openclaw

Commit Graph

Author	SHA1	Message	Date
Peter Steinberger	d463c82c95	build: add local node bin to restart script PATH	2025-12-07 19:01:14 +01:00
Peter Steinberger	6c3d3b98b8	chore: purge warelay references	2025-12-07 03:36:57 +00:00
Peter Steinberger	b3e50cbb33	Switch to clawdis RPC mode and complete rebrand	2025-12-05 17:22:53 +00:00
Peter Steinberger	20cb709ae3	chore: organize imports after rebrand	2025-12-04 18:02:51 +00:00
Peter Steinberger	916a41ed60	branding: default to clawdis paths and launchd label	2025-12-04 18:01:30 +00:00
Peter Steinberger	96722bba08	ci: fix lint and tau rpc typing	2025-12-02 21:12:51 +00:00
Peter Steinberger	4e20a20927	fix(media): clean up files after response finishes	2025-12-02 21:10:18 +00:00
Peter Steinberger	a0d1004909	test(media): add redirect coverage and update changelog	2025-12-02 21:09:26 +00:00
Peter Steinberger	2018c90ae2	chore: tidy claude prompt and drop npm lock	2025-12-02 21:07:37 +00:00
Joao Lisboa	499a3e3227	style: fix biome formatting	2025-12-02 21:07:13 +00:00
Joao Lisboa	06dd9b8ed8	fix: follow redirects when downloading Twilio media node:https request() doesn't follow redirects by default, causing Twilio media URLs (which 302 to CDN) to save placeholder/metadata instead of actual images. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-02 21:07:13 +00:00
Joao Lisboa	2fae0a9f47	fix: media serving and id consistency - server.ts: Replace sendFile with manual readFile+send to fix NotFoundError when serving media (sendFile failed even after stat) - store.ts: Return id with file extension so it matches actual filename 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-02 21:07:13 +00:00
Peter Steinberger	2cf134668c	fix(media): block symlink traversal	2025-12-02 18:37:15 +00:00
Joao Lisboa	b94b220156	Fix path traversal vulnerability in media server The /media/:id endpoint was vulnerable to path traversal attacks. Since this endpoint is exposed via Tailscale Funnel (unlike the WhatsApp webhook which requires Twilio signature validation), attackers could directly request paths like /media/%2e%2e%2fwarelay.json to access sensitive files in ~/.warelay/ (e.g. warelay.json), or even escape further to the user's home directory via multiple ../ sequences. Fix: validate resolved paths stay within the media directory. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-02 19:33:21 +01:00
Peter Steinberger	c11abc1134	chore: release 1.2.1	2025-11-28 08:11:07 +01:00
Peter Steinberger	7d6a4f5204	fix(media): sniff mime and keep extensions	2025-11-28 08:07:53 +01:00
Peter Steinberger	e5f677803f	chore: format to 2-space and bump changelog	2025-11-26 00:53:53 +01:00
Peter Steinberger	e0425ad3e1	feat: support audio/video/doc media caps and transcript context	2025-11-25 23:21:35 +01:00
Peter Steinberger	2ba56b82e7	Add media hosting and store tests	2025-11-25 12:30:43 +01:00
Peter Steinberger	800c7a1e1f	chore: sync source updates	2025-11-25 12:12:13 +01:00
Peter Steinberger	d925d9849c	refactor: simplify MEDIA parsing, drop invalid lines, keep valid tokens	2025-11-25 06:17:48 +01:00
Peter Steinberger	49bf1fadb6	debug: log MEDIA extraction and parse Claude text for tokens	2025-11-25 06:14:12 +01:00
Peter Steinberger	ad55832cda	fix: strip trailing punctuation from MEDIA tokens and add tests	2025-11-25 06:07:11 +01:00
Peter Steinberger	8ea7f9b439	fix: keep MEDIA tokens with punctuation and log web media failures	2025-11-25 06:02:41 +01:00
Peter Steinberger	072998a6ab	refactor: extract MEDIA parsing helper and tidy whitespace	2025-11-25 05:49:18 +01:00
Peter Steinberger	6d41df2941	feat: download inbound media and expose to templating	2025-11-25 05:17:59 +01:00
Peter Steinberger	948ff7f035	feat: add image support across web and twilio	2025-11-25 04:58:31 +01:00

27 Commits (2eb27ffb4ae93d0187929e41b117819084b87394)