Add validation for cron/date/interval schedule values#8
Closed
Add validation for cron/date/interval schedule values#8
Conversation
Wrap CronExpressionParser.parse() calls with try/catch to prevent uncaught exceptions from crashing MCP tool handlers or scheduler loop. - Add validateSchedule() utility with proper error messages - Validate schedules in MCP schedule_task tool with immediate feedback - Add defensive validation in processTaskIpc and runTask - Return helpful error messages to guide agents to correct invalid input https://claude.ai/code/session_01PbwW7S6CizrkcwsG1oyWrt
Collaborator
Author
|
Conflicts with merged changes to index.ts and task-scheduler.ts. The validation utilities and approach are still valuable and should be re-applied to the current codebase. |
gavrielc
added a commit
that referenced
this pull request
Feb 1, 2026
…alidation - PR #10: Add sentinel markers for robust JSON parsing between container and host. Fallback to last-line parsing for backwards compatibility. - PR #5: Look up target JID from registeredGroups instead of trusting IPC payload, fixing cross-group scheduled tasks getting wrong chat_jid. - PR #8: Add lightweight schedule validation in container MCP that returns errors to agents (cron syntax, positive interval, valid ISO timestamp). Also defensive validation on host side. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
deverman
pushed a commit
to deverman/nanoclawswift
that referenced
this pull request
Feb 2, 2026
…alidation - PR qwibitai#10: Add sentinel markers for robust JSON parsing between container and host. Fallback to last-line parsing for backwards compatibility. - PR qwibitai#5: Look up target JID from registeredGroups instead of trusting IPC payload, fixing cross-group scheduled tasks getting wrong chat_jid. - PR qwibitai#8: Add lightweight schedule validation in container MCP that returns errors to agents (cron syntax, positive interval, valid ISO timestamp). Also defensive validation on host side. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rlin1027
added a commit
to Rlin1027/NanoGemClaw
that referenced
this pull request
Feb 6, 2026
New functions: splitMessageIntelligently() and findSplitPoint() Split priority (best to worst): 1. After code block closing (```) 2. After paragraph break (double newline) 3. After single newline 4. After sentence (. ! ? 。 ! ?) 5. After word boundary (space) 6. Hard cut at max length (last resort) Benefits: - No more broken code blocks or sentences - Supports both English and Chinese punctuation - Minimum split position thresholds prevent tiny chunks - Logs chunk count for debugging
tunmaker
pushed a commit
to tunmaker/nanoclaw
that referenced
this pull request
Feb 24, 2026
…alidation - PR qwibitai#10: Add sentinel markers for robust JSON parsing between container and host. Fallback to last-line parsing for backwards compatibility. - PR qwibitai#5: Look up target JID from registeredGroups instead of trusting IPC payload, fixing cross-group scheduled tasks getting wrong chat_jid. - PR qwibitai#8: Add lightweight schedule validation in container MCP that returns errors to agents (cron syntax, positive interval, valid ISO timestamp). Also defensive validation on host side. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
asantopietro
added a commit
to asantopietro/nanoclaw
that referenced
this pull request
Mar 1, 2026
## Summary - Validates act_runner functionality after Gitea 1.22 → 1.24.7 upgrade - Test change to skill PR check workflow echo statement ## Test plan - [x] Skill PR Check workflow triggers on this PR - [x] act_runner picks up and executes the job - [x] Job completes successfully Reviewed-on: https://gitea.cluster.lab1.lan/asantopietro/nanoclaw/pulls/9 Co-authored-by: Tony Santopietro <asantopietro@gmail.com> Co-committed-by: Tony Santopietro <asantopietro@gmail.com>
blaykeelder1-commits
pushed a commit
to blaykeelder1-commits/nanoclaw
that referenced
this pull request
Mar 2, 2026
- qwibitai#5: Add 10s minimum cooldown between container spawns per group to prevent rapid credit burn from burst messages - qwibitai#8: WhatsApp queue flush now stops on first failure instead of losing remaining messages (peek-then-shift pattern) - qwibitai#10: Cap WhatsApp outgoing queue at 100 messages to prevent memory leak during extended disconnects - qwibitai#14: Advance scheduled task next_run BEFORE enqueueing to prevent 60s scheduler poll from double-firing the same task Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Marko-StellarDev
added a commit
to Marko-StellarDev/nanoclaw
that referenced
this pull request
Mar 2, 2026
