Pull Requests by bmendonca3

58 total
← Show all PRs
# Title Author Cluster Created
23814 Gateway: block unauthenticated tool-invocation HTTP surfaces bmendonca3 Security Enhancements ... 2026-02-22
23811 Config: fail closed when exec host=sandbox but sandbox mode is off bmendonca3 Sandbox Enhancements a... 2026-02-22
23805 Sandbox: default browser network to none and fail bridge without source range bmendonca3 Sandbox Path Managemen... 2026-02-22
23802 Skills: add trusted publisher allowlist policy bmendonca3 Skill Security Enhance... 2026-02-22
23795 Skills: enforce managed skills.lock integrity with allowUnlocked escape hatch bmendonca3 Skill Security Enhance... 2026-02-22
23785 Skills: add signature verification and quarantine invalid signatures bmendonca3 Skill Security Enhance... 2026-02-22
23783 Tools: add strict allowlist mode and fail closed on unknown entries bmendonca3 Tool and Plugin Enhanc... 2026-02-22
23780 Gateway: fail closed on insecure state directory permissions bmendonca3 Security Enhancements ... 2026-02-22
23768 Skills: pin and verify workspace skill content hashes bmendonca3 Skill Security Enhance... 2026-02-22
23765 Gateway hooks: enforce JSON content type and strict payload keys bmendonca3 Gateway and Hooks Enha... 2026-02-22
23763 Hooks: require session key prefixes for request override bmendonca3 Gateway and Hooks Enha... 2026-02-22
23758 Skills: gate deterministic dispatch with allowTools bmendonca3 Tool and Plugin Enhanc... 2026-02-22
23754 Skills: enforce capability manifest requirements bmendonca3 Tool and Plugin Enhanc... 2026-02-22
23752 Auto-reply: enforce per-session TTL elevated exec grants bmendonca3 Elevated Default Confi... 2026-02-22
23743 Auto-reply: enforce tools.allow/tools.deny on deterministic skill tool dispatch bmendonca3 Tool and Plugin Enhanc... 2026-02-22
23742 Gateway: add optional mTLS client-cert enforcement for non-loopback TLS bmendonca3 Security Enhancements ... 2026-02-22
23735 Gateway: add first-class wss validation and remote TLS guidance bmendonca3 Security Enhancements ... 2026-02-22
23719 Gateway: fail closed startup on insecure state/config permissions bmendonca3 Security Enhancements ... 2026-02-22
23714 Gateway: add websocket ingress limits for DoS hardening bmendonca3 Security Enhancements ... 2026-02-22
23486 Tools/FS: default host-mode filesystem access to workspace-only bmendonca3 Sandbox File System Fixes 2026-02-22
23473 Hooks/Plugins: enforce discovery root containment bmendonca3 Plugin Management Enha... 2026-02-22
23465 Gateway: strengthen Control UI security headers bmendonca3 Security Enhancements ... 2026-02-22
23463 Cron: require authenticated webhook delivery bmendonca3 Cron Job Stability Fixes 2026-02-22
23461 Gateway: add hook replay protection with timestamp and nonce bmendonca3 Security Enhancements ... 2026-02-22
23447 Gateway: harden hook ingress content-type validation bmendonca3 Gateway and Hooks Enha... 2026-02-22
23444 Gateway: move auth token storage to state dotenv by default bmendonca3 Gateway Token Management 2026-02-22
23432 Doctor: prevent permissive secret file modes during --fix bmendonca3 Security Enhancements ... 2026-02-22
23425 Gateway: require trusted-proxy allowlist unless allowAll is explicit bmendonca3 Security Enhancements ... 2026-02-22
23420 Gateway: tighten WS connect schema bounds and validation bmendonca3 WebSocket and Chat His... 2026-02-22
23418 Pairing: add persistent sender and IP backoff controls bmendonca3 Messaging Platform Imp... 2026-02-22