14 Commits

Author	SHA1	Message	Date
Peter Steinberger	3c71e2bd48	refactor(core): extract shared dedup helpers	2026-03-07 10:41:05 +00:00
Peter Steinberger	9617ac9dd5	refactor: dedupe agent and reply runtimes	2026-03-02 19:57:33 +00:00
Peter Steinberger	ed21b63bb8	refactor(plugin-sdk): share auth, routing, and stream/account helpers	2026-03-02 15:21:19 +00:00
Peter Steinberger	7fcec6ca3e	refactor(streaming): share approval and stream message builders	2026-03-02 05:20:19 +00:00
Peter Steinberger	da0ba1b73a	fix(security): harden channel auth path checks and exec approval routing	2026-02-26 12:46:05 +01:00
Peter Steinberger	6f0dd61795	fix(exec): restore two-phase approval registration flow	2026-02-24 03:16:36 +00:00
Peter Steinberger	a1c4bf07c6	fix(security): harden exec wrapper allowlist execution parity	2026-02-24 01:52:17 +00:00
Vincent Koc	0e28e50b45	fix(security): detect obfuscated commands that bypass allowlist filters (#24287) ... * security(exec): add obfuscated command detector * test(exec): cover obfuscation detector patterns * security(exec): enforce obfuscation approval on gateway host * security(exec): enforce obfuscation approval on node host * test(exec): prevent obfuscation timeout bypass * chore(changelog): credit obfuscation security fix	2026-02-23 02:50:06 -05:00
Peter Steinberger	8af19ddc5b	refactor: extract shared dedupe helpers for runtime paths	2026-02-23 05:43:43 +00:00
Peter Steinberger	47c3f742b6	fix(exec): require explicit safe-bin profiles	2026-02-22 12:58:55 +01:00
Vignesh Natarajan	98b2b16ac3	Security/Exec: persist inner commands for shell-wrapper approvals	2026-02-21 21:26:20 -08:00
Peter Steinberger	f23da067f6	fix(security): harden heredoc allowlist parsing	2026-02-21 14:27:51 +01:00
Peter Steinberger	2581b67cdb	refactor: share exec approval request helper	2026-02-19 14:27:37 +00:00
Peter Steinberger	fec48a5006	refactor(exec): split host flows and harden safe-bin trust	2026-02-19 14:22:01 +01:00