Commit Graph

37155 Commits

Author SHA1 Message Date
wings1029
e5aefd5656 fix(gateway): keep live chat assistant buffer tail truncation UTF-16 safe (#102484)
* fix(gateway): keep live chat assistant buffer tail truncation UTF-16 safe

* test(gateway): cover UTF-16 tail cap through merge path

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:37:50 +01:00
Peter Steinberger
3b418bdef6 perf(test): avoid repeated model manifest scans 2026-07-09 03:34:37 -04:00
qingminlong
b40e5b974f fix(cli): clarify nodes invoke params errors (#101838) 2026-07-09 08:33:47 +01:00
Ayaan Zaidi
f246fa3901 test(agents): fix cross-file mock and module-state leakage in auth-profiles suite 2026-07-09 12:59:54 +05:30
wings1029
f0cc5e500f fix(auto-reply,infra): keep startup context and heartbeat event text UTF-16 safe (#102483)
* fix(auto-reply,infra): keep startup context and heartbeat event text UTF-16 safe

* test: strengthen UTF-16 truncation coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:23:00 +01:00
Vincent Koc
04b64ffc19 test(release): align live model priority indices 2026-07-09 00:17:55 -07:00
Peter Steinberger
c20ce00d19 perf(test): restore cleanup-safe TUI PTY concurrency 2026-07-09 03:05:07 -04:00
zw-xysk
a6d45c46de fix(gateway): keep chat history display text truncation surrogate-safe (#102470)
* fix(gateway): keep chat history display text truncation surrogate-safe

truncateChatHistoryText uses slice(0, N) to truncate chat history text
for the Control UI. When the truncation boundary falls inside a UTF-16
surrogate pair (emoji, CJK extended), the resulting string contains a
dangling surrogate that browsers render as U+FFFD (�).

Replace slice(0, maxChars) with truncateUtf16Safe(text, maxChars) so
the truncation point always falls on a complete code-point boundary.

* test(gateway): cover chat display UTF-16 boundary

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:04:34 +01:00
lsr911
4fa3118049 fix(native-hook-relay): use truncateUtf16Safe for hook display text truncation (#102467)
* fix(tool-policy-audit): use truncateUtf16Safe for audit field truncation

Replace naive .slice(0, MAX) with truncateUtf16Safe() to prevent
surrogate pair splitting in tool policy audit log output.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(native-hook-relay): use truncateUtf16Safe for hook display text truncation

Replace naive .slice(0, N) truncation with truncateUtf16Safe() in:
- truncateText() helper (covers 4 call sites for tool display text)
- Inline hook result truncation (...[truncated] suffix)

Prevents surrogate pair splitting in native hook relay display
output (tool names, commands, descriptions shown to users).

Co-Authored-By: Claude <noreply@anthropic.com>

* test(agents): cover hook relay UTF-16 boundaries

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:03:19 +01:00
lsr911
472e5167d3 fix(tool-policy-audit): use truncateUtf16Safe for audit field truncation (#102464)
* fix(tool-policy-audit): use truncateUtf16Safe for audit field truncation

Replace naive .slice(0, MAX) with truncateUtf16Safe() to prevent
surrogate pair splitting in tool policy audit log output.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(agents): cover audit UTF-16 boundary

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:02:16 +01:00
chengzhichao-xydt
bc6a4bdd94 fix(agents): keep tool-result context guard truncation UTF-16 safe (#102466)
* fix(agents): keep tool-result context guard truncation UTF-16 safe

Replace the raw text.slice(0, cutPoint) in truncateTextToBudget with
truncateUtf16Safe so oversized tool results do not emit lone surrogates
when an emoji falls on the truncation boundary.