…tion Task run history (UI qwibitai#2): - db.ts: getTaskRunLogs(taskId, limit) + TaskRunLogEntry interface - api.ts: GET /api/tasks/:id/runs endpoint - api.service.ts: TaskRun interface + getTaskRuns() method - tasks.component.ts: expandable history sub-row per task (◷ button), fmtDuration() helper, run-badge styled by status Slack file uploads (qwibitai#8): - slack.ts: handle file_share subtype, download files to groups/{folder}/uploads/ via authenticated fetch (50MB cap) - Agent sees [Attached file: name → /workspace/group/uploads/name] - Audio files routed through Whisper transcription Voice note transcription (qwibitai#15): - src/transcription.ts: isAudioMimetype() + transcribeAudioFile() using OpenAI Whisper API (whisper-1, dynamic import) - slack.ts: audio/video mimetypes transcribed; agent sees [Voice: text] instead of a file path; falls back gracefully if key not set - package.json: added openai dependency - .env.example: OPENAI_API_KEY documented Watchdog auto-restart (qwibitai#12): - scripts/watchdog.sh: single-shot health check, 3-failure threshold, state file tracks consecutive failures, restarts via launchctl - INTEL_SETUP.md: Watchdog Setup section with plist template + usage Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dptts
added a commit
to dptts/nanoclaw
that referenced
this pull request
Mar 7, 2026
Installs forgejo-cli v0.4.0 from Codeberg releases to provide efficient Forgejo operations within agent containers. Changes: - Install forgejo-cli v0.4.0 as /usr/local/bin/fj - Add container/README.md documenting all installed tools - Document forgejo-cli usage and benefits Benefits: - More token-efficient than API calls for Forgejo operations - Structured CLI output (easier to parse) - Works alongside git for PR/issue management - Supports common workflows: create issues, view PRs, merge, comment The fj command will be available in all agent containers for managing Forgejo repositories more efficiently. Closes qwibitai#8 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
gabi-simons
added a commit
to gabi-simons/nanoclaw
that referenced
this pull request
Mar 10, 2026
Replace Telegram/WhatsApp HttpsProxyAgent code patches with Docker Sandbox plugin system (docker-plugin/network.json bypassDomains). Keeps NanoClaw codebase clean — networking handled at sandbox layer. - Add docker-plugin/ with manifest.json and network.json - Remove patches qwibitai#7 and qwibitai#8 from sandbox-patch.sh - Update setup-sandbox.sh to pass --plugin flag - Include plugin files in Docker image Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bprzybysz
pushed a commit
to bprzybysz/nanoclaw
that referenced
this pull request
Mar 10, 2026
feat: add Markdown formatting for outbound messages
5 tasks
akasha-scheuermann
pushed a commit
to rscheuermann/nanoclaw
that referenced
this pull request
Mar 14, 2026
…alidation - PR qwibitai#10: Add sentinel markers for robust JSON parsing between container and host. Fallback to last-line parsing for backwards compatibility. - PR qwibitai#5: Look up target JID from registeredGroups instead of trusting IPC payload, fixing cross-group scheduled tasks getting wrong chat_jid. - PR qwibitai#8: Add lightweight schedule validation in container MCP that returns errors to agents (cron syntax, positive interval, valid ISO timestamp). Also defensive validation on host side. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
bebekim
pushed a commit
to bebekim/goodclaw
that referenced
this pull request
Mar 14, 2026
…alidation - PR qwibitai#10: Add sentinel markers for robust JSON parsing between container and host. Fallback to last-line parsing for backwards compatibility. - PR qwibitai#5: Look up target JID from registeredGroups instead of trusting IPC payload, fixing cross-group scheduled tasks getting wrong chat_jid. - PR qwibitai#8: Add lightweight schedule validation in container MCP that returns errors to agents (cron syntax, positive interval, valid ISO timestamp). Also defensive validation on host side. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
squarewings
pushed a commit
to squarewings/nanoclaw
that referenced
this pull request
Mar 15, 2026
feat: add Markdown formatting for outbound messages
kvasa
pushed a commit
to kvasa/nanoclaw
that referenced
this pull request
Mar 15, 2026
