feat(agents): file navigation, web browsing, scratchpad tools, and write security guardrails

.github/workflows/test_unit.yml

@@ -43,7 +43,8 @@ jobs:
 
       - name: Install dependencies
         run: |
-          uv pip install --system pytest pytest-cov
+          uv pip install --system pytest pytest-cov pytest-asyncio pytest-mock
+          uv pip install --system beautifulsoup4
           uv pip install --system -e ".[api]"
 
       - name: Validate packaging integrity
@@ -120,6 +121,17 @@ jobs:
           echo "  - ASR: Automatic speech recognition utilities"
           echo "  - TTS: Text-to-speech utilities"
           echo "  - InitCommand: gaia init profiles and installer logic"
+          echo "  - FileSystemIndex: Persistent file index with FTS5 search"
+          echo "  - FileSystemToolsMixin: browse_directory, tree, file_info, find_files, read_file, bookmark tools"
+          echo "  - ScratchpadService: SQLite working memory for data analysis"
+          echo "  - ScratchpadToolsMixin: create_table, insert_data, query_data, list_tables, drop_table tools"
+          echo "  - BrowserTools: WebClient SSRF prevention, HTML extraction, downloads"
+          echo "  - WebClient Edge Cases: parse_html fallback, extract_text, tables, links, download redirects"
+          echo "  - Categorizer: auto_categorize, category map completeness, extension uniqueness"
+          echo "  - ChatAgent Integration: filesystem, scratchpad, browser init/config/cleanup"
+          echo "  - File Write Guardrails: blocked dirs, sensitive files, size limits, backup, audit"
+          echo "  - Security Edge Cases: symlinks, audit logging, TOCTOU, prompt_overwrite"
+          echo "  - Service Edge Cases: DB corruption rebuild, shared DB, row limits, transaction atomicity"
           echo ""
           echo "Integration Tests:"
           echo "  - DatabaseMixin + Agent: Full agent lifecycle with database"

docs/server.js

@@ -290,7 +290,9 @@
     const parsed = url.parse(target || '');
     // Only redirect to relative paths (no host/protocol) to prevent open redirects
     if (!parsed.host && !parsed.protocol && parsed.pathname) {
-      res.redirect(303, parsed.pathname);
+      // Sanitize pathname to prevent protocol-relative URLs (e.g., //evil.com)
+      const safePath = parsed.pathname.startsWith('/') && !parsed.pathname.startsWith('//') ? parsed.pathname : '/';
+      res.redirect(303, safePath);
     } else {
       res.redirect(303, '/');
     }
@@ -317,6 +319,33 @@
   res.redirect('/');
 });
 
+// Simple in-memory rate limiter for general requests (no external dependencies)
+const rateLimitStore = new Map();
+const RATE_LIMIT_WINDOW = 60 * 1000; // 1 minute
+const RATE_LIMIT_MAX = 100; // max requests per window
+
+function rateLimiter(req, res, next) {
+  const ip = req.ip || req.connection.remoteAddress;
+  const now = Date.now();
+  const record = rateLimitStore.get(ip) || { count: 0, resetAt: now + RATE_LIMIT_WINDOW };
+
+  if (now > record.resetAt) {
+    record.count = 0;
+    record.resetAt = now + RATE_LIMIT_WINDOW;
+  }
+
+  record.count++;
+  rateLimitStore.set(ip, record);
+
+  if (record.count > RATE_LIMIT_MAX) {
+    return res.status(429).send('Too Many Requests');
+  }
+  next();
+}
+
+// Apply rate limiter before auth middleware
+app.use(rateLimiter);
+
 // Apply auth middleware
 app.use(authMiddleware);