Build(deps): Bump cryptography from 46.0.6 to 46.0.7 in the pip group across 1 directory#23
Open
dependabot[bot] wants to merge 386 commits into
Open
Build(deps): Bump cryptography from 46.0.6 to 46.0.7 in the pip group across 1 directory#23dependabot[bot] wants to merge 386 commits into
dependabot[bot] wants to merge 386 commits into
Conversation
The StreamableHTTPSessionManager requires its run() async context manager to be active before handling requests. When mounted as a FastAPI sub-app via app.mount(), the inner Starlette app's lifespan is not invoked, leaving the anyio task group uninitialised. Fix: enter session_manager.run() inside the FastAPI lifespan so the task group is active for the full server lifetime. Requests to /mcp no longer fail with "Task group is not initialized".
StreamableHTTPSessionManager.run() can only be called once per instance. Tests create multiple TestClient(app) contexts per process, each triggering the lifespan. Reset _session_manager and recreate _mcp_asgi_inner at lifespan startup so every entry gets a fresh instance.
traefik:v2.11 ships Go 1.24.1 which carries CVE-2025-68121 (CVSS 10), CVE-2025-22871 (9.1), and ~15 additional HIGH/MEDIUM Go stdlib CVEs. traefik:v3 builds with a patched Go release that resolves these. All existing CLI flags and Docker labels are v3-compatible. No config changes required. ubuntu/* CVEs (open-webui, ollama) are third-party images outside TelsonBase scope — documented in Dockerfile.
mcp_server is attached to 4 networks. Without traefik.docker.network,
Traefik selects the first container IP alphabetically — telsonbase_ai
(172.21.x.x) — which Traefik is not connected to, causing silent
proxy timeouts on all requests through port 80.
Also adds PathPrefix('/') catch-all router rule for dev mode.
Production overlay retains Host-based routing.
…s instrument not path-giver
Signed-off-by: Jeff Phillips <211976194+QuietFireAI@users.noreply.github.com>
…tion tests work without live Redis
The client fixture already cleared rate_limiter._buckets (in-memory fallback) but the Redis-backed Lua token-bucket key was never reset between tests. In CI where Redis is available, the same hashed API key accumulates requests across tests until the burst budget (20) is exhausted, causing compliance route tests to return 429 instead of 200/500. Fix: delete all ratelimit:* keys from Redis DB15 at the start of each test, alongside the existing audit-chain and RBAC flushes.
…state bleed AgentKeyRegistry loads signing:revoked_agents from Redis on __init__; tests that revoke agent-001 contaminate subsequent tests whose fresh registry instance picks up the revocation and raises PermissionError on register_agent. AnomalyMonitor loads _recent_denials from Redis on __init__; tests that record denials above threshold contaminate tests that expect zero denials below threshold. Flush signing:*, security:signing:revoked_agents, security:recent_denials, and security:threat_events in the conftest client fixture alongside the existing rate-limit and RBAC/audit-chain flushes.
…t bleed AgentKeyRegistry() calls _load_from_persistence() on init, loading signing:revoked_agents from Redis. Tests that revoke agent-001 or agent_a poison the next test's fresh registry instance, causing PermissionError on register_agent even though the test is starting fresh. BehaviorMonitor() loads _recent_denials from Redis on init. Tests that record >0 denials can push a subsequent test over CAPABILITY_PROBE_THRESHOLD before it records any denials itself. Fix: flush relevant Redis keys in the registry and monitor fixtures (test_core_signing_depth.py, test_core_anomaly_depth.py) and add an autouse fixture in TestAgentKeyRegistry (test_signing.py).