Adds a regression test that places an emoji exactly at the legacy cut
point and asserts the truncated output contains no lone surrogates.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(agents): report surrogate-safe omitted count

---------

Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:59:08 +01:00
kevinlin-openai
245b91b83d feat(slack): support Enterprise Grid org installs (#102372)
* feat(slack): support Enterprise Grid org installs

* docs: refresh generated docs map

* fix(slack): satisfy enterprise routing CI

* fix(slack): accept org auth without app id

* docs(plugin-sdk): document channel policy hooks

* fix(slack): reuse canonical sender for enterprise replies

* test(slack): fix enterprise sender lint

---------

Co-authored-by: Kevin Lin <kevin@dendron.so>
2026-07-08 23:53:19 -07:00
qingminlong
b20b02a476 fix(tool-payload): enforce UTF-8 byte limits for serialized payloads (#102450)
* fix(tool-payload): reject oversized XML payload bytes

* fix(tools): enforce serialized payload byte limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:47:23 +01:00
Ayaan Zaidi
20f355f236 fix(agents): adopt relogged credential inside locked cas-miss recovery 2026-07-09 12:04:24 +05:30
Ayaan Zaidi
2b98aec9ef fix(agents): stop auth bookkeeping from clobbering rotated oauth credentials 2026-07-09 12:04:24 +05:30
Tianning Li
583ca34bf8 feat(stepfun): add step-3.7-flash model (#88082)
* feat(stepfun): add step-3.7-flash model and make it default

* fix(stepfun): set step-3.7-flash cacheRead cost to 0.04

* fix(stepfun): raise step-3.7-flash maxTokens to context limit

Output was artificially capped at 65536; StepFun docs set max_tokens
default to INF, bounded only by the 256K context window. Raise
step-3.7-flash maxTokens to 262144 on both stepfun and stepfun-plan,
matching contextWindow. Per models.dev anomalyco/models.dev#1903.
step-3.5-flash entries unchanged.

* fix(stepfun): zero step-plan step-3.7-flash cost for plan billing

Step Plan endpoint bills per subscription plan, not per token, matching
the sibling stepfun-plan/step-3.5-flash and step-3.5-flash-2603 entries
which already carry zero cost. Standard stepfun/step-3.7-flash keeps its
per-token rate. Per models.dev anomalyco/models.dev#1903, whose step-plan
providers omit cost entirely.

* docs(changelog): note StepFun 3.7 support

* style(stepfun): format provider table

* fix(stepfun): forward reasoning effort

* fix(stepfun): scope reasoning compat to 3.7

* test(stepfun): keep 3.5 reasoning compat unchanged

* fix(stepfun): carry off fallback through agent turns

* fix(stepfun): use documented token limit field

* fix(stepfun): match chat completions contract

* chore(stepfun): keep changelog release-owned

---------

Co-authored-by: Tianning Li <litianning@stepfun.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:14:46 +01:00
wm0018
7de325d060 fix: keep task title truncation UTF-16 safe in restart/diagnostic output (#101934)
* fix: keep task title truncation UTF-16 safe in restart/diagnostic output

Three private copies of formatTaskBlocker share the same pattern —
task.title.slice(0, 80) — which can split surrogate pairs in task
titles, producing broken U+FFFD in restart blocker diagnostics,
gateway reload logs, and CLI run-loop output.

Replace raw slice with truncateUtf16Safe in all three locations.

Relevant files:
- gateway/server-reload-handlers.ts:270
- infra/restart-coordinator.ts:73
- cli/gateway-cli/run-loop.ts:569

* refactor(tasks): centralize restart blocker formatting

* fix(tasks): keep restart formatter side-effect free

* refactor(tasks): tighten restart blocker ownership

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:10:25 +01:00
zw-xysk
cc961001f3 fix(security): keep channel-metadata and install-policy truncation surrogate-safe (#102266)
* fix(security): keep channel-metadata and install-policy truncation surrogate-safe

channel-metadata.ts and install-policy.ts both had private truncateText
functions using String.prototype.slice(0, N) on user-visible text.
channel-metadata is explicitly user-controlled untrusted content that gets
injected into LLM prompt context -- a dangling surrogate from unsafe
truncation would corrupt the prompt with invalid Unicode, affecting token
counting and potentially LLM response quality.

