torbjorn/my-pal-mcp-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,118 Commits 1 Branch 0 Tags
df46708af991c57ffbf833c39a8acea68ecdef30
Commit Graph

1118 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
谢栋梁
df46708af9 Merge remote-tracking branch 'upstream/main' into fix/path-traversal-security 2025-12-07 00:07:59 +08:00
谢栋梁
91ffb51564 fix: use Path.is_relative_to() for cross-platform dangerous path detection 
Replace string prefix matching with Path.is_relative_to() to correctly
handle Windows paths like "C:\" where trailing backslash caused double
separator issues (e.g., "C:\\" instead of "C:\").

Changes:
- Use Path.is_relative_to() for subdirectory detection (requires Python 3.9+)
- Add Windows path handling tests using PureWindowsPath
- Update test_utils.py to expect /etc/passwd to be blocked (security fix)
 2025-12-05 13:53:39 +08:00
github-actions[bot]
5c3dd75ca6 chore: sync version to config.py [skip ci] 2025-12-05 04:56:17 +00:00
Fahad
74f26e82e7 docs: cleanup 2025-12-05 08:55:34 +04:00
Fahad
2b221746fe docs: cleanup 2025-12-04 18:19:53 +04:00
Fahad
591287cb2f docs: update subheading 2025-12-04 18:18:31 +04:00
github-actions[bot]
605633b2a2 chore: sync version to config.py [skip ci] 2025-12-04 14:16:06 +00:00
semantic-release
809b0974a7 chore(release): 9.4.2 
Automatically generated by python-semantic-release
 2025-12-04 14:16:01 +00:00
Fahad
b2dc84992d fix: rebranding, see [docs/name-change.md](docs/name-change.md) for details 2025-12-04 18:15:14 +04:00
谢栋梁
9ed15f405a fix: path traversal vulnerability - use prefix matching in is_dangerous_path() 
The is_dangerous_path() function only did exact string matching,
allowing attackers to bypass protection by accessing subdirectories:
- /etc was blocked but /etc/passwd was allowed
- C:\Windows was blocked but C:\Windows\System32\... was allowed

This minimal fix changes is_dangerous_path() to use PREFIX MATCHING:
- Now blocks dangerous directories AND all their subdirectories
- Paths like /etcbackup are still allowed (not under /etc)
- No changes to DANGEROUS_PATHS list

Security:
- Fixes CWE-22: Path Traversal vulnerability
- Reported by: Team off-course (K-Shield.Jr 15th)

