implement prompt boundary markers ([USER_INPUT_START]/[USER_INPUT_END])
- Add configurable blocking, logging, and warning features
- Detect common injection patterns: ignore instructions, DAN/jailbreak, system prompt extraction
- Add comprehensive test suite (38 tests)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:53:58 +05:30
Roopak Nijhara
d93f8ffc13 fix: use fileURLToPath for Windows compatibility 2026-01-28 16:42:39 +05:30
Roopak Nijhara
bffcef981d style: run pnpm format 2026-01-28 16:42:39 +05:30
Roopak Nijhara
39b7f9d581 feat(hooks): make session-memory message count configurable (#2681)
Adds `messages` config option to session-memory hook (default: 15).
Fixes filter order bug - now filters user/assistant messages first,
then slices to get exactly N messages. Previously sliced first which
could result in fewer messages when non-message entries were present.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 16:42:39 +05:30
Shadow
9688454a30
Accidental inclusion 2026-01-28 01:12:04 -06:00
Shadow
6044bf3637
Discord: fix resolveDiscordTarget parse options 2026-01-28 00:37:21 -06:00
Ayaan Zaidi
b6a3a91edf fix: wire per-account dm scope guidance (#3095) (thanks @jarvis-sam) 2026-01-28 11:42:33 +05:30
Jarvis Deploy
d499b14842 feat(routing): add per-account-channel-peer session scope
Adds a new dmScope option that includes accountId in session keys,
enabling isolated sessions per channel account for multi-bot setups.

- Add 'per-account-channel-peer' to DmScope type
- Update session key generation to include accountId
- Pass accountId through routing chain
- Add tests for new routing behavior (13/13 passing)

Closes #3094

Co-authored-by: Sebastian Almeida <89653954+SebastianAlmeida@users.noreply.github.com>
2026-01-28 11:42:33 +05:30
Ayaan Zaidi
93c2d65398 fix: restore discord username lookup and align minimax test (#3131) (thanks @bonald) 2026-01-28 11:04:07 +05:30
Jarvis
f897f17c6e test: update MiniMax API URL expectation to match #3064
The MiniMax provider config was updated to use api.minimax.chat
instead of api.minimax.io in PR #3064, but the test expectation
was not updated.

🤖 Generated with Claude Code
2026-01-28 11:04:07 +05:30
Jarvis
cd72b80011 fix(discord): add missing type exports and fix unused imports
- Re-export DirectoryConfigParams and ChannelDirectoryEntry from channels/targets
- Remove unused ChannelDirectoryEntry and resolveDiscordAccount imports
- Fix parseDiscordTarget calls to not pass incompatible options type
- Fix unused catch parameter

Fixes CI build failures on main.

🤖 Generated with Claude Code
2026-01-28 11:04:07 +05:30
Shadow
6fc3ca4996
CI: add auto-response labels 2026-01-27 23:17:22 -06:00
Shadow
61ab348dd3
Discord: fix target type imports 2026-01-27 22:56:12 -06:00
Shadow
b01612c262
Discord: gate username lookups 2026-01-27 22:48:18 -06:00
Ayaan Zaidi
14e4b88bf0 fix: keep telegram dm thread sessions (#2731) (thanks @dylanneve1) 2026-01-28 09:32:20 +05:30
Dylan Neve
915497114e fix(telegram): ignore message_thread_id for non-forum group sessions
Regular Telegram groups (without Topics/Forums enabled) can send
message_thread_id when users reply to messages. This was incorrectly
being used to create separate session keys like '-123:topic:42',
causing each reply chain to get its own conversation context.

Now resolveTelegramForumThreadId only returns a thread ID when the
chat is actually a forum (is_forum=true). For regular groups, the
thread ID is ignored, ensuring all messages share the same session.

DMs continue to use messageThreadId for thread sessions as before.
2026-01-28 09:32:20 +05:30
Gustavo Madeira Santana
8f452dbc08
Update wizard header with new ASCII art 2026-01-27 22:30:38 -05:00
Gustavo Madeira Santana
c5effb78f3
Modify CLI banner ASCII art
Updated the ASCII art for the CLI banner.
2026-01-27 22:29:09 -05:00
Shadow
d0ef4d3b85 fix: update Moonshot Kimi model references (#2762) (thanks @MarvinCui) 2026-01-27 21:10:59 -06:00
Boran Cui
b8aa041dcc Update Moonshot Kimi model references to kimi-k2.5 2026-01-27 21:10:59 -06:00
Boran Cui
394308076a Update Moonshot Kimi model references from kimi-k2-0905-preview to the latest kimi-k2.5 2026-01-27 21:10:59 -06:00
Shadow
7bfe6ab2d6 fix: resolve Discord usernames for outbound sends (#2649) (thanks @nonggialiang) 2026-01-27 21:05:37 -06:00
Shadow
cf827f03e8 tests: cover Discord username resolution 2026-01-27 21:05:37 -06:00
nonggia.liang
7958ead91a fix: resolve Discord usernames to user IDs for outbound messages
When sending Discord messages via cron jobs or the message tool,
usernames like "john.doe" were incorrectly treated as channel names,
causing silent delivery failures.

This fix adds a resolveDiscordTarget() function that:
- Queries Discord directory to resolve usernames to user IDs
- Falls back to standard parsing for known formats
- Enables sending DMs by username without requiring explicit user:ID format

Changes:
- Added resolveDiscordTarget() in targets.ts with directory lookup
- Added parseAndResolveRecipient() in send.shared.ts
- Updated all outbound send functions to use username resolution

Fixes #2627
2026-01-27 21:05:37 -06:00
Shadow
57d9c09f6e fix: expand Telegram polling network recovery (#3013) (thanks @ryancontent) 2026-01-27 19:56:24 -06:00
ryan
558b64f5fa fix: handle Telegram network errors gracefully to prevent gateway crashes
- Expand recoverable error codes (ECONNABORTED, ERR_NETWORK)
- Add message patterns for 'typeerror: fetch failed' and 'undici' errors
- Add isNetworkRelatedError() helper for broad network failure detection
- Retry on all network-related errors instead of crashing gateway
- Remove unnecessary 'void' from fire-and-forget patterns
- Add tests for new error patterns

Fixes #3005
2026-01-27 19:56:24 -06:00