Tags: thucpru/goclaw
Tags
fix: use errors.Is() for sentinel comparisons + remove unused @xyflow… …/react (nextlevelbuilder#727) Replace direct sentinel error comparisons (==, !=) with errors.Is() across the codebase. Direct comparison breaks when errors are wrapped with fmt.Errorf("...: %w", err), which can cause missed matches for sql.ErrNoRows, io.EOF, context.DeadlineExceeded, and context.Canceled. Affected packages: - store/pg: sql.ErrNoRows in secure_cli, agents_export_team_*, mcp_export_queries - store/sqlitestore: sql.ErrNoRows in schema migration - tools: context.DeadlineExceeded in shell, credentialed_exec - mcp: context.DeadlineExceeded in bridge_tool - providers: context.Canceled in acp_provider, anthropic_stream_test - updater: io.EOF in tar extraction Also removes unused @xyflow/react dependency from web UI — it was replaced by react-force-graph-2d but never cleaned up from package.json. Co-authored-by: Luvu182 <208665161+Luvu182@users.noreply.github.com>
fix(security): harden exec path exemption matching (nextlevelbuilder#721 ) - Add absolute path exemption for dataDir/skills-store/ (fixes skill scripts using absolute paths like /app/data/skills-store/ being denied) - Strip surrounding quotes before prefix matching (LLMs often quote paths) - Reject path traversal ("..") in exempt fields to prevent escape - Switch from "any field exempt → skip" to per-field matching: only exempt if ALL fields that match the deny pattern are individually exempt - Closes pipe/comment bypass vectors where an exempt path in one argument would exempt the entire command including non-exempt paths Includes 27 test cases covering: legitimate access, quoted paths, path traversal, unicode bypass, pipe/comment bypass, mixed args.
fix: deterministic prompt ordering for LLM cache hit (nextlevelbuilde… …r#719) Sort all non-deterministic map iterations that affect system prompt and tool definitions sent to LLM APIs. Go map iteration order is random, causing prompt prefix to change every turn — breaking Anthropic/OpenAI prompt caching (cache by exact prefix match). Fixed 5 sources of non-deterministic ordering: - Registry.List(): sort canonical tool names - Registry.ProviderDefs(): sort tools + aliases before building defs - PolicyEngine.FilterTools(): sort alias iteration (single Aliases() call) - buildMCPToolsInlineSection(): sort MCP tool names in system prompt - GetAgentContextFiles/GetUserContextFiles: ORDER BY file_name (PG+SQLite) Based on PR nextlevelbuilder#718 by @therichardngai-code with additional fixes: - Context files from DB now deterministic (ORDER BY file_name) - FilterTools() calls registry.Aliases() once instead of 3 times
fix: deterministic prompt ordering for LLM cache hit (nextlevelbuilde… …r#719) Sort all non-deterministic map iterations that affect system prompt and tool definitions sent to LLM APIs. Go map iteration order is random, causing prompt prefix to change every turn — breaking Anthropic/OpenAI prompt caching (cache by exact prefix match). Fixed 5 sources of non-deterministic ordering: - Registry.List(): sort canonical tool names - Registry.ProviderDefs(): sort tools + aliases before building defs - PolicyEngine.FilterTools(): sort alias iteration (single Aliases() call) - buildMCPToolsInlineSection(): sort MCP tool names in system prompt - GetAgentContextFiles/GetUserContextFiles: ORDER BY file_name (PG+SQLite) Based on PR nextlevelbuilder#718 by @therichardngai-code with additional fixes: - Context files from DB now deterministic (ORDER BY file_name) - FilterTools() calls registry.Aliases() once instead of 3 times
fix(security): harden exec path exemption matching (nextlevelbuilder#721 ) - Add absolute path exemption for dataDir/skills-store/ (fixes skill scripts using absolute paths like /app/data/skills-store/ being denied) - Strip surrounding quotes before prefix matching (LLMs often quote paths) - Reject path traversal ("..") in exempt fields to prevent escape - Switch from "any field exempt → skip" to per-field matching: only exempt if ALL fields that match the deny pattern are individually exempt - Closes pipe/comment bypass vectors where an exempt path in one argument would exempt the entire command including non-exempt paths Includes 27 test cases covering: legitimate access, quoted paths, path traversal, unicode bypass, pipe/comment bypass, mixed args.
