claudia.keller/openclaw-vainplex
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openclaw-vainplex/src/gateway
History
Jamieson O'Reilly a1f9825d63
security: add mDNS discovery config to reduce information disclosure (#1882) 
* security: add mDNS discovery config to reduce information disclosure

mDNS broadcasts can expose sensitive operational details like filesystem
paths (cliPath) and SSH availability (sshPort) to anyone on the local
network. This information aids reconnaissance and should be minimized
for gateways exposed beyond trusted networks.

Changes:
- Add discovery.mdns.enabled config option to disable mDNS entirely
- Add discovery.mdns.minimal option to omit cliPath/sshPort from TXT records
- Update security docs with operational security guidance

Minimal mode still broadcasts enough for device discovery (role, gatewayPort,
transport) while omitting details that help map the host environment.
Apps that need CLI path can fetch it via the authenticated WebSocket.

* fix: default mDNS discovery mode to minimal (#1882) (thanks @orlyjamie)

---------

Co-authored-by: theonejvo <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-26 13:32:11 +00:00
..
protocol fix(webchat): support image-only sends 2026-01-26 05:33:36 +00:00
server fix: harden tailscale serve auth 2026-01-26 12:49:19 +00:00
server-methods fix(webchat): support image-only sends 2026-01-26 05:33:36 +00:00
assistant-identity.test.ts fix: surface concrete ai error details 2026-01-22 22:24:25 +00:00
assistant-identity.ts feat(compaction): add adaptive chunk sizing, progressive fallback, and UI indicator (#1466) 2026-01-23 06:32:30 +00:00
auth.test.ts fix: harden tailscale serve auth 2026-01-26 12:49:19 +00:00
auth.ts fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
boot.test.ts fix: stabilize tests and logging 2026-01-18 18:43:31 +00:00
boot.ts refactor(logging): split config + subsystem imports 2026-01-19 00:15:44 +00:00
call.test.ts fix: add explicit tailnet gateway bind 2026-01-21 20:36:09 +00:00
call.ts fix: add explicit tailnet gateway bind 2026-01-21 20:36:09 +00:00
chat-abort.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
chat-attachments.test.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
chat-attachments.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
chat-sanitize.test.ts fix: hide message_id hints in web chat 2026-01-24 13:52:31 +00:00
chat-sanitize.ts feat: add beta googlechat channel 2026-01-24 23:30:45 +00:00
client.maxpayload.test.ts Gateway: enable canvas host + inject action bridge 2025-12-18 23:32:22 +01:00
client.test.ts fix: validate ws tls fingerprint 2026-01-20 13:04:20 +00:00
client.ts feat: show node PATH and bootstrap node host env 2026-01-21 11:06:56 +00:00
config-reload.test.ts refactor: migrate messaging plugins to sdk 2026-01-18 08:54:00 +00:00
config-reload.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
control-ui-shared.ts refactor: centralize control ui avatar helpers 2026-01-22 23:41:36 +00:00
control-ui.test.ts refactor: centralize control ui avatar helpers 2026-01-22 23:41:36 +00:00
control-ui.ts refactor: centralize control ui avatar helpers 2026-01-22 23:41:36 +00:00
device-auth.ts feat: enforce device-bound connect challenge 2026-01-20 13:04:19 +00:00
exec-approval-manager.ts fix: unify exec approval ids 2026-01-22 00:59:29 +00:00
gateway-cli-backend.live.test.ts fix: stabilize ci checks 2026-01-19 00:34:26 +00:00
gateway-models.profiles.live.test.ts feat: preflight update runner before rebase 2026-01-22 04:19:33 +00:00
gateway.e2e.test.ts test: speed up test suite 2026-01-23 02:55:38 +00:00
hooks-mapping.test.ts feat: allow hook model overrides 2026-01-08 09:33:42 +00:00
hooks-mapping.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
hooks.test.ts refactor: migrate messaging plugins to sdk 2026-01-18 08:54:00 +00:00
hooks.ts style: oxfmt fixes (#925) (thanks @grp06) 2026-01-15 03:22:54 +00:00
http-common.ts refactor: share responses input handling 2026-01-20 08:21:57 +00:00
http-utils.ts fix: expand /v1/responses inputs (#1229) (thanks @RyanLisse) 2026-01-20 07:37:30 +00:00
