1f660bf930
Docs: document agent skill allowlists
2026-04-03 14:23:05 -04:00
865fa2ba72
fix: narrow auth permanent lockouts
2026-04-04 02:35:27 +09:00
c4f40c3f7d
Plugins: allow unsafe-force override on update
2026-04-04 01:49:35 +09:00
78c390ea86
docs: align messages config support notes
2026-04-03 10:08:34 -05:00
e2e1197fa9
refactor(gateway): clarify local mode guardrails
2026-04-03 20:02:32 +09:00
2c7eea8f10
fix(gateway): fail closed on missing mode
2026-04-03 19:50:45 +09:00
a6649201b7
docs: clarify default subagent allowlists
2026-04-03 19:45:05 +09:00
d921784718
fix: support default subagent allowlists ( #59944 ) (thanks @hclsys)
2026-04-03 19:43:17 +09:00
a2b53522eb
fix(pairing): allow private lan mobile ws
2026-04-03 14:51:24 +05:30
acd5734aa9
fix(pairing): align mobile setup with secure endpoints
2026-04-03 14:51:24 +05:30
2f013b68f8
docs: add missing changelog entries and update context visibility security docs
2026-04-03 12:39:45 +09:00
35e1605147
feat: add configurable context visibility
2026-04-03 04:34:57 +09:00
d9c662dc69
docs: restructure automation section as Automation & Tasks
2026-04-03 03:16:51 +09:00
4269f40811
docs(security): clarify exec yolo default
2026-04-02 14:52:51 +01:00
326490ab76
docs: cover compaction notifyUser config and provider replay hooks
2026-04-02 10:23:33 +09:00
fd4dbad38c
docs: cover cron --tools allowlist and agents.defaults.params config reference
2026-04-01 22:29:53 +09:00
c42659176a
docs: cover unreleased feature gaps (Telegram errorPolicy, Android notifications, node pairing, Slack approvals, MCP transport, reactions)
2026-04-01 22:20:20 +09:00
8b2d24b62b
docs(security): clarify node pairing trust boundary
2026-04-01 18:27:23 +09:00
4ceb01f9ed
docs(gateway): document node pairing repair flow
2026-04-01 18:02:56 +09:00
4fa11632b4
fix: escalate to model fallback after rate-limit profile rotation cap ( #58707 )
...
* fix: escalate to model fallback after rate-limit profile rotation cap
Per-model rate limits (e.g. Anthropic Sonnet-only quotas) are not
relieved by rotating auth profiles — if all profiles share the same
model quota, cycling between them loops forever without falling back
to the next model in the configured fallbacks chain.
Apply the same rotation-cap pattern introduced for overloaded_error
(#58348 ) to rate_limit errors:
- Add `rateLimitedProfileRotations` to auth.cooldowns config (default: 1)
- After N profile rotations on a rate_limit error, throw FailoverError
to trigger cross-provider model fallback
- Add `resolveRateLimitProfileRotationLimit` helper following the same
pattern as `resolveOverloadProfileRotationLimit`
Fixes #58572
* fix: cap prompt-side rate-limit failover (#58707 ) (thanks @Forgely3D)
* fix: restore latest-main gates for #58707
---------
Co-authored-by: Ember (Forgely3D) <ember@forgely.co>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-04-01 17:54:10 +09:00
95182d51cc
fix: harden bundled plugin runtime deps
2026-04-01 08:55:00 +01:00
f5431bc07e
docs: clarify doctor cron migration guidance
2026-04-01 16:44:10 +09:00
418fa12dfa
fix: make overload failover configurable
2026-03-31 21:34:35 +01:00
5c9408d3ca
docs: update docs for unreleased channel and gateway changes
...
Cover Teams member-info action, Teams/Matrix sender-allowlist
context filtering, macOS MagicDNS discovery preference, and
trusted-proxy mixed token config hardening.
