mirror of
https://github.com/samvallad33/vestige.git
synced 2026-07-02 22:01:01 +02:00
Second swarm pass (complete every-line sweep), verified against real code (38/101 confirmed real; 63 false positives excluded). This commit lands the main-compatible subset: - redmine SSRF guard: rewrite host check to use host_str()+std::net::IpAddr instead of the `url` crate (url is not a direct dep of vestige-core on main; the previous form only compiled on the feature branch). Same protection: blocks localhost + loopback/private/link-local/unspecified IPs. - bin/restore: guard wrapper[0] index (empty backup array would panic) - bin/cli: char-boundary-safe node.id truncation (2 byte-slice panics); XML-escape the model/home strings before launchd plist substitution - prospective_memory: Duration::try_hours/try_days (panic on out-of-range user config); case-insensitive " at " split now uses the lowercased index so the contains() check and the split agree core 477/0, mcp builds, clippy clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| vestige-core | ||
| vestige-mcp | ||