vrr/eigent
2
0
Fork 0
mirror of https://github.com/eigent-ai/eigent.git synced 2026-05-24 22:04:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
2180 commits 749 branches 72 tags 631 MiB
Commit graph

134 commits

Author SHA1 Message Date
Wendong-Fan
88e7cc8c4c chore: update build file to save storage 2026-01-21 02:19:07 +08:00
Wendong-Fan
2826df6500 chore: update build view yml to release disk space for macos 2026-01-20 20:33:31 +08:00
Wendong-Fan
1d3999ea9b chore: add linux building to build view 2026-01-20 07:12:04 +08:00
Wendong-Fan
e26f7316ac minor update based on review 2026-01-20 06:27:03 +08:00
georgepanther3
5b53ec5020 Configure GitHub Actions for Linux release builds 2026-01-17 21:43:30 +02:00
Wendong-Fan
ef20c2205a enhance: improve privacy consent and model selection UX PR881 2026-01-18 01:56:31 +08:00
Wendong-Fan
3ad844af5a
Merge branch 'main' into feat-pre-built 2026-01-17 17:02:29 +00:00
4pmtong
64ea7f233f 🔥 npm ci 2026-01-17 19:21:29 +08:00
4pmtong
925e6da250 fix built without package-lock.json 2026-01-17 19:11:57 +08:00
4pmtong
220ff848f3 🎨 cache npm 2026-01-17 18:42:24 +08:00
4pmtong
fd7d1af052 fix timeout 2026-01-17 18:09:17 +08:00
bytecraftii
4a805a5981 Update contributing 2026-01-16 23:25:24 -08:00
bytecraftii
e5150200cf Update contributing 2026-01-16 18:53:50 -08:00
bytecraftii
feb717b7de Update contributing 2026-01-16 18:50:11 -08:00
bytecraftii
f9ba728e5d Update contributing 2026-01-16 18:42:27 -08:00
sd416
719bf043ff
Merge pull request #1 from sd416/dependabot/github_actions/tj-actions/changed-files-47 
chore(deps): bump tj-actions/changed-files from 45 to 47
 2026-01-16 11:49:22 +05:30
sd416
0ebc769ffc
Merge pull request #2 from sd416/dependabot/github_actions/actions/download-artifact-7 
chore(deps): bump actions/download-artifact from 4 to 7
 2026-01-16 11:49:16 +05:30
sd416
cf1b75f3a4
Merge pull request #3 from sd416/dependabot/github_actions/actions/setup-python-6 
chore(deps): bump actions/setup-python from 4 to 6
 2026-01-16 11:49:10 +05:30
sd416
a3e83b4f6d
Merge pull request #4 from sd416/dependabot/github_actions/actions/setup-node-6 
chore(deps): bump actions/setup-node from 4 to 6
 2026-01-16 11:49:03 +05:30
dependabot[bot]
8a1d711bf8
chore(deps): bump actions/upload-artifact from 4 to 6 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:21 +00:00
dependabot[bot]
818b176f55
chore(deps): bump actions/setup-node from 4 to 6 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:17 +00:00
dependabot[bot]
b7faebac86
chore(deps): bump actions/setup-python from 4 to 6 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:12 +00:00
dependabot[bot]
54c5fc220c
chore(deps): bump actions/download-artifact from 4 to 7 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:08 +00:00
dependabot[bot]
d95f93ae5c
chore(deps): bump tj-actions/changed-files from 45 to 47 
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 45 to 47.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/v45...v47)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-version: '47'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:04 +00:00
sd416
ff3383ce0c
Add GitHub Actions to Dependabot configuration 
Added configuration for GitHub Actions updates to Dependabot.
 2026-01-16 11:46:53 +05:30
Wendong-Fan
f468855410 update 2026-01-16 07:31:22 +08:00
Wendong-Fan
7e7d36e2f5 release: 0.0.78 2026-01-16 05:32:28 +08:00
Wendong-Fan
9446f8aa89 cicd security 2026-01-13 21:55:29 +08:00
Cole Murray
102a864d43 fix(security): prevent arbitrary code execution in CI workflow 
SECURITY FIX: The previous CI workflow was vulnerable to arbitrary code
execution from fork PRs due to using `pull_request_target` with checkout
of untrusted PR code.

Attack vector:
- Attacker forks repo and adds malicious node_modules/.bin/markdownlint-cli
- Opens PR to trigger CI workflow
- npx executes attacker's script with repository write permissions
- Attacker can exfiltrate credentials, comment on PRs, or push code

Fix:
- Split workflow into two separate files
- ci.yml: Uses pull_request_target for commenting (no code checkout)
- lint-markdown.yml: Uses pull_request for linting (safe to checkout)

The pull_request trigger runs fork PRs with read-only permissions and
no access to repository secrets, making it safe to checkout and execute
PR code.

Additional improvements:
- Updated actions to latest versions (checkout@v4, github-script@v7, paths-filter@v3)
- Pin markdownlint-cli version to prevent supply chain attacks
- Added security comments explaining the rationale

Reference: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
 2026-01-12 23:10:48 -08:00
Wendong-Fan
da61c586b4 release: 0.0.77 2026-01-03 07:53:24 +08:00
Wendong-Fan
8d871745d5 minor fix 2026-01-03 04:36:02 +08:00
Wendong-Fan
2b07354c28 release: 0075 2026-01-03 03:48:09 +08:00
Wendong-Fan
0375d7aa66 update cicd setting in workflows 2026-01-03 03:13:40 +08:00
Wendong-Fan
cc3cc9c297 release 0074 2026-01-03 03:02:01 +08:00
罗鹏铖
19761dc23a
Add CodeQL analysis workflow configuration 2025-12-04 17:06:23 +08:00
Wendong-Fan
20af89f376 fix 2025-11-27 16:30:13 +08:00
sw3205933776
bc0267c0c3 update 2025-11-14 15:47:33 +08:00
sw3205933776
81cfacf341 update 2025-11-14 15:32:06 +08:00
Wendong-Fan
a6ec53cc49 update version number 2025-10-06 13:37:22 +08:00
Wendong-Fan
8bf5f922df udpate 2025-09-26 17:22:21 +08:00
Wendong-Fan
25bea0e0a0 release: 0.0.70 2025-09-25 17:33:44 +08:00
Wendong-Fan
dffeecc7b5 release 0068 2025-09-19 12:49:14 +08:00
Wendong-Fan
1c3675abb4 release 0066 2025-09-17 22:02:54 +08:00
sw3205933776
95e09cfc8e update 2025-09-17 15:25:12 +08:00
sw3205933776
cf6070a13f update 2025-09-17 15:23:10 +08:00
sw3205933776
4065f32607 update 2025-09-17 15:22:16 +08:00
Wendong-Fan
00665d9691 release: 0065 2025-09-03 16:14:04 +08:00
Wendong-Fan
04e32ab4cc fix: duplicated task shown in frontend 2025-09-03 15:41:59 +08:00
Wendong-Fan
3346390911 fix: package json bug 2025-09-03 08:50:34 +08:00
Wendong-Fan
b404fe9134 release: v 0.0.62 2025-09-03 08:44:57 +08:00