Replace .slice(0, ...) with truncateUtf16Safe(...) in both files so the
truncation point always falls on a complete code-point boundary.

Add test coverage for buildUntrustedChannelMetadata with emoji at both
the entry-level (400-char) and outer (800-char) truncation boundaries.

* test(security): prove UTF-16 truncation boundaries

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 06:31:06 +01:00
Peter Steinberger
5533d979d4 feat: add follow-up task suggestions (#102422)
* feat(tools): add follow-up task suggestions

* chore: leave changelog to release flow

* fix(tools): add task suggestion display metadata

* fix(tools): update task suggestion display snapshot

* docs: format task suggestion tool table

* test(gateway): expect compaction worktree workspace

* test(gateway): preserve configured compaction workspace

* fix(ui): translate task suggestions
2026-07-09 06:30:01 +01:00
wm0018
9b4cbe4758 fix(agents): keep chunkString and buildResumeMessage truncation UTF-16 safe (#102085)
* fix(agents): keep chunkString and buildResumeMessage truncation UTF-16 safe

* fix: preserve code points in agent output chunks

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 05:54:08 +01:00
Peter Steinberger
d6ec1c6cea fix(secrets): prevent capture and sentinel credential retention (#102420)
* fix(secrets): harden sentinel capture lifecycle

* chore: leave release notes to release automation
2026-07-09 05:50:28 +01:00
Dave Fano
b502554f6c Suppress failed tool progress in Discord (#92517)
* fix(discord): suppress failed tool progress

Co-authored-by: davefano-agents@teal-03-mst-m2u-wheeljack <davefano-agents@users.noreply.github.com>

* chore: leave changelog to release

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: davefano-agents@teal-03-mst-m2u-wheeljack <davefano-agents@users.noreply.github.com>
2026-07-09 05:39:59 +01:00
zw-xysk
ba5a212c8f fix(acp): keep session update text truncation surrogate-safe (#102378)
* fix(acp): keep session update text truncation surrogate-safe

acp-projector's truncateText function used String.prototype.slice(0, N)
on session update text that is sent to AI providers in the prompt context.
When the truncation boundary falls inside a UTF-16 surrogate pair (emoji,
CJK extended), the resulting string contains a dangling surrogate that
can corrupt the prompt.

Replace .slice(0, maxChars-1) with truncateUtf16Safe(input, maxChars-1)
so the truncation point always falls on a complete code-point boundary.

* fix: make ACP projection truncation UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 05:22:21 +01:00
ToToKr
6e4670f9c1 fix(acp): keep background-task summaries UTF-16 safe at truncation boundaries (#101976)
The bounded task label and progress summary shown for child ACP background runs used raw String.slice, which can split a surrogate pair at the 160/240-char boundaries and surface U+FFFD in requester-facing task status. Part of the UTF-16 safety sweep.
2026-07-09 05:02:21 +01:00
wm0018
9614129c2b fix(gateway): keep session title and preview text truncation UTF-16 safe (#102090)
* fix(gateway): keep session title and preview text truncation UTF-16 safe

* test(gateway): cover session UTF-16 boundaries in place

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 04:51:13 +01:00
chengzhichao-xydt
9e75ce9dd1 fix(agents): keep tool-result truncation UTF-16 safe (#102087)
* fix(agents): keep tool-result truncation UTF-16 safe

Replace raw .slice() calls in tool-result truncation with UTF-16-safe
helpers (sliceUtf16Safe/truncateUtf16Safe) so surrogate pairs are not
split when capping tool output, error-tail detection, or aggregate
elision markers.

