Drop the generated qa-runner catalog and the missing/install placeholder
path for repo-private QA runners. The host should discover bundled QA
commands from manifest plus runtime surface only.
Also trim stale qa-matrix install docs and package metadata so the
source-only QA policy stays consistent.
* fix(mcp): harden loopback request guards
* fix(commit): block staged user log
* Revert pre-commit USER.md guard from this PR
Out of scope for the MCP loopback hardening — keep this PR
focused on the loopback request gate and the bearer-comparison
fix. The pre-commit worklog guard can land separately if
maintainers want it.
* changelog: note MCP loopback constant-time + Origin guard (#66665)
* fix(mcp): allow loopback flows that browsers flag as cross-site
The previous Sec-Fetch-Site early-return rejected legit local
browser callers like a UI hosted on http://localhost:<ui-port>
talking to MCP on http://127.0.0.1:<mcp-port> — browsers report
that host mismatch as cross-site even though both ends are
loopback. checkBrowserOrigin already authorizes those via its
local-loopback matcher (loopback peer + loopback Origin host),
so route every Origin-bearing request through that helper and
let it decide. Native MCP clients (no Origin header) continue to
short-circuit through to the bearer check unchanged.
Adds a regression test asserting that
origin: http://localhost:43123, sec-fetch-site: cross-site
from a loopback peer is accepted with a valid bearer.
---------
Co-authored-by: Devin Robison <drobison@nvidia.com>
* fix(agents): tighten workspace file opens
* fix(agents): clarify symlink rejection tests
* fix(agents): surface unsafe identity reads
* fix(agents): use non-blocking opens for identity reads and write-mode probes
* fix(fssafe): restore symlink read identity check
* fix(worklog): append comment resolution status
* fix(fssafe): close afterOpen handle leaks
* fix(worklog): append comment resolution follow-up
* fix(worklog): drop internal user file
* fix(agents): rethrow unexpected errors in agents.files.get
* changelog: note agents.files fs-safe routing + fd-first realpath (#66636)
* fix(agents): rethrow unexpected errors in agents.files.set too
Match the narrow-SafeOpenError catch pattern that agents.files.get
(commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a
real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal
gateway error handling instead of being masked as
'unsafe workspace file'.
* test(agents): match fsStat/fsLstat mock signatures
The mock functions are declared as
vi.fn(async (..._args: unknown[]) => Stats | null)
so mockImplementation callbacks must accept ...unknown[], not a
narrowed (filePath: string) argument. The narrower signature
works at runtime but trips tsgo's strict type check; switch to
args[0] unpacking so the callbacks match the hoisted mock shape.
---------
Co-authored-by: Devin Robison <drobison@nvidia.com>
* fix(feishu): harden webhook replay guards
* changelog: note Feishu webhook + card-action fail-closed hardening (#66707)
* fix(feishu): move blank-token check above decodeFeishuCardAction
Run the early-return guard against a missing/blank card-action
token before decoding the card-action payload. Decoding is
side-effect-free so this is a readability + tiny-perf nit, not a
correctness change. Matches Greptile's P2 suggestion.
---------
Co-authored-by: Devin Robison <drobison@nvidia.com>
Fixes#65465. Caps the compaction reserveTokensFloor so that at least min(8 000, 50%) of the context window remains available for
prompt content, preventing the default 20 000-token floor from exceeding the entire context window on small-context local models (e.g. Ollama
16K). The cap is only applied when contextTokenBudget is provided, preserving backward compatibility.
