Hongming Wang c02cb0e1b6 review: defer forward-time URL re-validation to follow-up (#2316) ...

Self-review found the original draft of this PR added forward-time
validateAgentURL() as defense-in-depth — paranoia layer on top of the
existing register-time gate. The validator unconditionally blocks
loopback (127.0.0.1/8), which makes httptest-based proxy tests
impossible without an env-var hatch I'd rather not add to a security-
critical path on first pass.

Trust note kept inline pointing at the upstream gate + tracking issue
so the gap is explicit, not invisible.

Refs #2312.

2026-04-29 14:33:41 -07:00

..

cmd/server

feat(runtime): native_scheduler skip — primitive #3 of 6

2026-04-26 22:47:00 -07:00

internal

review: defer forward-time URL re-validation to follow-up (#2316)

2026-04-29 14:33:41 -07:00

migrations

feat(wsauth): platform→workspace inbound secret (RFC #2312, PR-A)

2026-04-29 14:09:33 -07:00

pkg/provisionhook

feat(#1957): wire gh-identity plugin into workspace-server

2026-04-24 15:01:41 +00:00

.ci-force

chore: force Platform(Go) CI run on main — validate go vet clean

2026-04-21 15:43:19 +00:00

.gitignore

feat(ws-server): pull env from CP on startup

2026-04-19 02:41:15 -07:00

.golangci.yaml

chore(workspace-server): add golangci.yaml disabling errcheck

2026-04-24 07:16:54 +00:00

Dockerfile

chore: extract ContextMenu Zustand fix + a2a_proxy local-docker SSRF bypass + workspace-server Dockerfile GID entrypoint

2026-04-22 20:00:16 -07:00

Dockerfile.tenant

feat(terminal): remote path via aws ec2-instance-connect + pty

2026-04-21 18:13:29 -07:00

entrypoint-tenant.sh

fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155)

2026-04-20 23:51:33 +00:00

go.mod

chore(deps): batch dep bumps — 11 safe upgrades from 2026-04-28 dependabot wave

2026-04-28 16:25:46 -07:00

go.sum

chore(deps): batch dep bumps — 11 safe upgrades from 2026-04-28 dependabot wave

2026-04-28 16:25:46 -07:00