let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,834 Commits 1 Branch 0 Tags
73fa2e10bc6238922f43429cf4c6007ea83a6ea5
Commit Graph

32 Commits

Author SHA1 Message Date
Peter Steinberger
d79dc4d742 fix: correct camera snap mime mapping 2026-01-02 17:43:34 +01:00
Peter Steinberger
b82dfe08a2 fix: prefer header mime for media extensions 2025-12-21 02:34:19 +01:00
Peter Steinberger
96cbab2b22 test: expand mime detection coverage 2025-12-20 19:16:53 +01:00
Peter Steinberger
36c85a617a fix: use file-type for mime sniffing 2025-12-20 19:13:50 +01:00
Peter Steinberger
bb7f4abd4b feat(gateway): support bun-compiled embedded gateway 2025-12-19 19:21:26 +01:00
Peter Steinberger
d463c82c95 build: add local node bin to restart script PATH 2025-12-07 19:01:14 +01:00
Peter Steinberger
6c3d3b98b8 chore: purge warelay references 2025-12-07 03:36:57 +00:00
Peter Steinberger
b3e50cbb33 Switch to clawdis RPC mode and complete rebrand 2025-12-05 17:22:53 +00:00
Peter Steinberger
20cb709ae3 chore: organize imports after rebrand 2025-12-04 18:02:51 +00:00
Peter Steinberger
916a41ed60 branding: default to clawdis paths and launchd label 2025-12-04 18:01:30 +00:00
Peter Steinberger
96722bba08 ci: fix lint and tau rpc typing 2025-12-02 21:12:51 +00:00
Peter Steinberger
4e20a20927 fix(media): clean up files after response finishes 2025-12-02 21:10:18 +00:00
Peter Steinberger
a0d1004909 test(media): add redirect coverage and update changelog 2025-12-02 21:09:26 +00:00
Peter Steinberger
2018c90ae2 chore: tidy claude prompt and drop npm lock 2025-12-02 21:07:37 +00:00
Joao Lisboa
499a3e3227 style: fix biome formatting 2025-12-02 21:07:13 +00:00
Joao Lisboa
06dd9b8ed8 fix: follow redirects when downloading Twilio media 
node:https request() doesn't follow redirects by default, causing
Twilio media URLs (which 302 to CDN) to save placeholder/metadata
instead of actual images.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 21:07:13 +00:00
Joao Lisboa
2fae0a9f47 fix: media serving and id consistency 
- server.ts: Replace sendFile with manual readFile+send to fix
  NotFoundError when serving media (sendFile failed even after stat)
- store.ts: Return id with file extension so it matches actual filename

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 21:07:13 +00:00
Peter Steinberger
2cf134668c fix(media): block symlink traversal 2025-12-02 18:37:15 +00:00
Joao Lisboa
b94b220156 Fix path traversal vulnerability in media server 
The /media/:id endpoint was vulnerable to path traversal attacks.
Since this endpoint is exposed via Tailscale Funnel (unlike the
WhatsApp webhook which requires Twilio signature validation),
attackers could directly request paths like /media/%2e%2e%2fwarelay.json
to access sensitive files in ~/.warelay/ (e.g. warelay.json), or even
escape further to the user's home directory via multiple ../ sequences.

Fix: validate resolved paths stay within the media directory.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 19:33:21 +01:00
Peter Steinberger
c11abc1134 chore: release 1.2.1 2025-11-28 08:11:07 +01:00
Peter Steinberger
7d6a4f5204 fix(media): sniff mime and keep extensions 2025-11-28 08:07:53 +01:00
Peter Steinberger
e5f677803f chore: format to 2-space and bump changelog 2025-11-26 00:53:53 +01:00
Peter Steinberger
e0425ad3e1 feat: support audio/video/doc media caps and transcript context 2025-11-25 23:21:35 +01:00
Peter Steinberger
2ba56b82e7 Add media hosting and store tests 2025-11-25 12:30:43 +01:00
Peter Steinberger
800c7a1e1f chore: sync source updates 2025-11-25 12:12:13 +01:00
Peter Steinberger
d925d9849c refactor: simplify MEDIA parsing, drop invalid lines, keep valid tokens 2025-11-25 06:17:48 +01:00
Peter Steinberger
49bf1fadb6 debug: log MEDIA extraction and parse Claude text for tokens 2025-11-25 06:14:12 +01:00
Peter Steinberger
ad55832cda fix: strip trailing punctuation from MEDIA tokens and add tests 2025-11-25 06:07:11 +01:00
Peter Steinberger
8ea7f9b439 fix: keep MEDIA tokens with punctuation and log web media failures 2025-11-25 06:02:41 +01:00
Peter Steinberger
072998a6ab refactor: extract MEDIA parsing helper and tidy whitespace 2025-11-25 05:49:18 +01:00
Peter Steinberger
6d41df2941 feat: download inbound media and expose to templating 2025-11-25 05:17:59 +01:00
Peter Steinberger
948ff7f035 feat: add image support across web and twilio 2025-11-25 04:58:31 +01:00