Peter Steinberger
|
91ea6ad8ec
|
docs(changelog): reorder unreleased fixes by user impact
|
2026-02-24 04:46:19 +00:00 |
|
Peter Steinberger
|
d427d09b5e
|
fix: align reasoning payload typing for #24991 (thanks @stakeswky)
|
2026-02-24 04:34:49 +00:00 |
|
Peter Steinberger
|
8c5cf2d5b2
|
docs(subagents): document default runTimeoutSeconds config (#24594) (thanks @mitchmcalister)
|
2026-02-24 04:22:43 +00:00 |
|
damaozi
|
c6bb7b0c04
|
fix(whatsapp): groupAllowFrom sender filter bypassed when groupPolicy is allowlist (#24670)
(cherry picked from commit af06ebd9a6)
|
2026-02-24 04:20:30 +00:00 |
|
Peter Steinberger
|
ffc22778f3
|
fix(subagents): prune orphaned restored runs + status wording (#24244) (thanks @HeMuling)
|
2026-02-24 04:17:56 +00:00 |
|
Peter Steinberger
|
cd3927ad67
|
fix(sessions): preserve allow-any subagent model overrides (#21088) (thanks @Slats24)
|
2026-02-24 04:16:32 +00:00 |
|
Peter Steinberger
|
1237516ae8
|
fix(chrome-extension): finalize relay endpoint validation flow (#22252) (thanks @krizpoon)
|
2026-02-24 04:16:08 +00:00 |
|
Peter Steinberger
|
004a61056c
|
docs(changelog): note relay nav auto-reattach fix (#19766) (thanks @nishantkabra77)
|
2026-02-24 04:11:13 +00:00 |
|
Peter Steinberger
|
113545f005
|
docs(changelog): note browser control startup import fix (#23974) (thanks @ieaves)
|
2026-02-24 04:06:03 +00:00 |
|
Peter Steinberger
|
aea28e26fb
|
fix(auto-reply): expand standalone stop phrases
|
2026-02-24 04:02:43 +00:00 |
|
Peter Steinberger
|
a388fbb6c3
|
fix: harden custom-provider verification probes (#24743) (thanks @Glucksberg)
|
2026-02-24 03:56:30 +00:00 |
|
Peter Steinberger
|
ebde897bb8
|
fix: add dmScope route guard regression tests (#24949) (thanks @kevinWangSheng)
|
2026-02-24 03:55:29 +00:00 |
|
Peter Steinberger
|
de0e01259a
|
fix: expand openrouter thinking-off regression coverage (#24863) (thanks @DevSecTim)
|
2026-02-24 03:54:29 +00:00 |
|
Peter Steinberger
|
69a541c3f0
|
fix: sanitize pairing recovery requestId hints (#24771) (thanks @markmusson)
|
2026-02-24 03:53:45 +00:00 |
|
Peter Steinberger
|
a216f2dabe
|
fix: extend discord thread parent fallback coverage (#24897) (thanks @z-x-yang)
|
2026-02-24 03:52:43 +00:00 |
|
Peter Steinberger
|
fd24b35449
|
fix: cover startup locale hydration path (#24795) (thanks @chilu18)
|
2026-02-24 03:51:58 +00:00 |
|
Peter Steinberger
|
7a42558a3e
|
fix: harden legacy plugin schema compatibility tests (#24933) (thanks @pandego)
|
2026-02-24 03:50:53 +00:00 |
|
Peter Steinberger
|
dd145f1346
|
fix: suppress sessions_send warning leakage coverage (#24740) (thanks @Glucksberg)
|
2026-02-24 03:49:52 +00:00 |
|
Peter Steinberger
|
9cc7450edf
|
docs(changelog): add missing unreleased fixes and reorder
|
2026-02-24 03:48:49 +00:00 |
|
Peter Steinberger
|
b5881d9ef4
|
fix: avoid WhatsApp silent turns with final-only delivery (#24962) (thanks @SidQin-cyber)
|
2026-02-24 03:47:20 +00:00 |
|
Peter Steinberger
|
3a653082d8
|
fix(config): align whatsapp enabled schema with auto-enable
|
2026-02-24 03:39:41 +00:00 |
|
Peter Steinberger
|
0bdcca2f35
|
test(whatsapp): add log redaction coverage
|
2026-02-24 03:34:31 +00:00 |
|
Peter Steinberger
|
3af9d1f8e9
|
fix: scope Telegram RFC2544 SSRF exception to policy opt-in (#24982) (thanks @stakeswky)
|
2026-02-24 03:28:00 +00:00 |
|
Peter Steinberger
|
7b2b86c60a
|
fix(exec): add approval race changelog and regressions
|
2026-02-24 03:22:05 +00:00 |
|
Peter Steinberger
|
c6c1e3e7cf
|
docs(changelog): correct exec approvals reporter credit
