Jacob Tomlinson
|
7bd2761b92
|
Exec approvals: detect command carriers in strict inline eval (#57842)
* Exec approvals: detect command carriers in strict inline eval
* Exec approvals: cover carrier option edge cases
* Exec approvals: cover make and find carriers
* Exec approvals: catch attached eval flags
* Exec approvals: keep sed -E out of inline eval
* Exec approvals: treat sed in-place flags as optional
|
2026-03-31 10:58:17 +01:00 |
|
Jacob Tomlinson
|
6b38815f86
|
fix(gateway): tighten tools invoke HTTP guardrails (#57771)
* fix(gateway): tighten tools invoke HTTP guardrails
Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
* fix(security): centralize gateway HTTP deny defaults
* fix(gateway): drop duplicate scope guard after rebase
---------
Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
|
2026-03-30 17:16:33 +01:00 |
|
Jacob Tomlinson
|
1a75906a6f
|
Exec approvals: prevent interpreter allow-always persistence (#57772)
* Exec approvals: block interpreter allow-always persistence
* Exec approvals: normalize interpreter allowlist formatting
* Exec approvals: normalize interpreter allowlist wrapping
* Exec approvals: tighten awk regression coverage
* Exec approvals: harden awk interpreter coverage
|
2026-03-30 17:03:54 +01:00 |
|
Peter Steinberger
|
0ffd6b202f
|
test: dedupe security audit and acl suites
|
2026-03-28 01:17:57 +00:00 |
|
Peter Steinberger
|
d38ec0c9c9
|
test: dedupe loader heartbeat and audit cases
|
2026-03-28 00:53:34 +00:00 |
|
Peter Steinberger
|
6a039bca30
|
test: dedupe loader and audit suites
|
2026-03-28 00:46:53 +00:00 |
|
Harold Hunt
|
da60aff17a
|
Tests: isolate security audit home skill resolution (#54473)
Merged via squash.
Prepared head SHA: 82181e15fb
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Reviewed-by: @huntharo
|
2026-03-25 09:43:19 -04:00 |
|
Peter Steinberger
|
c42cb1ca66
|
refactor: audit synology dangerous name matching
|
2026-03-22 23:32:22 -07:00 |
|
Peter Steinberger
|
405d808409
|
fix: restore repo-wide gate after exec safe-bin refactor
|
2026-03-22 17:28:04 +00:00 |
|
Peter Steinberger
|
0ac939059e
|
refactor(exec): split safe-bin semantics
|
2026-03-22 10:14:46 -07:00 |
|
Peter Steinberger
|
a94ec3b79b
|
fix(security): harden exec approval boundaries
|
2026-03-22 09:35:25 -07:00 |
|
Peter Steinberger
|
8b7f40580d
|
perf: split telegram audit runtime seams
|
2026-03-22 00:53:12 +00:00 |
|
Peter Steinberger
|
994b42a5a5
|
test: parallelize safe audit case tables
|
2026-03-20 21:16:01 +00:00 |
|
Peter Steinberger
|
9f8cf7f71a
|
test: stabilize full gate
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
6646ca61cc
|
test: merge audit channel command hygiene cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
63997aec23
|
test: merge audit trust exposure cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
141d73ddf4
|
test: merge audit dangerous flag cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
58c26ad706
|
test: merge audit code safety cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
ef53926542
|
test: merge audit install metadata cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
7866655176
|
test: merge audit allowCommands cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
9e087f66be
|
test: merge audit browser sandbox cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
9b7aafa141
|
test: merge audit sandbox docker config cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
23a3211c29
|
test: merge audit discord allowlist cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
c1733d700d
|
test: merge audit sandbox docker danger cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
610d836151
|
test: merge audit gateway auth guardrail cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
8cfcce0849
|
test: merge audit resolved inspection cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
fb4b6eef03
|
test: merge audit code safety failure cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
a24325f40c
|
test: merge audit deny command cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
8ab2d886eb
|
test: merge audit windows acl cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
2cfccf59c7
|
test: merge audit browser container cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
355051f401
|
test: merge audit gateway auth presence cases
|
2026-03-17 16:21:59 +00:00 |
|
Peter Steinberger
|
97c481120f
|
test: merge audit extension allowlist severity cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
23d700b090
|
test: merge audit hooks ingress cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
17143ed878
|
test: merge audit exposure heuristic cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
588c8be6ff
|
test: merge audit extension and workspace cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
7efa79121a
|
test: merge install metadata audit cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
85c5ec8065
|
test: share audit exposure severity helper
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
167a6ebed9
|
test: merge gateway http audit cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
4fd17021f2
|
test: merge hooks audit risk cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
3aa76a8ce7
|
test: merge feishu audit doc cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
7e1bc4677f
|
test: merge control ui audit cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
5f0f69b2c7
|
test: merge browser control audit cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
2ef7b13962
|
test: merge channel command audit cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
03b405659b
|
test: merge audit auth precedence cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
0c070ccd53
|
test: merge zalouser audit group cases
|
2026-03-17 16:21:58 +00:00 |
|
Peter Steinberger
|
1038990bdd
|
test: merge discord audit allowlist cases
|
2026-03-17 16:21:58 +00:00 |
|
Josh Avant
|
a2cb81199e
|
secrets: harden read-only SecretRef command paths and diagnostics (#47794)
* secrets: harden read-only SecretRef resolution for status and audit
* CLI: add SecretRef degrade-safe regression coverage
* Docs: align SecretRef status and daemon probe semantics
* Security audit: close SecretRef review gaps
* Security audit: preserve source auth SecretRef configuredness
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
|
2026-03-15 21:55:24 -05:00 |
|
Peter Steinberger
|
3f12e90f3e
|
fix(ci): repair security and route test fixtures
|
2026-03-15 19:54:00 -07:00 |
|
Peter Steinberger
|
a472f988d8
|
fix: harden remote cdp probes
|
2026-03-15 08:23:01 -07:00 |
|
Peter Steinberger
|
f36d8c09f1
|
feat(zalouser): audit mutable group allowlists
|
2026-03-13 01:44:42 +00:00 |
|