Skip to content

Merge dev: security fixes, MCP fixes, and bug fixes#89

Merged
DavidJBianco merged 13 commits into
mainfrom
dev
Apr 27, 2026
Merged

Merge dev: security fixes, MCP fixes, and bug fixes#89
DavidJBianco merged 13 commits into
mainfrom
dev

Conversation

@DavidJBianco

Copy link
Copy Markdown
Collaborator

Summary

  • Security: mitigate local context disclosure in Streamlit sessions, block internal targets in URL validity evaluator
  • MCP fixes: auth header failure signaling, hypothesis local data/context passing, data discovery state reset
  • Bug fixes: mutable defaults, double-wrap in refiner, stdio timeout config handling, Makefile docker tag sanitization, agent callback logging made opt-in, Streamlit file logging disabled by default

Test plan

  • Verify Streamlit sessions no longer expose local context
  • Confirm MCP auth header failures signal correctly
  • Test hypothesis refiner with local data and context
  • Verify container builds and pushes successfully to ghcr.io/cisco-talos/peak-assistant:latest after merge

🤖 Generated with Claude Code

DavidJBianco and others added 13 commits April 23, 2026 09:23
Changes the debug_agents default from True to False in peak_assistant_chat()
so prompt/response content is not written to msgs.txt/results.txt on every
Streamlit interaction. No callers pass debug_agents explicitly, so the
default change covers all UI paths.

Supersedes PR #72.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The inner try/except in refiner() was printing to stdout (garbling
parseable output) and re-raising as a generic Exception, discarding
the original type. Remove it so exceptions propagate with their native
type and traceback intact.

Add a single exception handler at the CLI boundary in main() that
prints a concise message to stderr, shows the full traceback with
--verbose, and exits with code 1.

Supersedes PR #77.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Returns None (not {}) from _get_auth_headers on auth failure so
_connect_http_server correctly rejects unauthenticated connections.

Supersedes PR #74, closes PR #71.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Initializes local_context to empty string instead of reading from disk
to prevent sensitive server-side data reaching external LLM providers.

Supersedes PR #76, closes PR #75.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DavidJBianco DavidJBianco merged commit d761ed4 into main Apr 27, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant