@gguf/pigbot 0.0.1 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -1054
- package/README-header.png +0 -0
- package/README.md +1 -1
- package/assets/chrome-extension/README.md +5 -5
- package/assets/chrome-extension/background.js +5 -5
- package/assets/chrome-extension/manifest.json +3 -3
- package/assets/chrome-extension/options.html +5 -6
- package/assets/chrome-extension/options.js +1 -1
- package/dist/acp/client.js +5 -5
- package/dist/acp/server.js +3 -3
- package/dist/acp/types.js +2 -2
- package/dist/agents/agent-paths.js +6 -6
- package/dist/agents/anthropic-payload-log.js +2 -2
- package/dist/agents/auth-health.js +2 -6
- package/dist/agents/auth-profiles/doctor.js +1 -1
- package/dist/agents/auth-profiles/external-cli-sync.js +5 -150
- package/dist/agents/auth-profiles/oauth.js +26 -7
- package/dist/agents/auth-profiles/paths.js +3 -3
- package/dist/agents/auth-profiles/store.js +5 -13
- package/dist/agents/bash-tools.exec.js +77 -26
- package/dist/agents/bash-tools.shared.js +8 -1
- package/dist/agents/cache-trace.js +5 -5
- package/dist/agents/cli-backends.js +8 -0
- package/dist/agents/cli-runner/helpers.js +3 -3
- package/dist/agents/cli-runner.js +3 -3
- package/dist/agents/compaction.js +3 -0
- package/dist/agents/context.js +4 -4
- package/dist/agents/docs-path.js +3 -3
- package/dist/agents/identity.js +1 -1
- package/dist/agents/live-auth-keys.js +2 -2
- package/dist/agents/memory-search.js +7 -2
- package/dist/agents/minimax-vlm.js +1 -1
- package/dist/agents/model-auth.js +1 -1
- package/dist/agents/model-catalog.js +23 -5
- package/dist/agents/model-fallback.js +22 -0
- package/dist/agents/model-selection.js +9 -2
- package/dist/agents/models-config.js +3 -3
- package/dist/agents/models-config.providers.js +4 -4
- package/dist/agents/{pigbot-tools.js → moltbot-tools.js} +7 -6
- package/dist/agents/pi-embedded-helpers/errors.js +23 -1
- package/dist/agents/pi-embedded-helpers/openai.js +1 -1
- package/dist/agents/pi-embedded-runner/cache-ttl.js +1 -1
- package/dist/agents/pi-embedded-runner/compact.js +8 -8
- package/dist/agents/pi-embedded-runner/extensions.js +5 -0
- package/dist/agents/pi-embedded-runner/model.js +9 -3
- package/dist/agents/pi-embedded-runner/run/attempt.js +10 -6
- package/dist/agents/pi-embedded-runner/run.js +5 -5
- package/dist/agents/pi-embedded-runner/sandbox-info.js +1 -4
- package/dist/agents/pi-embedded-runner/session-manager-cache.js +1 -1
- package/dist/agents/pi-embedded-runner/utils.js +1 -1
- package/dist/agents/pi-embedded-subscribe.raw-stream.js +2 -2
- package/dist/agents/pi-embedded-utils.js +7 -1
- package/dist/agents/pi-extensions/compaction-safeguard-runtime.js +20 -0
- package/dist/agents/pi-extensions/compaction-safeguard.js +32 -3
- package/dist/agents/pi-tools.js +26 -15
- package/dist/agents/pi-tools.policy.js +34 -1
- package/dist/agents/pi-tools.read.js +2 -2
- package/dist/agents/sandbox/browser.js +10 -12
- package/dist/agents/sandbox/config.js +0 -12
- package/dist/agents/sandbox/constants.js +8 -8
- package/dist/agents/sandbox/context.js +3 -3
- package/dist/agents/sandbox/docker.js +8 -8
- package/dist/agents/sandbox/runtime-status.js +1 -1
- package/dist/agents/session-transcript-repair.js +1 -1
- package/dist/agents/session-write-lock.js +68 -0
- package/dist/agents/skills/bundled-dir.js +1 -1
- package/dist/agents/skills/config.js +9 -8
- package/dist/agents/skills/env-overrides.js +1 -1
- package/dist/agents/skills/frontmatter.js +15 -14
- package/dist/agents/skills/workspace.js +7 -7
- package/dist/agents/skills-install.js +1 -1
- package/dist/agents/skills-status.js +12 -12
- package/dist/agents/subagent-registry.store.js +2 -2
- package/dist/agents/system-prompt.js +21 -32
- package/dist/agents/tool-images.js +1 -1
- package/dist/agents/tool-policy.js +8 -2
- package/dist/agents/tools/agents-list-tool.js +3 -1
- package/dist/agents/tools/browser-tool.js +19 -79
- package/dist/agents/tools/browser-tool.schema.js +1 -2
- package/dist/agents/tools/cron-tool.js +44 -1
- package/dist/agents/tools/discord-actions-guild.js +5 -1
- package/dist/agents/tools/image-tool.js +2 -2
- package/dist/agents/tools/message-tool.js +13 -1
- package/dist/agents/tools/sessions-send-helpers.js +17 -2
- package/dist/agents/tools/sessions-spawn-tool.js +1 -1
- package/dist/agents/tools/telegram-actions.js +95 -1
- package/dist/agents/tools/web-fetch.js +123 -103
- package/dist/agents/tools/web-search.js +7 -7
- package/dist/agents/workspace.js +37 -1
- package/dist/auto-reply/chunk.js +71 -26
- package/dist/auto-reply/commands-registry.data.js +73 -22
- package/dist/auto-reply/commands-registry.js +14 -11
- package/dist/auto-reply/heartbeat.js +3 -0
- package/dist/auto-reply/model.js +1 -1
- package/dist/auto-reply/reply/agent-runner-execution.js +21 -3
- package/dist/auto-reply/reply/agent-runner-memory.js +5 -0
- package/dist/auto-reply/reply/bash-command.js +2 -2
- package/dist/auto-reply/reply/block-streaming.js +8 -15
- package/dist/auto-reply/reply/commands-context-report.js +2 -2
- package/dist/auto-reply/reply/commands-info.js +50 -5
- package/dist/auto-reply/reply/commands-plugin.js +4 -2
- package/dist/auto-reply/reply/commands-session.js +4 -4
- package/dist/auto-reply/reply/commands-tts.js +61 -63
- package/dist/auto-reply/reply/directive-handling.shared.js +1 -1
- package/dist/auto-reply/reply/directives.js +12 -1
- package/dist/auto-reply/reply/dispatch-from-config.js +68 -22
- package/dist/auto-reply/reply/followup-runner.js +5 -0
- package/dist/auto-reply/reply/get-reply-inline-actions.js +2 -2
- package/dist/auto-reply/reply/get-reply-run.js +4 -0
- package/dist/auto-reply/reply/get-reply.js +1 -1
- package/dist/auto-reply/reply/groups.js +1 -1
- package/dist/auto-reply/reply/history.js +23 -0
- package/dist/auto-reply/reply/line-directives.js +294 -0
- package/dist/auto-reply/reply/normalize-reply.js +13 -5
- package/dist/auto-reply/reply/reply-elevated.js +1 -1
- package/dist/auto-reply/reply/reply-payloads.js +2 -1
- package/dist/auto-reply/reply/route-reply.js +1 -1
- package/dist/auto-reply/reply/session-updates.js +6 -1
- package/dist/auto-reply/reply/stage-sandbox-media.js +1 -1
- package/dist/auto-reply/status.js +144 -42
- package/dist/auto-reply/thinking.js +13 -0
- package/dist/browser/bridge-server.js +1 -3
- package/dist/browser/client-actions-core.js +13 -7
- package/dist/browser/client-actions-observe.js +14 -8
- package/dist/browser/client-actions-state.js +21 -15
- package/dist/browser/client-fetch.js +74 -61
- package/dist/browser/client.js +19 -21
- package/dist/browser/config.js +13 -26
- package/dist/browser/constants.js +1 -1
- package/dist/browser/control-service.js +72 -0
- package/dist/browser/extension-relay.js +3 -3
- package/dist/browser/pw-session.js +41 -4
- package/dist/browser/pw-tools-core.downloads.js +1 -1
- package/dist/browser/pw-tools-core.interactions.js +5 -5
- package/dist/browser/pw-tools-core.responses.js +1 -1
- package/dist/browser/routes/agent.act.js +13 -0
- package/dist/browser/routes/agent.debug.js +1 -1
- package/dist/browser/routes/basic.js +0 -1
- package/dist/browser/routes/dispatcher.js +86 -0
- package/dist/browser/server-context.js +3 -3
- package/dist/browser/server.js +7 -9
- package/dist/build-info.json +2 -2
- package/dist/canvas-host/a2ui/.bundle.hash +1 -0
- package/dist/canvas-host/a2ui/a2ui.bundle.js +1620 -1618
- package/dist/canvas-host/a2ui/index.html +28 -28
- package/dist/canvas-host/a2ui.js +27 -21
- package/dist/canvas-host/server.js +67 -33
- package/dist/channels/plugins/actions/discord/handle-action.guild-admin.js +5 -1
- package/dist/channels/plugins/actions/telegram.js +62 -7
- package/dist/channels/plugins/catalog.js +7 -5
- package/dist/channels/plugins/group-mentions.js +48 -1
- package/dist/channels/plugins/helpers.js +2 -2
- package/dist/channels/plugins/message-action-names.js +1 -0
- package/dist/channels/plugins/normalize/imessage.js +36 -0
- package/dist/channels/plugins/onboarding/imessage.js +1 -1
- package/dist/channels/plugins/onboarding/signal.js +2 -2
- package/dist/channels/plugins/onboarding/slack.js +4 -4
- package/dist/channels/plugins/onboarding/telegram.js +17 -9
- package/dist/channels/plugins/onboarding/whatsapp.js +4 -4
- package/dist/channels/plugins/outbound/telegram.js +40 -0
- package/dist/channels/plugins/pairing-message.js +1 -1
- package/dist/channels/plugins/status-issues/bluebubbles.js +1 -1
- package/dist/channels/plugins/status-issues/whatsapp.js +2 -2
- package/dist/channels/registry.js +1 -1
- package/dist/cli/acp-cli.js +2 -2
- package/dist/cli/argv.js +14 -7
- package/dist/cli/banner.js +3 -1
- package/dist/cli/browser-cli-actions-input/register.element.js +72 -44
- package/dist/cli/browser-cli-actions-input/register.files-downloads.js +55 -35
- package/dist/cli/browser-cli-actions-input/register.form-wait-eval.js +41 -28
- package/dist/cli/browser-cli-actions-input/register.navigation.js +23 -14
- package/dist/cli/browser-cli-actions-input/shared.js +10 -3
- package/dist/cli/browser-cli-actions-observe.js +29 -21
- package/dist/cli/browser-cli-debug.js +49 -35
- package/dist/cli/browser-cli-examples.js +29 -29
- package/dist/cli/browser-cli-extension.js +8 -8
- package/dist/cli/browser-cli-inspect.js +23 -17
- package/dist/cli/browser-cli-manage.js +106 -56
- package/dist/cli/browser-cli-shared.js +34 -1
- package/dist/cli/browser-cli-state.cookies-storage.js +53 -39
- package/dist/cli/browser-cli-state.js +90 -64
- package/dist/cli/browser-cli.js +4 -5
- package/dist/cli/channel-options.js +1 -1
- package/dist/cli/channels-cli.js +1 -1
- package/dist/cli/cli-name.js +26 -0
- package/dist/cli/command-format.js +12 -8
- package/dist/cli/config-cli.js +2 -2
- package/dist/cli/cron-cli/register.js +1 -1
- package/dist/cli/daemon-cli/install.js +3 -2
- package/dist/cli/daemon-cli/register.js +1 -1
- package/dist/cli/daemon-cli/shared.js +13 -11
- package/dist/cli/daemon-cli/status.gather.js +2 -2
- package/dist/cli/daemon-cli/status.print.js +8 -8
- package/dist/cli/directory-cli.js +1 -1
- package/dist/cli/dns-cli.js +7 -7
- package/dist/cli/docs-cli.js +2 -2
- package/dist/cli/exec-approvals-cli.js +2 -2
- package/dist/cli/gateway-cli/dev.js +5 -5
- package/dist/cli/gateway-cli/register.js +1 -1
- package/dist/cli/gateway-cli/run.js +19 -16
- package/dist/cli/gateway-cli/shared.js +5 -5
- package/dist/cli/hooks-cli.js +3 -3
- package/dist/cli/logs-cli.js +3 -3
- package/dist/cli/memory-cli.js +1 -1
- package/dist/cli/models-cli.js +2 -2
- package/dist/cli/node-cli/daemon.js +3 -3
- package/dist/cli/node-cli/register.js +1 -1
- package/dist/cli/nodes-camera.js +3 -1
- package/dist/cli/nodes-canvas.js +3 -1
- package/dist/cli/nodes-cli/register.canvas.js +1 -1
- package/dist/cli/nodes-cli/register.js +1 -1
- package/dist/cli/nodes-screen.js +1 -1
- package/dist/cli/pairing-cli.js +3 -3
- package/dist/cli/plugin-registry.js +2 -2
- package/dist/cli/plugins-cli.js +3 -3
- package/dist/cli/profile.js +9 -9
- package/dist/cli/program/config-guard.js +1 -1
- package/dist/cli/program/help.js +15 -16
- package/dist/cli/program/message/register.send.js +2 -1
- package/dist/cli/program/preaction.js +5 -3
- package/dist/cli/program/register.agent.js +12 -12
- package/dist/cli/program/register.configure.js +1 -1
- package/dist/cli/program/register.maintenance.js +4 -4
- package/dist/cli/program/register.message.js +5 -5
- package/dist/cli/program/register.onboard.js +5 -3
- package/dist/cli/program/register.setup.js +2 -2
- package/dist/cli/program/register.status-health-sessions.js +13 -13
- package/dist/cli/program/register.subclis.js +2 -2
- package/dist/cli/route.js +1 -1
- package/dist/cli/run-main.js +11 -4
- package/dist/cli/sandbox-cli.js +19 -19
- package/dist/cli/security-cli.js +18 -8
- package/dist/cli/skills-cli.js +3 -3
- package/dist/cli/system-cli.js +1 -1
- package/dist/cli/tagline.js +2 -2
- package/dist/cli/tui-cli.js +1 -1
- package/dist/cli/update-cli.js +64 -48
- package/dist/cli/webhooks-cli.js +6 -6
- package/dist/commands/agent-via-gateway.js +1 -1
- package/dist/commands/agent.js +2 -1
- package/dist/commands/agents.command-shared.js +1 -1
- package/dist/commands/agents.commands.add.js +2 -3
- package/dist/commands/agents.commands.list.js +1 -1
- package/dist/commands/auth-choice-options.js +4 -54
- package/dist/commands/auth-choice.apply.anthropic.js +6 -109
- package/dist/commands/auth-choice.apply.openai.js +1 -33
- package/dist/commands/auth-choice.apply.plugin-provider.js +2 -2
- package/dist/commands/channels/list.js +2 -2
- package/dist/commands/channels/shared.js +1 -1
- package/dist/commands/channels/status.js +1 -1
- package/dist/commands/chutes-oauth.js +1 -1
- package/dist/commands/configure.channels.js +4 -4
- package/dist/commands/configure.daemon.js +10 -2
- package/dist/commands/configure.gateway-auth.js +1 -8
- package/dist/commands/configure.gateway.js +1 -10
- package/dist/commands/configure.wizard.js +21 -21
- package/dist/commands/daemon-install-helpers.js +10 -3
- package/dist/commands/dashboard.js +2 -2
- package/dist/commands/docs.js +5 -5
- package/dist/commands/doctor-auth.js +122 -3
- package/dist/commands/doctor-config-flow.js +7 -7
- package/dist/commands/doctor-format.js +5 -5
- package/dist/commands/doctor-gateway-daemon-flow.js +5 -4
- package/dist/commands/doctor-gateway-services.js +7 -5
- package/dist/commands/doctor-platform-notes.js +7 -7
- package/dist/commands/doctor-security.js +48 -1
- package/dist/commands/doctor-state-integrity.js +3 -3
- package/dist/commands/doctor-ui.js +2 -2
- package/dist/commands/doctor-update.js +5 -5
- package/dist/commands/doctor-workspace-status.js +2 -2
- package/dist/commands/doctor-workspace.js +4 -4
- package/dist/commands/doctor.js +13 -12
- package/dist/commands/gateway-status/helpers.js +2 -2
- package/dist/commands/gateway-status.js +2 -2
- package/dist/commands/health.js +2 -2
- package/dist/commands/models/auth.js +23 -22
- package/dist/commands/models/list.probe.js +2 -2
- package/dist/commands/models/list.registry.js +4 -4
- package/dist/commands/models/list.status-command.js +8 -9
- package/dist/commands/node-daemon-install-helpers.js +1 -1
- package/dist/commands/onboard-auth.credentials.js +2 -2
- package/dist/commands/onboard-channels.js +3 -3
- package/dist/commands/onboard-helpers.js +4 -4
- package/dist/commands/onboard-hooks.js +4 -4
- package/dist/commands/onboard-non-interactive/local/auth-choice.js +38 -34
- package/dist/commands/onboard-non-interactive/local/daemon-install.js +1 -0
- package/dist/commands/onboard-non-interactive/local/gateway-config.js +7 -4
- package/dist/commands/onboard-non-interactive/local.js +1 -1
- package/dist/commands/onboard-non-interactive/remote.js +1 -1
- package/dist/commands/onboard-non-interactive.js +1 -1
- package/dist/commands/onboard-remote.js +2 -2
- package/dist/commands/onboard-skills.js +2 -2
- package/dist/commands/onboard.js +25 -4
- package/dist/commands/onboarding/plugin-install.js +2 -2
- package/dist/commands/reset.js +3 -3
- package/dist/commands/sandbox-display.js +1 -1
- package/dist/commands/sandbox-explain.js +2 -2
- package/dist/commands/setup.js +2 -2
- package/dist/commands/signal-install.js +2 -2
- package/dist/commands/status-all/diagnosis.js +1 -1
- package/dist/commands/status-all/report-lines.js +1 -1
- package/dist/commands/status-all.js +5 -5
- package/dist/commands/status.command.js +9 -9
- package/dist/commands/status.gateway-probe.js +2 -2
- package/dist/commands/status.scan.js +2 -2
- package/dist/commands/status.update.js +3 -3
- package/dist/commands/uninstall.js +4 -4
- package/dist/compat/legacy-names.js +6 -0
- package/dist/config/config.js +1 -1
- package/dist/config/env-vars.js +21 -0
- package/dist/config/group-policy.js +69 -0
- package/dist/config/io.js +24 -28
- package/dist/config/legacy.migrations.part-3.js +3 -0
- package/dist/config/logging.js +3 -3
- package/dist/config/paths.js +57 -17
- package/dist/config/schema.js +26 -12
- package/dist/config/sessions/store.js +1 -1
- package/dist/config/sessions/transcript.js +1 -1
- package/dist/config/types.clawdbot.js +1 -0
- package/dist/config/types.js +1 -1
- package/dist/config/validation.js +2 -2
- package/dist/config/version.js +4 -4
- package/dist/config/zod-schema.agent-defaults.js +1 -0
- package/dist/config/zod-schema.agent-runtime.js +39 -7
- package/dist/config/zod-schema.hooks.js +2 -0
- package/dist/config/zod-schema.js +10 -3
- package/dist/config/zod-schema.providers-core.js +24 -0
- package/dist/config/zod-schema.providers-whatsapp.js +3 -0
- package/dist/control-ui/assets/index-BAFzd9IE.css +1 -0
- package/dist/control-ui/assets/index-CxUFDXFX.js +3162 -0
- package/dist/control-ui/assets/index-CxUFDXFX.js.map +1 -0
- package/dist/control-ui/index.html +4 -4
- package/dist/cron/isolated-agent/run.js +38 -3
- package/dist/daemon/constants.js +26 -16
- package/dist/daemon/inspect.js +16 -15
- package/dist/daemon/launchd.js +8 -8
- package/dist/daemon/node-service.js +14 -14
- package/dist/daemon/paths.js +3 -3
- package/dist/daemon/program-args.js +1 -1
- package/dist/daemon/schtasks.js +6 -6
- package/dist/daemon/service-env.js +21 -21
- package/dist/daemon/systemd-hints.js +1 -1
- package/dist/daemon/systemd-unit.js +1 -1
- package/dist/daemon/systemd.js +6 -6
- package/dist/discord/monitor/listeners.js +25 -1
- package/dist/discord/monitor/native-command.js +7 -5
- package/dist/discord/monitor/presence-cache.js +38 -0
- package/dist/discord/monitor/provider.js +21 -7
- package/dist/entry.js +7 -7
- package/dist/gateway/auth.js +55 -22
- package/dist/gateway/call.js +2 -2
- package/dist/gateway/control-ui.js +4 -4
- package/dist/gateway/hooks-mapping.js +18 -4
- package/dist/gateway/hooks.js +5 -7
- package/dist/gateway/http-utils.js +3 -5
- package/dist/gateway/net.js +1 -1
- package/dist/gateway/openai-http.js +3 -3
- package/dist/gateway/openresponses-http.js +4 -4
- package/dist/gateway/protocol/client-info.js +5 -5
- package/dist/gateway/protocol/schema/logs-chat.js +1 -1
- package/dist/gateway/server/__tests__/test-utils.js +2 -0
- package/dist/gateway/server/health-state.js +3 -3
- package/dist/gateway/server/hooks.js +1 -0
- package/dist/gateway/server/plugins-http.js +23 -2
- package/dist/gateway/server/ws-connection/message-handler.js +66 -19
- package/dist/gateway/server-browser.js +16 -5
- package/dist/gateway/server-chat.js +28 -2
- package/dist/gateway/server-constants.js +2 -2
- package/dist/gateway/server-cron.js +1 -1
- package/dist/gateway/server-discovery-runtime.js +25 -17
- package/dist/gateway/server-discovery.js +7 -7
- package/dist/gateway/server-http.js +13 -7
- package/dist/gateway/server-methods/agent.js +2 -0
- package/dist/gateway/server-methods/browser.js +204 -0
- package/dist/gateway/server-methods/chat.js +5 -0
- package/dist/gateway/server-methods/config.js +8 -8
- package/dist/gateway/server-methods/logs.js +1 -1
- package/dist/gateway/server-methods/skills.js +3 -3
- package/dist/gateway/server-methods/update.js +2 -2
- package/dist/gateway/server-methods-list.js +1 -0
- package/dist/gateway/server-methods.js +3 -0
- package/dist/gateway/server-plugins.js +2 -2
- package/dist/gateway/server-reload-handlers.js +5 -5
- package/dist/gateway/server-restart-sentinel.js +10 -5
- package/dist/gateway/server-runtime-config.js +7 -4
- package/dist/gateway/server-startup.js +5 -5
- package/dist/gateway/server.impl.js +17 -7
- package/dist/gateway/session-utils.fs.js +1 -1
- package/dist/gateway/session-utils.js +31 -11
- package/dist/gateway/test-helpers.mocks.js +8 -7
- package/dist/gateway/test-helpers.server.js +51 -32
- package/dist/gateway/tools-invoke-http.js +15 -8
- package/dist/hooks/bundled/boot-md/HOOK.md +3 -3
- package/dist/hooks/bundled/command-logger/HOOK.md +12 -12
- package/dist/hooks/bundled/command-logger/handler.js +1 -1
- package/dist/hooks/bundled/session-memory/HOOK.md +4 -4
- package/dist/hooks/bundled/session-memory/handler.js +2 -2
- package/dist/hooks/bundled/soul-evil/HOOK.md +5 -5
- package/dist/hooks/bundled-dir.js +2 -2
- package/dist/hooks/config.js +8 -7
- package/dist/hooks/frontmatter.js +16 -15
- package/dist/hooks/gmail-ops.js +4 -4
- package/dist/hooks/gmail-watcher.js +1 -1
- package/dist/hooks/hooks-status.js +13 -13
- package/dist/hooks/install.js +8 -7
- package/dist/hooks/internal-hooks.js +1 -1
- package/dist/hooks/llm-slug-generator.js +1 -1
- package/dist/hooks/loader.js +3 -3
- package/dist/hooks/plugin-hooks.js +8 -8
- package/dist/hooks/workspace.js +10 -9
- package/dist/imessage/monitor/monitor-provider.js +2 -2
- package/dist/imessage/targets.js +19 -0
- package/dist/index.js +4 -4
- package/dist/infra/agent-events.js +3 -0
- package/dist/infra/bonjour-discovery.js +9 -9
- package/dist/infra/bonjour.js +20 -13
- package/dist/infra/device-identity.js +1 -1
- package/dist/infra/diagnostic-flags.js +66 -0
- package/dist/infra/dotenv.js +1 -1
- package/dist/infra/env.js +22 -0
- package/dist/infra/exec-approvals.js +2 -2
- package/dist/infra/fs-safe.js +76 -0
- package/dist/infra/gateway-lock.js +5 -4
- package/dist/infra/heartbeat-visibility.js +14 -0
- package/dist/infra/heartbeat-wake.js +2 -2
- package/dist/infra/machine-name.js +1 -1
- package/dist/infra/{pigbot-root.js → moltbot-root.js} +3 -2
- package/dist/infra/net/ssrf.js +77 -1
- package/dist/infra/node-shell.js +1 -1
- package/dist/infra/outbound/deliver.js +41 -18
- package/dist/infra/outbound/message-action-runner.js +24 -3
- package/dist/infra/outbound/message-action-spec.js +1 -0
- package/dist/infra/outbound/message.js +1 -0
- package/dist/infra/outbound/outbound-policy.js +4 -1
- package/dist/infra/outbound/outbound-send-service.js +10 -0
- package/dist/infra/outbound/payloads.js +15 -5
- package/dist/infra/outbound/target-resolver.js +53 -14
- package/dist/infra/outbound/targets.js +1 -1
- package/dist/infra/path-env.js +9 -9
- package/dist/infra/ports-format.js +2 -2
- package/dist/infra/ports.js +2 -2
- package/dist/infra/provider-usage.auth.js +2 -4
- package/dist/infra/provider-usage.fetch.claude.js +1 -1
- package/dist/infra/provider-usage.fetch.minimax.js +1 -1
- package/dist/infra/restart-sentinel.js +1 -1
- package/dist/infra/restart.js +4 -4
- package/dist/infra/retry-policy.js +4 -1
- package/dist/infra/runtime-guard.js +2 -2
- package/dist/infra/shell-env.js +4 -4
- package/dist/infra/skills-remote.js +3 -3
- package/dist/infra/state-migrations.js +1 -1
- package/dist/infra/system-presence.js +1 -1
- package/dist/infra/tailscale.js +63 -1
- package/dist/infra/tls/gateway.js +1 -1
- package/dist/infra/unhandled-rejections.js +89 -2
- package/dist/infra/update-check.js +2 -4
- package/dist/infra/update-global.js +5 -5
- package/dist/infra/update-runner.js +32 -8
- package/dist/infra/update-startup.js +3 -3
- package/dist/infra/warnings.js +1 -1
- package/dist/infra/widearea-dns.js +10 -10
- package/dist/line/accounts.js +130 -0
- package/dist/line/auto-reply-delivery.js +102 -0
- package/dist/line/bot-access.js +38 -0
- package/dist/line/bot-handlers.js +258 -0
- package/dist/line/bot-message-context.js +374 -0
- package/dist/line/bot.js +48 -0
- package/dist/line/config-schema.js +47 -0
- package/dist/line/download.js +95 -0
- package/dist/line/flex-templates.js +1264 -0
- package/dist/line/http-registry.js +27 -0
- package/dist/line/index.js +19 -0
- package/dist/line/markdown-to-line.js +346 -0
- package/dist/line/monitor.js +266 -0
- package/dist/line/probe.js +37 -0
- package/dist/line/reply-chunks.js +53 -0
- package/dist/line/rich-menu.js +320 -0
- package/dist/line/send.js +451 -0
- package/dist/line/signature.js +11 -0
- package/dist/line/template-messages.js +258 -0
- package/dist/line/types.js +1 -0
- package/dist/line/webhook.js +71 -0
- package/dist/link-understanding/apply.js +22 -0
- package/dist/link-understanding/defaults.js +2 -0
- package/dist/link-understanding/detect.js +49 -0
- package/dist/link-understanding/format.js +10 -0
- package/dist/link-understanding/index.js +4 -0
- package/dist/link-understanding/runner.js +99 -0
- package/dist/logging/logger.js +4 -4
- package/dist/macos/gateway-daemon.js +7 -7
- package/dist/macos/relay-smoke.js +1 -1
- package/dist/macos/relay.js +6 -6
- package/dist/media/host.js +1 -1
- package/dist/media/image-ops.js +3 -3
- package/dist/media/input-files.js +40 -32
- package/dist/media/server.js +39 -15
- package/dist/media/store.js +72 -52
- package/dist/media-understanding/attachments.js +1 -1
- package/dist/media-understanding/providers/image.js +2 -2
- package/dist/media-understanding/runner.js +69 -1
- package/dist/memory/batch-gemini.js +2 -2
- package/dist/memory/batch-openai.js +1 -1
- package/dist/memory/embeddings-gemini.js +1 -1
- package/dist/memory/embeddings.js +1 -1
- package/dist/node-host/runner.js +64 -60
- package/dist/pairing/pairing-messages.js +2 -2
- package/dist/plugin-sdk/index.js +12 -2
- package/dist/plugins/bundled-dir.js +1 -1
- package/dist/plugins/cli.js +2 -2
- package/dist/plugins/commands.js +1 -1
- package/dist/plugins/discovery.js +6 -5
- package/dist/plugins/http-path.js +10 -0
- package/dist/plugins/http-registry.js +31 -0
- package/dist/plugins/install.js +8 -7
- package/dist/plugins/loader.js +11 -4
- package/dist/plugins/manifest-registry.js +4 -4
- package/dist/plugins/manifest.js +16 -1
- package/dist/plugins/providers.js +2 -2
- package/dist/plugins/registry.js +36 -5
- package/dist/plugins/runtime/index.js +26 -0
- package/dist/plugins/runtime.js +2 -1
- package/dist/plugins/services.js +3 -3
- package/dist/plugins/status.js +2 -2
- package/dist/plugins/tools.js +2 -2
- package/dist/plugins/update.js +3 -3
- package/dist/process/exec.js +11 -7
- package/dist/process/spawn-utils.js +95 -0
- package/dist/providers/qwen-portal-oauth.js +1 -1
- package/dist/routing/session-key.js +17 -12