…itai#8, qwibitai#11 + tests) Security: - Fix command injection in stopContainer(): use execFileSync/execFile with argument arrays instead of exec() with shell string interpolation. Renamed stopContainer() to stopContainerArgs() returning [bin, ...args]. Robustness: - Fix cursor race condition (index.ts): saveState(chatJid) now does atomic read-modify-write of only that group's cursor, preventing cross-group cursor clobber when concurrent groups save/rollback simultaneously. - Cap outgoing message queues in WhatsApp and Slack channels at 1000 entries to prevent OOM when connection stays down. - Add double-resolve guard in container-runner Promise (safeResolve()). - Cache loadSenderAllowlist() result with 5s TTL to avoid synchronous file I/O on every incoming message. Tests: - mount-security.test.ts: 32 new tests for validateMount, validateAdditionalMounts, loadMountAllowlist (previously zero coverage on security-critical module). - reaction-tracker.test.ts: 11 new tests covering race conditions between finalize() and transition timer. - cursor-isolation.test.ts: 6 regression tests verifying per-group cursor isolation. - Updated container-runtime.test.ts and sender-allowlist.test.ts for new APIs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
om10001
pushed a commit
to om10001/nanoclaw
that referenced
this pull request
Mar 19, 2026
feat: add Markdown formatting for outbound messages
shog-lab
referenced
this pull request
in shog-lab/shogclaw
Mar 20, 2026
…y hardening - Model config externalized to .env (MODEL_PRIMARY/MODEL_FALLBACK) - Channel interface: handlesOwnTrigger replaces hardcoded dt: prefix check - Agent runner: remove writable mount and runtime tsc, use pre-built dist/ - Pi agent dir mounted read-only (agent can read OAuth token but not modify) - DingTalk: skip nanoclaw trigger detection (platform handles @mention) - Docs: update PI_ARCHITECTURE.md mount table, add CUSTOMIZATIONS #8-#13 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Jeffrey-Keyser
added a commit
to Jeffrey-Keyser/nanoclaw
that referenced
this pull request
Mar 22, 2026
Resolves conflict between agency-hq-dispatcher split (qwibitai#2/qwibitai#3) and exponential backoff (qwibitai#8). Ports dispatchSkipTicks and backoff logic into dispatch-loop.ts, updates dispatchTask to return boolean for failure tracking, and clears backoff state on success/blocked/stop. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
hamiz-ahmed
pushed a commit
to hamiz-ahmed/nanoclaw
that referenced
this pull request
Mar 24, 2026
feat: add Markdown formatting for outbound messages
SungWoon
pushed a commit
to SungWoon/nanoclaw
that referenced
this pull request
Mar 27, 2026
feat: add Markdown formatting for outbound messages
thegreatestcompany
added a commit
to thegreatestcompany/otto
that referenced
this pull request
Mar 28, 2026
Onboarding flow: - When client opens onboard page, API spawns WhatsApp auth process - Watches for QR code / pairing code and sends via WebSocket - On success: registers channel, sets permissions, starts PM2 process - Full automation: payment → provision → page → QR → WhatsApp → Otto Also: - Backup cron installed (daily 3am) - Documented Gmail OAuth gap in postmortem (qwibitai#8) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
7 tasks
morrowgarrett
added a commit
to morrowgarrett/nanoclaw
that referenced
this pull request
Apr 1, 2026
…ation qwibitai#5 Warm container: Already supported via 30min IDLE_TIMEOUT + IPC piping. Docker startup is only 0.4s; Claude Code init is the real bottleneck. Full elimination requires embedded SDK (future). qwibitai#6 Frozen memory snapshot + prompt caching: - Query memU once at container start for relevant context - Inject as immutable system prompt prefix - Enables Anthropic's automatic prefix caching (50-75% token savings) - Memory context frozen for session duration (no mid-turn re-queries) qwibitai#7 Smart model routing: Skipped — Agent SDK doesn't expose model selection in query options. Would require SDK changes or CLI wrapper. qwibitai#8 FTS5 session search: - Added FTS5 virtual table on messages for full-text cross-session search - Auto-synced via INSERT/DELETE triggers - searchMessages() function for keyword-based message recall - Complements memU's semantic search with fast keyword search Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
raultunduc1995
pushed a commit
to raultunduc1995/nanoclaw
that referenced
this pull request
Apr 2, 2026
Merge upstream main (which now includes PR qwibitai#8 markdown formatting) into the file-download branch. The conflict was in the import line — both PRs modified the grammy import. Resolution keeps both: fs/path imports from this branch and the Api type import from qwibitai#8. Updated 3 sendMessage test assertions to expect the new { parse_mode: 'Markdown' } argument. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
unional
pushed a commit
to unional/nanoclaw-docker-sandbox-windows
that referenced
this pull request
Apr 3, 2026
Replace Telegram/WhatsApp HttpsProxyAgent code patches with Docker Sandbox plugin system (docker-plugin/network.json bypassDomains). Keeps NanoClaw codebase clean — networking handled at sandbox layer. - Add docker-plugin/ with manifest.json and network.json - Remove patches qwibitai#7 and qwibitai#8 from sandbox-patch.sh - Update setup-sandbox.sh to pass --plugin flag - Include plugin files in Docker image Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
