mosaicstack/stack: Self-hosted multi-user AI agent platform — web dashboard, TUI, remote control, shared memory, mission orchestration - stack - Mosaic Gitea

mosaicstack/stack

Go to file

Jason Woltje 0044481b4c

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

fix(security): scope memory tools to session userId — prevent LLM parameter injection

M2-003: Audited PreferencesRepo — all five functions (findByUser, findByUserAndKey,
findByUserAndCategory, upsert, remove) already enforce userId filtering at the DB
WHERE clause level. No gaps found.

M2-004: Fixed agent memory tools (memory_search, memory_save_preference,
memory_save_insight, memory_get_preferences) — removed userId from all tool
parameter schemas so the LLM cannot inject an arbitrary user ID. The userId is
now bound from the authenticated session at tool-creation time via the new
sessionUserId parameter on createMemoryTools(). buildToolsForSandbox() and the
doCreateSession() call site are updated to thread the session userId through.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-21 15:18:15 -05:00

chore: remove deprecated husky v9 shim lines (#113 )

2026-03-15 16:48:51 +00:00

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

fix(ci): remove from_secret to unblock PR pipelines (#156 )

2026-03-15 21:48:51 +00:00

fix(security): scope memory tools to session userId — prevent LLM parameter injection

2026-03-21 15:18:15 -05:00

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

chore: bootstrap Harness Foundation mission (Phase 9) (#289 )

2026-03-21 20:10:48 +00:00

fix(gateway): CORS, memory userId from session, pgvector auto-init (#110 )

2026-03-15 16:40:28 +00:00

feat(auth): add WorkOS and Keycloak SSO providers (rebased) (#220 )

2026-03-21 12:57:07 +00:00

feat(gateway): Discord channel auto-creation on project bootstrap (#200 )

2026-03-17 02:32:14 +00:00

chore: planning gate — milestones, issues, and task breakdown

2026-03-12 19:51:51 -05:00

.env.example

Merge pull request 'feat(gateway): add Anthropic, OpenAI, Z.ai LLM providers (P8-002)' (#212 ) from feat/p8-002-llm-providers into main

2026-03-21 12:28:50 +00:00

.gitignore

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

.lintstagedrc

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

.npmrc

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

.prettierignore

feat(web): wire WebSocket chat with streaming and conversation switching (#120 ) (#136 )

2026-03-15 18:09:14 +00:00

.prettierrc

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

AGENTS.md

docs: add TASKS.md agent-column schema to AGENTS.md (canonical reference)

2026-03-19 20:10:45 -05:00

CLAUDE.md

feat: Woodpecker CI pipeline + project docs (P0-007, P0-008) (#69 )

2026-03-13 02:25:31 +00:00

docker-compose.yml

fix(gateway): CORS, memory userId from session, pgvector auto-init (#110 )

2026-03-15 16:40:28 +00:00

eslint.config.mjs

feat(web): Playwright E2E test suite for critical paths (#152 )

2026-03-15 19:46:13 +00:00

package.json

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

pnpm-lock.yaml

feat(web): port chat UI — model selector, keybindings, thinking display, styled header

2026-03-19 20:42:48 -05:00

pnpm-workspace.yaml

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

tsconfig.base.json

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

turbo.json

fix(turbo): typecheck must depend on ^build so package types are available

2026-03-13 12:38:54 -05:00

vitest.workspace.ts

feat(P0-001): scaffold monorepo structure (#60 )

2026-03-13 01:11:46 +00:00

mosaic v0.0.29 Latest

2026-04-08 00:42:54 +00:00

Languages

TypeScript 74.5%

Shell 19.7%

PowerShell 3%

JavaScript 1.4%

Python 1%

Other 0.4%