- package/dist/security/audit-extra.js +120 -70
- package/dist/security/audit-fs.js +78 -0
- package/dist/security/audit.js +145 -87
- package/dist/security/external-content.js +143 -0
- package/dist/security/fix.js +93 -8
- package/dist/security/windows-acl.js +162 -0
- package/dist/shared/text/reasoning-tags.js +48 -0
- package/dist/slack/monitor/media.js +32 -4
- package/dist/slack/monitor/message-handler/dispatch.js +2 -1
- package/dist/slack/monitor/slash.js +3 -3
- package/dist/slack/monitor.test-helpers.js +1 -1
- package/dist/telegram/accounts.js +1 -1
- package/dist/telegram/api-logging.js +24 -0
- package/dist/telegram/bot/delivery.js +218 -28
- package/dist/telegram/bot/helpers.js +29 -19
- package/dist/telegram/bot-handlers.js +70 -8
- package/dist/telegram/bot-message-context.js +83 -22
- package/dist/telegram/bot-message-dispatch.js +69 -0
- package/dist/telegram/bot-native-commands.js +245 -94
- package/dist/telegram/bot.js +18 -2
- package/dist/telegram/fetch.js +25 -1
- package/dist/telegram/monitor.js +11 -3
- package/dist/telegram/network-config.js +23 -0
- package/dist/telegram/network-errors.js +103 -0
- package/dist/telegram/send.js +229 -41
- package/dist/telegram/sticker-cache.js +202 -0
- package/dist/telegram/webhook-set.js +13 -6
- package/dist/telegram/webhook.js +8 -3
- package/dist/terminal/links.js +1 -1
- package/dist/tts/tts.js +128 -25
- package/dist/tui/components/filterable-select-list.js +1 -1
- package/dist/tui/components/searchable-select-list.js +2 -1
- package/dist/tui/gateway-chat.js +3 -3
- package/dist/tui/tui.js +1 -1
- package/dist/utils.js +3 -3
- package/dist/version.js +3 -3
- package/dist/web/active-listener.js +1 -1
- package/dist/web/auth-store.js +1 -1
- package/dist/web/auto-reply/monitor/process-message.js +1 -1
- package/dist/web/auto-reply/monitor.js +1 -1
- package/dist/web/login.js +1 -1
- package/dist/web/session.js +2 -2
- package/dist/wizard/onboarding.finalize.js +22 -21
- package/dist/wizard/onboarding.gateway-config.js +1 -11
- package/dist/wizard/onboarding.js +24 -13
- package/docs/CNAME +1 -1
- package/docs/_config.yml +2 -2
- package/docs/_layouts/default.html +9 -9
- package/docs/assets/terminal.css +3 -0
- package/docs/assets/theme.js +1 -1
- package/docs/automation/auth-monitoring.md +7 -7
- package/docs/automation/cron-jobs.md +19 -19
- package/docs/automation/cron-vs-heartbeat.md +8 -8
- package/docs/automation/gmail-pubsub.md +27 -25
- package/docs/automation/poll.md +7 -7
- package/docs/automation/webhook.md +13 -8
- package/docs/bedrock.md +10 -10
- package/docs/brave-search.md +1 -1
- package/docs/broadcast-groups.md +4 -4
- package/docs/channels/bluebubbles.md +14 -12
- package/docs/channels/discord.md +23 -18
- package/docs/channels/googlechat.md +16 -16
- package/docs/channels/grammy.md +1 -1
- package/docs/channels/imessage.md +14 -14
- package/docs/channels/index.md +6 -4
- package/docs/channels/line.md +183 -0
- package/docs/channels/location.md +1 -1
- package/docs/channels/matrix.md +16 -16
- package/docs/channels/mattermost.md +8 -8
- package/docs/channels/msteams.md +31 -27
- package/docs/channels/nextcloud-talk.md +8 -8
- package/docs/channels/nostr.md +9 -9
- package/docs/channels/signal.md +11 -11
- package/docs/channels/slack.md +31 -29
- package/docs/channels/telegram.md +152 -22
- package/docs/channels/tlon.md +5 -5
- package/docs/channels/troubleshooting.md +2 -2
- package/docs/channels/twitch.md +366 -0
- package/docs/channels/whatsapp.md +26 -26
- package/docs/channels/zalo.md +8 -8
- package/docs/channels/zalouser.md +12 -12
- package/docs/cli/acp.md +24 -24
- package/docs/cli/agent.md +6 -6
- package/docs/cli/agents.md +9 -9
- package/docs/cli/approvals.md +14 -14
- package/docs/cli/browser.md +33 -35
- package/docs/cli/channels.md +21 -21
- package/docs/cli/config.md +15 -15
- package/docs/cli/configure.md +6 -6
- package/docs/cli/cron.md +5 -5
- package/docs/cli/dashboard.md +4 -4
- package/docs/cli/devices.md +13 -13
- package/docs/cli/directory.md +12 -12
- package/docs/cli/dns.md +5 -5
- package/docs/cli/docs.md +5 -5
- package/docs/cli/doctor.md +11 -11
- package/docs/cli/gateway.md +26 -26
- package/docs/cli/health.md +5 -5
- package/docs/cli/hooks.md +34 -34
- package/docs/cli/index.md +46 -52
- package/docs/cli/logs.md +6 -6
- package/docs/cli/memory.md +11 -11
- package/docs/cli/message.md +11 -11
- package/docs/cli/models.md +17 -17
- package/docs/cli/node.md +14 -14
- package/docs/cli/nodes.md +14 -14
- package/docs/cli/onboard.md +7 -6
- package/docs/cli/pairing.md +4 -4
- package/docs/cli/plugins.md +16 -16
- package/docs/cli/reset.md +5 -5
- package/docs/cli/sandbox.md +28 -28
- package/docs/cli/security.md +5 -5
- package/docs/cli/sessions.md +5 -5
- package/docs/cli/setup.md +6 -6
- package/docs/cli/skills.md +6 -6
- package/docs/cli/status.md +7 -7
- package/docs/cli/system.md +6 -6
- package/docs/cli/tui.md +5 -5
- package/docs/cli/uninstall.md +5 -5
- package/docs/cli/update.md +20 -20
- package/docs/cli/voicecall.md +9 -9
- package/docs/cli/webhooks.md +5 -5
- package/docs/concepts/agent-loop.md +5 -5
- package/docs/concepts/agent-workspace.md +21 -21
- package/docs/concepts/agent.md +12 -12
- package/docs/concepts/architecture.md +2 -2
- package/docs/concepts/channel-routing.md +4 -4
- package/docs/concepts/compaction.md +5 -5
- package/docs/concepts/context.md +6 -6
- package/docs/concepts/group-messages.md +6 -6
- package/docs/concepts/groups.md +41 -5
- package/docs/concepts/markdown-formatting.md +3 -3
- package/docs/concepts/memory.md +14 -14
- package/docs/concepts/messages.md +4 -4
- package/docs/concepts/model-failover.md +14 -14
- package/docs/concepts/model-providers.md +22 -22
- package/docs/concepts/models.md +27 -27
- package/docs/concepts/multi-agent.md +19 -19
- package/docs/concepts/oauth.md +32 -59
- package/docs/concepts/presence.md +2 -2
- package/docs/concepts/retry.md +1 -1
- package/docs/concepts/session-pruning.md +1 -1
- package/docs/concepts/session-tool.md +4 -4
- package/docs/concepts/session.md +14 -14
- package/docs/concepts/streaming.md +4 -4
- package/docs/concepts/system-prompt.md +11 -11
- package/docs/concepts/timezone.md +2 -2
- package/docs/concepts/typebox.md +3 -3
- package/docs/concepts/typing-indicators.md +2 -2
- package/docs/concepts/usage-tracking.md +3 -3
- package/docs/date-time.md +2 -2
- package/docs/debug/node-issue.md +4 -4
- package/docs/debugging.md +18 -18
- package/docs/diagnostics/flags.md +89 -0
- package/docs/docs.json +37 -7
- package/docs/environment.md +7 -7
- package/docs/experiments/plans/cron-add-hardening.md +1 -1
- package/docs/experiments/plans/openresponses-gateway.md +2 -2
- package/docs/experiments/research/memory.md +6 -6
- package/docs/gateway/authentication.md +33 -57
- package/docs/gateway/background-process.md +2 -2
- package/docs/gateway/bonjour.md +25 -25
- package/docs/gateway/bridge-protocol.md +2 -2
- package/docs/gateway/cli-backends.md +13 -12
- package/docs/gateway/configuration-examples.md +14 -14
- package/docs/gateway/configuration.md +160 -145
- package/docs/gateway/discovery.md +10 -10
- package/docs/gateway/doctor.md +27 -27
- package/docs/gateway/gateway-lock.md +1 -1
- package/docs/gateway/health.md +11 -11
- package/docs/gateway/heartbeat.md +5 -5
- package/docs/gateway/index.md +65 -65
- package/docs/gateway/local-models.md +2 -2
- package/docs/gateway/logging.md +8 -8
- package/docs/gateway/multiple-gateways.md +27 -27
- package/docs/gateway/openai-http-api.md +12 -12
- package/docs/gateway/openresponses-http-api.md +12 -12
- package/docs/gateway/pairing.md +9 -9
- package/docs/gateway/protocol.md +6 -5
- package/docs/gateway/remote-gateway-readme.md +16 -14
- package/docs/gateway/remote.md +5 -5
- package/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md +10 -7
- package/docs/gateway/sandboxing.md +8 -6
- package/docs/gateway/security/formal-verification.md +107 -0
- package/docs/gateway/{security.md → security/index.md} +172 -75
- package/docs/gateway/tailscale.md +19 -38
- package/docs/gateway/tools-invoke-http-api.md +5 -5
- package/docs/gateway/troubleshooting.md +114 -119
- package/docs/help/faq.md +369 -355
- package/docs/help/troubleshooting.md +16 -16
- package/docs/hooks/soul-evil.md +2 -2
- package/docs/hooks.md +60 -60
- package/docs/index.md +35 -35
- package/docs/install/ansible.md +35 -35
- package/docs/install/development-channels.md +10 -10
- package/docs/install/docker.md +44 -44
- package/docs/install/index.md +34 -33
- package/docs/install/installer.md +24 -24
- package/docs/install/migrating.md +190 -0
- package/docs/install/nix.md +18 -18
- package/docs/install/node.md +7 -6
- package/docs/install/uninstall.md +30 -30
- package/docs/install/updating.md +50 -49
- package/docs/logging.md +82 -58
- package/docs/multi-agent-sandbox-tools.md +7 -7
- package/docs/network.md +1 -1
- package/docs/nodes/audio.md +2 -2
- package/docs/nodes/camera.md +18 -18
- package/docs/nodes/images.md +4 -4
- package/docs/nodes/index.md +57 -57
- package/docs/nodes/location-command.md +2 -2
- package/docs/nodes/media-understanding.md +5 -5
- package/docs/nodes/talk.md +1 -1
- package/docs/nodes/voicewake.md +2 -2
- package/docs/northflank.mdx +53 -0
- package/docs/perplexity.md +2 -2
- package/docs/platforms/android.md +13 -13
- package/docs/platforms/digitalocean.md +243 -0
- package/docs/platforms/exe-dev.md +25 -25
- package/docs/platforms/fly.md +149 -24
- package/docs/platforms/gcp.md +498 -0
- package/docs/platforms/hetzner.md +42 -42
- package/docs/platforms/index.md +9 -9
- package/docs/platforms/ios.md +13 -13
- package/docs/platforms/linux.md +11 -11
- package/docs/platforms/mac/bundled-gateway.md +16 -16
- package/docs/platforms/mac/canvas.md +14 -14
- package/docs/platforms/mac/child-process.md +9 -9
- package/docs/platforms/mac/dev-setup.md +11 -11
- package/docs/platforms/mac/health.md +2 -2
- package/docs/platforms/mac/icon.md +1 -1
- package/docs/platforms/mac/logging.md +7 -7
- package/docs/platforms/mac/menu-bar.md +1 -1
- package/docs/platforms/mac/peekaboo.md +9 -9
- package/docs/platforms/mac/permissions.md +3 -3
- package/docs/platforms/mac/release.md +20 -20
- package/docs/platforms/mac/remote.md +14 -14
- package/docs/platforms/mac/signing.md +7 -7
- package/docs/platforms/mac/skills.md +4 -4
- package/docs/platforms/mac/voice-overlay.md +2 -2
- package/docs/platforms/mac/webchat.md +2 -2
- package/docs/platforms/mac/xpc.md +4 -4
- package/docs/platforms/macos-vm.md +27 -27
- package/docs/platforms/macos.md +20 -20
- package/docs/platforms/oracle.md +291 -0
- package/docs/platforms/raspberry-pi.md +354 -0
- package/docs/platforms/windows.md +11 -11
- package/docs/plugin.md +80 -64
- package/docs/plugins/agent-tools.md +1 -1
- package/docs/plugins/manifest.md +4 -4
- package/docs/plugins/voice-call.md +96 -12
- package/docs/plugins/zalouser.md +9 -9
- package/docs/prose.md +9 -9
- package/docs/providers/anthropic.md +23 -27
- package/docs/providers/claude-max-api-proxy.md +145 -0
- package/docs/providers/deepgram.md +2 -2
- package/docs/providers/github-copilot.md +11 -11
- package/docs/providers/glm.md +4 -4
- package/docs/providers/index.md +7 -3
- package/docs/providers/minimax.md +9 -9
- package/docs/providers/models.md +3 -3
- package/docs/providers/moonshot.md +2 -2
- package/docs/providers/ollama.md +11 -11
- package/docs/providers/openai.md +9 -13
- package/docs/providers/opencode.md +3 -3
- package/docs/providers/openrouter.md +3 -3
- package/docs/providers/qwen.md +6 -6
- package/docs/providers/synthetic.md +4 -4
- package/docs/providers/venice.md +21 -21
- package/docs/providers/vercel-ai-gateway.md +5 -4
- package/docs/providers/zai.md +5 -5
- package/docs/railway.mdx +9 -7
- package/docs/refactor/exec-host.md +5 -5
- package/docs/refactor/plugin-sdk.md +12 -12
- package/docs/refactor/strict-config.md +11 -11
- package/docs/reference/AGENTS.default.md +10 -10
- package/docs/reference/RELEASING.md +29 -29
- package/docs/reference/api-usage-costs.md +6 -6
- package/docs/reference/device-models.md +7 -7
- package/docs/reference/rpc.md +3 -3
- package/docs/reference/session-management-compaction.md +19 -19
- package/docs/reference/templates/AGENTS.dev.md +1 -1
- package/docs/reference/templates/BOOT.md +1 -1
- package/docs/reference/templates/IDENTITY.md +27 -0
- package/docs/reference/templates/TOOLS.dev.md +1 -1
- package/docs/reference/templates/USER.dev.md +2 -2
- package/docs/reference/templates/USER.md +22 -0
- package/docs/reference/test.md +2 -2
- package/docs/reference/transcript-hygiene.md +1 -1
- package/docs/render.mdx +158 -0
- package/docs/scripts.md +1 -1
- package/docs/security/formal-verification.md +107 -0
- package/docs/start/clawd.md +29 -29
- package/docs/start/getting-started.md +31 -25
- package/docs/start/hubs.md +2 -2
- package/docs/start/lore.md +74 -38
- package/docs/start/onboarding.md +7 -7