- Product rename throughout: all source files, docs, tests, proof sheets, CITATION.cff, README, CHANGELOG, HuggingFace app.py - GitHub repo renamed: QuietFireAI/ClawCoat → QuietFireAI/ClawFilters - Domain updated: clawcoat.com → clawfilters.com - Positioning: small business primary; regulated industries as quality signal - "The Manners Engine" brand name removed from public copy; scoring mechanism retained as "behavioral scoring/filter" — architecture unchanged - Audience broadened: "OpenClaw agents" → "AI agents" in public-facing copy - clawcoat_dev defaults → clawfilters_dev in config.py - Audit chain prefix: clawcoat_ → clawfilters_ in core/audit.py - clawcoat_permissions DB column unchanged (migration deferred) - CLAWCOAT_ENCRYPTION_KEY env var unchanged (internal implementation name) - TELSONBASE_ENV and telsonbase_* Docker names unchanged
…ed files) - M1: config.py line 380 error message now correctly names 'clawfilters_redis_dev' - L1-L4: REM headers in config.py, audit.py, auth.py, middleware.py - L5: .env.example header, DB/MQTT user defaults, Traefik/Telegram domain examples - L6: FAQ.md TOC anchor links, version bump to v11.0.4 - L7: TELEGRAM_GUIDE.md example bot name and webhook domain - L8: SECRETS_MANAGEMENT.md line 237 Redis dev default name - L9: test_api.py federation fixture URL - config.py default DATABASE_URL username/db updated to clawfilters - test_core_config_depth.py: match updated DATABASE_URL default - test_core_threat_response_depth.py: admin@clawcoat → admin@clawfilters.com - INSTALLATION_GUIDE_WINDOWS.md: note corrected for new name - agent-autonomy-sla-spec.json: all ClawCoat references + version updated
…ndabot) Closes Dependabot MEDIUM (requests insecure temp file) and LOW (cryptography DNS name constraint) alerts.
…val, delegation - openclaw.py NH4: AnomalyDetector → BehaviorMonitor, check_agent → record() Anomaly gate was dead code since file was written; now functional - email_sender.py: html.escape() on username/token/user_id; branding ClawFilters - mfa.py: remove except:pass on encryption — TOTP secrets now fail-hard rather than silently storing plaintext when CLAWCOAT_ENCRYPTION_KEY is missing - manners.py: load_from_persistence now reloads violation history from Redis; behavioral scoring and earned trust tiers were resetting on every restart - auth_dependencies.py: global-permission API keys without RBAC user now blocked at MFA gate instead of silently bypassed - approval.py: replace threading.Event with Redis polling in wait_for_decision; threading.Event is process-local — cross-worker approvals were hanging forever - delegation.py: fix _capability_matches wildcard logic — admin.* now correctly matches admin.users.create (removed over-strict segment count check) - file headers: TelsonBase → ClawFilters in threat_response, anomaly, trust_levels, rate_limiting, manners, email_sender, approval
…ence, nonce, compliance - Replace all remaining TelsonBase/ file path headers with ClawFilters/ (100 files) - email_verification.py: cleanup_expired now prunes VERIFIED tokens after 48h (OOM DoS) - emergency_access.py: add cleanup_old_requests() to prune inactive requests from memory - breach_notification.py: header fix only (Redis fallback already applied in batch 1) - trust_levels.py: implement _load_from_persistence + _save_record; call _save_record on register_agent, promote, demote, quarantine — trust levels now survive worker restarts - rate_limiting.py: add "agent" → UNLIMITED tier mapping (apex tier was missing, NH2 gap) - audit.py: log Redis save failure instead of bare except: pass in _save_chain_state - identiclaw.py: _check_nonce fails CLOSED on Redis outage (was fail-open, replay vector) - compliance.py: _collect_audit_evidence queries real audit chain instead of returning stub - tests/conftest.py: autouse fixture flushes security:trust before each test for isolation - tests/test_core_trust_levels_depth.py: mgr fixture flushes security:trust for extra safety
- test_core_rate_limiting_depth.py: agent tier now maps to UNLIMITED (was testing old fail-open bug) - test_identiclaw_depth.py: _check_nonce now fails CLOSED on Redis outage (two tests updated)
…h logging - capabilities.py: CapabilityEnforcer now loads/saves from Redis (security:capabilities) for cross-worker consistency; add _load_from_redis() + _save_agent() + call in register_agent - database.py: log exception details in check_db_health (was bare except with silent return False) - tests/conftest.py: flush security:capabilities per-test alongside security:trust
…ersistence, delegation OOM - captcha.py: add _load_challenge_from_redis() for cross-worker CAPTCHA verification; verify_challenge() falls back to Redis TTL key lookup when challenge not in local memory - emergency_access.py: _check_expiry() now calls _save_record() after deactivating so all workers see the expired state immediately (cross-worker consistency) - delegation.py: cleanup_expired() now prunes old EXPIRED/REVOKED delegations from _delegations, _by_grantor, _by_grantee after retention_hours (default 24h) to prevent unbounded memory growth (OOM DoS vector fixed)
