qwen_agent

Author	SHA1	Message	Date
朱潮	723b249e42	增加2个系统级别的skill	2026-01-16 23:05:30 +08:00
朱潮	90117b41fe	修复符号链接的问题，和deep_agent提示词	2026-01-13 14:22:44 +08:00
朱潮	68a4578554	feat(skills): add skill deletion endpoint - Add DELETE /api/v1/skill/remove endpoint - Add validate_skill_name() for path traversal protection - Include path normalization and security checks - Prevent deletion of official skills (user skills only) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-07 21:34:16 +08:00
朱潮	b8e57b2f51	feat(skills): add security hardening to skill upload endpoint - Add ZipSlip path traversal protection (validate all file paths) - Add file size limits (50MB upload, 500MB extracted) - Add zip bomb protection (max 100:1 compression ratio, 1000 entries) - Add async I/O using aiofiles to avoid blocking event loop - Add bot_id validation to prevent path traversal attacks - Add proper error cleanup on upload failures Security improvements: - P1-001: ZipSlip path traversal防护 - P1-004: File size limits (50MB) - P1-005: Zip bomb防护 (compression ratio check) - P1-008: Async I/O improvements 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-07 20:25:37 +08:00
朱潮	342932030f	feat(skills): add skill management API module - Create new skill_manager.py with list and upload endpoints - Add GET /api/v1/skill/list to retrieve official and user skills - Add POST /api/v1/skill/upload for skill file upload - Parse SKILL.md frontmatter to extract name and description - Move skill upload endpoint from files.py to skill_manager.py - Add SKILLS_DIR configuration to settings.py - Register skill_manager router in fastapi_app.py 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-07 19:45:04 +08:00

5 Commits