live-image-probe.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
net.test.ts fix: listen on ipv6 loopback for gateway 2026-01-25 05:49:48 +00:00
net.ts fix: harden tailscale serve auth 2026-01-26 12:49:19 +00:00
node-command-policy.ts feat: add node browser proxy routing 2026-01-24 04:21:47 +00:00
node-registry.ts feat: show node PATH and bootstrap node host env 2026-01-21 11:06:56 +00:00
open-responses.schema.ts feat(gateway): implement OpenResponses /v1/responses endpoint phase 2 2026-01-20 07:37:01 +00:00
openai-http.e2e.test.ts test(gateway): consolidate server suites for speed 2026-01-23 06:22:09 +00:00
openai-http.ts fix: honor trusted proxy client IPs (PR #1654) 2026-01-25 01:52:19 +00:00
openresponses-http.e2e.test.ts test(gateway): consolidate server suites for speed 2026-01-23 06:22:09 +00:00
openresponses-http.ts fix: honor trusted proxy client IPs (PR #1654) 2026-01-25 01:52:19 +00:00
openresponses-parity.e2e.test.ts test(gateway): add OpenResponses parity E2E tests 2026-01-20 07:37:01 +00:00
probe.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
server-broadcast.test.ts fix: tighten tls fingerprints and approval events 2026-01-20 13:04:20 +00:00
server-broadcast.ts fix: tighten tls fingerprints and approval events 2026-01-20 13:04:20 +00:00
server-browser.ts CLI: streamline startup paths and env parsing 2026-01-18 23:10:39 +00:00
server-channels.ts refactor(logging): split config + subsystem imports 2026-01-19 00:15:44 +00:00
server-chat-registry.test.ts test(gateway): cover helper registries 2026-01-03 19:37:09 +01:00
server-chat.agent-events.test.ts test: cover CLI chat delta event (#1921) (thanks @rmorse) 2026-01-25 21:09:04 +00:00
server-chat.ts fix: resolve format/build failures 2026-01-19 11:32:15 +00:00
server-close.ts fix: listen on ipv6 loopback for gateway 2026-01-25 05:49:48 +00:00
server-constants.ts test: speed up history and cron suites 2026-01-23 07:34:57 +00:00
server-cron.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
server-discovery-runtime.ts security: add mDNS discovery config to reduce information disclosure (#1882) 2026-01-26 13:32:11 +00:00
server-discovery.test.ts fix: skip tailscale dns probe when off 2026-01-25 02:51:20 +00:00
server-discovery.ts fix: skip tailscale dns probe when off 2026-01-25 02:51:20 +00:00
server-http.ts feat: Add Line plugin (#1630) 2026-01-25 12:22:36 +00:00
server-lanes.ts refactor: use command lane enum 2026-01-20 10:51:25 +00:00
server-maintenance.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
server-methods-list.ts feat: move TTS into core (#1559) (thanks @Glucksberg) 2026-01-24 08:00:44 +00:00
server-methods.ts feat: move TTS into core (#1559) (thanks @Glucksberg) 2026-01-24 08:00:44 +00:00
server-mobile-nodes.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
server-model-catalog.ts refactor(gateway): split server runtime 2026-01-14 09:11:21 +00:00
server-node-events-types.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
server-node-events.test.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
server-node-events.ts fix: resolve format/build failures 2026-01-19 11:32:15 +00:00
server-node-subscriptions.test.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
server-node-subscriptions.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
server-plugins.test.ts feat: Add Line plugin (#1630) 2026-01-25 12:22:36 +00:00
server-plugins.ts fix: log plugin load errors in gateway 2026-01-19 00:15:24 +00:00
server-reload-handlers.ts fix: reschedule heartbeat on hot reload 2026-01-21 00:53:54 +00:00
server-restart-sentinel.ts Telegram: preserve topic IDs in restart notifications (#1807) 2026-01-25 21:20:39 -06:00
server-runtime-config.ts fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
server-runtime-state.ts fix: listen on ipv6 loopback for gateway 2026-01-25 05:49:48 +00:00
server-session-key.ts refactor: canonicalize gateway session store keys 2026-01-17 07:41:24 +00:00
server-shared.ts refactor(gateway): split server helpers 2026-01-03 19:37:09 +01:00
