Sulkta-Coop/clawdforge
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdforge/clients
History
Kayos 3c77ef523e clients/kotlin: apply audit findings — per-call HTTP timeout + token redaction (cc54cfb → next) 
MEDIUM:
- B1: per-call HTTP timeout on /run via Ktor request-scoped timeout block — RunRequest.timeoutSecs > defaultTimeout no longer HTTP-disconnects

LOW:
- L3: AppToken.toString() redacts plaintext token (preserves null distinguishability)
- L4: uploadFile validates filename has no control chars; typed IllegalArgumentException upfront
- L5: RunResult.resultAsObjectOrNull / resultAsTextOrNull added (matched KDoc claim)
- L1/L2: KDoc + README docs for symlink-follow + TOCTOU on uploadFile

Dep:
- ktor 2.3.12 → 2.3.13 — clears CVE-2024-49580 (HttpCache, plugin not used) by version-range

Tests added: runHttpTimeoutHonorsPerCallTimeoutSecs, appTokenToStringRedactsTokenWhenSet (+ null preserve), uploadFileRejectsControlCharFilename, runResultAsObjectOrNull/AsTextOrNull, revokeTokenEmptyName, closeIdempotent.

Audit: memory/clawdforge-audits/kotlin-cc54cfb.md
2026-04-28 23:33:08 -07:00
..
bash clients/bash: apply audit findings — security hardening + correctness fixes (347fdde → new) 2026-04-28 23:09:06 -07:00
c clients/c: apply audit findings — security + CVE bump (a69e924 → new) 2026-04-28 23:25:22 -07:00
cpp clients/cpp: initial C++ SDK for clawdforge 2026-04-28 23:02:51 -07:00
csharp clients/csharp: apply audit findings — JSON depth caps + stream lifecycle (09aca58 → new) 2026-04-28 23:22:58 -07:00
go clients/go: apply audit findings — fmt + doc + test coverage (3c62613 → new) 2026-04-28 23:08:46 -07:00
java clients/java: apply audit findings — true streaming upload + token redaction (0d3ee26 → next) 2026-04-28 23:20:45 -07:00
kotlin clients/kotlin: apply audit findings — per-call HTTP timeout + token redaction (cc54cfb → next) 2026-04-28 23:33:08 -07:00
mcp clients/mcp: apply audit findings — release-blocker fix on upload (093021c → new) 2026-04-28 23:10:33 -07:00
php clients/php: apply audit findings — token redaction + uploadStream + tests (1cff9b8 → next) 2026-04-28 23:12:34 -07:00
python clients/python: apply audit findings (90e158f → next) 2026-04-28 23:07:38 -07:00
ruby clients/ruby: apply audit findings (b1d6e3f -> new) 2026-04-28 23:07:49 -07:00
rust clients/rust: apply audit findings — UTF-8 panic + Debug redaction + path-traversal (062d405 → next) 2026-04-28 23:26:22 -07:00
swift clients/swift: apply audit findings — multipart fix + token redaction (e4e8192 → HEAD) 2026-04-28 23:12:17 -07:00
typescript clients/typescript: apply audit findings — uploadFile streaming + metadata + validation (15de6e7cc54cfb) 2026-04-28 23:12:27 -07:00