Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-18 02:35:23 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
3abb73520058bf3c67b6fc5acb8a397716afb1a4
odysseus/src
T
History
Wes Huber 3abb735200 fix(security): scope send_to_session agent tool by owner (#1757) 
send_to_session was the only agent tool that didn't check session
ownership — an agent acting for user A could read from and write
into user B's session on a multi-user instance.

Add owner parameter and reject access when the target session
belongs to a different user, matching the pattern used by
create_session, list_sessions, and manage_session.

Fixes #1616

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-06-03 13:24:08 +09:00
..
search
fix: research query misclassifies 'whatsapp'/'however' as questions (#1247)
2026-06-03 01:10:06 +09:00
action_intents.py
Route calendar action requests to tools
2026-06-01 14:32:41 +09:00
agent_loop.py
fix(agent): stop sending tool schemas to native Ollama endpoints (#1765)
2026-06-03 13:23:42 +09:00
agent_runs.py
Handle incomplete detached agent streams
2026-06-01 16:54:11 +09:00
agent_tools.py
Add SSRF-guarded web fetch agent tool
2026-06-01 16:57:28 +09:00
ai_interaction.py
fix(security): scope send_to_session agent tool by owner (#1757)
2026-06-03 13:24:08 +09:00
api_key_manager.py
fix: APIKeyManager.load crashes app startup on a corrupt/wrong-shape api_keys.json (#1565)
2026-06-03 08:11:37 +09:00
app_helpers.py
fix: inside_base_dir raises TypeError on a non-string path instead of failing closed (#1619)
2026-06-03 09:00:04 +09:00
app_initializer.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
assistant_log.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
auth_helpers.py
Attribute API-token sessions to the token owner (effective_user) (#871)
2026-06-02 11:39:01 +09:00
bg_jobs.py
chore: use explicit utf-8 for shell job files (#820)
2026-06-02 11:12:13 +09:00
bg_monitor.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
builtin_actions.py
fix: signature learning never skips support@/info@/admin@ senders (#1773)
2026-06-03 13:22:52 +09:00
builtin_mcp.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
caldav_sync.py
fix: validate_caldav_url crashes with TypeError on a non-string URL (#1608)
2026-06-03 08:35:16 +09:00
caldav_writeback.py
Decrypt CalDAV password before write-back (#1731)
2026-06-03 11:36:12 +09:00
chat_handler.py
Use LM Studio-reported vision capability for image passthrough (#1130)
2026-06-02 23:01:04 +09:00
chat_helpers.py
Recognize gemma3/llama4/mistral-small3.1+/multimodal as vision models (#1430)
2026-06-03 04:17:40 +09:00
chat_processor.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
chroma_client.py
fix: ChromaDB unreachable blocks app startup for 30-60s (#326) (#476)
2026-06-01 22:22:41 +09:00
cleanup_service.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
config.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
constants.py
Align SearXNG fallback URL
2026-06-01 10:50:07 +09:00
context_budget.py
feat: adapt agent_input_token_budget to the model context window (#1170) (#1230)
2026-06-03 00:13:53 +09:00
context_compactor.py
Preserve system messages during context compaction
2026-06-01 23:10:58 +09:00
database.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
deep_research.py
Don't lose deep-research findings when synthesis times out (#1551) (#1562)
2026-06-03 08:11:44 +09:00
document_actions.py
fix: document tidy crashes on a duplicate with NULL timestamps (#1772)
2026-06-03 13:23:01 +09:00
document_processor.py
Documents: strip PDF marker without corrupting text
2026-06-02 20:35:27 +09:00
email_thread_parser.py
Email: recognize forwarded message dividers
2026-06-02 20:32:56 +09:00
embeddings.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
endpoint_resolver.py
Harden session endpoint owner scope (#1308)
2026-06-03 02:40:22 +09:00
event_bus.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
exceptions.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
goal_based_extractor.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
