github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-28 11:39:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
322 Commits 15 Branches 55 Tags 16 MiB
d597ae9ad4
Commit Graph

230 Commits

Author SHA1 Message Date
Jake Turner
df101ceeda
fix(Settings): hide AI Assistant from navigation until installed 2026-03-11 21:06:38 +00:00
Chris Sherwood
fb4717890c
fix(security): narrow SSRF scope to allow RFC1918 LAN addresses 
NOMAD is a LAN appliance — blocking RFC1918 private ranges (10.x,
172.16-31.x, 192.168.x) would prevent users from downloading content
from local network mirrors. Narrowed to only block loopback (localhost,
127.x, 0.0.0.0, ::1) and link-local (169.254.x, fe80::) addresses.
Restored require_tld: false for LAN hostnames without TLDs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 21:06:38 +00:00
Chris Sherwood
b532a8f056
fix(security): path traversal and SSRF protections from pre-launch audit 
Fixes 4 high-severity findings from a comprehensive security audit:

1. Path traversal on ZIM file delete — resolve()+startsWith() containment
2. Path traversal on Map file delete — same pattern
3. Path traversal on docs read — same pattern (already used in rag_service)
4. SSRF on download endpoints — block private/internal IPs, require TLD

Also adds assertNotPrivateUrl() to content update endpoints.

Full audit report attached as admin/docs/security-audit-v1.md.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 21:06:38 +00:00
Chris Sherwood
5b0eab7508
docs: update documentation for recent features and hardware page 
- Add hardware guide link (projectnomad.us/hardware) to README, FAQ, and About page
- Add Apache 2.0 license section to README and About page
- Add Early Access Channel FAQ and Getting Started mention
- Add GPU passthrough warning troubleshooting entry to FAQ
- Add Knowledge Base document deletion to FAQ and Getting Started

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 21:06:38 +00:00
Jake Turner
113096be5f
feat: support for updating services 2026-03-11 21:06:38 +00:00
dependabot[bot]
c478eedc83
build(deps): bump tar from 7.5.9 to 7.5.10 in /admin 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.9 to 7.5.10.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.9...v7.5.10)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-11 21:05:49 +00:00
Chris Sherwood
f7515d8e19
feat(GPU): warn when GPU passthrough not working and offer one-click fix 
Ollama can silently run on CPU even when the host has an NVIDIA GPU,
resulting in ~3 tok/s instead of ~167 tok/s. This happens when Ollama
was installed before the GPU toolkit, or when the container was
recreated without proper DeviceRequests. Users had zero indication.

Adds a GPU health check to the system info API response that detects
when the host has an NVIDIA runtime but nvidia-smi fails inside the
Ollama container. Shows a warning banner on the System Information
and AI Settings pages with a one-click "Reinstall AI Assistant"
button that force-reinstalls Ollama with GPU passthrough.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 21:05:49 +00:00
Jake Turner
d314e82d17
fix(AI): allow force refresh of models list 2026-03-11 21:05:49 +00:00
cosmistack-bot
e1c808f90d docs(release): finalize v1.28.0 release notes [skip ci] 2026-03-05 04:08:18 +00:00
Jake Turner
a105ac1a83
fix: update channel flexibility 2026-03-05 04:06:56 +00:00
Jake Turner
dfa896e86b feat(RAG): allow deletion of files from KB 2026-03-04 20:05:14 -08:00
Jake Turner
99b96c3df7 feat(RAG): display embedding queue and improve progress tracking 2026-03-04 20:05:14 -08:00
dependabot[bot]
80ae0aacf8 build(deps-dev): bump minimatch from 3.1.2 to 3.1.5 in /admin 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 20:05:14 -08:00
dependabot[bot]
d9d3d2e068 build(deps): bump fast-xml-parser from 5.3.6 to 5.3.8 in /admin 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.6 to 5.3.8.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.3.8)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.3.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 20:05:14 -08:00
dependabot[bot]
56b0d69421 build(deps): bump rollup from 4.57.1 to 4.59.0 in /admin 
Bumps [rollup](https://github.com/rollup/rollup) from 4.57.1 to 4.59.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.57.1...v4.59.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 20:05:14 -08:00
Chris Sherwood
782985bac0 fix(legal): update Legal Notices to Apache 2.0 license and add Qdrant attribution 
Replace MIT license text with Apache 2.0 to match the repo LICENSE file,
update copyright to 2024-2026, and add Qdrant to third-party attribution.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 20:05:14 -08:00
Jake Turner
96beab7e69 feat(AI Assistant): custom name option for AI Assistant 2026-03-04 20:05:14 -08:00
cosmistack-bot
639b026e6f docs(release): finalize v1.27.0 release notes [skip ci] 2026-03-04 04:54:55 +00:00
Jake Turner
d4a50f3e9c docs: update release notes 2026-03-03 20:51:38 -08:00
Jake Turner
efa57ec010 feat: early access release channel 2026-03-03 20:51:38 -08:00
Jake Turner
6817e2e47e fix: improve type-safety for KVStore values 2026-03-03 20:51:38 -08:00
Jake Turner
fbfaf5fdae docs: update release notes 2026-03-03 20:51:38 -08:00
Jake Turner
00bd864831 fix(AI): improved perf via rewrite and streaming logic 2026-03-03 20:51:38 -08:00
Jake Turner
6874a2824f feat(Models): paginate available models endpoint 2026-03-03 20:51:38 -08:00
Jake Turner
a3f10dd158 fix: update default branch name 2026-03-01 16:08:46 -08:00
Jake Turner
765207f956 fix(AI): type error in fallback models 2026-02-18 21:42:36 -08:00
cosmistack-bot
7a3c4bfbba docs(release): finalize v1.26.0 release notes [skip ci] 2026-02-19 05:25:28 +00:00
dependabot[bot]
6cb1cfe727 build(deps): bump systeminformation from 5.30.7 to 5.30.8 in /admin 
Bumps [systeminformation](https://github.com/sebhildebrandt/systeminformation) from 5.30.7 to 5.30.8.
- [Release notes](https://github.com/sebhildebrandt/systeminformation/releases)
- [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sebhildebrandt/systeminformation/compare/v5.30.7...v5.30.8)