|
2026-02-24 03:13:48 +00:00 |
|
Peter Steinberger
|
ffd63b7a2c
|
fix(security): trust resolved skill-bin paths in allowlist auto-allow
|
2026-02-24 03:12:43 +00:00 |
|
Peter Steinberger
|
a67689a7e3
|
fix: harden allow-always shell multiplexer wrapper handling
|
2026-02-24 03:06:51 +00:00 |
|
Peter Steinberger
|
4a3f8438e5
|
fix(gateway): bind node exec approvals to nodeId
|
2026-02-24 03:05:58 +00:00 |
|
Peter Steinberger
|
c5ac90ab92
|
docs(changelog): add shell-env fallback hardening note
|
2026-02-24 03:04:49 +00:00 |
|
Peter Steinberger
|
d0ef4c75c7
|
docs(changelog): credit safeBins advisory reporters
|
2026-02-24 02:59:17 +00:00 |
|
Peter Steinberger
|
90383e00e9
|
fix(security): harden autoAllowSkills exec matching
|
2026-02-24 02:53:47 +00:00 |
|
Peter Steinberger
|
e578521ef4
|
fix(security): harden session export image data-url handling
|
2026-02-24 02:53:39 +00:00 |
|
Peter Steinberger
|
ff4e6ca0d9
|
fix(ios): gate agent deep links with local confirmation
|
2026-02-24 02:51:58 +00:00 |
|
Peter Steinberger
|
f8524ec77a
|
fix(security): harden exported session html rendering
|
2026-02-24 02:40:29 +00:00 |
|
Peter Steinberger
|
1d28da55a5
|
fix(voice-call): block Twilio webhook replay and stale transitions
|
2026-02-24 02:37:24 +00:00 |
|
Peter Steinberger
|
3f923e8313
|
test: add env -S allowlist bypass regressions
|
2026-02-24 02:28:00 +00:00 |
|
Peter Steinberger
|
6634030be3
|
fix: enforce apply_patch workspaceOnly in sandbox mounts
|
2026-02-24 02:23:56 +00:00 |
|
Peter Steinberger
|
dd9d9c1c60
|
fix(security): enforce workspaceOnly for sandbox image tool
|
2026-02-24 02:17:55 +00:00 |
|
Gustavo Madeira Santana
|
5239b55c0a
|
Config: expand Kilo catalog and persist selected Kilo models (#24921)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f5a7e1a385
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
|
2026-02-23 21:17:37 -05:00 |
|
Peter Steinberger
|
08e2aa44e7
|
fix(commands): restrict commands.allowFrom to sender principals
|
2026-02-24 02:01:01 +00:00 |
|
Peter Steinberger
|
223d7dc23d
|
feat(gateway)!: require explicit non-loopback control-ui origins
|
2026-02-24 01:57:11 +00:00 |
|
Peter Steinberger
|
edfefdff7d
|
docs(changelog): mark ACP hardening as next npm release
|
2026-02-24 01:56:22 +00:00 |
|
Peter Steinberger
|
a1c4bf07c6
|
fix(security): harden exec wrapper allowlist execution parity
|
2026-02-24 01:52:17 +00:00 |
|
Peter Steinberger
|
5eb72ab769
|
fix(security): harden browser SSRF defaults and migrate legacy key
|
2026-02-24 01:52:01 +00:00 |
|
Peter Steinberger
|
1f81677093
|
docs(changelog): note dangerous name-matching audit unification
|
2026-02-24 01:33:08 +00:00 |
|
Peter Steinberger
|
2e36bdda85
|
docs(changelog): credit ACP security reporter
|
2026-02-24 01:19:03 +00:00 |
|
Peter Steinberger
|
f97c0922e1
|
fix(security): harden account-key handling against prototype pollution
|
2026-02-24 01:09:31 +00:00 |
|
Peter Steinberger
|
12cc754332
|
fix(acp): harden permission auto-approval policy
|
2026-02-24 01:03:30 +00:00 |
|
Vincent Koc
|
30c622554f
|
Providers: disable developer role for DashScope-compatible endpoints (#24675)
* Agents: disable developer role for DashScope-compatible endpoints
* Agents: test DashScope developer-role compatibility
* Gateway: test allowlisted sessions.patch model selection
* Changelog: add DashScope role-compat fix note
|
2026-02-23 19:51:16 -05:00 |
|
Peter Steinberger
|
f0c3c8b6a3
|
fix(config): redact dynamic catchall secret keys
|
2026-02-24 00:21:29 +00:00 |
|