Skip to content

v0.51.548 — Release TG (extension load diagnostics)

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Jun 04:20
· 48 commits to master since this release
v0.51.548
6c78d1c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release v0.51.548 — Release TG (extension load diagnostics)

Ships #4569 (santastabber) — maintainer-expedited follow-up to the #4561 extension manifest feature.

Added

  • GET /api/extensions/status reports why an extension didn't load (dir missing/invalid, manifest rejected, asset URL rejected for not being same-origin, final asset counts) using stable diagnostic codes + coarse sources only. Never exposes the configured filesystem path, raw env values, or rejected URL strings. Auth-gated, GET-only, observational (no load-behavior change). Thanks @santastabber.

Gate

  • Full pytest suite: 9894 passed, 0 failed (incl. the new 360-line test_extension_status_endpoint.py)
  • Codex: SAFE TO SHIP — empirically attack-tested with a secret extension dir + traversal manifest + https://evil + absolute-path URLs; the JSON payload leaked none of them (only stable codes / coarse sources / the accepted same-origin URL)
  • Opus: SAFE — SHIP — leak-free across every field and error path, auth-gated, GET-only, default-safe, #4561 allowlist + multi-encode traversal defense intact
  • API + docs + test only (no UI surface)

Closes #4561 follow-up.

Contributors

santastabber
Assets 2
Loading