Peter Steinberger
|
dc825e59f5
|
refactor: unify system.run approval cwd revalidation
|
2026-03-02 23:46:54 +00:00 |
|
Peter Steinberger
|
500d7cb107
|
fix: revalidate approval cwd before system.run execution
|
2026-03-02 23:42:10 +00:00 |
|
Peter Steinberger
|
9617ac9dd5
|
refactor: dedupe agent and reply runtimes
|
2026-03-02 19:57:33 +00:00 |
|
Peter Steinberger
|
dded569626
|
fix(security): preserve system.run wrapper approval semantics
|
2026-03-02 17:20:52 +00:00 |
|
Peter Steinberger
|
155118751f
|
refactor!: remove versioned system-run approval contract
|
2026-03-02 01:12:53 +00:00 |
|
Peter Steinberger
|
d82c042b09
|
refactor(node-host): split system.run plan and allowlist internals
|
2026-02-26 22:01:01 +01:00 |
|
Peter Steinberger
|
78a7ff2d50
|
fix(security): harden node exec approvals against symlink rebind
|
2026-02-26 21:47:45 +01:00 |
|
Peter Steinberger
|
f789f880c9
|
fix(security): harden approval-bound node exec cwd handling
|
2026-02-26 04:14:11 +01:00 |
|
Peter Steinberger
|
3c95f89662
|
refactor(exec): split system.run phases and align ts/swift validator contracts
|
2026-02-25 00:35:06 +00:00 |
|
Peter Steinberger
|
55cf92578d
|
fix(security): harden system.run companion command binding
|
2026-02-25 00:02:03 +00:00 |
|
Peter Steinberger
|
4355e08262
|
refactor: harden safe-bin trusted dir diagnostics
|
2026-02-24 23:29:44 +00:00 |
|
Peter Steinberger
|
ffd63b7a2c
|
fix(security): trust resolved skill-bin paths in allowlist auto-allow
|
2026-02-24 03:12:43 +00:00 |
|
Peter Steinberger
|
0026255def
|
refactor(security): harden system.run wrapper enforcement
|
2026-02-24 02:17:41 +00:00 |
|
Peter Steinberger
|
a1c4bf07c6
|
fix(security): harden exec wrapper allowlist execution parity
|
2026-02-24 01:52:17 +00:00 |
|
Peter Steinberger
|
3f0b9dbb36
|
fix(security): block shell-wrapper line-continuation allowlist bypass
|
2026-02-22 22:36:29 +01:00 |
|
Peter Steinberger
|
e4d67137db
|
fix(node): default mac headless system.run to local host
Co-authored-by: aethnova <262512133+aethnova@users.noreply.github.com>
|
2026-02-22 22:24:28 +01:00 |
|
Peter Steinberger
|
bbdfba5694
|
fix: harden connect auth flow and exec policy diagnostics
|
2026-02-22 20:22:00 +01:00 |
|
Peter Steinberger
|
0c1f491a02
|
fix(gateway): clarify pairing and node auth guidance
|
2026-02-22 19:50:29 +01:00 |
|
Peter Steinberger
|
0d0f4c6992
|
refactor(exec): centralize safe-bin policy checks
|
2026-02-22 13:18:25 +01:00 |
|
Peter Steinberger
|
47c3f742b6
|
fix(exec): require explicit safe-bin profiles
|
2026-02-22 12:58:55 +01:00 |
|
Peter Steinberger
|
e80c803fa8
|
fix(security): block shell env allowlist bypass in system.run
|
2026-02-22 12:47:05 +01:00 |
|
Peter Steinberger
|
b25fd03b8c
|
refactor(node-host): share invoke type definitions
|
2026-02-22 07:44:57 +00:00 |
|
Vignesh Natarajan
|
98b2b16ac3
|
Security/Exec: persist inner commands for shell-wrapper approvals
|
2026-02-21 21:26:20 -08:00 |
|
Peter Steinberger
|
6007941f04
|
fix(security): harden and refactor system.run command resolution
|
2026-02-21 11:49:38 +01:00 |
|