gramps/jarvisChat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
46 Commits 1 Branch 2 Tags
5986c4ad8691d2ac955073b6d9cfd0ee2154fc5c
Commit Graph

9 Commits

Author SHA1 Message Date
gramps
5986c4ad86 fix: close two CSRF origin-check security gaps 
- Extend origin check to all /api/ requests (not just state-changing methods),
  closing the GET/HEAD/OPTIONS bypass that allowed cross-origin reads
- origin_allowed() now returns False when both Origin and Referer headers
  are absent, preventing script-initiated requests from bypassing the check
- Update AGENTS.md and README.md to document the changes
 2026-06-27 15:20:02 -07:00
gramps
cc1efa7a21 fix: resolve all critical runtime errors and bugs from audit 
- Add COMPLETIONS_API_KEY to config.py (env var + auto-generated fallback)
- Fix perplexity auto-search: upstream sends logprobs=true, parse_llama_stream_chunk
  extracts per-token logprobs, all_logprobs populated during streaming
- Fix all /api/models endpoints to target LLAMA_SERVER_BASE (port 8081) not OLLAMA_BASE
- Fix RAG embedding endpoint URL from port 11434 (Ollama) to 8081 (llama-server)
- Correct misleading error messages: 'inference server' not 'Ollama'
- Remove raw_results leak from SSE event stream in /api/search
- Fix weather query extractor: pattern-match instead of unconditional suffix append
- Escape FTS5 operator keywords (AND/OR/NOT/NEAR) in memory search
- Move auth.py BODY_LIMIT_DEFAULT_BYTES imports to module level
- Change RAG injection log level from warning to info
- Fix all 8 test files after modular refactor (rewire imports from correct modules)
- Update AGENTS.md and README.md to reflect v1.8.0 changes
 2026-06-27 15:12:18 -07:00
gramps
4d1541412b feat(skills): add phase-1 skill registry and toggles (v1.7.4) 2026-04-28 08:44:22 -07:00
gramps
250fec1f06 test(streaming): cover chat/search/memory paths (v1.7.3) 2026-04-28 08:31:01 -07:00
gramps
12188f3ad2 feat(errors): incident-key safe error envelopes (v1.7.2) 2026-04-27 16:56:17 -07:00
gramps
9589141521 feat(settings): allowlist /api/settings keys (v1.7.1) 2026-04-27 16:48:19 -07:00
gramps
76e4461b38 feat(security): add LAN IP allowlist and ingress guardrails 2026-04-27 16:43:21 -07:00
gramps
28aa40c42a release: v1.6.1 link sanitization and backlog updates 2026-04-27 16:25:35 -07:00
gramps
81319f83d4 feat(auth): add guest/admin PIN security model and hardening 2026-04-27 10:09:53 -07:00