mirror/nanobot
1
0
Fork 0
mirror of https://github.com/HKUDS/nanobot.git synced 2026-05-20 16:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,247 Commits 31 Branches 16 Tags
Commit Graph

218 Commits

Author SHA1 Message Date
Re-bin
c5191eed1a refactor: unify workspace restriction for file tools, remove redundant checks, fix SECURITY.md 2026-02-06 09:16:20 +00:00
Dontrail Cotlage
6df2905c04
Merge branch 'main' into main 2026-02-05 18:35:19 -05:00
Re-bin
b1d6670ce0 feat: add cron tool for scheduling reminders and tasks 2026-02-05 15:09:51 +00:00
Dontrail Cotlage
bd4c2ca604
Merge branch 'main' into main 2026-02-04 09:59:33 -05:00
Re-bin
9a0f8fcc73 refactor: simplify parameter validation logic 2026-02-04 03:50:39 +00:00
Re-bin
a20d887f9e feat: add parameter validation and safety guard for exec tool 2026-02-04 03:45:26 +00:00
Re-bin
e508f73f54 Merge branch 'main' into pr-30 2026-02-04 03:24:31 +00:00
Dontrail Cotlage
fcb2a6588a
Merge branch 'main' into main 2026-02-03 21:26:41 -05:00
copilot-swe-agent[bot]
56d301de3e Address code review feedback: improve function naming and consolidate patterns 
Co-authored-by: kingassune <6126851+kingassune@users.noreply.github.com>
 2026-02-03 22:12:01 +00:00
copilot-swe-agent[bot]
cbb99c64e5 Add comprehensive security documentation and improve command filtering 
Co-authored-by: kingassune <6126851+kingassune@users.noreply.github.com>
 2026-02-03 22:10:43 +00:00
copilot-swe-agent[bot]
8b4e0a8868 Security audit: Fix critical dependency vulnerabilities and add security controls 
Co-authored-by: kingassune <6126851+kingassune@users.noreply.github.com>
 2026-02-03 22:08:33 +00:00
Re-bin
1a784fca1e refactor: simplify _validate_url function 2026-02-03 17:13:30 +00:00
Kiplangatkorir
00841309c1 Harden exec tool with safety guard 2026-02-02 21:14:29 +03:00
Kiplangat Korir
9b09cb5c63
Update nanobot/agent/tools/base.py 
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
 2026-02-02 20:52:30 +03:00
Kiplangatkorir
7ef18c4e8a Validate tool params and add tests 2026-02-02 20:39:08 +03:00
Cheng Wang
ea849650ef feat: improve web_fetch URL validation and security 
Add URL validation and redirect limits to web_fetch tool to prevent potential security issues:

- Add _validate_url() function to validate URLs before fetching
  - Only allow http:// and https:// schemes (prevent file://, ftp://, etc.)
  - Verify URL has valid scheme and domain
  - Return descriptive error messages for invalid URLs

- Limit HTTP redirects to 5 (down from default 20) to prevent DoS attacks
  - Add MAX_REDIRECTS constant for easy configuration
  - Explicitly configure httpx.AsyncClient with max_redirects parameter

- Improve error handling with JSON error responses for validation failures

This addresses security concerns identified in code review where web_fetch
had no URL validation or redirect limits, potentially allowing:
- Unsafe URL schemes (file://, etc.)
- Redirect-based DoS attacks
- Invalid URL formats causing unclear errors
 2026-02-02 19:34:22 +08:00
Re-bin
051a97fa4e feat: add sub-agent system 2026-02-01 16:28:45 +00:00
Re-bin
d4cc48afd5 🐈nanobot: hello world! 2026-02-01 07:36:42 +00:00