fix(security): Gemini API key header + Mutex safety + Agent validation
Some checks failed
CI / Build Frontend (push) Has been cancelled
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
Some checks failed
CI / Build Frontend (push) Has been cancelled
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
M1-01: Move Gemini API key from URL query param to x-goog-api-key header,
preventing key leakage in logs/proxy/telemetry (matches Anthropic/OpenAI pattern)
M1-03/M1-04: Replace Mutex .unwrap() with .unwrap_or_else(|e| e.into_inner())
in MemoryMiddleware and LoopGuardMiddleware — recovers from poison
instead of panicking async runtime
M2-08: Add input validation to agent_create — reject empty names,
out-of-range temperature (0-2), and zero max_tokens
M11-06: Replace Date.now() message ID with crypto.randomUUID()
to prevent collisions in classroom chat
This commit is contained in:
iven
@@ -173,7 +173,7 @@ export const useClassroomStore = create<ClassroomStore>()((set, get) => ({
|
||||
|
||||
// Create a local user message for display
|
||||
const userMsg: ClassroomChatMessage = {
|
||||
id: `user-${Date.now()}`,
|
||||
id: `user-${crypto.randomUUID()}`,
|
||||
agentId: 'user',
|
||||
agentName: '你',
|
||||
agentAvatar: '👤',
|
||||
|
||||
Reference in New Issue
Block a user