agents-orchestrator/agent-orchestrator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
314 commits 3 branches 0 tags 54 MiB
Commit graph

5 commits

Author SHA1 Message Date
Hibryda
0324f813e2 fix(security): resolve critical audit findings in marketplace and frontend 
CRITICAL fixes:
- marketplace.rs: Replace fake SHA-256 (SipHash) with real sha2 crate
- marketplace.rs: Reject empty checksums (refuse unsigned plugins)
- marketplace.rs: Add install path traversal protection (reject ../|/|\)
- marketplace.rs: Add HTTPS-only URL validation on download_url
- marketplace.rs: Add curl --proto =https to block file:/gopher: SSRF
- marketplace.rs: Add --max-filesize 50MB download cap
- marketplace.rs: Add --no-same-owner --no-same-permissions to tar extraction
- marketplace.rs: Post-extraction path validation (canonicalize check)

Frontend fixes:
- pro-bridge.ts: Rename Symbol→CodeSymbol (avoid global collision)
- pro-bridge.ts: Tighten trust type to union 'human'|'agent'|'auto'
- PluginMarketplace.svelte: URL sanitization (reject non-https hrefs)

Remaining audit fixes (HIGH/MEDIUM/LOW) being applied by background
agents — will be committed separately when complete.
 2026-03-17 03:50:10 +01:00
Hibryda
5300c09157 feat(pro): add plugin marketplace with catalog, install, and update support 
Marketplace backend (agor-pro/src/marketplace.rs): fetch catalog from
GitHub, download+verify+extract plugins, install/uninstall/update with
SHA-256 checksum verification and path traversal protection. 6 Tauri
plugin commands.

PluginMarketplace.svelte: Browse/Installed tabs, search, plugin cards
with permission badges, one-click install/uninstall/update.

Plugin catalog repo: agents-orchestrator/agor-plugins (3 seed plugins).
Plugin scaffolding: scripts/plugin-init.sh.
7 marketplace vitest tests, 3 Rust tests.
 2026-03-17 02:20:10 +01:00
Hibryda
03fe2e2237 feat(pro): add analytics, export, and multi-account commercial features 
3 new agor-pro modules: analytics.rs (usage dashboard queries),
export.rs (session/project Markdown report generation),
profiles.rs (multi-account switching via accounts.json).
9 Tauri plugin commands. Frontend IPC bridge (pro-bridge.ts).
168 cargo tests, 14 commercial vitest tests.
 2026-03-17 01:52:46 +01:00
Hibryda
a63e6711ac refactor!: rebrand bterminal to agor (agents-orchestrator) 
Rename Cargo crates (bterminal-core→agor-core, bterminal-relay→agor-relay),
env vars (BTERMINAL_*→AGOR_*), config paths (~/.config/agor), CSS custom
properties, plugin API object, package names, and all documentation.

BREAKING CHANGE: config/data paths changed from bterminal to agor.
 2026-03-17 01:12:25 +01:00
DexterFromLab
3672e92b7e feat: Agent Orchestrator — multi-project agent dashboard 
Tauri + Svelte 5 + Rust application for orchestrating multiple AI coding agents.
Includes Claude, Aider, Codex, and Ollama provider support, multi-agent
communication (btmsg/bttask), session anchors, plugin sandbox, FTS5 search,
Landlock sandboxing, and 507 vitest + 110 cargo tests.
 2026-03-15 15:45:27 +01:00