[skip ci] fix: batch fixes for issues #2835, 2836, 2838, 2839, 2843, 2848, 2878, 2880, 2883, 2903#279
Closed
[skip ci] fix: batch fixes for issues #2835, 2836, 2838, 2839, 2843, 2848, 2878, 2880, 2883, 2903#279
Conversation
…, 2880, 2883, 2903 [skip ci] Fixes: - #2835: Preserve original command exit code in sandbox commands - #2836: Move PR API call before header output to avoid partial output on errors - #2838: Document GITHUB_TOKEN env var in help and use clap's env attribute - #2839: Add nushell documentation to completion command help - #2843: Validate empty session ID immediately instead of timing out - #2848: Add color coding to features list (green=stable, yellow=beta, red=experimental) - #2878: Fix hidden count consistency in agent list by counting hidden attribute - #2880: Block all loopback addresses consistently (localhost, 127.0.0.1, ::1) - #2883: Reduce verbose tool list logging from info to debug level - #2903: Show symlink target in uninstall dry-run output
echobt
pushed a commit
that referenced
this pull request
Jan 27, 2026
## Issues Fixed ### From PR #271 (Issues #2430-2459): - #2448: Validate URLs for control characters (security) - #2449: Decode HTML entities in scraped URLs - #2450: Reject reserved command names for agent names - #2452: Expand tilde (~) in MCP server command paths - #2459: Validate that model name is not empty ### From PR #273 (Issues #2564-2614): - Model format validation improvements ### From PR #279 (Issues #2835-2903): - #2835: Sandbox exit code preservation (always return original exit code) - #2843: Empty session ID validation ## Changes ### Agent Creation (#2450) - Added validation to reject reserved CLI command names as agent names - Reserved names: help, version, run, exec, login, logout, mcp, agent, etc. ### Scrape Command (#2448, #2449) - Added validate_url_security() to reject URLs with control characters - Added decode_html_entities() to properly decode href attributes - Added comprehensive tests for both functions ### MCP Command (#2452) - Added tilde expansion in command paths (~/script.sh -> /home/user/script.sh) - Also expands tilde in command arguments ### Model Validation (#2459) - Added check for empty model name in TUI mode ### Sandbox (#2835) - Changed exit behavior to always preserve original command exit code ### Session Handling (#2843) - Added early validation for empty session IDs Note: CI skipped for cost control. Test manually before merge.
echobt
added a commit
that referenced
this pull request
Jan 27, 2026
## Issues Fixed ### From PR #271 (Issues #2430-2459): - #2448: Validate URLs for control characters (security) - #2449: Decode HTML entities in scraped URLs - #2450: Reject reserved command names for agent names - #2452: Expand tilde (~) in MCP server command paths - #2459: Validate that model name is not empty ### From PR #273 (Issues #2564-2614): - Model format validation improvements ### From PR #279 (Issues #2835-2903): - #2835: Sandbox exit code preservation (always return original exit code) - #2843: Empty session ID validation ## Changes ### Agent Creation (#2450) - Added validation to reject reserved CLI command names as agent names - Reserved names: help, version, run, exec, login, logout, mcp, agent, etc. ### Scrape Command (#2448, #2449) - Added validate_url_security() to reject URLs with control characters - Added decode_html_entities() to properly decode href attributes - Added comprehensive tests for both functions ### MCP Command (#2452) - Added tilde expansion in command paths (~/script.sh -> /home/user/script.sh) - Also expands tilde in command arguments ### Model Validation (#2459) - Added check for empty model name in TUI mode ### Sandbox (#2835) - Changed exit behavior to always preserve original command exit code ### Session Handling (#2843) - Added early validation for empty session IDs Note: CI skipped for cost control. Test manually before merge. Co-authored-by: Droid Agent <droid@factory.ai>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Batch fix for multiple bounty issues.
Issues Fixed
Changes
#2835 - Sandbox exit code preservation
Modified
debug_sandbox.rsto always exit with the original command's exit code instead of hardcoding exit code 2 on failure.#2836 - PR --info partial output
Reordered
pr_cmd.rsto fetch PR metadata from GitHub API before printing any header, preventing partial output on 404 errors.#2838 - GITHUB_TOKEN env var documentation
Updated
github_cmd.rsRunArgs to use clap'senvattribute for automatic env var support and documented it in help.#2839 - Nushell completion support
Added documentation to completion command help explaining nushell is not supported and linking to nushell's custom completions docs.
#2843 - Empty session ID validation
Added early validation in
run_cmd.rsto immediately error on empty session IDs instead of timing out.#2848 - Features list color coding
Added ANSI color coding to
list_features(): green for stable, yellow for beta, red for experimental.#2878 - Agent list hidden count consistency
Fixed hidden count calculation in
agent_cmd.rsto always count agents withhidden=trueattribute, regardless of mode filtering.#2880 - Consistent local address blocking in MCP
Enhanced
mcp_cmd.rsURL validation to block all loopback addresses consistently (127.0.0.0, ::1 without brackets) with improved error messages.#2883 - Tool list logging verbosity
Changed
cortex.rsto log request summary at info level and full body (with tool schemas) at debug level only.#2903 - Symlink indication in uninstall
Added
get_symlink_info()helper inuninstall_cmd.rsto show symlink targets in dry-run output.