goclaw

tiennm99/goclaw

Fork 0

mirror of https://github.com/tiennm99/goclaw.git synced 2026-06-12 14:12:31 +00:00

Commit Graph

Author	SHA1	Message	Date
viettranx	df684e2582	refactor(security): fix false positives and deduplicate web security hardening - Fix opacity/font-size zero detection false positives (0.5, 0.8 matched as zero) - Extract scanWebToolResult helper to eliminate DRY violation in agent loop - Move hidden element detection to dedicated web_fetch_hidden.go file - Replace map false-entries with comments for hiddenClasses documentation	2026-03-07 19:35:19 +07:00
Nam Nguyen Ngoc	b901a82551	fix(security): harden web fetch/search against prompt injection and cache poisoning (#80 ) - Scan web_fetch/web_search tool results for prompt injection patterns via inputGuard - Strip hidden HTML elements (display:none, aria-hidden, sr-only classes) during conversion - Scope web tool caches per channel to prevent cross-channel cache poisoning - Enforce domain blocklist and allowlist checks on HTTP redirect targets - Add untrusted content reminder to external content wrapper - Log redirect source URL in fetch results for transparency Co-authored-by: Nam Nguyen Ngoc <namnn.0911@gmail.com>	2026-03-07 19:31:56 +07:00
viettranx	7d211fa796	refactor: split 7 large Go files into smaller files per package Pure cut-and-paste of functions/methods into separate files within the same package — no logic changes. Reduces file sizes for readability. - loop.go (1312→856) → loop_types.go, loop_compact.go, loop_media.go, loop_utils.go - delegate.go (687→171) → delegate_sync.go, delegate_async.go, delegate_prep.go - browser.go (605→154) → browser_tabs.go, browser_page.go, browser_remote.go - teams.go (602→170) → teams_crud.go, teams_members.go - web_fetch_convert.go (572→176) → web_fetch_convert_handlers.go, web_fetch_convert_utils.go - resolver.go (543→373) → resolver_helpers.go - sessions.go (536→157) → sessions_tokens.go, sessions_ops.go, sessions_list.go Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 10:47:06 +07:00

Author

SHA1

Message

Date

viettranx

df684e2582

refactor(security): fix false positives and deduplicate web security hardening

- Fix opacity/font-size zero detection false positives (0.5, 0.8 matched as zero)
- Extract scanWebToolResult helper to eliminate DRY violation in agent loop
- Move hidden element detection to dedicated web_fetch_hidden.go file
- Replace map false-entries with comments for hiddenClasses documentation

2026-03-07 19:35:19 +07:00

Nam Nguyen Ngoc

b901a82551

fix(security): harden web fetch/search against prompt injection and cache poisoning (#80 )

- Scan web_fetch/web_search tool results for prompt injection patterns via inputGuard
- Strip hidden HTML elements (display:none, aria-hidden, sr-only classes) during conversion
- Scope web tool caches per channel to prevent cross-channel cache poisoning
- Enforce domain blocklist and allowlist checks on HTTP redirect targets
- Add untrusted content reminder to external content wrapper
- Log redirect source URL in fetch results for transparency

Co-authored-by: Nam Nguyen Ngoc <namnn.0911@gmail.com>

2026-03-07 19:31:56 +07:00

viettranx

7d211fa796

refactor: split 7 large Go files into smaller files per package

Pure cut-and-paste of functions/methods into separate files within the
same package — no logic changes. Reduces file sizes for readability.

- loop.go (1312→856) → loop_types.go, loop_compact.go, loop_media.go, loop_utils.go
- delegate.go (687→171) → delegate_sync.go, delegate_async.go, delegate_prep.go
- browser.go (605→154) → browser_tabs.go, browser_page.go, browser_remote.go
- teams.go (602→170) → teams_crud.go, teams_members.go
- web_fetch_convert.go (572→176) → web_fetch_convert_handlers.go, web_fetch_convert_utils.go
- resolver.go (543→373) → resolver_helpers.go
- sessions.go (536→157) → sessions_tokens.go, sessions_ops.go, sessions_list.go

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-05 10:47:06 +07:00

3 Commits