168 Commits

Author	SHA1	Message	Date
Peter Steinberger	c070be1bc4	fix(sandbox): harden fs bridge path checks and bind mount policy	2026-02-24 02:21:43 +00:00
Peter Steinberger	223d7dc23d	feat(gateway)!: require explicit non-loopback control-ui origins	2026-02-24 01:57:11 +00:00
Peter Steinberger	161d9841dc	refactor(security): unify dangerous name matching handling	2026-02-24 01:33:08 +00:00
Peter Steinberger	cfa44ea6b4	fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907) ... * fix(channels): default allowFrom to id-only; add dangerous name opt-in * docs(security): align channel allowFrom docs with id-only default	2026-02-24 01:01:51 +00:00
Peter Steinberger	663f784e4e	test(core): trim redundant setup and tighten waits	2026-02-24 00:31:58 +00:00
Peter Steinberger	a2dfe9879f	fix(security): harden regex compilation for filters and redaction	2026-02-23 23:54:50 +00:00
Peter Steinberger	f52a0228ca	test: optimize auth and audit test runtime	2026-02-23 23:31:52 +00:00
Peter Steinberger	b922ecb8c1	test(security): reduce duplicate audit assertions	2026-02-23 22:16:39 +00:00
边黎安	a4c373935f	fix(agents): fall back to agents.defaults.model when agent has no model config (#24210) ... Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 0f272b1027 Co-authored-by: bianbiandashen <16240681+bianbiandashen@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-23 03:18:55 -05:00
Peter Steinberger	57b75678d4	test(security): consolidate runtime guardrail scans	2026-02-22 22:06:01 +00:00
Peter Steinberger	8af6d1a186	refactor(test): dedupe repeated fixture setup helpers	2026-02-22 20:04:51 +00:00
Peter Steinberger	b79c89fc90	fix: stabilize CI type and test harness coverage	2026-02-22 18:06:34 +00:00
Peter Steinberger	03285465ff	perf(test): lazy-load weak-random fallback scanner	2026-02-22 17:52:12 +00:00
Peter Steinberger	90a8ddc3c6	perf(test): replace temp-path guard AST parse with fast scanner	2026-02-22 17:52:12 +00:00
Peter Steinberger	2962e5a383	perf(test): tighten temp-path dynamic prefilter	2026-02-22 17:51:38 +00:00
Peter Steinberger	91cb28ecef	perf(test): speed temp-path AST scan	2026-02-22 17:06:35 +00:00
Peter Steinberger	dd4495e23a	test: optimize temp path guard scan prefilter	2026-02-22 17:06:35 +00:00
Peter Steinberger	7bf719fe85	test: narrow weak-random rg scan globs	2026-02-22 17:06:35 +00:00
Peter Steinberger	07514361d7	test: speed up weak random guardrail scan	2026-02-22 17:06:35 +00:00
Peter Steinberger	b6ac0eef5d	test: trim gateway fixture sizes and preload message command	2026-02-22 17:06:34 +00:00
Peter Steinberger	a0d0104a86	test: speed up signal reconnect and temp path guard scans	2026-02-22 14:44:19 +00:00
Peter Steinberger	adfbbcf1f6	chore: merge origin/main into main	2026-02-22 13:42:52 +00:00
Peter Steinberger	7a2b05314a	test: speed up onboarding provider auth and temp-path guard scans	2026-02-22 13:24:59 +00:00
Peter Steinberger	0d0f4c6992	refactor(exec): centralize safe-bin policy checks	2026-02-22 13:18:25 +01:00
Peter Steinberger	29cc7f431f	test: share runtime scan filters and cached test scans	2026-02-22 12:44:44 +01:00
Peter Steinberger	a4607277a9	test: consolidate sessions_spawn and guardrail helpers	2026-02-22 12:34:55 +01:00
Peter Steinberger	401106b963	fix: harden flaky tests and cover native google thought signatures (#23457) (thanks @echoVic)	2026-02-22 12:24:53 +01:00
Peter Steinberger	bf52273a58	test: harden flaky timeout-sensitive tests	2026-02-22 12:21:19 +01:00
Peter Steinberger	c283f87ab0	refactor: clarify strict loopback proxy audit rules	2026-02-22 11:35:08 +01:00
Peter Steinberger	29e41d4c0a	fix: land security audit severity + temp-path guard fixes (#23428) (thanks @bmendonca3)	2026-02-22 11:26:17 +01:00
Brian Mendonca	bc78b343ba	Security: expand audit checks for mDNS and real-IP fallback	2026-02-22 11:26:17 +01:00
Peter Steinberger	bfc9ecf32e	test: harden temp path guard detection (#23398)	2026-02-22 11:12:01 +01:00
Peter Steinberger	57ce7214d2	test: stabilize temp-path guard across runtimes (#23398)	2026-02-22 11:12:01 +01:00
Peter Steinberger	bd4f670544	refactor: simplify windows ACL parsing and expand coverage	2026-02-22 10:43:03 +01:00
Peter Steinberger	9b9cc44a4e	fix: finalize modelByChannel validator landing (#23412) (thanks @ProspectOre)	2026-02-22 10:41:40 +01:00
Vignesh Natarajan	9325418098	chore: fix temp-path guard skip for *.test-helpers.ts	2026-02-22 01:41:06 -08:00
SK Akram	85a3c0c818	fix: use SID-based ACL classification for non-English Windows	2026-02-22 10:37:34 +01:00
Peter Steinberger	6c2e999776	refactor(security): unify secure id paths and guard weak patterns	2026-02-22 10:16:19 +01:00
Peter Steinberger	f101d59d57	feat(security): warn on dangerous config flags at startup	2026-02-22 10:11:46 +01:00
Peter Steinberger	265da4dd2a	fix(security): harden gateway command/audit guardrails	2026-02-22 08:45:48 +01:00
Peter Steinberger	3d718b5c37	test(security): dedupe external marker sanitization assertions	2026-02-22 07:44:57 +00:00
Peter Steinberger	049b8b14bc	fix(security): flag open-group runtime/fs exposure in audit	2026-02-22 08:22:51 +01:00
Peter Steinberger	fbf0c99d7c	test(security): simplify repeated audit finding assertions	2026-02-21 23:09:15 +00:00
Peter Steinberger	0bd9f0d4ac	fix: enforce strict allowlist across pairing stores (#23017)	2026-02-22 00:00:23 +01:00
Peter Steinberger	0608587bc3	test: streamline config, audit, and qmd coverage	2026-02-21 22:23:43 +00:00
Peter Steinberger	302fa03f41	fix(test): skip test-utils files in temp path guard	2026-02-21 20:48:52 +01:00
Peter Steinberger	c240104dc3	refactor(test): snapshot gateway auth env in security audit tests	2026-02-21 19:16:21 +00:00
Peter Steinberger	7724abeee0	refactor(test): dedupe env setup across suites	2026-02-21 19:13:46 +00:00
Peter Steinberger	4540790cb6	refactor(bluebubbles): share dm/group access policy checks	2026-02-21 20:08:33 +01:00
Peter Steinberger	f97c45c5b5	fix(security): warn on Discord name-based allowlists in audit	2026-02-21 19:45:17 +01:00