gkarolyi
pushed a commit
to gkarolyi/nanoclaw
that referenced
this pull request
Apr 7, 2026
victorbauer
added a commit
to victorbauer/nanoclaw
that referenced
this pull request
Apr 7, 2026
Merge upstream main (which now includes PR qwibitai#8 markdown formatting) into the file-download branch. The conflict was in the import line — both PRs modified the grammy import. Resolution keeps both: fs/path imports from this branch and the Api type import from qwibitai#8. Updated 3 sendMessage test assertions to expect the new { parse_mode: 'Markdown' } argument. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
IamAdamJowett
pushed a commit
to businesslifers/nanoclaw
that referenced
this pull request
Apr 11, 2026
Merge upstream main (which now includes PR qwibitai#8 markdown formatting) into the file-download branch. The conflict was in the import line — both PRs modified the grammy import. Resolution keeps both: fs/path imports from this branch and the Api type import from qwibitai#8. Updated 3 sendMessage test assertions to expect the new { parse_mode: 'Markdown' } argument. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kenansun-dev-bot bot
referenced
this pull request
in kenansun-dev/nanoclaw-github-copilot
Apr 12, 2026
feat: all changes + CI workflow
dm-j
pushed a commit
to dm-j/nanoclaw
that referenced
this pull request
Apr 13, 2026
…alidation - PR qwibitai#10: Add sentinel markers for robust JSON parsing between container and host. Fallback to last-line parsing for backwards compatibility. - PR qwibitai#5: Look up target JID from registeredGroups instead of trusting IPC payload, fixing cross-group scheduled tasks getting wrong chat_jid. - PR qwibitai#8: Add lightweight schedule validation in container MCP that returns errors to agents (cron syntax, positive interval, valid ISO timestamp). Also defensive validation on host side. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
dm-j
pushed a commit
to dm-j/nanoclaw
that referenced
this pull request
Apr 13, 2026
feat: add Markdown formatting for outbound messages
foxsky
pushed a commit
to foxsky/nanoclaw
that referenced
this pull request
Apr 14, 2026
…sage_log) The 2026-04-13 silent-bot-response incident (post-mortem at docs/incidents/2026-04-13-silent-bot-responses.md) produced a 73/73 noResponse flood in Kipp's daily report — every user interaction looked unanswered because the self-echo filter (6ae3d6c) had dropped all is_from_me=1 rows from messages.db for ~73h. The auditor read messages.db, saw zero bot rows, and correctly flagged everything as noResponse. The real bug was in the data layer, not the bot. New check: per-audited-group, cross-reference send_message_log deliveries (ground truth from deps.sendMessage()) against messages.db bot rows. If ≥5 deliveries were logged and fewer than half landed as bot rows, flag auditTrailDivergence on the board. Surfacing: auditor-prompt.txt rule qwibitai#8 tells Kipp to emit a standalone group-level warning BEFORE listing interactions — "🚨 Trilha de auditoria divergente: X entregas registradas, Y linhas de bot" — so the ops reader sees the persistence-layer suspicion before drowning in false-positive noResponse flags on that group. Codex gpt-5.4 high review fixes applied before commit: - Prompt/code threshold mismatch (prompt said ≥10, code said ≥5 — aligned to ≥5). - Explicit "emit standalone pre-interaction group warning" wording so Kipp doesn't lump divergence with per-interaction flags. - Two missing indexes added: idx_messages_chat_timestamp and idx_send_message_log_target_at. These paths were previously unindexed; 22 groups × 2 COUNT(*) queries is negligible today but the indexes make it stay that way. Dry-run against 2026-04-13 prod data: threshold=5 catches 15 of 22 TaskFlow groups (every group with ≥5 deliveries that day had 0 bot rows stored). Threshold=10 would have caught only 1 (seci-taskflow with 14 deliveries) — insufficient coverage. Chose 5 after simulation. Blast radius: auditor-side only. False positives would cause alert noise, not user-facing outage. Complementary "send_message_log dead" detection flagged as follow-up per Codex review item C. 974 host tests pass; TS build clean; existing auditor-dm-detection 149 tests unaffected.
jeonwonje
pushed a commit
to jeonwonje/nanoclaw
that referenced
this pull request
Apr 18, 2026
feat: add Markdown formatting for outbound messages
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Wrap CronExpressionParser.parse() calls with try/catch to prevent
uncaught exceptions from crashing MCP tool handlers or scheduler loop.
https://claude.ai/code/session_01PbwW7S6CizrkcwsG1oyWrt