fix: deterministic prompt ordering for LLM cache hit (nextlevelbuilde… …r#719) Sort all non-deterministic map iterations that affect system prompt and tool definitions sent to LLM APIs. Go map iteration order is random, causing prompt prefix to change every turn — breaking Anthropic/OpenAI prompt caching (cache by exact prefix match). Fixed 5 sources of non-deterministic ordering: - Registry.List(): sort canonical tool names - Registry.ProviderDefs(): sort tools + aliases before building defs - PolicyEngine.FilterTools(): sort alias iteration (single Aliases() call) - buildMCPToolsInlineSection(): sort MCP tool names in system prompt - GetAgentContextFiles/GetUserContextFiles: ORDER BY file_name (PG+SQLite) Based on PR nextlevelbuilder#718 by @therichardngai-code with additional fixes: - Context files from DB now deterministic (ORDER BY file_name) - FilterTools() calls registry.Aliases() once instead of 3 times
feat(providers): add OpenRouter identification headers (nextlevelbuil… …der#705) * fix(ci): skip CI condition in semantic-release for main branch go-semantic-release auto-detects the default branch from GitHub API (which is dev), but releases are cut from main. The CI condition rejects runs on non-default branches. Use --no-ci to bypass this check since the workflow already gates on push to main. * docs: document CI/CD pipelines, release flow, and v2.66.0 changelog - CLAUDE.md: add CI/CD & Releases section with workflow table, tag patterns, Docker variants, beta/desktop release commands - CONTRIBUTING.md: expand Releases section with standard (auto), beta (manual tag), and desktop release workflows - docs/17-changelog.md: add v2.66.0 entry covering IDOR fix, BytePlus provider, per-agent grants, beta pipeline, and CI fixes * fix(telegram): handle group-to-supergroup migration seamlessly When a Telegram group upgrades to a supergroup, the chat ID changes and all existing references become stale. This caused send failures (400), orphaned sessions, and required manual re-pairing. Add dual-path migration handling: - Proactive: intercept inbound MigrateToChatID before isServiceMessage - Reactive: detect 400 + MigrateToChatID on send, migrate DB, retry DB migration updates in a single transaction (scoped by tenant + channel): - paired_devices: sender_id, chat_id - sessions: session_key, user_id - channel_contacts: sender_id - channel_pending_messages: history_key Also invalidates in-memory caches (approvedGroups, pairingReplySent, groupHistory) and handles media sends via migration retry in Send(). * feat(providers): add OpenRouter identification headers (nextlevelbuilder#704) Add HTTP-Referer and X-Title headers to OpenRouter API requests for rankings and analytics visibility on openrouter.ai. --------- Co-authored-by: viettranx <viettranx@gmail.com>
fix(telegram): handle group-to-supergroup migration (nextlevelbuilder… …#698) * fix(ci): skip CI condition in semantic-release for main branch go-semantic-release auto-detects the default branch from GitHub API (which is dev), but releases are cut from main. The CI condition rejects runs on non-default branches. Use --no-ci to bypass this check since the workflow already gates on push to main. * docs: document CI/CD pipelines, release flow, and v2.66.0 changelog - CLAUDE.md: add CI/CD & Releases section with workflow table, tag patterns, Docker variants, beta/desktop release commands - CONTRIBUTING.md: expand Releases section with standard (auto), beta (manual tag), and desktop release workflows - docs/17-changelog.md: add v2.66.0 entry covering IDOR fix, BytePlus provider, per-agent grants, beta pipeline, and CI fixes * fix(telegram): handle group-to-supergroup migration seamlessly When a Telegram group upgrades to a supergroup, the chat ID changes and all existing references become stale. This caused send failures (400), orphaned sessions, and required manual re-pairing. Add dual-path migration handling: - Proactive: intercept inbound MigrateToChatID before isServiceMessage - Reactive: detect 400 + MigrateToChatID on send, migrate DB, retry DB migration updates in a single transaction (scoped by tenant + channel): - paired_devices: sender_id, chat_id - sessions: session_key, user_id - channel_contacts: sender_id - channel_pending_messages: history_key Also invalidates in-memory caches (approvedGroups, pairingReplySent, groupHistory) and handles media sends via migration retry in Send().
fix(ci): skip CI condition in semantic-release for main branch go-semantic-release auto-detects the default branch from GitHub API (which is dev), but releases are cut from main. The CI condition rejects runs on non-default branches. Use --no-ci to bypass this check since the workflow already gates on push to main.
fix(telegram): handle group-to-supergroup migration (nextlevelbuilder… …#698) * fix(ci): skip CI condition in semantic-release for main branch go-semantic-release auto-detects the default branch from GitHub API (which is dev), but releases are cut from main. The CI condition rejects runs on non-default branches. Use --no-ci to bypass this check since the workflow already gates on push to main. * docs: document CI/CD pipelines, release flow, and v2.66.0 changelog - CLAUDE.md: add CI/CD & Releases section with workflow table, tag patterns, Docker variants, beta/desktop release commands - CONTRIBUTING.md: expand Releases section with standard (auto), beta (manual tag), and desktop release workflows - docs/17-changelog.md: add v2.66.0 entry covering IDOR fix, BytePlus provider, per-agent grants, beta pipeline, and CI fixes * fix(telegram): handle group-to-supergroup migration seamlessly When a Telegram group upgrades to a supergroup, the chat ID changes and all existing references become stale. This caused send failures (400), orphaned sessions, and required manual re-pairing. Add dual-path migration handling: - Proactive: intercept inbound MigrateToChatID before isServiceMessage - Reactive: detect 400 + MigrateToChatID on send, migrate DB, retry DB migration updates in a single transaction (scoped by tenant + channel): - paired_devices: sender_id, chat_id - sessions: session_key, user_id - channel_contacts: sender_id - channel_pending_messages: history_key Also invalidates in-memory caches (approvedGroups, pairingReplySent, groupHistory) and handles media sends via migration retry in Send().
PreviousNext