6 Commits

Author	SHA1	Message	Date
wenjie	8c2a9332c6	fix(security): harden unauthenticated tool-exec paths (#1360) ... * fix(security): harden unauthenticated tool-exec paths (GHSA-pv8c-p6jf-3fpp) - Exec tool: channel-based access control (default deny remote) - Cron tool: command scheduling restricted to internal channels - Web fetch: SSRF defense-in-depth (pre-flight + dial-time + redirect checks) - File permissions: session/state dirs 0700, files 0600 - Registry: inject __channel/__chat_id into tool args (replaces racy SetContext) 28 new security regression tests. (cherry picked from commit 191446ae19021604d3d5b0d9376b9655ab749105) * fix(exec): revalidate working_dir before command start * test(web): allow local oversized payload fixture --------- Co-authored-by: xj <gh-xj@users.noreply.github.com>	2026-03-11 19:22:20 +08:00
Mauro	b26337501c	fix: error check on state (#864)	2026-03-02 11:59:26 +11:00
Petrichor	222d1a3086	refactor(modernize): apply safe modernize fixes	2026-02-27 16:35:07 +08:00
Artem Yadelskyi	9e120f90ea	feat(fmt): Run formatters	2026-02-18 21:48:23 +02:00
yinwm	b36c87bd60	chore: Clean up Ralph agent tracking files ... Remove .ralph/ directory files from git tracking. These are no longer needed as the tool-result-refactor is complete. Also removes root-level prd.json and progress.txt. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 23:51:52 +08:00
yinwm	b94941da4a	feat: US-009 - Add state save atomicity with SetLastChannel ... - Create pkg/state package with State and Manager structs - Implement SetLastChannel with atomic save using temp file + rename - Implement SetLastChatID with same atomic save pattern - Add GetLastChannel, GetLastChatID, and GetTimestamp getters - Use sync.RWMutex for thread-safe concurrent access - Add comprehensive tests for atomic save, concurrent access, and persistence - Cleanup temp file if rename fails Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 19:46:10 +08:00