Frank Yang
|
e33d7fcd13
|
fix(telegram): prevent update offset skipping queued updates (#23284)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 92efaf956bf906a176d1e6c5488ddcb02d89b4e1
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
|
2026-02-22 15:50:33 +05:30 |
|
Peter Steinberger
|
bf56196de3
|
fix: tighten feishu dedupe boundary (#23377) (thanks @SidQin-cyber)
|
2026-02-22 11:13:40 +01:00 |
|
Peter Steinberger
|
1b327da6e3
|
fix: harden exec sandbox fallback semantics (#23398) (thanks @bmendonca3)
|
2026-02-22 11:12:01 +01:00 |
|
Peter Steinberger
|
602a1ebd55
|
fix: handle intentional signal daemon shutdown on abort (#23379) (thanks @frankekn)
|
2026-02-22 10:59:34 +01:00 |
|
Vignesh Natarajan
|
99a2f5379e
|
Memory/QMD: normalize Han-script BM25 search queries
|
2026-02-22 01:53:00 -08:00 |
|
Peter Steinberger
|
9f0b6a8c92
|
fix: harden ACP gateway startup sequencing (#23390) (thanks @janckerchen)
|
2026-02-22 10:47:38 +01:00 |
|
Peter Steinberger
|
59807efa31
|
refactor(plugin-sdk): unify channel dedupe primitives
|
2026-02-22 10:46:34 +01:00 |
|
Peter Steinberger
|
9b9cc44a4e
|
fix: finalize modelByChannel validator landing (#23412) (thanks @ProspectOre)
|
2026-02-22 10:41:40 +01:00 |
|
Peter Steinberger
|
dd07c06d00
|
fix: tighten gateway restart loop handling (#23416) (thanks @jeffwnli)
|
2026-02-22 10:38:32 +01:00 |
|
Vignesh Natarajan
|
b4cdffc7a4
|
TUI: make Ctrl+C exit behavior reliably responsive
|
2026-02-22 01:28:55 -08:00 |
|
Peter Steinberger
|
f4dd0577b0
|
fix(security): block hook transform symlink escapes
|
2026-02-22 10:18:05 +01:00 |
|
Peter Steinberger
|
6c2e999776
|
refactor(security): unify secure id paths and guard weak patterns
|
2026-02-22 10:16:19 +01:00 |
|
Peter Steinberger
|
ae8d4a8eec
|
fix(security): harden channel token and id generation
|
2026-02-22 10:16:02 +01:00 |
|
Peter Steinberger
|
de2e5c7b74
|
docs(security): clarify dangerous control-ui bypass policy
|
2026-02-22 10:11:46 +01:00 |
|
Vignesh Natarajan
|
b9e9fbc97c
|
TUI: preserve RTL text order in terminal output
|
2026-02-22 01:10:03 -08:00 |
|
Peter Steinberger
|
2b63592be5
|
fix: harden exec allowlist wrapper resolution
|
2026-02-22 09:52:02 +01:00 |
|
Peter Steinberger
|
8e7d8c3d8e
|
docs(changelog): add shell startup env override fix note
|
2026-02-22 09:50:21 +01:00 |
|
Vignesh Natarajan
|
2a66c8d676
|
Agents/Subagents: honor subagent alsoAllow grants
|
2026-02-22 00:39:27 -08:00 |
|
Peter Steinberger
|
c99e7696e6
|
fix: decouple owner display secret from gateway auth token
|
2026-02-22 09:35:07 +01:00 |
|
Peter Steinberger
|
8887f41d7d
|
refactor(gateway)!: remove legacy v1 device-auth handshake
|
2026-02-22 09:27:03 +01:00 |
|
Vignesh Natarajan
|
6ceadaa41f
|
Agents: add fallback reply for tool-only completions
|
2026-02-22 00:23:31 -08:00 |
|
Peter Steinberger
|
3d03375043
|
fix(gateway): block avatar symlink escapes
|
2026-02-22 08:51:17 +01:00 |
|
Peter Steinberger
|
cd7faea93b
|
docs(changelog): note next npm release for hook auth fix
|
2026-02-22 08:48:13 +01:00 |
|
Vignesh Natarajan
|
6bf5e76be6
|
Agents: drop stale pre-compaction usage snapshots
|
2026-02-21 23:47:15 -08:00 |
|
Peter Steinberger
|
265da4dd2a
|
fix(security): harden gateway command/audit guardrails
|
2026-02-22 08:45:48 +01:00 |
|
Peter Steinberger
|
3284d2eb22
|
fix(security): normalize hook auth rate-limit client keys
|
2026-02-22 08:40:49 +01:00 |
|
Vignesh Natarajan
|
aab20e58d7
|
Sessions: persist prompt-token totals without usage
|
2026-02-21 23:37:42 -08:00 |
|
