Full deployment history for this project.
🛡️ Sentinel: [security improvement] Replace Math.random with crypto.randomUUID for IDs Severity: LOW/MEDIUM (Defense in depth) Vulnerability: Math.random() was used for generating request IDs and session IDs. Impact: Math.random() is a predictable PRNG. While not an immediate exploit, predictable IDs can lead to session collision, tracking bypasses, or minor spoofing. Fix: Replaced Math.random() implementations with `crypto.randomUUID()` and existing `generateRequestId()` utilities which use secure crypto APIs. Verification: Ran tests to ensure backwards compatibility with test trace ID patterns and that API endpoints still function and build. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [MEDIUM] Fix weak PRNG for ID generation Replaced insecure `Math.random()` based PRNGs with cryptographically secure Web Crypto API implementations for generating identifiers. Files modified: - `app/api/v1/mcp/route.ts`: Used `@/lib/utils/generateRequestId()` instead of inline generation. - `lib/openclaw/workspace.ts`: Used `crypto.randomUUID()` instead of `Math.random()` for session IDs. - `.jules/sentinel.md`: Appended learnings. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix XSS vulnerability in JSON-LD Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [CRITICAL] Fix insecure random ID generation using Math.random() Replaced insecure and predictable `Math.random()` with `crypto.randomUUID()` to generate critical identifiers like `requestId` and `session_id`. Truncation was deliberately avoided to ensure adequate entropy. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix XSS vulnerability in JSON-LD injection Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat(network): add aria-labels to interactive elements on site cards Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix insecure PRNG in identifier generation Replaced insecure `Math.random()` with `crypto.randomUUID()` for generating `requestId` in MCP route and `session_id` in workspace manager to prevent prediction attacks. Use `generateRequestId()` utility where appropriate. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: [UX improvement] Add ARIA labels to Network SiteCards Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [security improvement] Use CSPRNG for IDs Replaced insecure Math.random() with crypto.randomUUID() for generating request and session IDs in MCP route and OpenClaw workspace. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: [UX improvement] Add ARIA label to mobile menu button Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge branch 'main' into feat/sdk-network-subdomains-trace-e2e-4589933294624598634
Merge pull request #77 from mbarbine/sentinel/fix-auth-bypass-workspace-api-6193591979976649339 🛡️ Sentinel: [CRITICAL] Fix authentication bypass
Merge branch 'main' into sentinel/fix-auth-bypass-workspace-api-6193591979976649339
Merge pull request #74 from mbarbine/jules-12184955572989184762-ef1ee8a9 ⚡ Bolt: [performance improvement] Optimize network page iterations
Merge branch 'main' into jules-12184955572989184762-ef1ee8a9
Merge pull request #76 from mbarbine/enhance-sdk-domains-and-trace-tests-9544617499563528658 Enhance SDK domains and add E2E trace tests
Merge pull request #72 from mbarbine/fix-structured-logging-integrations-7470166634932178002
Merge pull request #71 from mbarbine/perf-optimize-network-manifest-generation-6620313263493629715
Merge pull request #70 from mbarbine/feat/platphorm-schemas-3180229864203210764 feat: Add PlatPhorm Universal Schema Pack
Merge pull request #69 from mbarbine/jules-18263221997887829678-8331cb38 feat(discovery): add .well-known/ai-plugin.json and comprehensive test coverage
Merge pull request #68 from mbarbine/bolt-network-graph-optimizations-17897300870484525113 ⚡ Bolt: Optimize Network Graph array traversals to O(N)