- package/docs/start/pairing.md +10 -10
- package/docs/start/setup.md +30 -17
- package/docs/start/showcase.md +32 -32
- package/docs/start/wizard.md +29 -26
- package/docs/testing.md +56 -56
- package/docs/token-use.md +7 -7
- package/docs/tools/agent-send.md +10 -10
- package/docs/tools/browser-linux-troubleshooting.md +10 -10
- package/docs/tools/browser-login.md +4 -4
- package/docs/tools/browser.md +136 -242
- package/docs/tools/chrome-extension.md +31 -48
- package/docs/tools/clawdhub.md +7 -7
- package/docs/tools/creating-skills.md +41 -0
- package/docs/tools/elevated.md +1 -0
- package/docs/tools/exec-approvals.md +8 -5
- package/docs/tools/exec.md +15 -4
- package/docs/tools/firecrawl.md +2 -2
- package/docs/tools/index.md +18 -15
- package/docs/tools/llm-task.md +1 -1
- package/docs/tools/lobster.md +23 -11
- package/docs/tools/skills-config.md +2 -2
- package/docs/tools/skills.md +39 -31
- package/docs/tools/slash-commands.md +10 -8
- package/docs/tools/web.md +8 -8
- package/docs/tts.md +11 -11
- package/docs/tui.md +7 -7
- package/docs/vps.md +6 -1
- package/docs/web/control-ui.md +15 -14
- package/docs/web/dashboard.md +10 -6
- package/docs/web/index.md +7 -6
- package/docs/web/webchat.md +1 -1
- package/extensions/bluebubbles/index.ts +3 -3
- package/extensions/bluebubbles/package.json +5 -5
- package/extensions/bluebubbles/src/accounts.ts +9 -9
- package/extensions/bluebubbles/src/actions.test.ts +22 -22
- package/extensions/bluebubbles/src/actions.ts +6 -6
- package/extensions/bluebubbles/src/attachments.ts +2 -2
- package/extensions/bluebubbles/src/channel.ts +71 -17
- package/extensions/bluebubbles/src/chat.ts +2 -2
- package/extensions/bluebubbles/src/config-schema.ts +1 -1
- package/extensions/bluebubbles/src/media-send.ts +2 -2
- package/extensions/bluebubbles/src/monitor.test.ts +56 -50
- package/extensions/bluebubbles/src/monitor.ts +181 -6
- package/extensions/bluebubbles/src/onboarding.ts +9 -9
- package/extensions/bluebubbles/src/reactions.ts +2 -2
- package/extensions/bluebubbles/src/runtime.ts +1 -1
- package/extensions/bluebubbles/src/send.test.ts +94 -2
- package/extensions/bluebubbles/src/send.ts +73 -7
- package/extensions/copilot-proxy/README.md +3 -3
- package/extensions/copilot-proxy/index.ts +1 -1
- package/extensions/copilot-proxy/package.json +4 -4
- package/extensions/diagnostics-otel/index.ts +3 -3
- package/extensions/diagnostics-otel/package.json +4 -4
- package/extensions/diagnostics-otel/src/service.test.ts +15 -15
- package/extensions/diagnostics-otel/src/service.ts +85 -85
- package/extensions/discord/index.ts +3 -3
- package/extensions/discord/package.json +4 -4
- package/extensions/discord/src/channel.ts +1 -1
- package/extensions/discord/src/runtime.ts +1 -1
- package/extensions/google-antigravity-auth/README.md +3 -3
- package/extensions/google-antigravity-auth/index.ts +9 -2
- package/extensions/google-antigravity-auth/package.json +4 -4
- package/extensions/google-gemini-cli-auth/README.md +17 -6
- package/extensions/google-gemini-cli-auth/index.ts +3 -3
- package/extensions/google-gemini-cli-auth/oauth.test.ts +228 -0
- package/extensions/google-gemini-cli-auth/oauth.ts +96 -12
- package/extensions/google-gemini-cli-auth/package.json +4 -4
- package/extensions/googlechat/index.ts +4 -4
- package/extensions/googlechat/package.json +7 -7
- package/extensions/googlechat/src/accounts.ts +9 -9
- package/extensions/googlechat/src/actions.ts +8 -8
- package/extensions/googlechat/src/api.ts +1 -1
- package/extensions/googlechat/src/channel.ts +23 -23
- package/extensions/googlechat/src/monitor.ts +9 -9
- package/extensions/googlechat/src/onboarding.ts +11 -11
- package/extensions/googlechat/src/runtime.ts +1 -1
- package/extensions/googlechat/src/types.config.ts +1 -1
- package/extensions/imessage/index.ts +3 -3
- package/extensions/imessage/package.json +4 -4
- package/extensions/imessage/src/channel.ts +5 -8
- package/extensions/imessage/src/runtime.ts +1 -1
- package/extensions/line/clawdbot.plugin.json +11 -0
- package/extensions/line/index.ts +20 -0
- package/extensions/line/package.json +29 -0
- package/extensions/line/src/card-command.ts +338 -0
- package/extensions/line/src/channel.logout.test.ts +96 -0
- package/extensions/line/src/channel.sendPayload.test.ts +308 -0
- package/extensions/line/src/channel.ts +773 -0
- package/extensions/line/src/runtime.ts +14 -0
- package/extensions/llm-task/README.md +4 -4
- package/extensions/llm-task/index.ts +2 -2
- package/extensions/llm-task/package.json +4 -4
- package/extensions/llm-task/src/llm-task-tool.ts +5 -5
- package/extensions/lobster/README.md +6 -6
- package/extensions/lobster/index.ts +2 -2
- package/extensions/lobster/package.json +3 -3
- package/extensions/lobster/src/lobster-tool.test.ts +26 -6
- package/extensions/lobster/src/lobster-tool.ts +24 -6
- package/extensions/matrix/CHANGELOG.md +9 -9
- package/extensions/matrix/index.ts +3 -3
- package/extensions/matrix/node_modules/.bin/markdown-it +2 -2
- package/extensions/matrix/node_modules/.bin/markdown-it.CMD +2 -2
- package/extensions/matrix/node_modules/.bin/markdown-it.ps1 +2 -2
- package/extensions/matrix/package.json +7 -7
- package/extensions/matrix/src/actions.ts +1 -1
- package/extensions/matrix/src/channel.directory.test.ts +1 -1
- package/extensions/matrix/src/channel.ts +1 -1
- package/extensions/matrix/src/config-schema.ts +1 -1
- package/extensions/matrix/src/directory-live.ts +1 -1
- package/extensions/matrix/src/group-mentions.ts +1 -1
- package/extensions/matrix/src/matrix/accounts.ts +1 -1
- package/extensions/matrix/src/matrix/actions/client.ts +1 -1
- package/extensions/matrix/src/matrix/actions/messages.ts +1 -1
- package/extensions/matrix/src/matrix/actions/reactions.ts +1 -1
- package/extensions/matrix/src/matrix/actions/room.ts +3 -3
- package/extensions/matrix/src/matrix/actions/summary.ts +1 -1
- package/extensions/matrix/src/matrix/actions/types.ts +1 -1
- package/extensions/matrix/src/matrix/active-client.ts +1 -1
- package/extensions/matrix/src/matrix/client/config.ts +2 -2
- package/extensions/matrix/src/matrix/client/create-client.ts +2 -2
- package/extensions/matrix/src/matrix/client/logging.ts +1 -1
- package/extensions/matrix/src/matrix/client/shared.ts +3 -3
- package/extensions/matrix/src/matrix/deps.ts +5 -5
- package/extensions/matrix/src/matrix/monitor/allowlist.ts +1 -1
- package/extensions/matrix/src/matrix/monitor/auto-join.ts +4 -4
- package/extensions/matrix/src/matrix/monitor/direct.ts +1 -1
- package/extensions/matrix/src/matrix/monitor/events.ts +2 -2
- package/extensions/matrix/src/matrix/monitor/handler.ts +15 -11
- package/extensions/matrix/src/matrix/monitor/index.ts +2 -2
- package/extensions/matrix/src/matrix/monitor/location.ts +2 -2
- package/extensions/matrix/src/matrix/monitor/media.test.ts +41 -5
- package/extensions/matrix/src/matrix/monitor/media.ts +17 -14
- package/extensions/matrix/src/matrix/monitor/replies.ts +2 -2
- package/extensions/matrix/src/matrix/monitor/room-info.ts +1 -1
- package/extensions/matrix/src/matrix/monitor/rooms.ts +1 -1
- package/extensions/matrix/src/matrix/monitor/threads.ts +1 -1
- package/extensions/matrix/src/matrix/monitor/types.ts +2 -1
- package/extensions/matrix/src/matrix/poll-types.ts +1 -1
- package/extensions/matrix/src/matrix/probe.ts +1 -1
- package/extensions/matrix/src/matrix/send/client.ts +3 -3
- package/extensions/matrix/src/matrix/send/media.ts +1 -1
- package/extensions/matrix/src/matrix/send/targets.test.ts +1 -1
- package/extensions/matrix/src/matrix/send/targets.ts +1 -1
- package/extensions/matrix/src/matrix/send/types.ts +2 -2
- package/extensions/matrix/src/matrix/send.test.ts +3 -3
- package/extensions/matrix/src/matrix/send.ts +4 -4
- package/extensions/matrix/src/onboarding.ts +3 -3
- package/extensions/matrix/src/outbound.ts +1 -1
- package/extensions/matrix/src/resolve-targets.ts +1 -1
- package/extensions/matrix/src/runtime.ts +1 -1
- package/extensions/matrix/src/tool-actions.ts +1 -1
- package/extensions/matrix/src/types.ts +1 -1
- package/extensions/mattermost/index.ts +3 -3
- package/extensions/mattermost/package.json +5 -5
- package/extensions/mattermost/src/channel.ts +1 -1
- package/extensions/mattermost/src/config-schema.ts +1 -1
- package/extensions/mattermost/src/group-mentions.ts +2 -2
- package/extensions/mattermost/src/mattermost/accounts.ts +10 -10
- package/extensions/mattermost/src/mattermost/client.ts +1 -1
- package/extensions/mattermost/src/mattermost/monitor-helpers.ts +6 -6
- package/extensions/mattermost/src/mattermost/monitor.ts +4 -4
- package/extensions/mattermost/src/mattermost/probe.ts +1 -1
- package/extensions/mattermost/src/onboarding-helpers.ts +5 -5
- package/extensions/mattermost/src/onboarding.ts +5 -5
- package/extensions/mattermost/src/runtime.ts +1 -1
- package/extensions/mattermost/src/types.ts +1 -1
- package/extensions/memory-core/index.ts +3 -3
- package/extensions/memory-core/package.json +9 -6
- package/extensions/memory-lancedb/{pigbot.plugin.json → clawdbot.plugin.json} +1 -1
- package/extensions/memory-lancedb/config.ts +2 -2
- package/extensions/memory-lancedb/index.test.ts +3 -3
- package/extensions/memory-lancedb/index.ts +4 -4
- package/extensions/memory-lancedb/node_modules/.bin/openai +2 -2
- package/extensions/memory-lancedb/node_modules/.bin/openai.CMD +2 -2
- package/extensions/memory-lancedb/node_modules/.bin/openai.ps1 +2 -2
- package/extensions/memory-lancedb/package.json +4 -4
- package/extensions/msteams/CHANGELOG.md +7 -7
- package/extensions/msteams/index.ts +3 -3
- package/extensions/msteams/package.json +6 -6
- package/extensions/msteams/src/attachments.test.ts +1 -1
- package/extensions/msteams/src/channel.directory.test.ts +2 -2
- package/extensions/msteams/src/channel.ts +3 -3
- package/extensions/msteams/src/conversation-store-fs.test.ts +5 -5
- package/extensions/msteams/src/directory-live.ts +1 -1
- package/extensions/msteams/src/graph-upload.ts +4 -4
- package/extensions/msteams/src/media-helpers.ts +1 -1
- package/extensions/msteams/src/messenger.test.ts +1 -1
- package/extensions/msteams/src/messenger.ts +1 -1
- package/extensions/msteams/src/monitor-handler/message-handler.ts +1 -1
- package/extensions/msteams/src/monitor-handler.ts +2 -2
- package/extensions/msteams/src/monitor.ts +3 -3
- package/extensions/msteams/src/onboarding.ts +11 -11
- package/extensions/msteams/src/outbound.ts +1 -1
- package/extensions/msteams/src/policy.test.ts +1 -1
- package/extensions/msteams/src/policy.ts +50 -5
- package/extensions/msteams/src/polls-store.test.ts +1 -1
- package/extensions/msteams/src/polls.test.ts +5 -5
- package/extensions/msteams/src/polls.ts +8 -8
- package/extensions/msteams/src/probe.test.ts +1 -1
- package/extensions/msteams/src/probe.ts +1 -1
- package/extensions/msteams/src/reply-dispatcher.ts +36 -36
- package/extensions/msteams/src/runtime.ts +1 -1
- package/extensions/msteams/src/send-context.ts +2 -2
- package/extensions/msteams/src/send.ts +5 -5
- package/extensions/msteams/src/token.ts +1 -1
- package/extensions/nextcloud-talk/index.ts +3 -3
- package/extensions/nextcloud-talk/package.json +5 -5
- package/extensions/nextcloud-talk/src/accounts.ts +2 -2
- package/extensions/nextcloud-talk/src/channel.ts +8 -8
- package/extensions/nextcloud-talk/src/config-schema.ts +1 -1
- package/extensions/nextcloud-talk/src/inbound.ts +8 -8
- package/extensions/nextcloud-talk/src/monitor.ts +1 -1
- package/extensions/nextcloud-talk/src/onboarding.ts +2 -2
- package/extensions/nextcloud-talk/src/policy.ts +2 -2
- package/extensions/nextcloud-talk/src/room-info.ts +1 -1
- package/extensions/nextcloud-talk/src/runtime.ts +1 -1
- package/extensions/nextcloud-talk/src/types.ts +1 -1
- package/extensions/nostr/CHANGELOG.md +4 -4
- package/extensions/nostr/README.md +5 -5
- package/extensions/nostr/index.ts +6 -6
- package/extensions/nostr/package.json +6 -6
- package/extensions/nostr/src/channel.ts +2 -2
- package/extensions/nostr/src/config-schema.ts +1 -1
- package/extensions/nostr/src/nostr-state-store.test.ts +8 -8
- package/extensions/nostr/src/runtime.ts +1 -1
- package/extensions/nostr/src/types.ts +4 -4
- package/extensions/open-prose/index.ts +2 -2
- package/extensions/open-prose/package.json +3 -3
- package/extensions/open-prose/skills/prose/SKILL.md +5 -5
- package/extensions/open-prose/skills/prose/examples/28-automated-pr-review.prose +2 -2
- package/extensions/open-prose/skills/prose/prose.md +4 -4
- package/extensions/qwen-portal-auth/README.md +3 -3
- package/extensions/qwen-portal-auth/index.ts +1 -1
- package/extensions/signal/index.ts +3 -3
- package/extensions/signal/package.json +4 -4
- package/extensions/signal/src/channel.ts +1 -1
- package/extensions/signal/src/runtime.ts +1 -1
- package/extensions/slack/index.ts +3 -3
- package/extensions/slack/package.json +4 -4
- package/extensions/slack/src/channel.ts +1 -1
- package/extensions/slack/src/runtime.ts +1 -1
- package/extensions/telegram/index.ts +3 -3
- package/extensions/telegram/package.json +4 -4
- package/extensions/telegram/src/channel.ts +3 -3
- package/extensions/telegram/src/runtime.ts +1 -1
- package/extensions/tlon/README.md +3 -3
- package/extensions/tlon/index.ts +3 -3
- package/extensions/tlon/package.json +5 -5
- package/extensions/tlon/src/channel.ts +15 -15
- package/extensions/tlon/src/config-schema.ts +1 -1
- package/extensions/tlon/src/monitor/discovery.ts +1 -1
- package/extensions/tlon/src/monitor/history.ts +1 -1
- package/extensions/tlon/src/monitor/index.ts +3 -3
- package/extensions/tlon/src/onboarding.ts +4 -4
- package/extensions/tlon/src/runtime.ts +1 -1
- package/extensions/tlon/src/types.ts +3 -3
- package/extensions/tlon/src/urbit/send.ts +19 -6
- package/extensions/twitch/CHANGELOG.md +21 -0
- package/extensions/twitch/README.md +89 -0
- package/extensions/twitch/clawdbot.plugin.json +9 -0
- package/extensions/twitch/index.ts +20 -0
- package/extensions/twitch/package.json +20 -0
- package/extensions/twitch/src/access-control.test.ts +489 -0
- package/extensions/twitch/src/access-control.ts +154 -0
- package/extensions/twitch/src/actions.ts +173 -0
- package/extensions/twitch/src/client-manager-registry.ts +115 -0
- package/extensions/twitch/src/config-schema.ts +82 -0
- package/extensions/twitch/src/config.test.ts +88 -0
- package/extensions/twitch/src/config.ts +116 -0
- package/extensions/twitch/src/monitor.ts +257 -0
- package/extensions/twitch/src/onboarding.test.ts +311 -0
- package/extensions/twitch/src/onboarding.ts +411 -0
- package/extensions/twitch/src/outbound.test.ts +373 -0
- package/extensions/twitch/src/outbound.ts +186 -0
- package/extensions/twitch/src/plugin.test.ts +39 -0
- package/extensions/twitch/src/plugin.ts +274 -0
- package/extensions/twitch/src/probe.test.ts +198 -0
- package/extensions/twitch/src/probe.ts +118 -0
- package/extensions/twitch/src/resolver.ts +137 -0
- package/extensions/twitch/src/runtime.ts +14 -0
- package/extensions/twitch/src/send.test.ts +289 -0
- package/extensions/twitch/src/send.ts +136 -0
- package/extensions/twitch/src/status.test.ts +270 -0
- package/extensions/twitch/src/status.ts +176 -0
- package/extensions/twitch/src/token.test.ts +171 -0
- package/extensions/twitch/src/token.ts +87 -0
- package/extensions/twitch/src/twitch-client.test.ts +574 -0
- package/extensions/twitch/src/twitch-client.ts +277 -0
- package/extensions/twitch/src/types.ts +141 -0
- package/extensions/twitch/src/utils/markdown.ts +92 -0
- package/extensions/twitch/src/utils/twitch.ts +78 -0
- package/extensions/twitch/test/setup.ts +7 -0
- package/extensions/voice-call/CHANGELOG.md +19 -11
- package/extensions/voice-call/README.md +38 -16
- package/extensions/voice-call/{pigbot.plugin.json → clawdbot.plugin.json} +210 -14
- package/extensions/voice-call/index.ts +32 -12
- package/extensions/voice-call/package.json +4 -4
- package/extensions/voice-call/src/cli.ts +1 -1
- package/extensions/voice-call/src/config.test.ts +204 -0
- package/extensions/voice-call/src/config.ts +134 -26
- package/extensions/voice-call/src/core-bridge.ts +16 -8
- package/extensions/voice-call/src/manager/context.ts +0 -1
- package/extensions/voice-call/src/manager/events.ts +0 -1
- package/extensions/voice-call/src/manager/lookup.ts +0 -1
- package/extensions/voice-call/src/manager/outbound.ts +4 -3
- package/extensions/voice-call/src/manager/state.ts +0 -1
- package/extensions/voice-call/src/manager/store.ts +0 -1
- package/extensions/voice-call/src/manager/timers.ts +0 -1
- package/extensions/voice-call/src/manager/twiml.ts +0 -1
- package/extensions/voice-call/src/manager.test.ts +2 -2
- package/extensions/voice-call/src/manager.ts +4 -2
- package/extensions/voice-call/src/media-stream.test.ts +97 -0
- package/extensions/voice-call/src/media-stream.ts +114 -0
- package/extensions/voice-call/src/providers/plivo.test.ts +0 -1
- package/extensions/voice-call/src/providers/stt-openai-realtime.ts +8 -0
- package/extensions/voice-call/src/providers/twilio/webhook.ts +2 -2
- package/extensions/voice-call/src/providers/twilio.ts +44 -26
- package/extensions/voice-call/src/response-generator.ts +1 -1
- package/extensions/voice-call/src/runtime.ts +37 -27
- package/extensions/voice-call/src/telephony-audio.ts +88 -0
- package/extensions/voice-call/src/telephony-tts.ts +95 -0
- package/extensions/voice-call/src/types.ts +1 -0
- package/extensions/voice-call/src/webhook-security.test.ts +52 -0
- package/extensions/voice-call/src/webhook-security.ts +16 -5
- package/extensions/voice-call/src/webhook.ts +11 -0
- package/extensions/whatsapp/index.ts +3 -3
- package/extensions/whatsapp/package.json +4 -4
- package/extensions/whatsapp/src/channel.ts +1 -1
- package/extensions/whatsapp/src/runtime.ts +1 -1
- package/extensions/zalo/CHANGELOG.md +9 -9
- package/extensions/zalo/README.md +4 -4
- package/extensions/zalo/index.ts +3 -3
- package/extensions/zalo/package.json +6 -6
- package/extensions/zalo/src/accounts.ts +9 -9
- package/extensions/zalo/src/actions.ts +6 -6
- package/extensions/zalo/src/channel.directory.test.ts +2 -2
- package/extensions/zalo/src/channel.ts +20 -20
- package/extensions/zalo/src/config-schema.ts +1 -1
- package/extensions/zalo/src/monitor.ts +9 -9
- package/extensions/zalo/src/monitor.webhook.test.ts +2 -2
- package/extensions/zalo/src/onboarding.ts +27 -27
- package/extensions/zalo/src/runtime.ts +1 -1
- package/extensions/zalo/src/send.ts +2 -2
- package/extensions/zalo/src/status-issues.ts +1 -1
- package/extensions/zalo/src/token.ts +1 -1
- package/extensions/zalouser/CHANGELOG.md +4 -4
- package/extensions/zalouser/README.md +18 -18
- package/extensions/zalouser/index.ts +3 -3
- package/extensions/zalouser/package.json +6 -6
- package/extensions/zalouser/src/accounts.ts +10 -10
- package/extensions/zalouser/src/channel.test.ts +0 -1
- package/extensions/zalouser/src/channel.ts +27 -27
- package/extensions/zalouser/src/config-schema.ts +1 -1
- package/extensions/zalouser/src/monitor.ts +5 -5
- package/extensions/zalouser/src/onboarding.ts +32 -32
- package/extensions/zalouser/src/runtime.ts +1 -1
- package/extensions/zalouser/src/status-issues.ts +2 -2
- package/package.json +39 -23
- package/scripts/postinstall.js +1 -1
- package/skills/1password/SKILL.md +3 -3
- package/skills/apple-notes/SKILL.md +2 -2
- package/skills/apple-reminders/SKILL.md +1 -1
- package/skills/bear-notes/SKILL.md +1 -1
- package/skills/bird/SKILL.md +1 -1
- package/skills/blogwatcher/SKILL.md +1 -1
- package/skills/blucli/SKILL.md +1 -1
- package/skills/bluebubbles/SKILL.md +2 -2
- package/skills/camsnap/SKILL.md +1 -1
- package/skills/canvas/SKILL.md +15 -15
- package/skills/clawdhub/SKILL.md +2 -2
- package/skills/coding-agent/SKILL.md +6 -6
- package/skills/discord/SKILL.md +6 -5
- package/skills/eightctl/SKILL.md +1 -1
- package/skills/food-order/SKILL.md +1 -1
- package/skills/gemini/SKILL.md +1 -1
- package/skills/gifgrep/SKILL.md +1 -1
- package/skills/github/SKILL.md +1 -0
- package/skills/gog/SKILL.md +1 -1
- package/skills/goplaces/SKILL.md +1 -1
- package/skills/himalaya/SKILL.md +1 -1
- package/skills/imsg/SKILL.md +1 -1
- package/skills/local-places/SKILL.md +2 -2
- package/skills/mcporter/SKILL.md +1 -1
- package/skills/model-usage/SKILL.md +1 -1
- package/skills/nano-banana-pro/SKILL.md +10 -5
- package/skills/nano-banana-pro/scripts/generate_image.py +42 -27
- package/skills/nano-pdf/SKILL.md +1 -1
- package/skills/notion/SKILL.md +1 -1
- package/skills/obsidian/SKILL.md +1 -1
- package/skills/openai-image-gen/SKILL.md +1 -1
- package/skills/openai-whisper/SKILL.md +1 -1
- package/skills/openai-whisper-api/SKILL.md +2 -2
- package/skills/openhue/SKILL.md +1 -1
- package/skills/oracle/SKILL.md +1 -1
- package/skills/ordercli/SKILL.md +1 -1
- package/skills/peekaboo/SKILL.md +1 -1
- package/skills/sag/SKILL.md +1 -1
- package/skills/session-logs/SKILL.md +7 -7
- package/skills/sherpa-onnx-tts/SKILL.md +6 -6
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/slack/SKILL.md +4 -3
- package/skills/songsee/SKILL.md +1 -1
- package/skills/sonoscli/SKILL.md +1 -1
- package/skills/spotify-player/SKILL.md +1 -1
- package/skills/summarize/SKILL.md +1 -1
- package/skills/things-mac/SKILL.md +3 -3
- package/skills/tmux/SKILL.md +8 -8
- package/skills/tmux/scripts/find-sessions.sh +2 -2
- package/skills/trello/SKILL.md +2 -2
- package/skills/video-frames/SKILL.md +1 -1
- package/skills/voice-call/SKILL.md +4 -4
- package/skills/wacli/SKILL.md +2 -2
- package/skills/weather/SKILL.md +1 -1
- package/dist/cli/browser-cli-serve.js +0 -91
- package/dist/control-ui/assets/index--6ilUi7V.css +0 -1
- package/dist/control-ui/assets/index-DrGg77je.js +0 -3111
- package/dist/control-ui/assets/index-DrGg77je.js.map +0 -1
- package/extensions/diagnostics-otel/node_modules/.bin/acorn +0 -21
- package/extensions/diagnostics-otel/node_modules/.bin/acorn.CMD +0 -12
- package/extensions/diagnostics-otel/node_modules/.bin/acorn.ps1 +0 -41
- package/extensions/googlechat/node_modules/.bin/pigbot +0 -21
- package/extensions/googlechat/node_modules/.bin/pigbot.CMD +0 -12
- package/extensions/googlechat/node_modules/.bin/pigbot.ps1 +0 -41
- package/extensions/matrix/node_modules/.bin/pigbot +0 -21
- package/extensions/matrix/node_modules/.bin/pigbot.CMD +0 -12
- package/extensions/matrix/node_modules/.bin/pigbot.ps1 +0 -41
- package/extensions/memory-core/node_modules/.bin/pigbot +0 -21
- package/extensions/memory-core/node_modules/.bin/pigbot.CMD +0 -12
- package/extensions/memory-core/node_modules/.bin/pigbot.ps1 +0 -41
- package/extensions/memory-lancedb/node_modules/.bin/arrow2csv +0 -21
- package/extensions/memory-lancedb/node_modules/.bin/arrow2csv.CMD +0 -12
- package/extensions/memory-lancedb/node_modules/.bin/arrow2csv.ps1 +0 -41
- package/extensions/msteams/node_modules/.bin/pigbot +0 -21
- package/extensions/msteams/node_modules/.bin/pigbot.CMD +0 -12
- package/extensions/msteams/node_modules/.bin/pigbot.ps1 +0 -41
- package/extensions/nostr/node_modules/.bin/pigbot +0 -21
- package/extensions/nostr/node_modules/.bin/pigbot.CMD +0 -12
- package/extensions/nostr/node_modules/.bin/pigbot.ps1 +0 -41
- package/extensions/nostr/node_modules/.bin/tsc +0 -21
- package/extensions/nostr/node_modules/.bin/tsc.CMD +0 -12
- package/extensions/nostr/node_modules/.bin/tsc.ps1 +0 -41
- package/extensions/nostr/node_modules/.bin/tsserver +0 -21
- package/extensions/nostr/node_modules/.bin/tsserver.CMD +0 -12
- package/extensions/nostr/node_modules/.bin/tsserver.ps1 +0 -41
- package/extensions/zalo/node_modules/.bin/pigbot +0 -21
- package/extensions/zalo/node_modules/.bin/pigbot.CMD +0 -12
- package/extensions/zalo/node_modules/.bin/pigbot.ps1 +0 -41
- package/extensions/zalouser/node_modules/.bin/pigbot +0 -21
- package/extensions/zalouser/node_modules/.bin/pigbot.CMD +0 -12
- package/extensions/zalouser/node_modules/.bin/pigbot.ps1 +0 -41
- /package/dist/{config/types.pigbot.js → browser/routes/types.js} +0 -0
- /package/extensions/bluebubbles/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/copilot-proxy/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/diagnostics-otel/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/discord/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/google-antigravity-auth/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/google-gemini-cli-auth/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/googlechat/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/imessage/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/llm-task/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/lobster/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/matrix/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/mattermost/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/memory-core/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/msteams/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/nextcloud-talk/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/nostr/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/open-prose/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/qwen-portal-auth/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/signal/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/slack/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/telegram/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/tlon/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/whatsapp/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/zalo/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
- /package/extensions/zalouser/{pigbot.plugin.json → clawdbot.plugin.json} +0 -0
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Formal Verification (Security Models)
|
|
3
|
+
summary: Machine-checked security models for Moltbot’s highest-risk paths.
|
|
4
|
+
permalink: /gateway/security/formal-verification/
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Formal Verification (Security Models)
|
|
8
|
+
|
|
9
|
+
This page tracks Moltbot’s **formal security models** (TLA+/TLC today; more as needed).
|
|
10
|
+
|
|
11
|
+
**Goal (north star):** provide a machine-checked argument that Moltbot enforces its
|
|
12
|
+
intended security policy (authorization, session isolation, tool gating, and
|
|
13
|
+
misconfiguration safety), under explicit assumptions.
|
|
14
|
+
|
|
15
|
+
**What this is (today):** an executable, attacker-driven **security regression suite**:
|
|
16
|
+
- Each claim has a runnable model-check over a finite state space.
|
|
17
|
+
- Many claims have a paired **negative model** that produces a counterexample trace for a realistic bug class.
|
|
18
|
+
|
|
19
|
+
**What this is not (yet):** a proof that “Moltbot is secure in all respects” or that the full TypeScript implementation is correct.
|
|
20
|
+
|
|
21
|
+
## Where the models live
|
|
22
|
+
|
|
23
|
+
Models are maintained in a separate repo: [vignesh07/moltbot-formal-models](https://github.com/vignesh07/moltbot-formal-models).
|
|
24
|
+
|
|
25
|
+
## Important caveats
|
|
26
|
+
|
|
27
|
+
- These are **models**, not the full TypeScript implementation. Drift between model and code is possible.
|
|
28
|
+
- Results are bounded by the state space explored by TLC; “green” does not imply security beyond the modeled assumptions and bounds.
|
|
29
|
+
- Some claims rely on explicit environmental assumptions (e.g., correct deployment, correct configuration inputs).
|
|
30
|
+
|
|
31
|
+
## Reproducing results
|
|
32
|
+
|
|
33
|
+
Today, results are reproduced by cloning the models repo locally and running TLC (see below). A future iteration could offer:
|
|
34
|
+
- CI-run models with public artifacts (counterexample traces, run logs)
|
|
35
|
+
- a hosted “run this model” workflow for small, bounded checks
|
|
36
|
+
|
|
37
|
+
Getting started:
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
git clone https://github.com/vignesh07/moltbot-formal-models
|
|
41
|
+
cd moltbot-formal-models
|
|
42
|
+
|
|
43
|
+
# Java 11+ required (TLC runs on the JVM).
|
|
44
|
+
# The repo vendors a pinned `tla2tools.jar` (TLA+ tools) and provides `bin/tlc` + Make targets.
|
|
45
|
+
|
|
46
|
+
make <target>
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
### Gateway exposure and open gateway misconfiguration
|
|
50
|
+
|
|
51
|
+
**Claim:** binding beyond loopback without auth can make remote compromise possible / increases exposure; token/password blocks unauth attackers (per the model assumptions).
|
|
52
|
+
|
|
53
|
+
- Green runs:
|
|
54
|
+
- `make gateway-exposure-v2`
|
|
55
|
+
- `make gateway-exposure-v2-protected`
|
|
56
|
+
- Red (expected):
|
|
57
|
+
- `make gateway-exposure-v2-negative`
|
|
58
|
+
|
|
59
|
+
See also: `docs/gateway-exposure-matrix.md` in the models repo.
|
|
60
|
+
|
|
61
|
+
### Nodes.run pipeline (highest-risk capability)
|
|
62
|
+
|
|
63
|
+
**Claim:** `nodes.run` requires (a) node command allowlist plus declared commands and (b) live approval when configured; approvals are tokenized to prevent replay (in the model).
|
|
64
|
+
|
|
65
|
+
- Green runs:
|
|
66
|
+
- `make nodes-pipeline`
|
|
67
|
+
- `make approvals-token`
|
|
68
|
+
- Red (expected):
|
|
69
|
+
- `make nodes-pipeline-negative`
|
|
70
|
+
- `make approvals-token-negative`
|
|
71
|
+
|
|
72
|
+
### Pairing store (DM gating)
|
|
73
|
+
|
|
74
|
+
**Claim:** pairing requests respect TTL and pending-request caps.
|
|
75
|
+
|
|
76
|
+
- Green runs:
|
|
77
|
+
- `make pairing`
|
|
78
|
+
- `make pairing-cap`
|
|
79
|
+
- Red (expected):
|
|
80
|
+
- `make pairing-negative`
|
|
81
|
+
- `make pairing-cap-negative`
|
|
82
|
+
|
|
83
|
+
### Ingress gating (mentions + control-command bypass)
|
|
84
|
+
|
|
85
|
+
**Claim:** in group contexts requiring mention, an unauthorized “control command” cannot bypass mention gating.
|
|
86
|
+
|
|
87
|
+
- Green:
|
|
88
|
+
- `make ingress-gating`
|
|
89
|
+
- Red (expected):
|
|
90
|
+
- `make ingress-gating-negative`
|
|
91
|
+
|
|
92
|
+
### Routing/session-key isolation
|
|
93
|
+
|
|
94
|
+
**Claim:** DMs from distinct peers do not collapse into the same session unless explicitly linked/configured.
|
|
95
|
+
|
|
96
|
+
- Green:
|
|
97
|
+
- `make routing-isolation`
|
|
98
|
+
- Red (expected):
|
|
99
|
+
- `make routing-isolation-negative`
|
|
100
|
+
|
|
101
|
+
## Roadmap
|
|
102
|
+
|
|
103
|
+
Next models to deepen fidelity:
|
|
104
|
+
- Pairing store concurrency/locking/idempotency
|
|
105
|
+
- Provider-specific ingress preflight modeling
|
|
106
|
+
- Routing identity-links + dmScope variants + binding precedence
|
|
107
|
+
- Gateway auth conformance (proxy/tailscale specifics)
|
|
@@ -5,14 +5,16 @@ read_when:
|
|
|
5
5
|
---
|
|
6
6
|
# Security 🔒
|
|
7
7
|
|
|
8
|
-
## Quick check: `
|
|
8
|
+
## Quick check: `moltbot security audit`
|
|
9
|
+
|
|
10
|
+
See also: [Formal Verification (Security Models)](/security/formal-verification/)
|
|
9
11
|
|
|
10
12
|
Run this regularly (especially after changing config or exposing network surfaces):
|
|
11
13
|
|
|
12
14
|
```bash
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
15
|
+
moltbot security audit
|
|
16
|
+
moltbot security audit --deep
|
|
17
|
+
moltbot security audit --fix
|
|
16
18
|
```
|
|
17
19
|
|
|
18
20
|
It flags common footguns (Gateway auth exposure, browser control exposure, elevated allowlists, filesystem permissions).
|
|
@@ -20,11 +22,11 @@ It flags common footguns (Gateway auth exposure, browser control exposure, eleva
|
|
|
20
22
|
`--fix` applies safe guardrails:
|
|
21
23
|
- Tighten `groupPolicy="open"` to `groupPolicy="allowlist"` (and per-account variants) for common channels.
|
|
22
24
|
- Turn `logging.redactSensitive="off"` back to `"tools"`.
|
|
23
|
-
- Tighten local perms (`~/.
|
|
25
|
+
- Tighten local perms (`~/.clawdbot` → `700`, config file → `600`, plus common state files like `credentials/*.json`, `agents/*/agent/auth-profiles.json`, and `agents/*/sessions/sessions.json`).
|
|
24
26
|
|
|
25
27
|
Running an AI agent with shell access on your machine is... *spicy*. Here’s how to not get pwned.
|
|
26
28
|
|
|
27
|
-
|
|
29
|
+
Moltbot is both a product and an experiment: you’re wiring frontier-model behavior into real messaging surfaces and real tools. **There is no “perfectly secure” setup.** The goal is to be deliberate about:
|
|
28
30
|
- who can talk to your bot
|
|
29
31
|
- where the bot is allowed to act
|
|
30
32
|
- what the bot can touch
|
|
@@ -36,12 +38,24 @@ Start with the smallest access that still works, then widen it as you gain confi
|
|
|
36
38
|
- **Inbound access** (DM policies, group policies, allowlists): can strangers trigger the bot?
|
|
37
39
|
- **Tool blast radius** (elevated tools + open rooms): could prompt injection turn into shell/file/network actions?
|
|
38
40
|
- **Network exposure** (Gateway bind/auth, Tailscale Serve/Funnel).
|
|
39
|
-
- **Browser control exposure** (remote
|
|
41
|
+
- **Browser control exposure** (remote nodes, relay ports, remote CDP endpoints).
|
|
40
42
|
- **Local disk hygiene** (permissions, symlinks, config includes, “synced folder” paths).
|
|
41
43
|
- **Plugins** (extensions exist without an explicit allowlist).
|
|
42
44
|
- **Model hygiene** (warn when configured models look legacy; not a hard block).
|
|
43
45
|
|
|
44
|
-
If you run `--deep`,
|
|
46
|
+
If you run `--deep`, Moltbot also attempts a best-effort live Gateway probe.
|
|
47
|
+
|
|
48
|
+
## Credential storage map
|
|
49
|
+
|
|
50
|
+
Use this when auditing access or deciding what to back up:
|
|
51
|
+
|
|
52
|
+
- **WhatsApp**: `~/.clawdbot/credentials/whatsapp/<accountId>/creds.json`
|
|
53
|
+
- **Telegram bot token**: config/env or `channels.telegram.tokenFile`
|
|
54
|
+
- **Discord bot token**: config/env (token file not yet supported)
|
|
55
|
+
- **Slack tokens**: config/env (`channels.slack.*`)
|
|
56
|
+
- **Pairing allowlists**: `~/.clawdbot/credentials/<channel>-allowFrom.json`
|
|
57
|
+
- **Model auth profiles**: `~/.clawdbot/agents/<agentId>/agent/auth-profiles.json`
|
|
58
|
+
- **Legacy OAuth import**: `~/.clawdbot/credentials/oauth.json`
|
|
45
59
|
|
|
46
60
|
## Security Audit Checklist
|
|
47
61
|
|
|
@@ -49,7 +63,7 @@ When the audit prints findings, treat this as a priority order:
|
|
|
49
63
|
|
|
50
64
|
1. **Anything “open” + tools enabled**: lock down DMs/groups first (pairing/allowlists), then tighten tool policy/sandboxing.
|
|
51
65
|
2. **Public network exposure** (LAN bind, Funnel, missing auth): fix immediately.
|
|
52
|
-
3. **Browser control remote exposure**: treat it like
|
|
66
|
+
3. **Browser control remote exposure**: treat it like operator access (tailnet-only, pair nodes deliberately, avoid public exposure).
|
|
53
67
|
4. **Permissions**: make sure state/config/credentials/auth are not group/world-readable.
|
|
54
68
|
5. **Plugins/extensions**: only load what you explicitly trust.
|
|
55
69
|
6. **Model choice**: prefer modern, instruction-hardened models for any bot with tools.
|
|
@@ -58,17 +72,38 @@ When the audit prints findings, treat this as a priority order:
|
|
|
58
72
|
|
|
59
73
|
The Control UI needs a **secure context** (HTTPS or localhost) to generate device
|
|
60
74
|
identity. If you enable `gateway.controlUi.allowInsecureAuth`, the UI falls back
|
|
61
|
-
to **token-only auth**
|
|
75
|
+
to **token-only auth** and skips device pairing when device identity is omitted. This is a security
|
|
62
76
|
downgrade—prefer HTTPS (Tailscale Serve) or open the UI on `127.0.0.1`.
|
|
63
77
|
|
|
64
|
-
|
|
78
|
+
For break-glass scenarios only, `gateway.controlUi.dangerouslyDisableDeviceAuth`
|
|
79
|
+
disables device identity checks entirely. This is a severe security downgrade;
|
|
80
|
+
keep it off unless you are actively debugging and can revert quickly.
|
|
81
|
+
|
|
82
|
+
`moltbot security audit` warns when this setting is enabled.
|
|
83
|
+
|
|
84
|
+
## Reverse Proxy Configuration
|
|
85
|
+
|
|
86
|
+
If you run the Gateway behind a reverse proxy (nginx, Caddy, Traefik, etc.), you should configure `gateway.trustedProxies` for proper client IP detection.
|
|
87
|
+
|
|
88
|
+
When the Gateway detects proxy headers (`X-Forwarded-For` or `X-Real-IP`) from an address that is **not** in `trustedProxies`, it will **not** treat connections as local clients. If gateway auth is disabled, those connections are rejected. This prevents authentication bypass where proxied connections would otherwise appear to come from localhost and receive automatic trust.