- hasImportantTail: sliceUtf16Safe(text, -2000)
- appendBoundedTruncationSuffix: truncateUtf16Safe + sliceUtf16Safe
- truncateToolResultText head/tail/default paths: sliceUtf16Safe
- formatAggregateElisionText fallback: truncateUtf16Safe

Added regression tests for emoji at char and head+tail boundaries.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(agents): cover exact tool-result UTF-16 cuts

---------

Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 04:49:24 +01:00
mushuiyu886
7daa090935 fix(doctor): keep scrubbed error truncation UTF-16 safe (#102066)
* fix(doctor): keep scrubbed error truncation UTF-16 safe

* test(doctor): assert exact scrubbed error output

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 04:39:15 +01:00
QiuYuang
b62c796e51 fix(agents): keep truncation surrogate-safe (#102332)
* fix(agents): keep truncation surrogate-safe

* test(agents): tighten process label truncation coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 04:37:23 +01:00
Gio Della-Libera
735dbd2f95 feat: add signed marketplace feed config (#98316)
* feat: add signed marketplace feed config

* Clarify marketplace feed trust keys

* Preserve marketplace feed signing key type alias

* Fail closed for unwired signed marketplace feeds

* refactor: inline marketplace trust key config

---------

Co-authored-by: Gio Della-Libera <giodl@microsoft.com>
Co-authored-by: Patrick Erichsen <patrick.a.erichsen@gmail.com>
2026-07-08 20:32:14 -07:00
Patrick Erichsen
1252a3da59 fix: send owner-qualified install telemetry (#102377) 2026-07-08 20:18:09 -07:00
chengzhichao-xydt
e8bd3ae26a fix(agents): keep steering metadata truncation UTF-16 safe (#101736)
* fix(agents): keep steering metadata truncation UTF-16 safe

Replace raw string slicing with truncateUtf16Safe in promptLiteral so
emoji and CJK surrogate pairs in steering queue metadata are not split
mid-pair at the 500-char MAX_METADATA_CHARS cap.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(agents): add emoji surrogate boundary regression for steering metadata

Drive buildMergedAgentSteeringPrompt with a task label placing an emoji
at the 500-char MAX_METADATA_CHARS boundary to prove truncateUtf16Safe
preserves the surrogate pair instead of splitting it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(agents): assert steering truncation output

* test(agents): remove useless string concat in emoji boundary test

---------

Co-authored-by: Alix-007 <li.long15@xydigit.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
2026-07-09 04:12:27 +01:00
wings1029
1825c9f890 fix: keep emoji intact at remaining text truncation boundaries (#101754)
* fix: keep emoji intact at remaining text truncation boundaries

Replace .slice(0, N) with truncateUtf16Safe() in five remaining
user-visible text truncation sites that were missed by earlier
UTF-16 safety sweeps:

- restart.ts: restart reason text (2 sites)
- chat-composer.ts: reply target text preview
- chat-thread.ts: thread text preview + message text extraction

All sites truncate user-generated content where emoji or other
supplementary-plane characters could produce lone surrogates.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: complete UTF-16-safe restart and chat boundaries

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 04:02:08 +01:00
Gio Della-Libera
30b3a7cded feat: add hosted feed envelope verifier (#98299)
* feat: add hosted feed envelope verifier

* refactor: share Ed25519 signature helpers

* fix: repair hosted feed verifier checks

* Use DSSE PAE for hosted feed envelopes

* Bound raw hosted feed signatures

* fix(feeds): verify decoded envelope payload bytes

* chore: refresh npm shrinkwrap baselines

* Revert "chore: refresh npm shrinkwrap baselines"

This reverts commit 448f05f6de.

---------

Co-authored-by: Patrick Erichsen <patrick.a.erichsen@gmail.com>
Co-authored-by: Gio Della-Libera <giodl@microsoft.com>
2026-07-08 19:27:56 -07:00
Tobias Oort
0307deacfa feat(github-copilot): support GitHub Enterprise data-residency Copilot auth (#99221)
Adds GitHub Enterprise data-residency support to the existing bundled GitHub Copilot provider.

