Omair Afzal
177f167eab
fix: guard .trim() calls on potentially undefined workspaceDir ( #24875 )
...
Change workspaceDir param type from string to string | undefined in
resolvePluginSkillDirs and use nullish coalescing before .trim() to
prevent TypeError when workspaceDir is undefined.
2026-02-24 03:22:39 +00:00
Peter Steinberger
7b2b86c60a
fix(exec): add approval race changelog and regressions
2026-02-24 03:22:05 +00:00
Peter Steinberger
6f0dd61795
fix(exec): restore two-phase approval registration flow
2026-02-24 03:16:36 +00:00
Peter Steinberger
c6c1e3e7cf
docs(changelog): correct exec approvals reporter credit
2026-02-24 03:13:48 +00:00
Peter Steinberger
ffd63b7a2c
fix(security): trust resolved skill-bin paths in allowlist auto-allow
2026-02-24 03:12:43 +00:00
Peter Steinberger
204d9fb404
refactor(security): dedupe shell env probe and add path regression test
2026-02-24 03:11:33 +00:00
Peter Steinberger
64aab80201
test(exec): add regressions for safe-bin metadata and chain semantics
2026-02-24 03:10:19 +00:00
Peter Steinberger
a67689a7e3
fix: harden allow-always shell multiplexer wrapper handling
2026-02-24 03:06:51 +00:00
Peter Steinberger
4a3f8438e5
fix(gateway): bind node exec approvals to nodeId
2026-02-24 03:05:58 +00:00
Peter Steinberger
9530c01085
refactor(exec): split safe-bin policy modules and dedupe allowlist flow
2026-02-24 03:05:03 +00:00
Peter Steinberger
c5ac90ab92
docs(changelog): add shell-env fallback hardening note
2026-02-24 03:04:49 +00:00
Peter Steinberger
60f1d1959a
test: stabilize invoke-system-run env-wrapper assertion on Windows
2026-02-24 03:02:38 +00:00
Peter Steinberger
d0ef4c75c7
docs(changelog): credit safeBins advisory reporters
2026-02-24 02:59:17 +00:00
Peter Steinberger
ff10fe8b91
fix(security): require /etc/shells for shell env fallback
2026-02-24 02:58:24 +00:00
Shakker
71f4b93656
docs: refresh clawtributors list
2026-02-24 02:55:02 +00:00
Shakker
ef1ffacfb2
scripts: exclude unresolved clawtributors from README
2026-02-24 02:55:02 +00:00
Peter Steinberger
90383e00e9
fix(security): harden autoAllowSkills exec matching
2026-02-24 02:53:47 +00:00
Peter Steinberger
e578521ef4
fix(security): harden session export image data-url handling
2026-02-24 02:53:39 +00:00
Peter Steinberger
fefc414576
fix(security): harden structural session path fallback
2026-02-24 02:52:48 +00:00
Peter Steinberger
ff4e6ca0d9
fix(ios): gate agent deep links with local confirmation
2026-02-24 02:51:58 +00:00
Peter Steinberger
f8524ec77a
fix(security): harden exported session html rendering
2026-02-24 02:40:29 +00:00
Peter Steinberger
f6afc8c5b6
docs(security): clarify host-side exec trust model defaults
2026-02-24 02:40:18 +00:00
Peter Steinberger
1d28da55a5
fix(voice-call): block Twilio webhook replay and stale transitions
2026-02-24 02:37:24 +00:00
Gustavo Madeira Santana
4663d68384
Tests: make model-catalog fixtures type-valid
2026-02-23 21:36:34 -05:00
Peter Steinberger
ce02ad9643
refactor(agents): centralize sandbox media and fs policy helpers
2026-02-24 02:32:01 +00:00
Gustavo Madeira Santana
207ec7cfae
chore(provider): remove unused pruning functions
2026-02-23 21:31:12 -05:00
Peter Steinberger
4032390572
docs(security): clarify trusted user-triggered local actions
2026-02-24 02:29:09 +00:00
Peter Steinberger
3f923e8313
test: add env -S allowlist bypass regressions
2026-02-24 02:28:00 +00:00
Peter Steinberger
6634030be3
fix: enforce apply_patch workspaceOnly in sandbox mounts
2026-02-24 02:23:56 +00:00
Peter Steinberger
c070be1bc4
fix(sandbox): harden fs bridge path checks and bind mount policy
2026-02-24 02:21:43 +00:00
Peter Steinberger
dd9d9c1c60
fix(security): enforce workspaceOnly for sandbox image tool
2026-02-24 02:17:55 +00:00
Peter Steinberger
0026255def
refactor(security): harden system.run wrapper enforcement
2026-02-24 02:17:41 +00:00
Gustavo Madeira Santana
5239b55c0a
Config: expand Kilo catalog and persist selected Kilo models ( #24921 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f5a7e1a3855599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-23 21:17:37 -05:00
Peter Steinberger
6c441ea797
fix: support legacy and beta prerelease version formats
2026-02-24 02:05:37 +00:00
Peter Steinberger
08e2aa44e7
fix(commands): restrict commands.allowFrom to sender principals
2026-02-24 02:01:01 +00:00
Peter Steinberger
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
Peter Steinberger
edfefdff7d
docs(changelog): mark ACP hardening as next npm release
2026-02-24 01:56:22 +00:00
Peter Steinberger
a1c4bf07c6
fix(security): harden exec wrapper allowlist execution parity
2026-02-24 01:52:17 +00:00
Peter Steinberger
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
Peter Steinberger
8779b523dc
test(sandbox): speed up agent-config coverage with pure resolvers
2026-02-24 01:46:12 +00:00
Peter Steinberger
467666adc7
test(sandbox): use focused modules in lightweight suites
2026-02-24 01:46:12 +00:00
Peter Steinberger
f0f886ecc4
docs(security): clarify gateway-node trust boundary in docs
2026-02-24 01:35:44 +00:00
Peter Steinberger
1f81677093
docs(changelog): note dangerous name-matching audit unification
2026-02-24 01:33:08 +00:00
Peter Steinberger
161d9841dc
refactor(security): unify dangerous name matching handling
2026-02-24 01:33:08 +00:00
Peter Steinberger
6a7c303dcc
test(msteams): fix allowlist name-match expectations
2026-02-24 01:26:53 +00:00
Peter Steinberger
2e36bdda85
docs(changelog): credit ACP security reporter
2026-02-24 01:19:03 +00:00
Peter Steinberger
22467902ea
fix(doctor): inherit dangerous name-matching flag in mutable allowlist scan
2026-02-24 01:18:38 +00:00
Peter Steinberger
e5931554bf
test: tighten slow test timeouts and cleanup
2026-02-24 01:16:53 +00:00
Peter Steinberger
6c43d0a08e
test(gateway): move sessions_send error paths to unit tests
2026-02-24 01:16:53 +00:00
Peter Steinberger
63dcd28ae0
fix(acp): harden permission tool-name validation
2026-02-24 01:11:34 +00:00