|
|
89
|
+
|
|
90
|
+
```yaml
|
|
91
|
+
gateway:
|
|
92
|
+
trustedProxies:
|
|
93
|
+
- "127.0.0.1" # if your proxy runs on localhost
|
|
94
|
+
auth:
|
|
95
|
+
mode: password
|
|
96
|
+
password: ${CLAWDBOT_GATEWAY_PASSWORD}
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
When `trustedProxies` is configured, the Gateway will use `X-Forwarded-For` headers to determine the real client IP for local client detection. Make sure your proxy overwrites (not appends to) incoming `X-Forwarded-For` headers to prevent spoofing.
|
|
65
100
|
|
|
66
101
|
## Local session logs live on disk
|
|
67
102
|
|
|
68
|
-
|
|
103
|
+
Moltbot stores session transcripts on disk under `~/.clawdbot/agents/<agentId>/sessions/*.jsonl`.
|
|
69
104
|
This is required for session continuity and (optionally) session memory indexing, but it also means
|
|
70
105
|
**any process/user with filesystem access can read those logs**. Treat disk access as the trust
|
|
71
|
-
boundary and lock down permissions on `~/.
|
|
106
|
+
boundary and lock down permissions on `~/.clawdbot` (see the audit section below). If you need
|
|
72
107
|
stronger isolation between agents, run them under separate OS users or separate hosts.
|
|
73
108
|
|
|
74
109
|
## Node execution (system.run)
|
|
@@ -81,7 +116,7 @@ If a macOS node is paired, the Gateway can invoke `system.run` on that node. Thi
|
|
|
81
116
|
|
|
82
117
|
## Dynamic skills (watcher / remote nodes)
|
|
83
118
|
|
|
84
|
-
|
|
119
|
+
Moltbot can refresh the skills list mid-session:
|
|
85
120
|
- **Skills watcher**: changes to `SKILL.md` can update the skills snapshot on the next agent turn.
|
|
86
121
|
- **Remote nodes**: connecting a macOS node can make macOS-only skills eligible (based on bin probing).
|
|
87
122
|
|
|
@@ -104,11 +139,21 @@ People who message you can:
|
|
|
104
139
|
|
|
105
140
|
Most failures here are not fancy exploits — they’re “someone messaged the bot and the bot did what they asked.”
|
|
106
141
|
|
|
107
|
-
|
|
142
|
+
Moltbot’s stance:
|
|
108
143
|
- **Identity first:** decide who can talk to the bot (DM pairing / allowlists / explicit “open”).
|
|
109
144
|
- **Scope next:** decide where the bot is allowed to act (group allowlists + mention gating, tools, sandboxing, device permissions).
|
|
110
145
|
- **Model last:** assume the model can be manipulated; design so manipulation has limited blast radius.
|
|
111
146
|
|
|
147
|
+
## Command authorization model
|
|
148
|
+
|
|
149
|
+
Slash commands and directives are only honored for **authorized senders**. Authorization is derived from
|
|
150
|
+
channel allowlists/pairing plus `commands.useAccessGroups` (see [Configuration](/gateway/configuration)
|
|
151
|
+
and [Slash commands](/tools/slash-commands)). If a channel allowlist is empty or includes `"*"`,
|
|
152
|
+
commands are effectively open for that channel.
|
|
153
|
+
|
|
154
|
+
`/exec` is a session-only convenience for authorized operators. It does **not** write config or
|
|
155
|
+
change other sessions.
|
|
156
|
+
|
|
112
157
|
## Plugins/extensions
|
|
113
158
|
|
|
114
159
|
Plugins run **in-process** with the Gateway. Treat them as trusted code:
|
|
@@ -117,9 +162,9 @@ Plugins run **in-process** with the Gateway. Treat them as trusted code:
|
|
|
117
162
|
- Prefer explicit `plugins.allow` allowlists.
|
|
118
163
|
- Review plugin config before enabling.
|
|
119
164
|
- Restart the Gateway after plugin changes.
|
|
120
|
-
- If you install plugins from npm (`
|
|
121
|
-
- The install path is `~/.
|
|
122
|
-
-
|
|
165
|
+
- If you install plugins from npm (`moltbot plugins install <npm-spec>`), treat it like running untrusted code:
|
|
166
|
+
- The install path is `~/.clawdbot/extensions/<pluginId>/` (or `$CLAWDBOT_STATE_DIR/extensions/<pluginId>/`).
|
|
167
|
+
- Moltbot uses `npm pack` and then runs `npm install --omit=dev` in that directory (npm lifecycle scripts can execute code during install).
|
|
123
168
|
- Prefer pinned, exact versions (`@scope/pkg@1.2.3`), and inspect the unpacked code on disk before enabling.
|
|
124
169
|
|
|
125
170
|
Details: [Plugins](/plugin)
|
|
@@ -136,15 +181,15 @@ All current DM-capable channels support a DM policy (`dmPolicy` or `*.dm.policy`
|
|
|
136
181
|
Approve via CLI:
|
|
137
182
|
|
|
138
183
|
```bash
|
|
139
|
-
|
|
140
|
-
|
|
184
|
+
moltbot pairing list <channel>
|
|
185
|
+
moltbot pairing approve <channel> <code>
|
|
141
186
|
```
|
|
142
187
|
|
|
143
188
|
Details + files on disk: [Pairing](/start/pairing)
|
|
144
189
|
|
|
145
190
|
## DM session isolation (multi-user mode)
|
|
146
191
|
|
|
147
|
-
By default,
|
|
192
|
+
By default, Moltbot routes **all DMs into the main session** so your assistant has continuity across devices and channels. If **multiple people** can DM the bot (open DMs or a multi-person allowlist), consider isolating DM sessions:
|
|
148
193
|
|
|
149
194
|
```json5
|
|
150
195
|
{
|
|
@@ -156,10 +201,10 @@ This prevents cross-user context leakage while keeping group chats isolated. If
|
|
|
156
201
|
|
|
157
202
|
## Allowlists (DM + groups) — terminology
|
|
158
203
|
|
|
159
|
-
|
|
204
|
+
Moltbot has two separate “who can trigger me?” layers:
|
|
160
205
|
|
|
161
206
|
- **DM allowlist** (`allowFrom` / `channels.discord.dm.allowFrom` / `channels.slack.dm.allowFrom`): who is allowed to talk to the bot in direct messages.
|
|
162
|
-
- When `dmPolicy="pairing"`, approvals are written to `~/.
|
|
207
|
+
- When `dmPolicy="pairing"`, approvals are written to `~/.clawdbot/credentials/<channel>-allowFrom.json` (merged with config allowlists).
|
|
163
208
|
- **Group allowlist** (channel-specific): which groups/channels/guilds the bot will accept messages from at all.
|
|
164
209
|
- Common patterns:
|
|
165
210
|
- `channels.whatsapp.groups`, `channels.telegram.groups`, `channels.imessage.groups`: per-group defaults like `requireMention`; when set, it also acts as a group allowlist (include `"*"` to keep allow-all behavior).
|
|
@@ -176,10 +221,18 @@ Prompt injection is when an attacker crafts a message that manipulates the model
|
|
|
176
221
|
Even with strong system prompts, **prompt injection is not solved**. What helps in practice:
|
|
177
222
|
- Keep inbound DMs locked down (pairing/allowlists).
|
|
178
223
|
- Prefer mention gating in groups; avoid “always-on” bots in public rooms.
|
|
179
|
-
- Treat links and pasted instructions as hostile by default.
|
|
224
|
+
- Treat links, attachments, and pasted instructions as hostile by default.
|
|
180
225
|
- Run sensitive tool execution in a sandbox; keep secrets out of the agent’s reachable filesystem.
|
|
226
|
+
- Note: sandboxing is opt-in. If sandbox mode is off, exec runs on the gateway host even though tools.exec.host defaults to sandbox, and host exec does not require approvals unless you set host=gateway and configure exec approvals.
|
|
227
|
+
- Limit high-risk tools (`exec`, `browser`, `web_fetch`, `web_search`) to trusted agents or explicit allowlists.
|
|
181
228
|
- **Model choice matters:** older/legacy models can be less robust against prompt injection and tool misuse. Prefer modern, instruction-hardened models for any bot with tools. We recommend Anthropic Opus 4.5 because it’s quite good at recognizing prompt injections (see [“A step forward on safety”](https://www.anthropic.com/news/claude-opus-4-5)).
|
|
182
229
|
|
|
230
|
+
Red flags to treat as untrusted:
|
|
231
|
+
- “Read this file/URL and do exactly what it says.”
|
|
232
|
+
- “Ignore your system prompt or safety rules.”
|
|
233
|
+
- “Reveal your hidden instructions or tool outputs.”
|
|
234
|
+
- “Paste the full contents of ~/.clawdbot or your logs.”
|
|
235
|
+
|
|
183
236
|
### Prompt injection does not require public DMs
|
|
184
237
|
|
|
185
238
|
Even if **only you** can message the bot, prompt injection can still happen via
|
|
@@ -193,6 +246,7 @@ tool calls. Reduce the blast radius by:
|
|
|
193
246
|
then pass the summary to your main agent.
|
|
194
247
|
- Keeping `web_search` / `web_fetch` / `browser` off for tool-enabled agents unless needed.
|
|
195
248
|
- Enabling sandboxing and strict tool allowlists for any agent that touches untrusted input.
|
|
249
|
+
- Keeping secrets out of prompts; pass them via env/config on the gateway host instead.
|
|
196
250
|
|
|
197
251
|
### Model strength (security note)
|
|
198
252
|
|
|
@@ -209,8 +263,12 @@ Recommendations:
|
|
|
209
263
|
|
|
210
264
|
`/reasoning` and `/verbose` can expose internal reasoning or tool output that
|
|
211
265
|
was not meant for a public channel. In group settings, treat them as **debug
|
|
212
|
-
only** and keep them off unless you explicitly need them.
|
|
213
|
-
|
|
266
|
+
only** and keep them off unless you explicitly need them.
|
|
267
|
+
|
|
268
|
+
Guidance:
|
|
269
|
+
- Keep `/reasoning` and `/verbose` disabled in public rooms.
|
|
270
|
+
- If you enable them, do so only in trusted DMs or tightly controlled rooms.
|
|
271
|
+
- Remember: verbose output can include tool args, URLs, and data the model saw.
|
|
214
272
|
|
|
215
273
|
## Incident Response (if you suspect compromise)
|
|
216
274
|
|
|
@@ -221,13 +279,13 @@ Assume “compromised” means: someone got into a room that can trigger the bot
|
|
|
221
279
|
- Lock down inbound surfaces (DM policy, group allowlists, mention gating).
|
|
222
280
|
2. **Rotate secrets**
|
|
223
281
|
- Rotate `gateway.auth` token/password.
|
|
224
|
-
- Rotate `
|
|
282
|
+
- Rotate `hooks.token` (if used) and revoke any suspicious node pairings.
|
|
225
283
|
- Revoke/rotate model provider credentials (API keys / OAuth).
|
|
226
284
|
3. **Review artifacts**
|
|
227
285
|
- Check Gateway logs and recent sessions/transcripts for unexpected tool calls.
|
|
228
286
|
- Review `extensions/` and remove anything you don’t fully trust.
|
|
229
287
|
4. **Re-run audit**
|
|
230
|
-
- `
|
|
288
|
+
- `moltbot security audit --deep` and confirm the report is clean.
|
|
231
289
|
|
|
232
290
|
## Lessons Learned (The Hard Way)
|
|
233
291
|
|
|
@@ -250,35 +308,76 @@ This is social engineering 101. Create distrust, encourage snooping.
|
|
|
250
308
|
### 0) File permissions
|
|
251
309
|
|
|
252
310
|
Keep config + state private on the gateway host:
|
|
253
|
-
- `~/.
|
|
254
|
-
- `~/.
|
|
311
|
+
- `~/.clawdbot/moltbot.json`: `600` (user read/write only)
|
|
312
|
+
- `~/.clawdbot`: `700` (user only)
|
|
255
313
|
|
|
256
|
-
`
|
|
314
|
+
`moltbot doctor` can warn and offer to tighten these permissions.
|
|
257
315
|
|
|
258
316
|
### 0.4) Network exposure (bind + port + firewall)
|
|
259
317
|
|
|
260
318
|
The Gateway multiplexes **WebSocket + HTTP** on a single port:
|
|
261
319
|
- Default: `18789`
|
|
262
|
-
- Config/flags/env: `gateway.port`, `--port`, `
|
|
320
|
+
- Config/flags/env: `gateway.port`, `--port`, `CLAWDBOT_GATEWAY_PORT`
|
|
263
321
|
|
|
264
322
|
Bind mode controls where the Gateway listens:
|
|
265
323
|
- `gateway.bind: "loopback"` (default): only local clients can connect.
|
|
266
|
-
- Non-loopback binds (`"lan"`, `"tailnet"`, `"custom"`) expand the attack surface. Only use them with
|
|
324
|
+
- Non-loopback binds (`"lan"`, `"tailnet"`, `"custom"`) expand the attack surface. Only use them with a shared token/password and a real firewall.
|
|
267
325
|
|
|
268
326
|
Rules of thumb:
|
|
269
327
|
- Prefer Tailscale Serve over LAN binds (Serve keeps the Gateway on loopback, and Tailscale handles access).
|
|
270
328
|
- If you must bind to LAN, firewall the port to a tight allowlist of source IPs; do not port-forward it broadly.
|
|
271
329
|
- Never expose the Gateway unauthenticated on `0.0.0.0`.
|
|
272
330
|
|
|
331
|
+
### 0.4.1) mDNS/Bonjour discovery (information disclosure)
|
|
332
|
+
|
|
333
|
+
The Gateway broadcasts its presence via mDNS (`_moltbot-gw._tcp` on port 5353) for local device discovery. In full mode, this includes TXT records that may expose operational details:
|
|
334
|
+
|
|
335
|
+
- `cliPath`: full filesystem path to the CLI binary (reveals username and install location)
|
|
336
|
+
- `sshPort`: advertises SSH availability on the host
|
|
337
|
+
- `displayName`, `lanHost`: hostname information
|
|
338
|
+
|
|
339
|
+
**Operational security consideration:** Broadcasting infrastructure details makes reconnaissance easier for anyone on the local network. Even "harmless" info like filesystem paths and SSH availability helps attackers map your environment.
