MrSphay/odysseus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b1a4ed13b0658d6c5aa07ea56895019dddb4e7e5
odysseus/src
History
Alexandre Teixeira b1a4ed13b0 Harden API-token chat endpoint selection 
Validate only token-supplied direct base_url values for API-token chat requests, while keeping admin-configured endpoints available for local/LAN providers.

Scope configured endpoint fallback selection to the API token owner, fail closed for unknown token owners, and preserve strict session ownership checks when resuming sessions from chat-scoped API tokens.

Add focused regression coverage for direct base_url SSRF rejection, configured endpoint fallback behavior, token-owner scoping, URL validation, and null-owner session/endpoint handling.
2026-06-03 13:05:13 +01:00
..
search
fix(search): apply recency UTC fix to live ranking module
2026-06-03 12:49:32 +01:00
action_intents.py
Anchor shell-verb intent patterns to imperative or can-you position (#1664)
2026-06-03 14:23:10 +09:00
agent_loop.py
fix(agent): stop sending tool schemas to native Ollama endpoints (#1765)
2026-06-03 13:23:42 +09:00
agent_runs.py
Handle incomplete detached agent streams
2026-06-01 16:54:11 +09:00
agent_tools.py
fix: agent_tools._truncate crashes on non-string input (#1624)
2026-06-03 14:06:39 +09:00
ai_interaction.py
Fix RAG remove_directory wiping the entire shared collection (#1660) (#1734)
2026-06-03 13:29:51 +09:00
api_key_manager.py
fix: APIKeyManager.load crashes app startup on a corrupt/wrong-shape api_keys.json (#1565)
2026-06-03 08:11:37 +09:00
app_helpers.py
fix: inside_base_dir raises TypeError on a non-string path instead of failing closed (#1619)
2026-06-03 09:00:04 +09:00
app_initializer.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
assistant_log.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
auth_helpers.py
fix: require_privilege 500s on a non-dict privileges blob from auth.json (#1693)
2026-06-03 13:37:54 +09:00
bg_jobs.py
Ignore invalid background job store rows (#1261)
2026-06-03 14:07:14 +09:00
bg_monitor.py
Ignore non-string background stream deltas (#1549)
2026-06-03 14:11:45 +09:00
builtin_actions.py
fix: signature learning never skips support@/info@/admin@ senders (#1773)
2026-06-03 13:22:52 +09:00
builtin_mcp.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
caldav_sync.py
fix: validate_caldav_url crashes with TypeError on a non-string URL (#1608)
2026-06-03 08:35:16 +09:00
caldav_writeback.py
Decrypt CalDAV password before write-back (#1731)
2026-06-03 11:36:12 +09:00
chat_handler.py
Use LM Studio-reported vision capability for image passthrough (#1130)
2026-06-02 23:01:04 +09:00
chat_helpers.py
fix(vision): recognize Gemma 4 and Phi-4 as vision-capable models (#1704)
2026-06-03 13:36:50 +09:00
chat_processor.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
chroma_client.py
fix: ChromaDB unreachable blocks app startup for 30-60s (#326) (#476)
2026-06-01 22:22:41 +09:00
cleanup_service.py
Replace cleanup service datetime.utcnow calls (#1494)
2026-06-03 14:14:27 +09:00
config.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
constants.py
Align SearXNG fallback URL
2026-06-01 10:50:07 +09:00
context_budget.py
feat: adapt agent_input_token_budget to the model context window (#1170) (#1230)
2026-06-03 00:13:53 +09:00
context_compactor.py
fix: context_compactor token helpers crash on non-string message text (#1634)
2026-06-03 14:12:14 +09:00
database.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
deep_research.py
fix: deep research runs the prompt's example queries when the model echoes them (#1666)
2026-06-03 14:23:07 +09:00
document_actions.py
fix: document tidy crashes on a duplicate with NULL timestamps (#1772)
2026-06-03 13:23:01 +09:00
document_processor.py
Cap inline attachment context across files (#1498)
2026-06-03 14:23:43 +09:00
email_thread_parser.py
Ignore non-string email thread bodies (#1654)
2026-06-03 14:06:31 +09:00
embeddings.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
endpoint_resolver.py
Harden session endpoint owner scope (#1308)
2026-06-03 02:40:22 +09:00
event_bus.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
exceptions.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
goal_based_extractor.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
integrations.py
