8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
9af3ec92a5
fix(gateway): add HSTS header hardening and docs
2026-02-23 19:47:29 +00:00
78e7f41d28
docs: detail per-agent prompt caching configuration
2026-02-23 18:46:40 +00:00
a4c373935f
fix(agents): fall back to agents.defaults.model when agent has no model config ( #24210 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0f272b1027
2026-02-23 03:18:55 -05:00
e0d4194869
docs: add missing summary/read_when metadata
2026-02-22 20:45:09 +01:00
e58054b85c
docs(telegram): align Node22 network defaults and setup guidance
2026-02-22 17:54:16 +01:00
85e5ed3f78
refactor(channels): centralize runtime group policy handling
2026-02-22 12:35:41 +01:00
817905f3a0
docs: document thread-bound subagent sessions and remove plan
2026-02-21 19:59:55 +01:00
2c14b0cf4c
refactor(config): unify streaming config across channels
2026-02-21 19:53:42 +01:00
f48698a50b
fix(security): harden sandbox browser network defaults
2026-02-21 14:02:53 +01:00
8c1518f0f3
fix(sandbox): use one-time noVNC observer tokens
2026-02-21 13:56:58 +01:00
621d8e1312
fix(sandbox): require noVNC observer password auth
2026-02-21 13:44:24 +01:00
be7f825006
refactor(gateway): harden proxy client ip resolution
2026-02-21 13:36:23 +01:00
f265d45840
fix(tts): make model provider overrides opt-in
2026-02-21 13:16:07 +01:00
356d61aacf
fix(gateway): scope tailscale tokenless auth to websocket
2026-02-21 13:03:13 +01:00
ede496fa1a
docs: clarify trusted-host assumption for tokenless tailscale
2026-02-21 12:52:49 +01:00
677384c519
refactor: simplify Telegram preview streaming to single boolean ( #22012 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: a4017d3b94
2026-02-21 15:19:13 +05:30
f555835b09
Channels: add thread-aware model overrides
2026-02-20 19:26:25 -06:00
4ab946eebf
Discord VC: voice channels, transcription, and TTS ( #18774 )
2026-02-20 16:06:07 -06:00
c45f3c5b00
fix(gateway): harden canvas auth with session capabilities
2026-02-19 15:51:22 +01:00
1316e57403
fix: enforce inbound attachment root policy across pipelines
2026-02-19 14:15:51 +01:00
49d0def6d1
fix(security): harden imessage remote scp/ssh handling
2026-02-19 11:08:23 +01:00
c5698caca3
Security: default gateway auth bootstrap and explicit mode none ( #20686 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: be1b73182c
2026-02-19 02:35:50 -05:00
d1c00dbb7c
fix: harden include confinement edge cases ( #18652 ) (thanks @aether-ai-agent)
2026-02-18 03:27:16 +01:00
4c569ce246
docs(tokens): document image dimension token tradeoffs
2026-02-18 00:56:57 +01:00
19a8f8bbf6
test(cron): add model fallback regression coverage
2026-02-17 10:40:25 -05:00
5d1bcc76cc
docs(zai): document tool_stream defaults
2026-02-17 09:22:55 -05:00
076df941a3
feat: add configurable tool loop detection
2026-02-17 00:17:01 +01:00
72e228e14b
Heartbeat: allow suppressing tool warnings ( #18497 )
...
* Heartbeat: allow suppressing tool warnings
* Changelog: note heartbeat tool-warning suppression
2026-02-16 13:29:24 -06:00
8a67016646
Agents: raise bootstrap total cap and warn on /context truncation ( #18229 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f6620526df
2026-02-16 12:04:53 -05:00
bc67af6ad8
cron: separate webhook POST delivery from announce ( #17901 )
...
* cron: split webhook delivery from announce mode
* cron: validate webhook delivery target
* cron: remove legacy webhook fallback config
* fix: finalize cron webhook delivery prep (#17901 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-16 02:36:00 -08:00
c6c53437f7
fix(security): scope session tools and webhook secret fallback
2026-02-16 03:47:10 +01:00
115cfb4430
gateway: add cron finished-run webhook ( #14535 )
...
* gateway: add cron finished webhook delivery
* config: allow cron webhook in runtime schema
* cron: require notify flag for webhook posts
* ui/docs: add cron notify toggle and webhook docs
* fix: harden cron webhook auth and fill notify coverage (#14535 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-15 16:14:17 -08:00
b6069fc68c
feat: support per-channel ackReaction config ( #17092 ) (thanks @zerone0x)
2026-02-15 11:30:25 -06:00
9203a2fdb1
Discord: CV2! ( #16364 )
2026-02-15 10:24:53 -06:00
a69e82765f
fix(telegram): stream replies in-place without duplicate final sends
2026-02-15 20:32:51 +05:30
f9bb748a6c
fix(memory): prevent QMD scope deny bypass
2026-02-15 02:41:45 +00:00
5b23999404
docs: document bootstrap total cap and exec log/notify behavior
2026-02-14 18:36:35 -05:00
9abf86f7e0
docs(changelog): document Slack/Discord dmPolicy aliases
2026-02-14 21:04:27 +01:00
53af46ffb8
docs: note WhatsApp per-account dmPolicy override
2026-02-14 19:52:39 +01:00
cb9a5e1cb9
feat(sandbox): separate bind mounts for browser containers ( #16230 )
...
* feat(sandbox): add separate browser.binds config for browser containers
Allow configuring bind mounts independently for browser containers via
sandbox.browser.binds. When set, browser containers use browser-specific
binds instead of inheriting docker.binds. Falls back to docker.binds
when browser.binds is not configured for backwards compatibility.
Closes #14614
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(sandbox): honor empty browser binds override (#16230 ) (thanks @seheepeak)
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 15:27:41 +01:00
644bef157a
docs: clarify hook transform module path constraints
2026-02-14 15:03:27 +01:00
6a386a7886
docs(security): clarify canvas host exposure and auth
2026-02-14 14:57:19 +01:00
a0361b8ba9
fix(security): restrict hook transform module loading
2026-02-14 13:46:09 +01:00
fba19fe942
docs: link trusted-proxy auth from gateway docs ( #16172 )
2026-02-14 12:44:25 +01:00
30b6eccae5
feat(gateway): add auth rate-limiting & brute-force protection ( #15035 )
...
* feat(gateway): add auth rate-limiting & brute-force protection
Add a per-IP sliding-window rate limiter to Gateway authentication
endpoints (HTTP, WebSocket upgrade, and WS message-level auth).
When gateway.auth.rateLimit is configured, failed auth attempts are
tracked per client IP. Once the threshold is exceeded within the
sliding window, further attempts are blocked with HTTP 429 + Retry-After
until the lockout period expires. Loopback addresses are exempt by
default so local CLI sessions are never locked out.
The limiter is only created when explicitly configured (undefined
otherwise), keeping the feature fully opt-in and backward-compatible.
* fix(gateway): isolate auth rate-limit scopes and normalize 429 responses
---------
Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 15:32:38 +01:00
Peter Steinberger
Peter Steinberger
Gustavo Madeira Santana
边黎安
Ayaan Zaidi
Shadow
Gustavo Madeira Santana
Sebastian
Advait Paliwal
Shadow
Ayaan Zaidi
seheepeak
Harald Buerbaumer