Glary-Bot bb2c1db8c7 harden: validate metadata shape and refuse out-of-dir cleanup paths ... Addresses review feedback on the auto-managed metadata helpers: - json.load() on the metadata file can return non-dict values (e.g. a bare list or a string); guard the root type before calling .get(). - A tampered or hand-edited .auto_managed.json could contain entries like '../escape'. The previous code happily fed those into rmtree. Filter such entries out at both read time and write time so they never reach disk or cleanup, and add a belt-and-suspenders path containment check in _prune_auto_managed_versions that requires the resolved target to live strictly under the resolved provider dir.		2026-06-10 19:16:36 +00:00
..
assets	fix(assets): remove unused delete_content param from deleteAsset (#14241)	2026-06-09 21:52:14 -07:00
database	feat(assets): align local API with cloud spec (#12863)	2026-03-16 12:34:04 -07:00
__init__.py	Add FrontendManager to manage non-default front-end impl (#3897)	2024-07-16 11:26:11 -04:00
app_settings.py	Update frontend to v1.25.10 and revert navigation mode override (#9522)	2025-08-23 17:54:01 -04:00
custom_node_manager.py	Remove useless annotations imports. (#14105)	2026-05-25 19:23:29 -07:00
frontend_management.py	harden: validate metadata shape and refuse out-of-dir cleanup paths	2026-06-10 19:16:36 +00:00
logger.py	Add colored logs (#14036)	2026-05-25 10:00:55 +08:00
model_manager.py	Remove useless annotations imports. (#14105)	2026-05-25 19:23:29 -07:00
node_replace_manager.py	fix: make NodeReplaceManager.register() idempotent (#13596)	2026-05-07 19:21:12 -07:00
subgraph_manager.py	fix: specify UTF-8 encoding when reading subgraph files (#12563)	2026-02-21 15:05:00 -08:00
user_manager.py	Remove useless annotations imports. (#14105)	2026-05-25 19:23:29 -07:00