Nicolas Cantu
255acbaf97
Initial state: - claw-harness-proxy accepted absolute-form / scheme-relative request targets, allowing proxying to arbitrary hosts. - claw-harness-proxy forwarded client Authorization headers upstream. - @4nk/smart-ide-http-utils did not provide helpers for Node http.request-based proxies. - docs/repo/ia-dev-smart-ide-integration.md still documented the old IA_DEV_ROOT default resolution order. Motivation: - Ensure safe proxy behavior for every HTTP relay in the monorepo. - Keep the IA_DEV_ROOT contract consistent across code and docs. Resolution: - Extend @4nk/smart-ide-http-utils with copyOutgoingHeadersForProxy() for http.request. - Harden claw-harness-proxy: reject absolute URLs and '//' targets, validate safe proxy paths, avoid forwarding Authorization, and avoid leaking internal error details. - Align ia-dev-smart-ide-integration doc default order to ./services/ia_dev then ./ia_dev. Root cause: - Proxy implementation treated req.url as a URL to be resolved and allowed absolute inputs. - Cross-proxy utilities were only implemented for fetch-based proxies. Impacted features: - claw-harness-proxy HTTP forwarding. - shared HTTP utility package. - IA_DEV_ROOT documentation. Code modified: - packages/smart-ide-http-utils/src/* + dist/* - services/claw-harness-api/proxy/src/server.ts Documentation modified: - docs/repo/ia-dev-smart-ide-integration.md - CHANGELOG.md Configurations modified: - services/claw-harness-api/proxy/package.json Files in deploy modified: - None Files in logs impacted: - None Databases and other sources modified: - None Off-project modifications: - None Files in .smartIde modified: - None Files in .secrets modified: - None New patch version in VERSION: - 0.0.7 CHANGELOG.md updated: - yes
42 lines
1.9 KiB
Markdown
42 lines
1.9 KiB
Markdown
# Changelog
|
|
|
|
## 0.0.7 - 2026-04-04
|
|
|
|
### Changed
|
|
|
|
- `@4nk/smart-ide-http-utils`: add `copyOutgoingHeadersForProxy()` for Node `http.request` proxies.
|
|
- `claw-harness-proxy`: validate request-target to prevent SSRF (reject absolute URLs and `//`), reuse safe proxy path checks and avoid forwarding client `Authorization`.
|
|
- Docs: align default `IA_DEV_ROOT` resolution order (`./services/ia_dev` then `./ia_dev`).
|
|
|
|
## 0.0.6 - 2026-04-04
|
|
|
|
### Added
|
|
|
|
- `@4nk/smart-ide-http-utils`: shared HTTP proxy helpers (Bearer/body limit/hop-by-hop headers/safe proxy paths).
|
|
|
|
### Changed
|
|
|
|
- `smart-ide-sso-gateway` and `smart-ide-global-api`: reuse shared HTTP helpers (reduces duplication).
|
|
- `IA_DEV_ROOT` resolution: prefer `./services/ia_dev` then `./ia_dev` (code + docs); fail fast if missing in `ia-dev-gateway`.
|
|
- `scripts/ensure-ia-dev-project-link.sh`: prefer `services/ia_dev` when both layouts exist.
|
|
|
|
## 0.0.5 - 2026-04-04
|
|
|
|
### Added
|
|
|
|
- `scripts/remote-data-ssh-sync.sh`: mirror deployed data over SSH into `.data/remote-data/` and optionally ingest into AnythingLLM.
|
|
- AnythingLLM sync enhancements: `--upload-all` + `--upload-prefix` modes for non-git directory ingestion.
|
|
- `site-generate` ia_dev tool + gateway runner to scaffold Vite/React sites with OIDC + Smart IDE chat (via sso-gateway → orchestrator).
|
|
- Documentation: remote data SSH sync, E2E browser (Carbonyl manual mode).
|
|
|
|
### Changed
|
|
|
|
- Canonical `ia_dev` module location: `services/ia_dev/` (with `IA_DEV_ROOT` resolution); docs and integration updated accordingly.
|
|
- SSO gateway: upstream allowlist support via `SSO_ALLOWED_UPSTREAMS`.
|
|
- Global API: explicit `503` when an upstream requires a token but the token is not configured.
|
|
- `install-anythingllm-post-merge-hook.sh`: supports `--all` and `--project <id>` based on `projects/<id>/conf.json`.
|
|
|
|
### Fixed
|
|
|
|
- `cron/git-pull-project-clones.sh`: error propagation and summary exit code for failed pulls.
|