Merged
Conversation
Destynova2
added a commit
that referenced
this pull request
Apr 11, 2026
* fix(security): résoudre 6 alertes CodeQL/Semgrep cleartext logging Supprime le logging en cleartext de valeurs canary PII dans les assertions de test (pii.rs), annote le faux positif HTTPS dans credential_check.rs, et ajoute nosemgrep sur le token de test assemblé dynamiquement (tests.rs). Résout: 4 alertes HIGH CodeQL (pii.rs L689/L1151/L1172/L1183), 1 alerte HIGH CodeQL (credential_check.rs L70), 1 faux positif Semgrep (tests.rs L58). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(exec): vérifier la santé avant spawn pour éviter le faux-démarrage Re-vérifie is_instance_running avant spawn_background_service pour éviter le faux-démarrage quand le flow credentials interactif prend du temps. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(mcp): ajouter le tool grob_hint + header X-Grob-Hint Ajoute ComplexityHint (trivial/medium/complex), le tool MCP grob_hint (one-shot slot), la résolution multi-source dans dispatch (header → metadata → MCP slot), et l'injection dans tools/list. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: release v0.36.4 (#141) * fix(mcp): gater grob_hint derrière cfg(feature = "mcp") Les types ComplexityHint et le champ grob_hint dans AppState référencent le module MCP qui n'existe pas quand le feature est désactivé. Ajoute les guards #[cfg(feature = "mcp")] manquants dans dispatch/mod.rs et server/mod.rs pour corriger les builds feature powerset. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: release v0.36.5 (#143) * test(dlp,router): ajouter proptests pour robustesse DLP et router Add 13 proptest properties for DLP and router parsers: DLP (7): - sanitize idempotence (sanitize(sanitize(x)) == sanitize(x)) - output length bounded (len <= input + 200) - known secrets never leak through sanitize - DFA scanner never panics on arbitrary UTF-8 - Luhn-valid credit cards detected by PII scanner - Mod97-valid IBANs detected by PII scanner - sanitize preserves valid UTF-8 Router (6): - extract_trailing_literal_byte never panics on arbitrary input - deterministic (same input = same output) - result always lowercase ASCII alphabetic - alternation patterns always return None - classify never panics on arbitrary model names - route never panics on arbitrary user text Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ci): add RUSTSEC-2026-0097 exception and fix gitleaks force-push - deny.toml: ignore RUSTSEC-2026-0097 (rand unsound with custom logger calling rand::rng()). No impact: grob does not define a custom logger accessing ThreadRng. - ci.yml: for PRs, scan gitleaks against origin/<base-ref> instead of github.event.before. Force-pushes invalidate the "before" SHA, causing gitleaks to fail on a broken commit range. Using the base branch ref always resolves to a valid range. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(setup): ajouter support custom endpoint OpenAI/Anthropic-compatible Ajoute deux nouvelles options dans le wizard setup pour configurer des endpoints LLM custom compatibles OpenAI ou Anthropic. Le wizard demande la base_url, valide la connexion via un appel GET /models, et écrit le provider_type + base_url dans le TOML config. Modifications : - src/providers/registry.rs : nouveaux types "openai_compatible" et "anthropic_compatible" dans create_provider - src/commands/credential_check.rs : validate_custom_endpoint() pour valider les clés API contre des endpoints custom - src/commands/setup.rs : screen_custom_endpoints(), CustomEndpoint struct, intégration dans le wizard flow + 9 tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(cache): ajouter cache sémantique SimHash avec distance de Hamming Adds an in-memory SimHash-based semantic cache layer that detects near-duplicate prompts via 64-bit fingerprints and Hamming distance (default threshold ≤ 3 bits). The fuzzy layer is consulted before the exact SHA-256 cache to improve hit rates for rephrased requests. - src/cache/simhash.rs: normalize, compute, hamming_distance, SimHashCache - Integrated into ResponseCache via get_with_simhash / put_with_simhash - 16 new unit tests covering normalization, hashing, distance, and cache ops Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(cache): corriger normalisation SimHash et utiliser moka pour eviction - Supprimer le tri lexicographique des tokens qui detruisait le sens semantique (ex: "translate English to French" = "translate French to English"). L'ordre est desormais preserve. - Hasher chaque token avec sa position (hash_token_at) pour rendre le SimHash sensible a l'ordre des mots. - Remplacer RwLock<HashMap> par moka::sync::Cache avec max_capacity et TTL built-in, alignant le cycle de vie sur le cache exact. - Adapter response_cache.rs pour passer capacity/TTL au constructeur. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(tracing): ajouter rotation par taille et compression zstd des traces Ajoute la rotation automatique des fichiers trace JSONL quand ils dépassent la taille configurée (max_size_mb, défaut 50 MB). Les fichiers rotatifs sont nommés trace.N.jsonl et limités à max_files (défaut 3). L'option compress active la compression zstd des fichiers rotatifs. Nouveaux champs TracingConfig : max_size_mb, max_files, compress. 6 tests unitaires couvrent la rotation, le shift, la suppression des plus anciens, la compression zstd, et le déclenchement via write_trace. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(tracing): utiliser streaming zstd pour compression rotation Remplace `zstd::encode_all` (charge tout en mémoire) par un `zstd::Encoder` en streaming avec `BufReader` + `io::copy`. Élimine le pic mémoire lors de la compression de gros fichiers trace. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: release v0.36.6 (#150) * fix(ci): ajouter RUSTSEC-2026-0097 a audit.toml (#153) cargo-audit echoue sur develop depuis le merge #148 car RUSTSEC-2026-0097 (rand unsound avec custom logger) n'etait ignore que dans deny.toml, pas dans .cargo/audit.toml. Pas d'impact : grob ne definit pas de custom logger utilisant ThreadRng. Co-authored-by: commis-ci-fix <commis-ci-fix@grob.local> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: commis-ci-fix <commis-ci-fix@grob.local> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 New release
grob: 0.36.4 -> 0.36.5Changelog
This PR was generated with release-plz.