aaronagent b82608a6f5 fix(skills,pairing): path traversal guard in uninstall, lock list_pending, hash file paths ...

- skills_hub: validate that uninstall_skill's install_path resolves
  inside SKILLS_DIR before calling shutil.rmtree, preventing recursive
  deletion of arbitrary directories via poisoned lock.json entries
- skills_hub: include file paths (not just contents) in
  bundle_content_hash so swapping filenames between files changes the
  hash, strengthening update-detection integrity
- pairing: wrap list_pending() in self._lock so _cleanup_expired() file
  writes don't race with concurrent generate_code()/approve_code() calls

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

2026-05-22 19:59:24 -07:00

..

assets

fix: improve telegram topic mode setup

2026-05-04 12:07:17 -07:00

builtin_hooks

remove: BOOT.md built-in hook (#17093)

2026-04-28 09:50:27 -07:00

platforms

refactor(gateway): migrate Discord adapter to bundled plugin (full Teams parity)

2026-05-22 14:21:41 -07:00

__init__.py

docs(gateway): mention Weixin in gateway help and docstrings

2026-05-12 17:08:51 -07:00

channel_directory.py

feat: complete plugin platform parity — all 12 integration points

2026-04-29 21:56:51 -07:00

config.py

refactor(gateway): migrate Discord adapter to bundled plugin (full Teams parity)

2026-05-22 14:21:41 -07:00

delivery.py

fix(gateway): preserve case-sensitive chat IDs in DeliveryTarget.parse

2026-05-01 14:01:26 -07:00

display_config.py

chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)

2026-05-11 11:13:25 -07:00

hooks.py

fix(plugins): register dynamically-loaded modules in sys.modules before exec

2026-04-29 23:34:35 -07:00

memory_monitor.py

Port from cline/cline#10343: periodic gateway memory logging (#27102)

2026-05-16 12:55:23 -07:00

mirror.py

refactor(gateway): drop _append_to_jsonl from mirror

2026-05-20 13:00:57 -07:00

pairing.py

fix(skills,pairing): path traversal guard in uninstall, lock list_pending, hash file paths

2026-05-22 19:59:24 -07:00

platform_registry.py

refactor(plugins): add apply_yaml_config_fn registry hook

2026-05-13 22:20:30 -07:00

restart.py

fix(gateway): address restart review feedback

2026-04-10 21:18:34 -07:00

run.py

refactor(gateway): migrate Discord adapter to bundled plugin (full Teams parity)

2026-05-22 14:21:41 -07:00

runtime_footer.py

feat(gateway): opt-in runtime-metadata footer on final replies (#17026)

2026-04-28 06:50:04 -07:00

session_context.py

fix(gateway): route background-process notifications into Telegram DM topics

2026-05-18 22:03:12 -07:00

session.py

feat(state.db): persist platform_message_id; restore yuanbao exact-id recall

2026-05-20 13:00:57 -07:00

shutdown_forensics.py

chore: ruff auto-fixes — collapsible-else-if, if-stmt-min-max, dict.fromkeys (#23926)

2026-05-11 11:03:29 -07:00

slash_access.py

feat(gateway): per-platform admin/user split for slash commands (salvage of #4443) (#23373)

2026-05-10 12:33:54 -07:00

status.py

fix: gateway PID detection fails on Windows (two issues)

2026-05-13 23:10:57 -07:00

sticker_cache.py

fix: guard yaml.safe_load, flock unlock, TOCTOU races, and atomic writes

2026-05-19 00:12:41 -07:00

stream_consumer.py

fix(telegram): preserve topic metadata on overflow edits

2026-05-18 22:40:03 -07:00

whatsapp_identity.py

fix(whatsapp_identity): pin identifier regex to ASCII, clarify it's defense-in-depth

2026-04-26 20:48:31 -07:00