Merged
Conversation
Improvement/action upgrade
…dential storage, prompt injection) - Fix reflected XSS in OAuth callback by HTML-escaping error parameter - Add OAuth state parameter validation to prevent CSRF attacks - Add SSRF protection to http_request action (block private IPs, cloud metadata) - Add path traversal protection to read_file/write_file actions (block sensitive dirs) - Set restrictive file permissions (0600) on stored credentials - Make prompt sanitizer actually strip detected injection patterns instead of just logging Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Undo changes for write_file action
Undo changes on read_file
undo changes on prompt_sanitizer
Reset max actions per task to normal rate.
Feature/task limit update
Tasks now track the platform they were started on (Task.source_platform), and do_chat/do_chat_with_attachments resolve the outbound platform from that field via session_id, falling back to the user's Preferred Messaging Platform (read from USER.md, defaulting to "CraftBot Interface"). When a running task receives a new message from a different platform, it switches source_platform so subsequent replies follow the user. Also fixes the USER.md template which was missing the Preferred Messaging Platform placeholder, causing onboarding to silently drop the selected value.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.