Kaspre 44840007d4 fix(agents): scope custom provider baseUrl SSRF trust by origin (#80751) ... * fix(agents): scope provider SSRF trust by origin * fix(provider): preserve explicit private-network deny * docs(provider): document exact-origin SSRF trust * test(provider): cover exact-origin SSRF edges * docs(provider): align local model private-origin guidance * refactor(ssrf): keep policy merging in infra * test(ssrf): cover exact-origin trust through guard * test(ssrf): block sibling private-origin redirects * fix(provider): keep loopback trust origin-scoped * fix(provider): block metadata origin trust * fix(ssrf): keep metadata rebinding blocked * fix(ssrf): block cloud metadata origins * fix(ssrf): block ipv6 metadata origins * fix(ssrf): block embedded metadata origins * test(ssrf): cover embedded link-local metadata * test(provider): cover custom anthropic proxy classification * test(provider): widen transport policy mock * test(plugin-sdk): assert metadata-IP allowedOrigins entries are rejected Plugin authors can construct an SsrFPolicy that lists any well-formed http(s) origin in allowedOrigins. The abuse-resistance lives one layer deeper, in resolvePinnedHostnameWithPolicy's metadata/link-local block. Add an SDK-level smoke test asserting that contract directly: - AWS/Alibaba IMDS IPv4 literals, GCP metadata canonical hostname, IPv6 ULA metadata literal, and non-metadata link-local IPv4 entries build a policy via ssrfPolicyFromHttpBaseUrlAllowedOrigin and are then rejected at resolvePinnedHostnameWithPolicy. - DNS rebinding from a trusted private DNS origin to a metadata IP is rejected even when the request hostname is origin-trusted. This would fail if the SDK helper or resolveSsrFPolicyForUrl ever short-circuited past the metadata block. * chore(docs): regenerate baselines after upstream rebase upstream/main moved between rebases; the merged source state for the PR's `src/config/schema.help.ts` change and the upstream plugin-sdk surface changes both produce different hashes than the committed baselines, so `config:docs:check` and `plugin-sdk:api:check` would fail. Regenerated via `pnpm config:docs:gen` + `pnpm plugin-sdk:api:gen` on Crabbox; both baselines verified with their respective `--check` generators. * test(plugin-sdk): assert SSRF blocked error class * fix(lint): satisfy exact-origin PR lint rules * docs: clarify custom provider origin trust * chore(docs): refresh plugin sdk api baseline --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>		2026-05-15 11:00:29 +01:00
..
.generated	test(sdk): refresh command facts API baseline	2026-05-15 10:38:43 +01:00
.i18n	fix: refresh code mode after rebase	2026-05-15 04:16:07 +01:00
announcements	fix: add channel status filtering (#80706)	2026-05-11 18:44:54 +01:00
assets	Add browser and tool profile quick settings (#80609)	2026-05-11 10:06:00 +00:00
automation	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
channels	fix: surface update restart and plugin repair guidance	2026-05-15 07:32:29 +01:00
clawhub	docs: add ClawHub publishing page	2026-05-07 19:43:06 -07:00
cli	fix: surface update restart and plugin repair guidance	2026-05-15 07:32:29 +01:00
concepts	fix(agents): scope custom provider baseUrl SSRF trust by origin (#80751)	2026-05-15 11:00:29 +01:00
debug	docs: typography hygiene across 6 pages (gateway/cli/debug)	2026-05-06 08:49:27 -07:00
diagnostics	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
gateway	fix(agents): scope custom provider baseUrl SSRF trust by origin (#80751)	2026-05-15 11:00:29 +01:00
help	Remove codex-cli backend and migrate to Codex runtime	2026-05-14 10:07:18 +01:00
images
install	fix: hand off managed update run self-updates	2026-05-15 06:12:57 +01:00
nodes	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
plan	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
platforms	docs(platforms): link Android Play Store app	2026-05-14 16:04:31 +05:30
plugins	fix(plugins): expose effective context budget in hooks	2026-05-14 17:51:53 -05:00
providers	fix(agents): scope custom provider baseUrl SSRF trust by origin (#80751)	2026-05-15 11:00:29 +01:00
refactor	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
reference	docs: mark code tool surfaces experimental	2026-05-15 04:16:07 +01:00
security	lint: classify raw socket callsites	2026-05-08 01:18:04 +10:00
snippets/plugin-publish	docs: show explicit startup activation in plugin examples	2026-04-28 03:13:20 +01:00
start	build: externalize slack openshell vertex plugins	2026-05-14 07:46:58 +01:00
superpowers/specs	docs: complete source-backed docs sweep	2026-05-02 22:37:01 +01:00
tools	fix(acpx): surface Codex ACP diagnostics	2026-05-14 22:42:28 +01:00
web	fix(control-ui): rotate service worker cache per build (#82050)	2026-05-15 07:59:29 +01:00
AGENTS.md	docs: keep qa broker notes internal	2026-05-08 06:01:23 +01:00
auth-credential-semantics.md	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
brave-search.md	docs(brave): redirect legacy search page	2026-05-02 04:42:55 +01:00
ci.md	docs(testing): clarify pnpm proof routing	2026-05-14 12:09:17 +08:00
CLAUDE.md
date-time.md	docs: audit and fix 4 pages (pi version bump + 3 typography/H1)	2026-05-05 21:14:55 -07:00
docs.json	feat: add generic code mode runtime	2026-05-15 04:16:07 +01:00
index.md	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
logging.md	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
nav-tabs-underline.js
network.md	docs: audit and fix 4 pages (pi version bump + 3 typography/H1)	2026-05-05 21:14:55 -07:00
perplexity.md	docs: consolidate moved docs pages	2026-05-05 17:38:21 +01:00
pi-dev.md	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
pi.md	Revert "refactor: move runtime state to SQLite"	2026-05-13 13:33:38 +01:00
prose.md
style.css
tts.md
vps.md	Docs: add VPS admin hardening note (#54685)	2026-04-29 14:36:33 -07:00
whatsapp-openclaw-ai-zh.jpg
whatsapp-openclaw.jpg