…ol safety, auth log cap - audit.py: add AUTH_SESSION_TERMINATED event type (L7 fix: terminate_session was incorrectly logging AUTH_SUCCESS for a termination event) - session_management.py: use AUTH_SESSION_TERMINATED in terminate_session audit log - middleware.py: enforce MAX_TRACKED_CLIENTS cap in _cleanup_stale_buckets fallback path — evicts oldest entries when bucket dict exceeds 10K (M16 fix) - openclaw.py: unknown tools now default to ActionCategory.DELETE (gated at all trust levels) instead of WRITE_INTERNAL, preventing autonomous execution of unmapped tools (M18 fix) - auth.py: cap _apikey_last_logged at 5K entries with expired-actor eviction before insert; skip logging rather than growing unbounded (M2 fix)
…validation - rbac.py: _api_key_to_user now keyed by SHA-256 hash instead of raw API key (register_api_key + get_user_by_api_key both use hash — consistent with Redis storage added in H11 fix); raw key material no longer lives in-process heap (M13) - middleware.py: validate X-Forwarded-For candidate against IPv4/IPv6 pattern before using as rate-limit bucket key — prevents header injection if Traefik is absent (M1)
…permanently Previously, if Redis was unavailable at startup, _signing_store was set to False and replay protection permanently degraded to in-memory only with no recovery path. Now failure is not cached — each call retries, so replay protection self-heals once Redis becomes available. Degraded state is logged explicitly so operators see it.
…r via Redis - approval.py: @requires_approval decorator now extracts agent_id from task kwargs (agent_id=...) rather than current_task.request.hostname which is a Celery worker hostname, not an agent identity - email_verification.py: resend rate limit (_check_rate_limit) now uses Redis INCR/EXPIRE as primary check for cross-worker consistency; in-memory list is retained as fallback when Redis is unavailable. New _record_resend() helper writes to both Redis and in-memory simultaneously.
After batch 2 made _check_nonce fail-closed (Redis unavailable = reject), the test was mocking Redis as None (unavailable) while still expecting auth to succeed — a contradiction. Now provides a proper Redis mock that returns exists=0 (nonce fresh) and setex=True (nonce stored) so the test correctly validates the valid-signature path.
… Redis entry The Redis-primary _check_rate_limit was returning True immediately when no Redis key existed, bypassing in-memory _resend_tracking. When Redis has no entry (either no resends yet or key expired), fall through to in-memory check so direct _resend_tracking manipulation in unit tests continues to work correctly.
Resend rate-limit counters (INCR/EXPIRE in email_verification.py) persist to Redis DB 15. Without flushing, integration tests that trigger resend emails could see stale counts from previous test runs bleeding through.
- openclaw.py: add ActionCategory.COMMUNICATION for outbound comms channels (Slack, WhatsApp, Discord, Teams, SMS, Twilio); all tools remapped from EXTERNAL_REQUEST to COMMUNICATION; COMMUNICATION is gated at ALL trust tiers including CITIZEN and AGENT — human outreach always requires approval (M17) - session_management.py: add mfa_verified to _save_record serialization and _get_session_from_redis deserialization; add set_mfa_verified(session_id) method that sets the flag and persists to Redis in one call (L11) - auth_routes.py: login/mfa endpoint now calls session_manager.set_mfa_verified() instead of directly mutating session.mfa_verified (which was never saved) - tests: update ActionCategory count (6 → 7) and slack_send assertion
COMMUNICATION is intentionally gated at all tiers (never autonomous) — tests asserting 'all categories are autonomous for CITIZEN/AGENT' need to exclude COMMUNICATION; add explicit gated assertions instead.
COMMUNICATION is always gated (never autonomous) — fix test_citizen_has_all_autonomous to exclude COMMUNICATION and add test_citizen_communication_is_gated as explicit assertion.
Bumps the pip group with 1 update in the / directory: [cryptography](https://github.com/pyca/cryptography). Updates `cryptography` from 46.0.6 to 46.0.7 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.6...46.0.7) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.7 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the pip group with 1 update in the / directory: cryptography.
Updates
cryptographyfrom 46.0.6 to 46.0.7Changelog
Sourced from cryptography's changelog.
Commits
622d67246.0.7 release (#14602)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.