github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-28 03:29:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
322 Commits 15 Branches 55 Tags 16 MiB
9c74339893
Commit Graph

322 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cosmistack-bot
9c74339893 chore(release): 1.29.0-rc.2 [skip ci] 2026-03-11 14:08:09 -07:00
Jake Turner
be25408fe7 fix(Settings): hide AI Assistant from navigation until installed 2026-03-11 14:08:09 -07:00
Chris Sherwood
5d3c659d05 fix(security): narrow SSRF scope to allow RFC1918 LAN addresses 
NOMAD is a LAN appliance — blocking RFC1918 private ranges (10.x,
172.16-31.x, 192.168.x) would prevent users from downloading content
from local network mirrors. Narrowed to only block loopback (localhost,
127.x, 0.0.0.0, ::1) and link-local (169.254.x, fe80::) addresses.
Restored require_tld: false for LAN hostnames without TLDs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 14:08:09 -07:00
Chris Sherwood
75106a8f61 fix(security): path traversal and SSRF protections from pre-launch audit 
Fixes 4 high-severity findings from a comprehensive security audit:

1. Path traversal on ZIM file delete — resolve()+startsWith() containment
2. Path traversal on Map file delete — same pattern
3. Path traversal on docs read — same pattern (already used in rag_service)
4. SSRF on download endpoints — block private/internal IPs, require TLD

Also adds assertNotPrivateUrl() to content update endpoints.

Full audit report attached as admin/docs/security-audit-v1.md.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 14:08:09 -07:00
Chris Sherwood
b9dd32be25 docs: update documentation for recent features and hardware page 
- Add hardware guide link (projectnomad.us/hardware) to README, FAQ, and About page
- Add Apache 2.0 license section to README and About page
- Add Early Access Channel FAQ and Getting Started mention
- Add GPU passthrough warning troubleshooting entry to FAQ
- Add Knowledge Base document deletion to FAQ and Getting Started

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 14:08:09 -07:00
Jake Turner
58b106f388 feat: support for updating services 2026-03-11 14:08:09 -07:00
cosmistack-bot
7db8568e19 chore(release): 1.29.0-rc.1 [skip ci] 2026-03-11 14:08:09 -07:00
dependabot[bot]
20a313ce08 build(deps): bump tar from 7.5.9 to 7.5.10 in /admin 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.9 to 7.5.10.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.9...v7.5.10)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-11 14:08:09 -07:00
Chris Sherwood
650ae407f3 feat(GPU): warn when GPU passthrough not working and offer one-click fix 
Ollama can silently run on CPU even when the host has an NVIDIA GPU,
resulting in ~3 tok/s instead of ~167 tok/s. This happens when Ollama
was installed before the GPU toolkit, or when the container was
recreated without proper DeviceRequests. Users had zero indication.