integrations.py
Secure by default uplift (#511)
2026-06-01 22:30:07 +09:00
llm_core.py
fix: surface reasoning_content when content is empty (thinking models) (#1233)
2026-06-03 01:41:24 +09:00
markitdown_runtime.py
fix: is_markitdown_format crashes on a non-string path (#1618)
2026-06-03 09:00:10 +09:00
mcp_manager.py
fix(mcp): invalidate tool prompt cache on connect/disconnect/error (#1235)
2026-06-03 00:49:29 +09:00
memory_vector.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
memory.py
Fix AttributeError on bullet lines in extract_memory_from_chat (#873)
2026-06-02 11:46:06 +09:00
model_context.py
Models: prefer longest known context match
2026-06-02 20:33:09 +09:00
model_discovery.py
Discover LM Studio via host/port scanning and native-API fingerprint (#1126)
2026-06-02 23:04:58 +09:00
pdf_form_doc.py
Harden PDF document markers against cross-owner upload access (#445)
2026-06-01 22:38:14 +09:00
pdf_forms.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
pdf_runtime.py
Show a clear message when PyMuPDF is missing
2026-06-01 18:27:17 +09:00
personal_docs.py
fix: split_chunks emits a duplicate trailing chunk for text over size-overlap (#1573)
2026-06-03 08:57:54 +09:00
preset_manager.py
Presets: fill missing built-in defaults on load
2026-06-02 20:32:08 +09:00
prompt_security.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
rag_manager.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
rag_singleton.py
Re-enable VectorRAG init with lazy retry
2026-06-01 14:32:13 +09:00
rag_vector.py
Owner-scope RAG doc ids so identical chunks across users don't collide (#1738, #1760)
2026-06-03 11:36:31 +09:00
rate_limiter.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
readiness.py
feat: add /api/ready readiness probe (DB, data dir, local-first) (#1200)
2026-06-02 23:33:22 +09:00
request_models.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
research_handler.py
Inject current date into deep research planning and query prompts (#1347)
2026-06-03 03:00:52 +09:00
research_utils.py
fix: deep research discards valid sources mentioning cookies/copyright (#481)
2026-06-01 22:26:37 +09:00
secret_storage.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
session_actions.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
settings_scrub.py
Deep-scrub secrets from public settings
2026-06-01 23:11:50 +09:00
settings.py
Fall back from invalid settings stores (#1416)
2026-06-03 03:53:05 +09:00
task_endpoint.py
Harden session endpoint owner scope (#1308)
2026-06-03 02:40:22 +09:00
task_scheduler.py
fix: once-schedule comparison uses local time against UTC date (#1349)
2026-06-03 03:07:00 +09:00
teacher_escalation.py
fix: _extract_skill_json crashes on a truthy non-string teacher response (#1630)
2026-06-03 08:59:36 +09:00
text_helpers.py
Text: strip dangling think blocks after visible text
2026-06-02 20:36:37 +09:00
tool_execution.py
fix(tools): strict path confinement with sensitive-subpath deny list (#1072)
2026-06-02 23:13:30 +09:00
tool_implementations.py
Close app_api blocklist gap for bare /api/tokens and /api/users
2026-06-03 11:20:39 +09:00
tool_index.py
Polish email and cookbook flows
2026-06-02 22:42:07 +09:00
tool_parsing.py
fix: tool-block parsing crashes on a non-string input (#1628)
2026-06-03 08:59:42 +09:00
tool_schemas.py
fix: RRULE added to schema (#1322)
2026-06-03 02:47:14 +09:00
tool_security.py
Tools: restrict app_api and serve_preset to admins
2026-06-02 20:29:47 +09:00
topic_analyzer.py
Topics: hydrate session history before analysis
2026-06-02 20:44:27 +09:00
upload_handler.py
Fix multi-file uploads tripping the per-IP concurrency guard (#1346) (#1362)
2026-06-03 04:04:19 +09:00
url_safety.py
fix: check_outbound_url crashes on a truthy non-string URL (#1623)
2026-06-03 08:59:49 +09:00
visual_report.py
Fix visual report chapter navigation (#505)
2026-06-01 22:26:13 +09:00
webhook_manager.py
Webhook: block IPv6 SSRF bypasses
2026-06-02 20:28:12 +09:00
youtube_handler.py
YouTube: enforce comment fetch timeout while waiting
2026-06-02 20:44:24 +09:00