let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,997 Commits 1 Branch 0 Tags
d696ee3dfd64286c35313f69e658a0748640dc83
Commit Graph

48 Commits

Author SHA1 Message Date
Jamieson O'Reilly
6aec34bc60 fix(gateway): prevent auth bypass when behind unconfigured reverse proxy (#1795) 
* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy

When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.

Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.

The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.

Also adds documentation for reverse proxy security configuration.

* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)

---------

Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-25 15:08:03 +00:00
Peter Steinberger
8f3da653b0 fix: allow control ui token auth without pairing 2026-01-25 12:47:17 +00:00
Peter Steinberger
629ce4454d docs: add tips + clawd-to-clawd faq 2026-01-25 04:04:18 +00:00
Peter Steinberger
e6e71457e0 fix: honor trusted proxy client IPs (PR #1654) 
Thanks @ndbroadbent.

Co-authored-by: Nathan Broadbent <git@ndbroadbent.com>
 2026-01-25 01:52:19 +00:00
Peter Steinberger
9ae03b92bb docs: clarify prompt injection guidance 2026-01-22 04:19:33 +00:00
Peter Steinberger
f76e3c1419 fix: enforce secure control ui auth 2026-01-21 23:58:42 +00:00
Peter Steinberger
b5fd66c92d fix: add explicit tailnet gateway bind 2026-01-21 20:36:09 +00:00
Peter Steinberger
e5ea8a0d22 docs: add network hub + pairing locality 2026-01-21 00:14:14 +00:00
Peter Steinberger
51dfd6efdb fix: tighten small-model audit guardrails 2026-01-20 23:52:26 +00:00
Peter Steinberger
06c17a333e docs: update protocol + security notes 2026-01-20 13:04:20 +00:00
Peter Steinberger
6f5205d826 docs: elevate security audit callout 2026-01-18 23:37:14 +00:00
Peter Steinberger
ae0b4c4990 feat: add exec host routing + node daemon 2026-01-18 07:46:00 +00:00
Peter Steinberger
e71fa4a145 docs: note session log disk access 2026-01-17 19:30:46 +00:00
Ruby
0cd24137e8 feat: add session.identityLinks for cross-platform DM session linking (#1033) 
Co-authored-by: Shadow <shadow@clawd.bot>
 2026-01-16 14:23:22 -06:00
Peter Steinberger
d0c986c4f0 feat: warn on weak model tiers 2026-01-16 09:34:37 +00:00
Ubuntu
ca9688b5cc feat(session): add dmScope for multi-user DM isolation 
Co-authored-by: Alphonse-arianee <Alphonse-arianee@users.noreply.github.com>
 2026-01-16 04:13:10 +00:00
Peter Steinberger
b2b331230b feat: mac node exec policy + remote skills hot reload 2026-01-16 03:45:06 +00:00
Peter Steinberger
ca1902fb4e feat(security): expand audit and safe --fix 2026-01-15 05:31:43 +00:00
Peter Steinberger
0e76d21f11 docs(security): mention audit --fix 2026-01-15 05:03:13 +00:00
Peter Steinberger
ef78b198cb feat: add Chrome extension browser relay 2026-01-15 04:52:28 +00:00
hyaxia
f3c9252840 Security: add detect-secrets scan 2026-01-15 03:14:43 +00:00
Peter Steinberger
c2a4f256c8 feat: add security audit + onboarding checkpoint 2026-01-15 01:25:11 +00:00
Peter Steinberger
3eb48cbea7 docs: complete channels rename sweep 2026-01-13 08:40:39 +00:00
Peter Steinberger
90342a4f3a refactor!: rename chat providers to channels 2026-01-13 08:40:39 +00:00
Peter Steinberger
b70298fbca fix: document Tailscale Serve auth headers (#823) (thanks @roshanasingh4) 2026-01-13 04:37:04 +00:00
Peter Steinberger
98e75fce17 test: align group policy defaults 2026-01-12 08:45:57 +00:00
Peter Steinberger
006e1352d8 fix: harden msteams group access 2026-01-12 08:32:08 +00:00
Peter Steinberger
8b4bdaa8a4 feat: add apply_patch tool (exec-gated) 2026-01-12 03:42:56 +00:00
Peter Steinberger
98337a14b3 fix: rename bash tool to exec (#748) (thanks @myfunc) 2026-01-12 02:49:55 +00:00
Peter Steinberger
cf0c72a557 feat: add plugin architecture 2026-01-11 12:11:12 +00:00
Peter Steinberger
fe46a2663b docs: clarify browser allowlist defaults and risks 2026-01-11 02:00:30 +01:00
Peter Steinberger
b0b4b33b6b fix: update gateway auth docs and clients 2026-01-11 01:51:24 +01:00
Peter Steinberger
81f9093c3c fix(pairing): accept positional provider args 2026-01-10 16:36:43 +01:00
Peter Steinberger
cdb915d527 chore: normalize Clawdbot naming 2026-01-10 05:14:09 +01:00
Peter Steinberger
bd10f3d3f1 feat: allow session_status in sandbox 2026-01-09 23:41:57 +00:00
Peter Steinberger
88cbe2d275 fix: cap pairing requests and suppress outbound pairing replies 2026-01-09 22:58:18 +00:00
Peter Steinberger
5fa26bfec7 feat: add per-agent elevated controls 2026-01-09 20:42:19 +00:00
Peter Steinberger
7b81d97ec2 feat: wire multi-agent config and routing 
Co-authored-by: Mark Pors <1078320+pors@users.noreply.github.com>
 2026-01-09 12:48:42 +00:00
Peter Steinberger
14096fb629 docs: add model allowlist + reasoning safety notes 2026-01-09 02:07:33 +01:00
Peter Steinberger
014667e00b fix: tighten group elevated targeting 2026-01-08 22:57:18 +01:00
Peter Steinberger
884e734809 feat(doctor): audit config + state permissions 2026-01-08 21:51:34 +01:00
Peter Steinberger
d55750189e docs: add sandboxing page and cross-links 2026-01-08 21:49:26 +01:00
Peter Steinberger
0e9837183d docs: expand per-agent sandbox profiles 2026-01-07 20:31:23 +01:00
Peter Steinberger
0914517ee3 feat(sandbox): add workspace access mode 2026-01-07 09:33:38 +00:00
Peter Steinberger
42ae2341aa fix: harden pairing flow 2026-01-07 05:06:04 +01:00
Peter Steinberger
467d4e17fe feat: add sandbox scope default 2026-01-07 02:52:41 +01:00
Peter Steinberger
4fb9293c29 docs: fix internal doc links 2026-01-07 02:15:46 +01:00
Peter Steinberger
db4d0b8e75 docs: reorganize documentation structure 2026-01-07 00:45:46 +01:00