server-startup-log.ts fix: listen on ipv6 loopback for gateway 2026-01-25 05:49:48 +00:00
server-startup.ts CLI: streamline startup paths and env parsing 2026-01-18 23:10:39 +00:00
server-tailscale.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
server-utils.test.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
server-utils.ts fix(gateway): format status/code errors 2026-01-03 19:37:09 +01:00
server-wizard-sessions.ts refactor(gateway): split server runtime 2026-01-14 09:11:21 +00:00
server-ws-runtime.ts refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
server.agent.gateway-server-agent-a.e2e.test.ts feat: Add Line plugin (#1630) 2026-01-25 12:22:36 +00:00
server.agent.gateway-server-agent-b.e2e.test.ts feat: Add Line plugin (#1630) 2026-01-25 12:22:36 +00:00
server.auth.e2e.test.ts fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
server.channels.e2e.test.ts feat: Add Line plugin (#1630) 2026-01-25 12:22:36 +00:00
server.chat.gateway-server-chat-b.e2e.test.ts fix: unify inbound dispatch pipeline 2026-01-23 22:58:54 +00:00
server.chat.gateway-server-chat.e2e.test.ts fix(webchat): support image-only sends 2026-01-26 05:33:36 +00:00
server.config-apply.e2e.test.ts test: move gateway server coverage to e2e 2026-01-23 18:34:33 +00:00
server.config-patch.e2e.test.ts fix: follow up config.patch restarts/docs/tests (#1653) 2026-01-24 23:33:13 +00:00
server.cron.e2e.test.ts test: move gateway server coverage to e2e 2026-01-23 18:34:33 +00:00
server.health.e2e.test.ts test: move gateway server coverage to e2e 2026-01-23 18:34:33 +00:00
server.hooks.e2e.test.ts test: move gateway server coverage to e2e 2026-01-23 18:34:33 +00:00
server.impl.ts security: add mDNS discovery config to reduce information disclosure (#1882) 2026-01-26 13:32:11 +00:00
server.ios-client-id.e2e.test.ts test: move gateway server coverage to e2e 2026-01-23 18:34:33 +00:00
server.models-voicewake-misc.e2e.test.ts feat: Add Line plugin (#1630) 2026-01-25 12:22:36 +00:00
server.nodes.late-invoke.test.ts fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
server.reload.e2e.test.ts test: move gateway server coverage to e2e 2026-01-23 18:34:33 +00:00
server.roles-allowlist-update.e2e.test.ts test: move gateway server coverage to e2e 2026-01-23 18:34:33 +00:00
server.sessions-send.e2e.test.ts test: move gateway server coverage to e2e 2026-01-23 18:34:33 +00:00
server.sessions.gateway-server-sessions-a.e2e.test.ts fix: resolve session ids in session tools 2026-01-24 11:09:11 +00:00
server.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
session-utils.fs.test.ts feat: add sessions preview rpc and menu prewarm 2026-01-22 10:21:50 +00:00
session-utils.fs.ts feat: add sessions preview rpc and menu prewarm 2026-01-22 10:21:50 +00:00
session-utils.test.ts feat: add search param to sessions.list RPC 2026-01-20 16:36:51 +00:00
session-utils.ts Gateway: prefer newest session entries in merge (#1823) 2026-01-25 22:40:22 -06:00
session-utils.types.ts feat: add sessions preview rpc and menu prewarm 2026-01-22 10:21:50 +00:00
sessions-patch.test.ts fix: normalize model override auth handling 2026-01-21 06:00:21 +00:00
sessions-patch.ts feat: add elevated ask/full modes 2026-01-22 05:41:11 +00:00
sessions-resolve.ts fix: resolve session ids in session tools 2026-01-24 11:09:11 +00:00
test-helpers.e2e.ts test: speed up test suite 2026-01-23 02:22:02 +00:00
test-helpers.mocks.ts feat: Add Line plugin (#1630) 2026-01-25 12:22:36 +00:00
test-helpers.openai-mock.ts test: speed up test suite 2026-01-23 02:22:02 +00:00
test-helpers.server.ts fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
test-helpers.ts refactor(src): split oversized modules 2026-01-14 01:17:56 +00:00
tools-invoke-http.test.ts fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
tools-invoke-http.ts fix: honor trusted proxy client IPs (PR #1654) 2026-01-25 01:52:19 +00:00
ws-log.test.ts fix: add agent context to ws logs 2026-01-17 20:37:36 +00:00
ws-log.ts refactor(logging): split config + subsystem imports 2026-01-19 00:15:44 +00:00
ws-logging.ts Gateway: optimize ws logs in normal mode 2025-12-18 13:27:52 +00:00