Fix all 7 issues identified in the ChatGPT audit of transformation work: 1. Android build break: Remove duplicate normalizeMainKey/isCanonicalMainSessionKey from NodeGatewaySync.kt (they're already in SessionKey.kt). Align both Android and iOS implementations to use "main" as canonical (case-insensitive match). 2. Rate limiting: Wire rateLimiter through GatewayRequestContext and enforce: - Auth failure backoff (recordAuthFailure on auth failure, clearAuthFailure on success) - Request rate limiting before handleGatewayRequest - Channel message rate limiting in send handler - Add TOO_MANY_REQUESTS error code 3. Injection defenses: Call sanitizeIncomingMessage in chat.send and chat.inject handlers to detect prompt injection attempts. 4. RBAC enforcement: Add canAccessAgent check in chat.send handler and canExecuteCommand check in node-host runner for exec commands. 5. WhatsApp encrypted backup restore: Update maybeRestoreCredsFromBackup to handle encrypted backup files (.bak.enc -> .json.enc restoration). 6. Exec blocklist bypass: Add evaluateBlocklist check in argv-only code path in runner.ts (previously only checked for rawCommand path). 7. iOS voice transcript: Fix line 329 in NodeAppModel.swift to use computed 'key' variable instead of original 'sessionKey' parameter. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
14 lines
469 B
Swift
14 lines
469 B
Swift
import Foundation
|
|
|
|
enum SessionKey {
|
|
static func normalizeMainKey(_ raw: String?) -> String {
|
|
let trimmed = (raw ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
|
|
return trimmed.isEmpty ? "main" : trimmed
|
|
}
|
|
|
|
static func isCanonicalMainSessionKey(_ value: String?) -> Bool {
|
|
let trimmed = (value ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
|
|
return trimmed.caseInsensitiveCompare("main") == .orderedSame
|
|
}
|
|
}
|