smart-support

Files

Yaojia Wang a2f750269d fix: address critical security and code review findings in Phase 3

- Wire ImportOrchestrator into review_api start_import via BackgroundTasks
- Sanitize docstrings in generated tool code to prevent code injection
- Add Literal["read", "write"] validation for access_type
- Add regex validation for agent_group
- Validate URL scheme (http/https only) in ImportRequest
- Validate LLM output fields (clamp confidence, validate access_type)
- Use dataclasses.replace instead of manual reconstruction in importer
- Expand SSRF blocked networks (Carrier-Grade NAT, IPv4-mapped IPv6, etc.)
- Make _BLOCKED_NETWORKS immutable tuple
- Use yaml.safe_dump instead of yaml.dump
- Fix _to_snake_case for empty strings and Python keywords

2026-03-31 00:28:28 +02:00

__init__.py

feat: complete phase 3 -- OpenAPI auto-discovery, SSRF protection, tool generation

2026-03-31 00:10:44 +02:00

classifier.py

fix: address critical security and code review findings in Phase 3

2026-03-31 00:28:28 +02:00

fetcher.py

feat: complete phase 3 -- OpenAPI auto-discovery, SSRF protection, tool generation

2026-03-31 00:10:44 +02:00

generator.py

fix: address critical security and code review findings in Phase 3