Ignore invalid integration rows (#1404)
2026-06-03 14:07:11 +09:00
llm_core.py
fix: recognize Gemma 4 as a thinking model and add context entry (#1642)
2026-06-03 14:23:18 +09:00
markitdown_runtime.py
fix: is_markitdown_format crashes on a non-string path (#1618)
2026-06-03 09:00:10 +09:00
mcp_manager.py
fix: close AsyncExitStack on MCP init/tool-discovery failure (#1493)
2026-06-03 14:23:46 +09:00
memory_vector.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
memory.py
fix: memory entry validation crashes on a non-dict row from memory.json (#1691)
2026-06-03 13:38:02 +09:00
model_context.py
fix: recognize Gemma 4 as a thinking model and add context entry (#1642)
2026-06-03 14:23:18 +09:00
model_discovery.py
Reject invalid Tailscale discovery JSON (#1556)
2026-06-03 14:11:31 +09:00
pdf_form_doc.py
fix(forms): keep PDF-form export from dropping values when the label has '*' (#1407)
2026-06-03 14:24:07 +09:00
pdf_forms.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
pdf_runtime.py
Show a clear message when PyMuPDF is missing
2026-06-01 18:27:17 +09:00
personal_docs.py
Skip malformed personal keyword index rows
2026-06-03 13:42:05 +09:00
preset_manager.py
Fall back from invalid preset stores (#1402)
2026-06-03 14:12:31 +09:00
prompt_security.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
rag_manager.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
rag_singleton.py
Re-enable VectorRAG init with lazy retry
2026-06-01 14:32:13 +09:00
rag_vector.py
fix: RAG keyword fallback leaked owner-less documents across users (#1722)
2026-06-03 13:31:33 +09:00
rate_limiter.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
readiness.py
feat: add /api/ready readiness probe (DB, data dir, local-first) (#1200)
2026-06-02 23:33:22 +09:00
request_models.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
research_handler.py
fix: research source extraction crashes on a non-dict finding (#1714)
2026-06-03 13:34:40 +09:00
research_utils.py
Treat non-string research summaries as low quality
2026-06-03 13:42:24 +09:00
secret_storage.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
session_actions.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
settings_scrub.py
Ignore non-object settings scrub inputs (#1645)
2026-06-03 14:11:05 +09:00
settings.py
fix(settings): catch PermissionError in load_settings + error-path tests (#1570)
2026-06-03 14:23:27 +09:00
task_endpoint.py
Harden session endpoint owner scope (#1308)
2026-06-03 02:40:22 +09:00
task_scheduler.py
fix: monthly tasks scheduled for day 29-31 skip every short month (#1668)
2026-06-03 14:23:01 +09:00
teacher_escalation.py
fix: evaluate_turn_regex crashes on a non-string agent_reply (#1723)
2026-06-03 13:31:26 +09:00
text_helpers.py
fix: _strip_reasoning_prose discards the answer when reasoning trails it (#1643)
2026-06-03 14:23:15 +09:00
tool_execution.py
fix(tools): strict path confinement with sensitive-subpath deny list (#1072)
2026-06-02 23:13:30 +09:00
tool_implementations.py
fix: updating a calendar event ignores user timezone and shifts the time (#1695)
2026-06-03 13:37:39 +09:00
tool_index.py
Don't force-include the email toolset on every "tell me" query (#1707) (#1735)
2026-06-03 13:33:43 +09:00
tool_parsing.py
fix: tool-block parsing crashes on a non-string input (#1628)
2026-06-03 08:59:42 +09:00
tool_schemas.py
fix(agent): coerce non-object tool-call arguments instead of crashing (#1370)
2026-06-03 14:14:37 +09:00
tool_security.py
fix: is_public_blocked_tool crashes on a truthy non-string tool name (#1620)
2026-06-03 14:11:14 +09:00
topic_analyzer.py
Topics: hydrate session history before analysis
2026-06-02 20:44:27 +09:00
upload_handler.py
fix: uploads with _ or - in the extension become permanently unreadable (#1756)
2026-06-03 13:28:45 +09:00
url_safety.py
fix: check_outbound_url crashes on a truthy non-string URL (#1623)
2026-06-03 08:59:49 +09:00
url_security.py
Harden API-token chat endpoint selection
2026-06-03 13:05:13 +01:00
visual_report.py
fix: visual report drops photos whose URL slug contains icon or logo (#1685)
2026-06-03 14:22:45 +09:00
webhook_manager.py
Replace webhook manager datetime.utcnow calls (#1499)
2026-06-03 14:14:23 +09:00
youtube_handler.py
fix: youtube transcript formatter crashes on a non-dict segment (#1745)
2026-06-03 13:29:08 +09:00