Pull Requests by bmendonca3

58 total
← Show all PRs
# Title Author Cluster Created
23413 Skills: gate remote eligibility expansion behind explicit opt-in bmendonca3 Bundled Skills Management 2026-02-22
23410 Gateway: require prefixes for hook request session-key overrides bmendonca3 Gateway and Hooks Enha... 2026-02-22
23403 Discovery: gate non-loopback full mDNS mode bmendonca3 Gateway and TLS Enhanc... 2026-02-22
23400 Onboarding: set sandbox defaults when Docker is available bmendonca3 Sandbox Enhancements a... 2026-02-22
23391 Logging: redact runtime secrets from skill env/apiKey in logs and transcripts bmendonca3 Session Transcript Sec... 2026-02-22
23383 Skills: gate command-dispatch tool targets and args bmendonca3 Tool and Plugin Enhanc... 2026-02-22
23372 Skills: quarantine ClawHub installs until explicitly enabled bmendonca3 Skill Security Enhance... 2026-02-22
23364 Gateway: add risk-ack interlock for dangerous Control UI flags bmendonca3 Security Enhancements ... 2026-02-22
23361 Gateway: reject scope assertions without identity binding bmendonca3 Security Enhancements ... 2026-02-22
23355 Gateway: fail closed on untrusted proxy headers bmendonca3 Security Enhancements ... 2026-02-22
23352 Gateway: enforce origin checks for browser-context WS clients bmendonca3 Security Enhancements ... 2026-02-22
23060 Security/Test: isolate node.invoke approval e2e identity bmendonca3 Security Enhancements ... 2026-02-21
22990 test: fix readonly typing regressions in CI check baseline bmendonca3 TypeScript Test Fixes ... 2026-02-21
22383 Chore: apply oxfmt baseline for CI check bmendonca3 Hooks and UI Fixes 2026-02-21
22381 Security/Gateway: block cross-origin silent auto-pairing in auth mode none bmendonca3 Device Pairing and Gat... 2026-02-21
21532 Security/Voice Call: block signed webhook replay bmendonca3 Security Enhancements ... 2026-02-20
21531 Security/Webhooks: block signed replay for Nextcloud, Google Chat, and LINE bmendonca3 Security Enhancements ... 2026-02-20
21326 Security/UI: harden Control UI gatewayUrl URL overrides bmendonca3 Security Enhancements ... 2026-02-19
21288 Security/Voice: reject malformed Host headers in webhook+WS server bmendonca3 Security Enhancements ... 2026-02-19
21265 Security/Pairing: reject insecure non-loopback ws setup URLs bmendonca3 Device Pairing and Gat... 2026-02-19
21197 Security/Voice Call: enforce exact webhook path matching bmendonca3 Security Enhancements ... 2026-02-19
21128 Security/Voice Call: require trusted proxy IPs for forwarded-header trust bmendonca3 Security Enhancements ... 2026-02-19
21120 Security/Gateway: guard dangerous HTTP /tools/invoke re-enables bmendonca3 Security Enhancements ... 2026-02-19
21119 Security/Browser: fail closed when control server has no auth bmendonca3 Security Enhancements ... 2026-02-19
21103 Android/Security: exclude device identity from backups bmendonca3 Security Enhancements ... 2026-02-19
21102 Android/Security: require TLS for non-loopback gateway sessions bmendonca3 Security Enhancements ... 2026-02-19
21101 Security/Voice Call: gate skipSignatureVerification to local-dev or explicit ... bmendonca3 Security Enhancements ... 2026-02-19
21100 Security/Gateway: require explicit break-glass env for Control UI bypass flags bmendonca3 Security Enhancements ... 2026-02-19