Fixes #312
Fixes #293
 2025-12-03 15:29:57 +08:00
github-actions[bot]
bcfaccecd4 chore: sync version to config.py [skip ci] 2025-11-21 05:32:25 +00:00
semantic-release
dc55237789 chore(release): 9.4.1 
Automatically generated by python-semantic-release
 2025-11-21 05:32:20 +00:00
Fahad
aceddb655f fix: regression https://github.com/BeehiveInnovations/zen-mcp-server/issues/338 
refactor: added regression test
 2025-11-21 09:31:34 +04:00
github-actions[bot]
c4461a466f chore: sync version to config.py [skip ci] 2025-11-18 16:51:37 +00:00
semantic-release
165900db53 chore(release): 9.4.0 
Automatically generated by python-semantic-release
 2025-11-18 16:51:32 +00:00
Fahad
19a2a89b12 fix: failing test for gemini 3.0 pro open router 2025-11-18 20:50:42 +04:00
Fahad
bbfdfac511 feat: Gemini 3.0 Pro Preview for Open Router 2025-11-18 20:44:22 +04:00
Fahad
1579d9f806 refactor: enable search on codex CLI 2025-11-18 20:40:02 +04:00
Fahad
52c4563733 doc: updated docs 2025-11-18 20:38:35 +04:00
github-actions[bot]
d3de61f878 chore: sync version to config.py [skip ci] 2025-11-18 16:33:04 +00:00
semantic-release
7be3e8d9b9 chore(release): 9.3.1 
Automatically generated by python-semantic-release
 2025-11-18 16:32:58 +00:00
Fahad
fe50927f3d Merge remote-tracking branch 'origin/main' 2025-11-18 20:32:10 +04:00
Fahad
18464a8b54 fix: gemini 3.0 pro does not currently support medium thinking level, updated to use high 2025-11-18 20:32:05 +04:00
github-actions[bot]
d256098340 chore: sync version to config.py [skip ci] 2025-11-18 16:29:23 +00:00
semantic-release
24060c7e11 chore(release): 9.3.0 
Automatically generated by python-semantic-release
 2025-11-18 16:29:17 +00:00
Fahad
fbe2005055 Merge remote-tracking branch 'origin/main' 2025-11-18 20:28:33 +04:00
Fahad
25fd72fbd3 feat: gemini 3.0 pro preview added (as default gemini pro model) 
refactor: code cleanup
 2025-11-18 20:28:27 +04:00
github-actions[bot]
3748d47fab chore: sync version to config.py [skip ci] 2025-11-18 07:34:10 +00:00
semantic-release
db574af8fb chore(release): 9.2.2 
Automatically generated by python-semantic-release
 2025-11-18 07:34:05 +00:00
Beehive Innovations
433a67defd Merge pull request #315 from DragonFSKY/fix/clink-package-data 
fix(build): include clink resources in package
 2025-11-18 11:33:20 +04:00
github-actions[bot]
749bc73079 chore: sync version to config.py [skip ci] 2025-11-18 07:06:29 +00:00
semantic-release
143add8006 chore(release): 9.2.1 
Automatically generated by python-semantic-release
 2025-11-18 07:06:24 +00:00
Beehive Innovations
0e4d4dfe7d Merge pull request #316 from DragonFSKY/fix/provider-cleanup-bug 
fix(server): iterate provider instances during shutdown
 2025-11-18 11:05:40 +04:00
github-actions[bot]
84f6c4fb24 chore: sync version to config.py [skip ci] 2025-11-18 06:50:22 +00:00
semantic-release
6609ea751a chore(release): 9.2.0 
Automatically generated by python-semantic-release
 2025-11-18 06:50:17 +00:00
Beehive Innovations
ba63892ae2 Merge pull request #331 from BjornMelin/feat/openai-gpt-5.1-support 
feat: add OpenAI GPT-5.1 family support
 2025-11-18 10:49:30 +04:00
github-actions[bot]
7a1de6477a chore: sync version to config.py [skip ci] 2025-11-18 06:38:23 +00:00
semantic-release
7437aa43e2 chore(release): 9.1.4 
Automatically generated by python-semantic-release
 2025-11-18 06:38:19 +00:00
Fahad
2ec64ba748 fix: replaced deprecated Codex web search configuration 2025-11-18 10:37:31 +04:00
Bjorn Melin
698d391b26 docs: streamline advanced usage guide by reorganizing table of contents for improved navigation 2025-11-14 01:59:43 -07:00
Bjorn Melin
f713d8a354 feat: enhance model support by adding GPT-5.1 to .gitignore and updating cassette maintenance documentation for dual-model testing 2025-11-14 01:40:49 -07:00
Bjorn Melin
8e9aa2304d feat: add new GPT-5.1 models to configuration files and update model selection logic in OpenAI provider 2025-11-14 01:35:11 -07:00
Bjorn Melin
dbbfef292c docs: update .env.example to include new GPT-5.1 model options and clarify existing model descriptions 2025-11-14 01:09:59 -07:00
Bjorn Melin
807c9df70e docs: update advanced usage and configuration to include new GPT-5.1 models and enhance tool parameters 2025-11-14 01:09:40 -07:00
谢栋梁
d40fc83d75 fix(server): iterate provider instances during shutdown 
Problem: cleanup_providers() loops over dict.items(), so the loop
variable is a (ProviderType, ModelProvider) tuple and close() never runs.

Impact: Providers like DIAL keep httpx clients open, leaking sockets and
emitting unclosed-client warnings on shutdown.

Solution: Iterate registry._initialized_providers.values() so we close
real provider instances and release network resources.
 2025-11-03 21:21:11 +08:00
谢栋梁
e9ac1ce335 fix(build): include clink resources in package 
Problem: pyproject excludes conf/cli_clients and clink prompts from the
wheel, so ClinkRegistry raises RegistryLoadError after pip install.

Impact: Clink integrations are entirely broken for packaged installs.

Solution: Add conf/cli_clients/*.json and systemprompts/clink/*.txt to
setuptools package-data so wheels ship required assets.

Fixes: pip install . will now include all clink configuration files
 2025-11-03 20:27:06 +08:00
github-actions[bot]
4d3d177d91 chore: sync version to config.py [skip ci] 2025-10-22 16:35:23 +00:00
semantic-release
b02332c67e chore(release): 9.1.3 
Automatically generated by python-semantic-release
 2025-10-22 16:35:17 +00:00
Fahad
2a8dff0cc8 fix: telemetry option no longer available in gemini 0.11 
fix: fixed tests
 2025-10-22 17:53:10 +04:00
Fahad
236e0c1478 Merge remote-tracking branch 'origin/main' 2025-10-22 16:54:27 +04:00