2026-04-01 02:20:44 +09:00
0d7f1e2c84
feat(security): fail closed on dangerous skill installs
2026-03-31 23:27:20 +09:00
44b9936136
feat(plugins): add dangerous unsafe install override
2026-03-31 23:16:11 +09:00
dc0e0b0f68
docs(security): mark shared-secret HTTP auth as designed
2026-03-31 22:58:09 +09:00
cbfeecfab4
fix(gateway): restore shared-secret HTTP tool invoke auth
2026-03-31 22:55:15 +09:00
5474796735
docs(security): clarify acpx yolo mode
2026-03-31 20:54:30 +09:00
0633406ff6
fix(gateway): restore compat HTTP operator auth
2026-03-31 16:49:30 +09:00
788f56f30f
Secrets: hard-fail unsupported SecretRef policy and fix gateway restart token drift ( #58141 )
...
* Secrets: enforce C2 SecretRef policy and drift resolution
* Tests: add gateway auth startup/reload SecretRef runtime coverage
* Docs: sync C2 SecretRef policy and coverage matrix
* Config: hard-fail parent SecretRef policy writes
* Secrets: centralize unsupported SecretRef policy metadata
* Daemon: test service-env precedence for token drift refs
* Config: keep per-ref dry-run resolvability errors
* Docs: clarify config-set parent-object policy checks
* Gateway: fix drift fallback and schema-key filtering
* Gateway: align drift fallback with credential planner
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-03-31 02:37:31 -05:00
5ee054e9db
docs: merge network-model stub into network hub, improve bridge deprecation
...
- network.md: add Core model prose (loopback-first, canvas host, remote access)
from the 22-line network-model.md stub
- network-model.md: add redirect note pointing to /network#core-model
- bridge-protocol.md: replace scattered deprecation notes with prominent
<Warning> callout at the top
2026-03-31 14:37:43 +09:00
b970187379
docs: fix oxfmt formatting in remote.md and THREAT-MODEL-ATLAS.md
2026-03-31 14:36:49 +09:00
ff1ae5df22
docs: add 8 missing doctor checks and --generate-gateway-token flag
2026-03-31 14:34:56 +09:00
1bf8fb26f4
docs: fix config examples -- perSession deprecation and dmScope guidance
...
- Replace perSession: true with scope: "session" (preferred syntax)
- Add dmScope: "per-channel-peer" to expanded example for multi-user safety
2026-03-31 14:34:56 +09:00
4ab7947ec0
docs: merge remote-gateway-readme content into remote.md
2026-03-31 14:34:56 +09:00
637f15375b
docs: fix Gateway & Ops audit findings (7 pages)
...
- cli-backends.md: remove duplicate modelAliases key
- discovery.md: add missing transport=gateway and displayName TXT keys
- authentication.md: retitle to "Authentication (Model Providers)", add
disambiguation Note pointing to gateway connection auth docs
- health.md: expand frontmatter scope, add --probe flag and response shape docs
- gateway-lock.md: remove stale hardcoded date, add Related section
- troubleshooting.md: fix wrong auth cross-link (model auth -> gateway config)
- logging.md: add Related section linking to gateway logging internals
2026-03-31 14:24:19 +09:00
d352bd050a
docs: fix tools-invoke default deny list (was missing 8 of 13 entries)
2026-03-31 14:24:19 +09:00
ab8d999917
docs: fix sandbox scope default (session -> agent per resolveSandboxScope)
2026-03-31 14:24:19 +09:00
81b777c768
fix(config): harden SecretRef round-trip handling in Control UI and RPC writes ( #58044 )
...
* Config: harden SecretRef round-trip handling
* Gateway: test SecretRef preflight on config writes
* Agents: align skill loader with upstream Skill type
* Docs: align SecretRef write semantics with Control UI and RPC behavior
* Config: add UI and gateway regression evidence for SecretRef hardening
* Config: add token SecretRef restore regression and skill sourceInfo compat
* UI: scope structured-value lockout to SecretRef fields
* Agents: remove out-of-scope skill loader compat edits
* UI: reduce app-render churn to rawAvailable-only changes
* Gateway: scope SecretRef preflight to submitted config
* Docs: clarify config write SecretRef preflight scope
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-03-30 23:55:03 -05:00
d4cccda570
fix: add requireAgentId to block sessions_spawn without explicit agen… ( #29380 )
...
* fix: add requireAgentId to block sessions_spawn without explicit agentId (#29368 )
* Config: regenerate base schema for requireAgentId
Signed-off-by: sallyom <somalley@redhat.com>
---------
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: 周鹤0668001310 <zhou.he3@xydigit.com>
Co-authored-by: sallyom <somalley@redhat.com>
2026-03-30 23:06:59 -04:00
c918ab4faf
fix(tts): restore 3.28 schema compatibility and fallback observability ( #57953 )
...