Maintainer proof:
- GitHub CI green on head 54010a6538
- `check-lint`, `check-additional-extension-bundled`, and `check-shrinkwrap` passed in CI
- local `pnpm lint:extensions:bundled`, `pnpm lint`, and focused GitHub Copilot Vitest passed
- AWS Crabbox proof passed
- live microsoft.ghe.com device-flow/token-exchange/model-catalog proof passed

Co-authored-by: Tobias Oort <tobias.oort@ict.nl>
Co-authored-by: Gio Della-Libera <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-08 18:59:41 -07:00
Peter Steinberger
eae3fc1a79 feat(xai): add Grok 4.5 support (#102316)
* feat(xai): add Grok 4.5 support

* chore: leave release notes to release automation
2026-07-09 01:39:03 +01:00
Vincent Koc
aad99747cd fix(onboard): omit empty provider request settings 2026-07-08 17:26:29 -07:00
Gio Della-Libera
7d82e5b658 Doctor: audit lint default selection (#100361)
Summary:
- audit Doctor lint default selection after the full lint-family backfill
- make legacy state, skills readiness, session transcripts, and session snapshots explicit-only for default lint
- document default lint vs --all/--only and keep plugin/SDK public contracts unchanged

Validation:
- Galin review: no blocking findings
- maintainer accepted the default-lint compatibility tradeoff in PR comment
- exact-head hosted gates passed for d5d88a0db1: CI#28976811444 and Workflow Sanity#28976811343
- local broad pnpm check was blocked by a shrinkwrap guard failure that reproduces on origin/main and is unrelated to this five-file Doctor diff

Co-authored-by: Gio Della-Libera <235387111+giodl73-repo@users.noreply.github.com>
2026-07-08 14:34:57 -07:00
Jason (Json)
5b52e2490a fix(gateway): refresh model availability from persisted auth (#102289) 2026-07-08 14:45:09 -06:00
Sally O'Malley
b81666ca6a Fix container image upgrade migrations before gateway readiness (#101881)
* run all 'openclaw upgrade' migrations with container image upgrades

Signed-off-by: sallyom <somalley@redhat.com>

* fix: block gateway startup on plugin repair warnings

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
2026-07-08 14:19:05 -04:00
Gio Della-Libera
aa27ae9d9f policy: preview review-required gateway repairs (#99776)
* policy: preview review-required gateway repairs

* docs(policy): document gateway review previews

* docs(policy): document gateway review previews

* docs(policy): document gateway review previews

* docs(policy): document gateway review previews

---------

Co-authored-by: Gio Della-Libera <giodl@microsoft.com>
2026-07-08 10:44:56 -07:00
Vincent Koc
0d86f64e60 fix(ci): stabilize Go and TUI PTY shards 2026-07-08 10:28:06 -07:00
Dallin Romney
8fa83d2742 refactor(gateway): consolidate client contracts (#101012) 2026-07-08 10:56:31 -06:00
Pavan Kumar Gondhi
534ace4d8a fix: bind package-manager exec approvals to inner commands [AI] (#102035)
* fix: bind package-manager exec approvals to inner commands

* fix: fail closed package manager exec approval gaps

* chore: refresh pr branch metadata

* fix: cover npm exec alias approvals

* fix: fail closed hidden package manager exec aliases

* fix: unwrap chained package manager approvals

* fix: cover yarn package manager approvals

* fix: preserve yarn run approval compatibility

* fix: bind package manager script argv checks

* test: fix package manager script argv type check

* fix: fail closed pnpm shorthand approvals

* fix: preserve pnpm built-in approvals

* fix: preserve pnpm script shortcuts

* fix: preserve npm cwd exec unwrapping

* fix: fail closed cwd and yarn package shorthands
2026-07-08 21:29:02 +05:30
Pavan Kumar Gondhi
64015e71dd fix: harden web fetch HTML conversion [AI] (#102033)
* fix: harden web fetch html conversion

