Shakker
|
ef1ffacfb2
|
scripts: exclude unresolved clawtributors from README
|
2026-02-24 02:55:02 +00:00 |
|
Peter Steinberger
|
90383e00e9
|
fix(security): harden autoAllowSkills exec matching
|
2026-02-24 02:53:47 +00:00 |
|
Peter Steinberger
|
e578521ef4
|
fix(security): harden session export image data-url handling
|
2026-02-24 02:53:39 +00:00 |
|
Peter Steinberger
|
fefc414576
|
fix(security): harden structural session path fallback
|
2026-02-24 02:52:48 +00:00 |
|
Peter Steinberger
|
ff4e6ca0d9
|
fix(ios): gate agent deep links with local confirmation
|
2026-02-24 02:51:58 +00:00 |
|
Peter Steinberger
|
f8524ec77a
|
fix(security): harden exported session html rendering
|
2026-02-24 02:40:29 +00:00 |
|
Peter Steinberger
|
f6afc8c5b6
|
docs(security): clarify host-side exec trust model defaults
|
2026-02-24 02:40:18 +00:00 |
|
Peter Steinberger
|
1d28da55a5
|
fix(voice-call): block Twilio webhook replay and stale transitions
|
2026-02-24 02:37:24 +00:00 |
|
Gustavo Madeira Santana
|
4663d68384
|
Tests: make model-catalog fixtures type-valid
|
2026-02-23 21:36:34 -05:00 |
|
Peter Steinberger
|
ce02ad9643
|
refactor(agents): centralize sandbox media and fs policy helpers
|
2026-02-24 02:32:01 +00:00 |
|
Gustavo Madeira Santana
|
207ec7cfae
|
chore(provider): remove unused pruning functions
|
2026-02-23 21:31:12 -05:00 |
|
Peter Steinberger
|
4032390572
|
docs(security): clarify trusted user-triggered local actions
|
2026-02-24 02:29:09 +00:00 |
|
Peter Steinberger
|
3f923e8313
|
test: add env -S allowlist bypass regressions
|
2026-02-24 02:28:00 +00:00 |
|
Peter Steinberger
|
6634030be3
|
fix: enforce apply_patch workspaceOnly in sandbox mounts
|
2026-02-24 02:23:56 +00:00 |
|
Peter Steinberger
|
c070be1bc4
|
fix(sandbox): harden fs bridge path checks and bind mount policy
|
2026-02-24 02:21:43 +00:00 |
|
Peter Steinberger
|
dd9d9c1c60
|
fix(security): enforce workspaceOnly for sandbox image tool
|
2026-02-24 02:17:55 +00:00 |
|
Peter Steinberger
|
0026255def
|
refactor(security): harden system.run wrapper enforcement
|
2026-02-24 02:17:41 +00:00 |
|
Gustavo Madeira Santana
|
5239b55c0a
|
Config: expand Kilo catalog and persist selected Kilo models (#24921)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f5a7e1a38574593838a7cd62ab9f1488f2da461e
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
|
2026-02-23 21:17:37 -05:00 |
|
Peter Steinberger
|
6c441ea797
|
fix: support legacy and beta prerelease version formats
|
2026-02-24 02:05:37 +00:00 |
|
Peter Steinberger
|
08e2aa44e7
|
fix(commands): restrict commands.allowFrom to sender principals
|
2026-02-24 02:01:01 +00:00 |
|
Peter Steinberger
|
223d7dc23d
|
feat(gateway)!: require explicit non-loopback control-ui origins
|
2026-02-24 01:57:11 +00:00 |
|
Peter Steinberger
|
edfefdff7d
|
docs(changelog): mark ACP hardening as next npm release
|
2026-02-24 01:56:22 +00:00 |
|
Peter Steinberger
|
a1c4bf07c6
|
fix(security): harden exec wrapper allowlist execution parity
|
2026-02-24 01:52:17 +00:00 |
|
Peter Steinberger
|
5eb72ab769
|
fix(security): harden browser SSRF defaults and migrate legacy key
|
2026-02-24 01:52:01 +00:00 |
|
Peter Steinberger
|
8779b523dc
|
test(sandbox): speed up agent-config coverage with pure resolvers
|
2026-02-24 01:46:12 +00:00 |
|
Peter Steinberger
|
467666adc7
|
test(sandbox): use focused modules in lightweight suites
|
2026-02-24 01:46:12 +00:00 |
|
Peter Steinberger
|
f0f886ecc4
|
docs(security): clarify gateway-node trust boundary in docs
|
2026-02-24 01:35:44 +00:00 |
|
Peter Steinberger
|
1f81677093
|
docs(changelog): note dangerous name-matching audit unification
|
2026-02-24 01:33:08 +00:00 |
|
Peter Steinberger
|
161d9841dc
|
refactor(security): unify dangerous name matching handling
|
2026-02-24 01:33:08 +00:00 |
|
Peter Steinberger
|
6a7c303dcc
|
test(msteams): fix allowlist name-match expectations
|
2026-02-24 01:26:53 +00:00 |
|
Peter Steinberger
|
2e36bdda85
|
docs(changelog): credit ACP security reporter
|
2026-02-24 01:19:03 +00:00 |
|
Peter Steinberger
|
22467902ea
|
fix(doctor): inherit dangerous name-matching flag in mutable allowlist scan
|
2026-02-24 01:18:38 +00:00 |
|
Peter Steinberger
|
e5931554bf
|
test: tighten slow test timeouts and cleanup
|
2026-02-24 01:16:53 +00:00 |
|
Peter Steinberger
|
6c43d0a08e
|
test(gateway): move sessions_send error paths to unit tests
|
2026-02-24 01:16:53 +00:00 |
|
Peter Steinberger
|
63dcd28ae0
|
fix(acp): harden permission tool-name validation
|
2026-02-24 01:11:34 +00:00 |
|
Peter Steinberger
|
f97c0922e1
|
fix(security): harden account-key handling against prototype pollution
|
2026-02-24 01:09:31 +00:00 |
|
Peter Steinberger
|
12cc754332
|
fix(acp): harden permission auto-approval policy
|
2026-02-24 01:03:30 +00:00 |
|
Peter Steinberger
|
ddf93d9845
|
docs(security): add vps trust-boundary guidance
|
2026-02-24 01:02:11 +00:00 |
|
Peter Steinberger
|
cfa44ea6b4
|
fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907)
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
|
2026-02-24 01:01:51 +00:00 |
|
Peter Steinberger
|
41b0568b35
|
docs(security): clarify shared-agent trust boundaries
|
2026-02-24 01:00:05 +00:00 |
|
Peter Steinberger
|
0cc327546b
|
test(gateway): speed up slow e2e test setup
|
2026-02-24 00:59:52 +00:00 |
|
Peter Steinberger
|
13478cc79a
|
refactor(config): harden catchall hint mapping and array fallback
|
2026-02-24 00:59:44 +00:00 |
|
Vincent Koc
|
30c622554f
|
Providers: disable developer role for DashScope-compatible endpoints (#24675)
* Agents: disable developer role for DashScope-compatible endpoints
* Agents: test DashScope developer-role compatibility
* Gateway: test allowlisted sessions.patch model selection
* Changelog: add DashScope role-compat fix note
|
2026-02-23 19:51:16 -05:00 |
|
Peter Steinberger
|
83eae14ed6
|
docs: add security-advisory triage reminder to agents guide
|
2026-02-24 00:45:41 +00:00 |
|
Peter Steinberger
|
400220275c
|
docs: clarify multi-instance recommendations for user isolation
|
2026-02-24 00:40:08 +00:00 |
|
Peter Steinberger
|
a430e1722b
|
test(channels): reduce media test runtime and polling
|
2026-02-24 00:31:58 +00:00 |
|
Peter Steinberger
|
663f784e4e
|
test(core): trim redundant setup and tighten waits
|
2026-02-24 00:31:58 +00:00 |
|
Peter Steinberger
|
f58c1ef34e
|
test(gateway): speed up contract and polling suites
|
2026-02-24 00:31:58 +00:00 |
|
Peter Steinberger
|
7d55277d72
|
docs: clarify operator trust boundary for shared gateways
|
2026-02-24 00:25:01 +00:00 |
|
Peter Steinberger
|
f0c3c8b6a3
|
fix(config): redact dynamic catchall secret keys
|
2026-02-24 00:21:29 +00:00 |
|