Danny Avila fdfcf26d8c fix: gate failFlow behind callback validation, propagate reusedStoredClient on join ... - OAuth callback: move failFlow call to after CSRF/session/active-flow validation so an attacker with only a leaked state parameter cannot force-fail a flow without passing the same integrity checks required for legitimate callbacks - PENDING join path: propagate reusedStoredClient from flow metadata into the return object so joiners can trigger stale-client cleanup if the joined flow later fails with a client rejection		2026-04-03 19:28:52 -04:00
..
app	📎 fix: Route Unrecognized File Types via supportedMimeTypes Config (#12508)	2026-04-01 23:04:43 -04:00
cache	🚦 fix: ERR_ERL_INVALID_IP_ADDRESS and IPv6 Key Collisions in IP Rate Limiters (#12319)	2026-03-19 21:48:03 -04:00
config	🪵 fix: Standardize Logging Directory with Environment-Aware Resolution (#11000)	2025-12-16 18:00:06 -05:00
db	🐛 fix: Resolve MeiliSearch Startup Sync Failure from Model Loading Order (#12397)	2026-03-25 14:02:44 -04:00
models	🗑️ chore: Remove Action Test Suite and Update Mock Implementations (#12268)	2026-03-21 14:28:55 -04:00
server	fix: gate failFlow behind callback validation, propagate reusedStoredClient on join	2026-04-03 19:28:52 -04:00
strategies	🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472)	2026-03-30 22:49:44 -04:00
test	🗂️ refactor: Migrate S3 Storage to TypeScript in packages/api (#11947)	2026-03-21 14:28:55 -04:00
utils	🧹 chore: Remove Deprecated Gemini 2.0 Models & Fix Mistral-Large-3 Context Window (#12453)	2026-03-28 23:44:58 -04:00
jest.config.js	📏 refactor: Add File Size Limits to Conversation Imports (#12221)	2026-03-14 03:06:29 -04:00
jsconfig.json	feat(api): initial Redis support; fix(SearchBar): proper debounce (#1039)	2023-10-11 17:05:47 -04:00
package.json	📦 chore: Bump mongodb-memory-server to v11.0.1, mermaid to v11.14.0, npm audit (#12543)	2026-04-03 17:01:11 -04:00
typedefs.js	🪦 refactor: Remove Legacy Code (#10533)	2025-12-11 16:36:12 -05:00