agents-orchestrator/agent-orchestrator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: resolve medium/low audit findings across backend and frontend

Browse source 
- ctx CLI: validate int() limit arg, wrap FTS5 MATCH in try/except
- ctx.rs: FTS5 error message clarity, Mutex::lock() returns Err not panic
- sdk-messages.ts: runtime type guards (str/num) replace bare `as` casts
- agent-runner.ts: strip ANTHROPIC_* env vars alongside CLAUDE*
- agent-dispatcher.ts: timestamps use seconds (match session.rs convention)
- remote.rs: disconnect handler uses lock().await not try_lock()
- session.rs: propagate pane_ids serialization error
- watcher.rs: reject root-level paths instead of silent no-op
- lib.rs: log warnings on profile.toml read failure and resource_dir error
- agent-bridge.ts: validate event payload is object before cast
This commit is contained in:
Hibryda 2026-03-08 20:10:54 +01:00
parent 044f891c3a
commit 3f1638c98b
10 changed files with 97 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

2
v2/sidecar/agent-runner.ts
View file

@ -86,7 +86,7 @@ async function handleQuery(msg: QueryMessage) {
// Strip CLAUDE* env vars to prevent nesting detection by the spawned CLI
const cleanEnv: Record<string, string | undefined> = {};
for (const [key, value] of Object.entries(process.env)) {
if (!key.startsWith('CLAUDE')) {
if (!key.startsWith('CLAUDE') && !key.startsWith('ANTHROPIC_')) {
cleanEnv[key] = value;
}
}