Previously, the `nanobot channels status` command only displayed
WhatsApp channel status, completely omitting Telegram despite it
being fully implemented in the codebase.
Changes:
- Added Telegram channel status display
- Renamed "Bridge URL" column to "Configuration" for better generality
- Show Telegram token (first 10 chars) or "not configured" message
- Added comments to distinguish WhatsApp and Telegram sections
Fixes the issue where users couldn't see Telegram channel status
via CLI, even though the feature was working correctly.
- Update sender ID construction to prioritize user ID while maintaining username for allowlist compatibility.
- Improve allowlist checking in BaseChannel to support sender IDs with multiple parts separated by '|'.
Add URL validation and redirect limits to web_fetch tool to prevent potential security issues:
- Add _validate_url() function to validate URLs before fetching
- Only allow http:// and https:// schemes (prevent file://, ftp://, etc.)
- Verify URL has valid scheme and domain
- Return descriptive error messages for invalid URLs
- Limit HTTP redirects to 5 (down from default 20) to prevent DoS attacks
- Add MAX_REDIRECTS constant for easy configuration
- Explicitly configure httpx.AsyncClient with max_redirects parameter
- Improve error handling with JSON error responses for validation failures
This addresses security concerns identified in code review where web_fetch
had no URL validation or redirect limits, potentially allowing:
- Unsafe URL schemes (file://, etc.)
- Redirect-based DoS attacks
- Invalid URL formats causing unclear errors
Skip API key validation for bedrock/ model prefix since AWS Bedrock
uses IAM credentials instead of API keys.
Fixes#20
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add a Dockerfile using the official uv Python image (python3.12-bookworm-slim)
for fast dependency installation. Includes Node.js 20 for the WhatsApp bridge,
dependency layer caching, and exposes the gateway port (18790).
https://claude.ai/code/session_011C1h1NERqqZp4ht3Pqpwkc
- Update configuration schema to include Gemini provider
- Modify API key retrieval priority to include Gemini
- Enhance CLI status command to display Gemini API status
- Update LiteLLMProvider to support Gemini integration
