harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/src
History
fettpl e6ad48df48 fix(security): stop leaking serde parse details in gateway error responses 
Replace the dynamic error message in the webhook JSON parsing error
path with a static message. Previously, the raw JsonRejection error
from axum/serde was interpolated into the HTTP response, potentially
exposing internal parsing details to unauthenticated callers.

The detailed error is now logged server-side via tracing::warn for
debugging, while the client receives a generic "Invalid JSON body"
message.

Closes #356

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 17:27:07 +01:00
..
agent fix(composio): align v3 execute path and honor configured entity_id (#322) 2026-02-16 23:40:37 +08:00
channels Merge pull request #331 from stakeswky/feat/lark-channel 2026-02-17 00:08:05 +08:00
config feat(cost): add budget tracking core and harden storage reliability (#292) 2026-02-16 23:40:47 +08:00
cost feat(cost): add budget tracking core and harden storage reliability (#292) 2026-02-16 23:40:47 +08:00
cron feat: unify scheduled tasks from #337 and #338 with security-first integration 2026-02-16 23:38:29 +08:00
daemon fix(ci): mitigate GitHub API rate-limit failures (#334) 2026-02-16 08:05:52 -05:00
doctor test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
gateway fix(security): stop leaking serde parse details in gateway error responses 2026-02-16 17:27:07 +01:00
hardware fix(channels): execute tool calls in channel runtime (#302) 2026-02-16 05:07:01 -05:00
health test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
heartbeat test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
integrations test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
memory test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
observability feat: add verbose logging and complete observability (#251) 2026-02-16 05:59:07 -05:00
onboard feat(cost): add budget tracking core and harden storage reliability (#292) 2026-02-16 23:40:47 +08:00
providers fix(providers): correct Fireworks AI base URL to include /v1 path (#346) 2026-02-16 23:53:34 +08:00
runtime test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
security test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
service refactor: consolidate CLI command definitions to lib.rs 2026-02-15 06:52:33 -05:00
skillforge fix(providers): use Bearer auth for Gemini CLI OAuth tokens 2026-02-15 14:32:33 -05:00
skills fix(skills): prevent path traversal in skill remove command 2026-02-15 08:15:41 -05:00
tools fix(main): remove duplicate ModelCommands enum definition 2026-02-16 17:00:10 +01:00
tunnel test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
identity.rs fix(providers): use Bearer auth for Gemini CLI OAuth tokens 2026-02-15 14:32:33 -05:00
lib.rs feat(cost): add budget tracking core and harden storage reliability (#292) 2026-02-16 23:40:47 +08:00
main.rs fix(main): remove duplicate ModelCommands enum definition 2026-02-16 17:00:10 +01:00
migration.rs refactor: consolidate CLI command definitions to lib.rs 2026-02-15 06:52:33 -05:00
util.rs fix(channels): check response status in send() for Telegram, Slack, and Discord 2026-02-15 09:48:58 -05:00