Adds a GPU health check to the system info API response that detects
when the host has an NVIDIA runtime but nvidia-smi fails inside the
Ollama container. Shows a warning banner on the System Information
and AI Settings pages with a one-click "Reinstall AI Assistant"
button that force-reinstalls Ollama with GPU passthrough.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 14:08:09 -07:00
Jake Turner
db69428193 fix(AI): allow force refresh of models list 2026-03-11 14:08:09 -07:00
Jake Turner
bc016e6c60
ci: configure dependabot to target rc branch 2026-03-11 20:35:52 +00:00
cosmistack-bot
45a30c0188 chore(release): 1.28.1 [skip ci] 2026-03-09 05:45:20 +00:00
Jake Turner
0e94d5daa4
fix: container update pattern in run_updater_fixes 2026-03-05 04:32:09 +00:00
Jake Turner
744504dd1e
fix: typo in run_updater_fixes 2026-03-05 04:18:47 +00:00
cosmistack-bot
e1c808f90d docs(release): finalize v1.28.0 release notes [skip ci] 2026-03-05 04:08:18 +00:00
cosmistack-bot
c1395794d4 chore(release): 1.28.0 [skip ci] 2026-03-05 04:07:56 +00:00
Jake Turner
a105ac1a83
fix: update channel flexibility 2026-03-05 04:06:56 +00:00
cosmistack-bot
bc7f84c123 chore(release): 1.28.0-rc.1 [skip ci] 2026-03-04 20:05:14 -08:00
Jake Turner
dfa896e86b feat(RAG): allow deletion of files from KB 2026-03-04 20:05:14 -08:00
Jake Turner
99b96c3df7 feat(RAG): display embedding queue and improve progress tracking 2026-03-04 20:05:14 -08:00
dependabot[bot]
80ae0aacf8 build(deps-dev): bump minimatch from 3.1.2 to 3.1.5 in /admin 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 20:05:14 -08:00
dependabot[bot]
d9d3d2e068 build(deps): bump fast-xml-parser from 5.3.6 to 5.3.8 in /admin 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.6 to 5.3.8.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.3.8)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.3.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 20:05:14 -08:00
dependabot[bot]
56b0d69421 build(deps): bump rollup from 4.57.1 to 4.59.0 in /admin 
Bumps [rollup](https://github.com/rollup/rollup) from 4.57.1 to 4.59.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.57.1...v4.59.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 20:05:14 -08:00
Chris Sherwood
782985bac0 fix(legal): update Legal Notices to Apache 2.0 license and add Qdrant attribution 
Replace MIT license text with Apache 2.0 to match the repo LICENSE file,
update copyright to 2024-2026, and add Qdrant to third-party attribution.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 20:05:14 -08:00
Jake Turner
96beab7e69 feat(AI Assistant): custom name option for AI Assistant 2026-03-04 20:05:14 -08:00
Chris Sherwood
b806cefe3a chore: add Apache 2.0 license 
The repo currently has no license file, which means the code is technically
"all rights reserved" by default. Adding Apache 2.0 to formalize the project
as open source with patent protection, while remaining permissive enough for
institutional adoption (schools, NGOs, government agencies).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 20:05:14 -08:00
Jake Turner
e2b447e142
build: fix wait-for-it url and update to Apache 2 license 2026-03-04 05:09:08 +00:00
cosmistack-bot
639b026e6f docs(release): finalize v1.27.0 release notes [skip ci] 2026-03-04 04:54:55 +00:00
cosmistack-bot
617dc111c2 chore(release): 1.27.0 [skip ci] 2026-03-04 04:54:33 +00:00
Jake Turner
d4a50f3e9c docs: update release notes 2026-03-03 20:51:38 -08:00
Jake Turner
efa57ec010 feat: early access release channel 2026-03-03 20:51:38 -08:00
Jake Turner
6817e2e47e fix: improve type-safety for KVStore values 2026-03-03 20:51:38 -08:00
cosmistack-bot
e12e7c1696 chore(release): 1.27.0-rc.1 [skip ci] 2026-03-03 20:51:38 -08:00
Jake Turner
fbfaf5fdae docs: update release notes 2026-03-03 20:51:38 -08:00
Jake Turner
00bd864831 fix(AI): improved perf via rewrite and streaming logic 2026-03-03 20:51:38 -08:00
Jake Turner
41eb30d84d ops: support RC versions 2026-03-03 20:51:38 -08:00
Jake Turner
6874a2824f feat(Models): paginate available models endpoint 2026-03-03 20:51:38 -08:00
Jake Turner
a3f10dd158 fix: update default branch name 2026-03-01 16:08:46 -08:00
cosmistack-bot
76fcbe46fa chore(release): 1.26.1 [skip ci] 2026-02-19 05:43:13 +00:00
Jake Turner
765207f956 fix(AI): type error in fallback models 2026-02-18 21:42:36 -08:00
cosmistack-bot
7a3c4bfbba docs(release): finalize v1.26.0 release notes [skip ci] 2026-02-19 05:25:28 +00:00
cosmistack-bot
6af9b46e4e chore(release): 1.26.0 [skip ci] 2026-02-19 05:24:42 +00:00
dependabot[bot]
6cb1cfe727 build(deps): bump systeminformation from 5.30.7 to 5.30.8 in /admin 
Bumps [systeminformation](https://github.com/sebhildebrandt/systeminformation) from 5.30.7 to 5.30.8.
- [Release notes](https://github.com/sebhildebrandt/systeminformation/releases)
- [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sebhildebrandt/systeminformation/compare/v5.30.7...v5.30.8)

---
updated-dependencies:
- dependency-name: systeminformation
  dependency-version: 5.30.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-18 21:23:34 -08:00
dependabot[bot]
83d328a29a build(deps): bump tar from 7.5.7 to 7.5.9 in /admin 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.7 to 7.5.9.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.9)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-18 21:23:13 -08:00
Jake Turner
485d34e0c8 fix(UI): move content updates section 2026-02-18 21:22:53 -08:00
Jake Turner
98b65c421c feat(AI): thinking and response streaming 2026-02-18 21:22:53 -08:00
cosmistack-bot
16ce1e2945 docs(release): finalize v1.25.2 release notes [skip ci] 2026-02-18 22:54:36 +00:00
cosmistack-bot
0ee0dc13e8 chore(release): 1.25.2 [skip ci] 2026-02-18 22:53:53 +00:00
dependabot[bot]
5840bfc24b build(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 in /admin 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.4 to 5.3.6.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.4...v5.3.6)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.3.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-18 14:52:53 -08:00
dependabot[bot]
cdf931be2f build(deps): bump qs from 6.14.1 to 6.14.2 in /admin 
Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.14.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-18 14:52:35 -08:00