* fix: consume malformed html tag tails

* fix: consume invalid html tag spans

* fix: preserve html scanner edge cases

* fix: preserve title-only html fallback

* fix: harden html scanner malformed tokens

* fix: close html scanner review gaps

* fix: keep malformed html raw text hidden

* fix: keep html scanner comment content hidden

* fix: skip unsupported html attribute values

* fix: skip raw text from opener end

* fix: drop malformed html tag tails

* fix: preserve trailing slash href links

* fix: close html scanner review gaps

* fix: preserve literal less-than text

* fix: bound html render context nesting

* fix: drop bogus html closing tags

* fix: handle abrupt html comments

* fix: remove dead html scanner branches

* fix: close quoted self-closing html tags

* fix: track anchor text incrementally

* fix: ignore quoted raw text markers

* fix: close title contexts through literal markup

* fix: close anchors through nested contexts

* fix: close nested HTML contexts consistently
2026-07-08 18:58:38 +05:30
Pavan Kumar Gondhi
e25fa79c5d fix: gate Gateway message action requester provenance [AI] (#102031)
* fix: gate message action requester provenance

* fix: preserve trusted gateway action context

* fix: preserve message action effective scopes

* chore: refresh gateway protocol swift model

* fix: keep swift message action init additive

* fix: avoid message action wire shape change

* fix: downscope non-owner message action bridge

* fix: keep cli message actions least privileged

* fix: downscope message action runtime scope

* fix: normalize message action bridge provenance
2026-07-08 18:28:25 +05:30
Pavan Kumar Gondhi
3101aa31ca fix: restrict non-owner gateway tool inventory [AI] (#102030)
* fix: restrict non-owner gateway tool inventory

* fix: clarify non-owner gateway tool policy
2026-07-08 18:21:38 +05:30
Peter Steinberger
4bf70be01a feat(secrets): egress-time credential injection with process-local sentinels (#102009)
* feat(secrets): resolve SecretRef model credentials at egress via process-local sentinels

SecretRef-managed model-provider credentials now travel as opaque
oc-sent-v1 sentinels through auth storage, stream options, and SDK
config; the guarded model fetch injects real values into headers and
URLs immediately before the SSRF-guarded send and fails closed on
unknown sentinels. packages/ai adapters converge on the host guarded
fetch where the SDK supports custom fetch and unwrap at construction
where it does not. Resolved values (and their percent-encoded forms)
register for exact-value log redaction. Kill switch:
OPENCLAW_SECRET_SENTINELS=off. Also fixes a pre-existing unhandled
rejection race in capNonOkResponseBodyLazily (pipeThrough writer leak).

* test(plugin-sdk): update public surface budget
2026-07-08 12:56:41 +01:00
Alex Knight
bd4d4c0d31 fix(state): close agent-db and proxy-capture SQLite handles on exit; rebind stale proxy stores after shared-state close (#100827)
* fix(state): close cached SQLite state and agent databases on process exit

* refactor(state): pair SQLite exit-close with cache lifecycle and rebind stale proxy-capture stores

* fix(cli): register debug-proxy finalize before the state DB exit hook

* refactor(state): narrow to agent-db and proxy-capture exit lifecycle after #100691 landed shared-state close

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-08 21:48:18 +10:00
Pavan Kumar Gondhi
58891c85b6 fix: detect joined inline eval flags [AI] (#101353)
* fix: detect joined inline eval flags

* fix: avoid joined eval flag false positives

* fix: detect clustered inline eval flags

* fix: avoid cluster matcher string spread

* fix: cover common eval flag clusters

* fix: cover ruby perl eval clusters

* fix: detect python x inline eval cluster

* fix: detect numeric eval clusters

* fix: cover ruby perl eval clusters
2026-07-08 15:49:54 +05:30
Pavan Kumar Gondhi
5f04dc97e6 Harden jq safe-bin semantics (#102032) 2026-07-08 15:43:37 +05:30