---
updated-dependencies:
- dependency-name: systeminformation
  dependency-version: 5.30.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-18 21:23:34 -08:00
dependabot[bot]
83d328a29a build(deps): bump tar from 7.5.7 to 7.5.9 in /admin 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.7 to 7.5.9.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.9)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-18 21:23:13 -08:00
Jake Turner
485d34e0c8 fix(UI): move content updates section 2026-02-18 21:22:53 -08:00
Jake Turner
98b65c421c feat(AI): thinking and response streaming 2026-02-18 21:22:53 -08:00
cosmistack-bot
16ce1e2945 docs(release): finalize v1.25.2 release notes [skip ci] 2026-02-18 22:54:36 +00:00
dependabot[bot]
5840bfc24b build(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 in /admin 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.4 to 5.3.6.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.4...v5.3.6)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.3.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-18 14:52:53 -08:00
dependabot[bot]
cdf931be2f build(deps): bump qs from 6.14.1 to 6.14.2 in /admin 
Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.14.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-18 14:52:35 -08:00
Jake Turner
ed26df7aff docs: updated release notes 2026-02-18 14:52:06 -08:00
Jake Turner
e75d54bd69 fix(UI): gracefully handle legacy docs and knowledge-base paths 2026-02-18 14:52:06 -08:00
Jake Turner
43ebaa93c1 fix(AI): leave chat suggestions disabled by default 2026-02-18 14:52:06 -08:00
Jake Turner
77f1868cf8 fix(AI): improve GPU detection logic 2026-02-18 14:52:06 -08:00
Jake Turner
3ee3cffad9 fix(UI): invert update banner colors 2026-02-18 14:52:06 -08:00
cosmistack-bot
b63c33d277 docs(release): finalize v1.25.1 release notes [skip ci] 2026-02-12 06:49:18 +00:00
Jake Turner
8609a551f2 fix(Settings): improve user guidance during system update 2026-02-11 22:48:27 -08:00
Jake Turner
a49322b63b fix(Updates): avoid issues with stale cache when checking latest version 2026-02-11 22:48:27 -08:00
cosmistack-bot
76ac713406 docs(release): finalize v1.25.0 release notes [skip ci] 2026-02-12 06:12:16 +00:00
Jake Turner
279ee1254c
fix(Benchmark): improved error reporting and fix sysbench race condition 2026-02-11 22:09:31 -08:00
Jake Turner
d55ff7b466
feat: curated content update checking 2026-02-11 21:49:46 -08:00
Jake Turner
c4514e8c3d
fix(Settings): standardize manifest fetching behavior 2026-02-11 16:13:21 -08:00
Jake Turner
d7d3821c06
fix(Settings): improve Maps Manager UI 2026-02-11 16:00:49 -08:00
Jake Turner
32d206cfd7
feat: curated content system overhaul 2026-02-11 15:44:46 -08:00
Jake Turner
4ac261477a feat: Unified release note management 2026-02-11 12:40:39 -08:00
Jake Turner
4425e02c3c fix(UI): icon imports in settings/update.tsx 2026-02-11 11:21:40 -08:00