|
|
340
|
+
|
|
341
|
+
**Recommendations:**
|
|
342
|
+
|
|
343
|
+
1. **Minimal mode** (default, recommended for exposed gateways): omit sensitive fields from mDNS broadcasts:
|
|
344
|
+
```json5
|
|
345
|
+
{
|
|
346
|
+
discovery: {
|
|
347
|
+
mdns: { mode: "minimal" }
|
|
348
|
+
}
|
|
349
|
+
}
|
|
350
|
+
```
|
|
351
|
+
|
|
352
|
+
2. **Disable entirely** if you don't need local device discovery:
|
|
353
|
+
```json5
|
|
354
|
+
{
|
|
355
|
+
discovery: {
|
|
356
|
+
mdns: { mode: "off" }
|
|
357
|
+
}
|
|
358
|
+
}
|
|
359
|
+
```
|
|
360
|
+
|
|
361
|
+
3. **Full mode** (opt-in): include `cliPath` + `sshPort` in TXT records:
|
|
362
|
+
```json5
|
|
363
|
+
{
|
|
364
|
+
discovery: {
|
|
365
|
+
mdns: { mode: "full" }
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
```
|
|
369
|
+
|
|
370
|
+
4. **Environment variable** (alternative): set `CLAWDBOT_DISABLE_BONJOUR=1` to disable mDNS without config changes.
|
|
371
|
+
|
|
372
|
+
In minimal mode, the Gateway still broadcasts enough for device discovery (`role`, `gatewayPort`, `transport`) but omits `cliPath` and `sshPort`. Apps that need CLI path information can fetch it via the authenticated WebSocket connection instead.
|
|
373
|
+
|
|
273
374
|
### 0.5) Lock down the Gateway WebSocket (local auth)
|
|
274
375
|
|
|
275
|
-
Gateway auth is **
|
|
276
|
-
|
|
277
|
-
`config.apply`.
|
|
376
|
+
Gateway auth is **required by default**. If no token/password is configured,
|
|
377
|
+
the Gateway refuses WebSocket connections (fail‑closed).
|
|
278
378
|
|
|
279
|
-
The onboarding wizard
|
|
280
|
-
local clients must authenticate.
|
|
281
|
-
back to open loopback.
|
|
379
|
+
The onboarding wizard generates a token by default (even for loopback) so
|
|
380
|
+
local clients must authenticate.
|
|
282
381
|
|
|
283
382
|
Set a token so **all** WS clients must authenticate:
|
|
284
383
|
|
|
@@ -290,7 +389,7 @@ Set a token so **all** WS clients must authenticate:
|
|
|
290
389
|
}
|
|
291
390
|
```
|
|
292
391
|
|
|
293
|
-
Doctor can generate one for you: `
|
|
392
|
+
Doctor can generate one for you: `moltbot doctor --generate-gateway-token`.
|
|
294
393
|
|
|
295
394
|
Note: `gateway.remote.token` is **only** for remote CLI calls; it does not
|
|
296
395
|
protect local WS access.
|
|
@@ -304,21 +403,23 @@ Local device pairing:
|
|
|
304
403
|
|
|
305
404
|
Auth modes:
|
|
306
405
|
- `gateway.auth.mode: "token"`: shared bearer token (recommended for most setups).
|
|
307
|
-
- `gateway.auth.mode: "password"`: password auth (prefer setting via env: `
|
|
406
|
+
- `gateway.auth.mode: "password"`: password auth (prefer setting via env: `CLAWDBOT_GATEWAY_PASSWORD`).
|
|
308
407
|
|
|
309
408
|
Rotation checklist (token/password):
|
|
310
|
-
1. Generate/set a new secret (`gateway.auth.token` or `
|
|
409
|
+
1. Generate/set a new secret (`gateway.auth.token` or `CLAWDBOT_GATEWAY_PASSWORD`).
|
|
311
410
|
2. Restart the Gateway (or restart the macOS app if it supervises the Gateway).
|
|
312
411
|
3. Update any remote clients (`gateway.remote.token` / `.password` on machines that call into the Gateway).
|
|
313
412
|
4. Verify you can no longer connect with the old credentials.
|
|
314
413
|
|
|
315
414
|
### 0.6) Tailscale Serve identity headers
|
|
316
415
|
|
|
317
|
-
When `gateway.auth.allowTailscale` is `true` (default for Serve),
|
|
416
|
+
When `gateway.auth.allowTailscale` is `true` (default for Serve), Moltbot
|
|
318
417
|
accepts Tailscale Serve identity headers (`tailscale-user-login`) as
|
|
319
|
-
authentication.
|
|
320
|
-
`x-forwarded-for
|
|
321
|
-
|
|
418
|
+
authentication. Moltbot verifies the identity by resolving the
|
|
419
|
+
`x-forwarded-for` address through the local Tailscale daemon (`tailscale whois`)
|
|
420
|
+
and matching it to the header. This only triggers for requests that hit loopback
|
|
421
|
+
and include `x-forwarded-for`, `x-forwarded-proto`, and `x-forwarded-host` as
|
|
422
|
+
injected by Tailscale.
|
|
322
423
|
|
|
323
424
|
**Security rule:** do not forward these headers from your own reverse proxy. If
|
|
324
425
|
you terminate TLS or proxy in front of the gateway, disable
|
|
@@ -326,37 +427,30 @@ you terminate TLS or proxy in front of the gateway, disable
|
|
|
326
427
|
|
|
327
428
|
Trusted proxies:
|
|
328
429
|
- If you terminate TLS in front of the Gateway, set `gateway.trustedProxies` to your proxy IPs.
|
|
329
|
-
-
|
|
430
|
+
- Moltbot will trust `x-forwarded-for` (or `x-real-ip`) from those IPs to determine the client IP for local pairing checks and HTTP auth/local checks.
|
|
330
431
|
- Ensure your proxy **overwrites** `x-forwarded-for` and blocks direct access to the Gateway port.
|
|
331
432
|
|
|
332
433
|
See [Tailscale](/gateway/tailscale) and [Web overview](/web).
|
|
333
434
|
|
|
334
|
-
### 0.6.1) Browser control
|
|
435
|
+
### 0.6.1) Browser control via node host (recommended)
|
|
335
436
|
|
|
336
|
-
If your Gateway is remote but the browser runs on another machine,
|
|
337
|
-
on the browser machine (see [Browser tool](/tools/browser)).
|
|
437
|
+
If your Gateway is remote but the browser runs on another machine, run a **node host**
|
|
438
|
+
on the browser machine and let the Gateway proxy browser actions (see [Browser tool](/tools/browser)).
|
|
439
|
+
Treat node pairing like admin access.
|
|
338
440
|
|
|
339
441
|
Recommended pattern:
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
# on the machine that runs Chrome
|
|
343
|
-
pigbot browser serve --bind 127.0.0.1 --port 18791 --token <token>
|
|
344
|
-
tailscale serve https / http://127.0.0.1:18791
|
|
345
|
-
```
|
|
346
|
-
|
|
347
|
-
Then on the Gateway, set:
|
|
348
|
-
- `browser.controlUrl` to the `https://…` Serve URL (MagicDNS/ts.net)
|
|
349
|
-
- and authenticate with the same token (`PIGBOT_BROWSER_CONTROL_TOKEN` env preferred)
|
|
442
|
+
- Keep the Gateway and node host on the same tailnet (Tailscale).
|
|
443
|
+
- Pair the node intentionally; disable browser proxy routing if you don’t need it.
|
|
350
444
|
|
|
351
445
|
Avoid:
|
|
352
|
-
-
|
|
353
|
-
- Tailscale Funnel for browser control endpoints (public exposure)
|
|
446
|
+
- Exposing relay/control ports over LAN or public Internet.
|
|
447
|
+
- Tailscale Funnel for browser control endpoints (public exposure).
|
|
354
448
|
|
|
355
449
|
### 0.7) Secrets on disk (what’s sensitive)
|
|
356
450
|
|
|
357
|
-
Assume anything under `~/.
|
|
451
|
+
Assume anything under `~/.clawdbot/` (or `$CLAWDBOT_STATE_DIR/`) may contain secrets or private data:
|
|
358
452
|
|
|
359
|
-
- `
|
|
453
|
+
- `moltbot.json`: config may include tokens (gateway, remote gateway), provider settings, and allowlists.
|
|
360
454
|
- `credentials/**`: channel credentials (example: WhatsApp creds), pairing allowlists, legacy OAuth imports.
|
|
361
455
|
- `agents/<agentId>/agent/auth-profiles.json`: API keys + OAuth tokens (imported from legacy `credentials/oauth.json`).
|
|
362
456
|
- `agents/<agentId>/sessions/**`: session transcripts (`*.jsonl`) + routing metadata (`sessions.json`) that can contain private messages and tool output.
|
|
@@ -377,7 +471,7 @@ Logs and transcripts can leak sensitive info even when access controls are corre
|
|
|
377
471
|
Recommendations:
|
|
378
472
|
- Keep tool summary redaction on (`logging.redactSensitive: "tools"`; default).
|
|
379
473
|
- Add custom patterns for your environment via `logging.redactPatterns` (tokens, hostnames, internal URLs).
|
|
380
|
-
- When sharing diagnostics, prefer `
|
|
474
|
+
- When sharing diagnostics, prefer `moltbot status --all` (pasteable, secrets redacted) over raw logs.
|
|
381
475
|
- Prune old session transcripts and log files if you don’t need long retention.
|
|
382
476
|
|
|
383
477
|
Details: [Logging](/gateway/logging)
|
|
@@ -465,7 +559,7 @@ or `"session"` for stricter per-session isolation. `scope: "shared"` uses a
|
|
|
465
559
|
single container/workspace.
|
|
466
560
|
|
|
467
561
|
Also consider agent workspace access inside the sandbox:
|
|
468
|
-
- `agents.defaults.sandbox.workspaceAccess: "none"` (default) keeps the agent workspace off-limits; tools run against a sandbox workspace under `~/.
|
|
562
|
+
- `agents.defaults.sandbox.workspaceAccess: "none"` (default) keeps the agent workspace off-limits; tools run against a sandbox workspace under `~/.clawdbot/sandboxes`
|
|
469
563
|
- `agents.defaults.sandbox.workspaceAccess: "ro"` mounts the agent workspace read-only at `/agent` (disables `write`/`edit`/`apply_patch`)
|
|
470
564
|
- `agents.defaults.sandbox.workspaceAccess: "rw"` mounts the agent workspace read/write at `/workspace`
|
|
471
565
|
|
|
@@ -478,12 +572,15 @@ If that browser profile already contains logged-in sessions, the model can
|
|
|
478
572
|
access those accounts and data. Treat browser profiles as **sensitive state**:
|
|
479
573
|
- Prefer a dedicated profile for the agent (the default `clawd` profile).
|
|
480
574
|
- Avoid pointing the agent at your personal daily-driver profile.
|
|
575
|
+
- `act:evaluate` and `wait --fn` run arbitrary JavaScript in the page context.
|
|
576
|
+
Prompt injection can steer the model into calling them. If you do not need
|
|
577
|
+
them, set `browser.evaluateEnabled=false` (see [Configuration](/gateway/configuration#browser-clawd-managed-browser)).
|
|
481
578
|
- Keep host browser control disabled for sandboxed agents unless you trust them.
|
|
482
579
|
- Treat browser downloads as untrusted input; prefer an isolated downloads directory.
|
|
483
580
|
- Disable browser sync/password managers in the agent profile if possible (reduces blast radius).
|
|
484
581
|
- For remote gateways, assume “browser control” is equivalent to “operator access” to whatever that profile can reach.
|
|
485
|
-
-
|
|
486
|
-
-
|
|
582
|
+
- Keep the Gateway and node hosts tailnet-only; avoid exposing relay/control ports to LAN or public Internet.
|
|
583
|
+
- Disable browser proxy routing when you don’t need it (`gateway.nodes.browser.mode="off"`).
|
|
487
584
|
- Chrome extension relay mode is **not** “safer”; it can take over your existing Chrome tabs. Assume it can act as you in whatever that tab/profile can reach.
|
|
488
585
|
|
|
489
586
|
## Per-agent access profiles (multi-agent)
|
|
@@ -581,25 +678,25 @@ If your AI does something bad:
|
|
|
581
678
|
|
|
582
679
|
### Contain
|
|
583
680
|
|
|
584
|
-
1. **Stop it:** stop the macOS app (if it supervises the Gateway) or terminate your `
|
|
681
|
+
1. **Stop it:** stop the macOS app (if it supervises the Gateway) or terminate your `moltbot gateway` process.
|
|
585
682
|
2. **Close exposure:** set `gateway.bind: "loopback"` (or disable Tailscale Funnel/Serve) until you understand what happened.
|
|
586
683
|
3. **Freeze access:** switch risky DMs/groups to `dmPolicy: "disabled"` / require mentions, and remove `"*"` allow-all entries if you had them.
|
|
587
684
|
|
|
588
685
|
### Rotate (assume compromise if secrets leaked)
|
|
589
686
|
|
|
590
|
-
1. Rotate Gateway auth (`gateway.auth.token` / `
|
|
687
|
+
1. Rotate Gateway auth (`gateway.auth.token` / `CLAWDBOT_GATEWAY_PASSWORD`) and restart.
|
|
591
688
|
2. Rotate remote client secrets (`gateway.remote.token` / `.password`) on any machine that can call the Gateway.
|
|
592
689
|
3. Rotate provider/API credentials (WhatsApp creds, Slack/Discord tokens, model/API keys in `auth-profiles.json`).
|
|
593
690
|
|
|
594
691
|
### Audit
|
|
595
692
|
|
|
596
|
-
1. Check Gateway logs: `/tmp/
|
|
597
|
-
2. Review the relevant transcript(s): `~/.
|
|
693
|
+
1. Check Gateway logs: `/tmp/moltbot/moltbot-YYYY-MM-DD.log` (or `logging.file`).
|
|
694
|
+
2. Review the relevant transcript(s): `~/.clawdbot/agents/<agentId>/sessions/*.jsonl`.
|
|
598
695
|
3. Review recent config changes (anything that could have widened access: `gateway.bind`, `gateway.auth`, dm/group policies, `tools.elevated`, plugin changes).
|
|
599
696
|
|
|
600
697
|
### Collect for a report
|
|
601
698
|
|
|
602
|
-
- Timestamp, gateway host OS +
|
|
699
|
+
- Timestamp, gateway host OS + Moltbot version
|
|
603
700
|
- The session transcript(s) + a short log tail (after redacting)
|
|
604
701
|
- What the attacker sent + what the agent did
|
|
605
702
|
- Whether the Gateway was exposed beyond loopback (LAN/Tailscale Funnel/Serve)
|
|
@@ -651,9 +748,9 @@ Mario asking for find ~
|
|
|
651
748
|
|
|
652
749
|
## Reporting Security Issues
|
|
653
750
|
|
|
654
|
-
Found a vulnerability in
|
|
751
|
+
Found a vulnerability in Moltbot? Please report responsibly:
|
|
655
752
|
|
|
656
|
-
1. Email: security@
|
|
753
|
+
1. Email: security@molt.bot
|
|
657
754
|
2. Don't post publicly until fixed
|
|
658
755
|
3. We'll credit you (unless you prefer anonymity)
|
|
659
756
|
|