Peter Steinberger
|
e0db04a50d
|
fix(security): harden avatar validation and size limits
|
2026-02-22 08:35:32 +01:00 |
|
Peter Steinberger
|
049b8b14bc
|
fix(security): flag open-group runtime/fs exposure in audit
|
2026-02-22 08:22:51 +01:00 |
|
Vignesh Natarajan
|
cdfe45eeb8
|
Agents: validate persisted tool-call names
|
2026-02-21 23:06:44 -08:00 |
|
Vignesh Natarajan
|
29a782b9cd
|
Models/Config: default missing Anthropic model api fields
|
2026-02-21 22:50:43 -08:00 |
|
Vignesh Natarajan
|
542fc169d2
|
Plugins/Hooks: avoid duplicate before_agent_start executions
|
2026-02-21 22:31:51 -08:00 |
|
Vignesh Natarajan
|
96c985400d
|
BlueBubbles: accept webhook payloads with missing handles
|
2026-02-21 22:10:30 -08:00 |
|
Pierre
|
4f700e96af
|
Fix Telegram DM last-route metadata leakage (#19491)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 16b025b3aa13c91fe3aab8a0eaac4987dddc574e
Co-authored-by: guirguispierre <22091706+guirguispierre@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
|
2026-02-22 11:29:59 +05:30 |
|
Vignesh Natarajan
|
54e5f80424
|
Browser: accept canonical upload paths for symlinked roots
|
2026-02-21 21:54:57 -08:00 |
|
Vignesh Natarajan
|
98b2b16ac3
|
Security/Exec: persist inner commands for shell-wrapper approvals
|
2026-02-21 21:26:20 -08:00 |
|
miz-cha
|
2f023a4775
|
fix(telegram): disable autoSelectFamily by default on WSL2 (#21916)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 431fd966706e300a378b177b25b00af952eddc8b
Co-authored-by: MizukiMachine <185313792+MizukiMachine@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
|
2026-02-22 10:54:49 +05:30 |
|
Vignesh Natarajan
|
73b4330d4c
|
CLI/Config: keep explicitly unset keys removed
|
2026-02-21 21:08:04 -08:00 |
|
Robin Waslander
|
daf036a4f6
|
fix(slash): persist channel metadata from slash command sessions (#23065)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 29fa20c7d773b2aac62dea912e00e438ce8ba9f6
Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
|
2026-02-22 10:29:06 +05:30 |
|
Vignesh Natarajan
|
6d11b46994
|
Media: preserve PDF MIME classification in file extraction
|
2026-02-21 20:50:25 -08:00 |
|
Ayaan Zaidi
|
63b4c500d9
|
fix: prevent Telegram preview stream cross-edit race (#23202)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 529abf209d56d9f991a7d308f4ecce78ac992e94
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
|
2026-02-22 10:04:33 +05:30 |
|
Vignesh Natarajan
|
413f81b856
|
Memory/QMD: migrate legacy unscoped collections
|
2026-02-21 20:31:12 -08:00 |
|
Vignesh Natarajan
|
961bde27fe
|
Cron: guard missing expr in schedule parsing
|
2026-02-21 20:18:11 -08:00 |
|
Vignesh Natarajan
|
c51c2a2dca
|
Slack: preserve slash options receiver binding
|
2026-02-21 20:01:39 -08:00 |
|
Vignesh Natarajan
|
8920e281cc
|
Plugins: allowlist plugins when enabling from CLI
|
2026-02-21 19:37:26 -08:00 |
|
Vignesh Natarajan
|
483c464b62
|
Gateway: preserve token scopes on scope-less repair approvals
|
2026-02-21 19:37:15 -08:00 |
|
Vignesh Natarajan
|
55d492b4cd
|
Gateway: allow operator admin scope for pairing and approvals
|
2026-02-21 19:37:04 -08:00 |
|
Vignesh Natarajan
|
68cb4fc8a1
|
TUI: render sending and waiting indicators immediately
|
2026-02-21 19:28:42 -08:00 |
|
Vignesh Natarajan
|
68b92e80f7
|
Agents: log lifecycle error text for embedded run failures
|
2026-02-21 19:24:45 -08:00 |
|
Vignesh Natarajan
|
35fe33aa90
|
Agents: classify Anthropic api_error internal server failures for fallback
|
2026-02-21 19:22:16 -08:00 |
|