* fix(tts): restore legacy config compatibility and fallback observability
* fix(tts): surface fallback attempts in status and telephony
* test(tts): cover /tts audio to /tts status fallback flow
* docs(tts): align migration and fallback observability guidance
* TTS: redact fallback logs and scope legacy plugin migration
* Infra: dedupe UV_EXTRA_INDEX_URL in host env policy
* Docs: scope doctor TTS migration to voice-call
* voice-call: restore strict known TTS provider validation
2026-03-30 22:05:03 -05:00
ef6250d9a0
docs: refresh channel delivery examples
2026-03-30 22:33:44 -04:00
e682b72154
docs: Batch 1 — create automation hub + add Related sections
...
New page: docs/automation/index.md — single entry point for all automation
mechanisms (heartbeat, cron, tasks, hooks, standing-orders, webhooks) with
a decision flowchart and comparison table.
Add "Related" sections to 5 high-traffic pages that were dead ends:
- gateway/heartbeat.md → links to tasks, cron-vs-heartbeat, timezone, troubleshooting
- concepts/session.md → links to multi-agent, tasks, channel-routing
- concepts/multi-agent.md → links to channel-routing, subagents, ACP, presence, session
- concepts/agent-loop.md → links to tools, hooks, compaction, exec-approvals, thinking
- concepts/timezone.md → links to heartbeat, cron-jobs, date-time
Add automation/index to Mintlify nav as first item in Automation group.
2026-03-30 19:07:18 +09:00
ae0e1ecf5c
docs: add background tasks cross-references across 6 doc pages
...
Link to /automation/tasks from all pages that mention subagent runs,
ACP runs, or detached background work:
- tools/subagents.md: note that each sub-agent run is tracked as a background task
- tools/acp-agents.md: note that ACP session spawns are tracked as background tasks
- cli/index.md: link tasks section to doc page, add tasks audit subcommand
- concepts/queue.md: note that detached lane runs are tracked as background tasks
- gateway/configuration-reference.md: cron section cross-ref to tasks
- help/faq.md: add tasks link to sub-agent offloading FAQ answer
2026-03-30 16:42:47 +09:00
8a916652e8
docs: add Background Tasks page and clean up cross-references
...
New page: docs/automation/tasks.md — comprehensive reference for the task
system covering lifecycle, delivery, notifications, audit, CLI commands,
storage, maintenance, and how tasks relate to cron/heartbeat/sessions.
- Add to Mintlify navigation (docs.json) under Automation group
- Clean up engineer's earlier scattered additions in cron-jobs.md,
cron-vs-heartbeat.md, and heartbeat.md to be concise and link to the
new canonical tasks page
- Replace verbose inline explanations with cross-reference links
2026-03-30 16:26:13 +09:00
e624fdcf0a
docs(tasks): clarify heartbeat, cron, and background runs
2026-03-30 16:19:28 +09:00
1ad88b58d1
feat(matrix): add explicit channels.matrix.proxy config ( #56930 ) ( #56931 )
...
Merged via squash.
Prepared head SHA: facdf94b65
2026-03-30 02:51:33 -04:00
03a03c2dc4
fix(ci): restore skill fixtures and security doc anchors
2026-03-30 11:41:08 +09:00
5e4a64848f
fix(exec): harden async approval followup delivery in webchat-only sessions ( #57359 )
...
* fix(exec): harden approval followup delivery fallback
* refactor(delivery): share best-effort followup routing helpers
* test(subagents): cover webchat-only completion announce delivery
* docs(exec): clarify async followup delivery behavior
* fix(exec): harden delivery downgrade logging
* test(gateway): cover multi-channel best-effort fallback
* fix(exec): preserve webchat origin on session-only followups
* fix(subagents): keep internal announces channel-less
2026-03-29 20:54:13 -05:00
Gustavo Madeira Santana
Peter Steinberger
huntharo
Tak Hoffman
Ayaan Zaidi
Vincent Koc
Forgely3D
Josh Avant
BUGKillerKing
Patrick Yingxi Pan