Skip to content

Staging#205

Merged
ahmad-ajmal merged 53 commits intomainfrom
staging
Apr 17, 2026
Merged

Staging#205
ahmad-ajmal merged 53 commits intomainfrom
staging

Conversation

@ahmad-ajmal
Copy link
Copy Markdown
Collaborator

@ahmad-ajmal ahmad-ajmal commented Apr 17, 2026

No description provided.

zfoong and others added 30 commits April 13, 2026 13:15
@zfoong
bug:heartbeat to avoid websocket closing issue
2d5dd9c
@zfoong
bug:fix provider VLM issue
d8a4fe4
@zfoong
Invoke skill with command
23abdcf
@zfoong
improvement:update trigger priority (simple > complex task)
cf511d6
@zfoong
improvement:CWD included in environment prompt
786cfc4
@korivi-CraftOS
Delete craftbot.log
aa4fae2
@korivi-CraftOS
Delete craftbot.pid
a572d74
@korivi-CraftOS
Delete craftbot.log
eee6371
@korivi-CraftOS
Delete craftbot.pid
e74ec36
@zfoong
Update anthrophic default model to 4.5
b9efe54
@zfoong
improve generate image action
f5e791c
@zfoong
improvement:improve pretty json output and grep_files action
75c3458
@zfoong
add list_skills and use_skill actions, improved web_fetch action
4d4d3fe
@zfoong
Merge pull request #194 from CraftOS-dev/improvement/action-upgrade
767fc1f 
Improvement/action upgrade
@zfoong
bug:reinforce wait for user reply message end with question
1989eb6
@zfoong
Merge branch 'V1.2.3' of https://github.com/craftos-dev/craftbot into…
d28902a 
… V1.2.3
@zfoong
feature:token limit handling with interface update
4fea2d6
@zfoong @AlanAAG
bug:heartbeat to avoid websocket closing issue
f340074
@zfoong @AlanAAG
bug:fix provider VLM issue
4d9be5d
@zfoong @AlanAAG
Invoke skill with command
782386a
@zfoong @AlanAAG
improvement:update trigger priority (simple > complex task)
40b0e27
@zfoong @AlanAAG
improvement:CWD included in environment prompt
ad37eaa
@zfoong @AlanAAG
Update anthrophic default model to 4.5
bd7505a
@zfoong @AlanAAG
improve generate image action
7d6b015
@zfoong @AlanAAG
bug:reinforce wait for user reply message end with question
ab66ff2
@zfoong @AlanAAG
improvement:improve pretty json output and grep_files action
e026efe
@zfoong @AlanAAG
add list_skills and use_skill actions, improved web_fetch action
6439fc0
@korivi-CraftOS @AlanAAG
Fixed the service. Uninstall it now. Clean the Task Scheduler and sta…
13da052 
…rtup task.
@eesb99 @claude @AlanAAG
security: fix 6 vulnerabilities (XSS, CSRF, SSRF, path traversal, cre…
36d9b6b 
…dential storage, prompt injection)

- Fix reflected XSS in OAuth callback by HTML-escaping error parameter
- Add OAuth state parameter validation to prevent CSRF attacks
- Add SSRF protection to http_request action (block private IPs, cloud metadata)
- Add path traversal protection to read_file/write_file actions (block sensitive dirs)
- Set restrictive file permissions (0600) on stored credentials
- Make prompt sanitizer actually strip detected injection patterns instead of just logging

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@zfoong @AlanAAG
Update write_file.py
59e8b83 
Undo changes for write_file action
zfoong and others added 23 commits April 15, 2026 18:57
@zfoong @AlanAAG
Update read_file.py
cb06185 
Undo changes on read_file
@zfoong @AlanAAG
Update prompt_sanitizer.py
624f3df 
undo changes on prompt_sanitizer
@zfoong @AlanAAG
improvement:onboarding process update
9d62935
@zfoong @AlanAAG
Further UX improvement
8b4c5b4
@AlanAAG
fix: anchor workspace root to absolute path to prevent CWD-relative
5ca80b8 
state resolution
@zfoong
feature:improve design, UX, and fixed bug
d222492
@zfoong
Update types.py
c40141d 
Reset max actions per task to normal rate.
@zfoong
Merge pull request #199 from CraftOS-dev/feature/task-limit-update
af2b972 
Feature/task limit update
@zfoong
Merge branch 'V1.2.3' of https://github.com/craftos-dev/craftbot into…
1b3be6a 
… V1.2.3
@zfoong
feature:added agent avatar feature
478b9c1
@zfoong
Fix openAI API issue
7ebfde6
@zfoong
Fixed OpenAI VLM issue
aab9c0c
@ahmad-ajmal
fix hard onboarding back method
ae6e82e
@zfoong
model switching no taking effect, issue 193
153e9fb
@zfoong
Merge branch 'V1.2.3' of https://github.com/craftos-dev/craftbot into…
a10fa86 
… V1.2.3
@zfoong
Fix llm fail fail to recover issue
1a87f4e
@ahmad-ajmal
Merge branch 'main' into staging
807f8f8
@ahmad-ajmal
Merge branch 'staging' into dev
e9bc877
@ahmad-ajmal
Merge branch 'dev' into V1.2.3
9d888c3
@ahmad-ajmal
Copy if no USER.md during onboarding
92cd1d8
@ahmad-ajmal
feat: route task outbound messages to the originating platform
a43ae5f 
Tasks now track the platform they were started on (Task.source_platform),
and do_chat/do_chat_with_attachments resolve the outbound platform from
that field via session_id, falling back to the user's Preferred Messaging
Platform (read from USER.md, defaulting to "CraftBot Interface"). When a
running task receives a new message from a different platform, it switches
source_platform so subsequent replies follow the user. Also fixes the
USER.md template which was missing the Preferred Messaging Platform
placeholder, causing onboarding to silently drop the selected value.
@ahmad-ajmal
Merge pull request #203 from CraftOS-dev/V1.2.3
53fa35c 
V1.2.3
@ahmad-ajmal
Merge pull request #204 from CraftOS-dev/dev
748c44f 
Dev
@ahmad-ajmal ahmad-ajmal merged commit 3d987b3 into main Apr 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ahmad-ajmal @zfoong @korivi-CraftOS @eesb99 @AlanAAG