security: v1.7.7 hardening release
- Add WEBHOOK_CLIENT_SECRET validation for Graph webhooks - Add Redis-backed rate limiting (fetch/ask/write/default tiers) - Validate LLM_BASE_URL to prevent SSRF (HTTPS only, block private IPs) - Enforce non-wildcard CORS when AUTH_ENABLED=true - Add Content-Security-Policy headers - Fix audit middleware to use verified JWT claims via contextvars - Cap bulk_tags updates to 10,000 documents - Return generic error messages to clients (no internal detail leakage) - Strict AlertCondition Pydantic model for alert rules - Security warning on MCP stdio server startup - Remove MongoDB/Redis host ports from docker-compose - Remove mongo_query from /ask API response
This commit is contained in:
@@ -63,12 +63,18 @@ class CommentAddRequest(BaseModel):
|
||||
text: str
|
||||
|
||||
|
||||
class AlertCondition(BaseModel):
|
||||
field: str
|
||||
op: str # eq, neq, contains, in, after_hours
|
||||
value: str | list[str] | None = None
|
||||
|
||||
|
||||
class AlertRuleResponse(BaseModel):
|
||||
id: str | None = None
|
||||
name: str
|
||||
enabled: bool
|
||||
severity: str
|
||||
conditions: list[dict]
|
||||
conditions: list[AlertCondition]
|
||||
message: str
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user