alex fd3ca360de fix(chat): sanitize error responses and add tool kwargs allowlist ...

Prevent API key and sensitive info leakage through exception messages:
- Replace str(exc) with generic error messages in all catch-all handlers
- Add server-side exception logging via logger.exception()
- Add ALLOWED_KWARGS per-tool allowlist to filter untrusted LLM kwargs
- Bound tool execution loop to MAX_TOOL_ITERATIONS=10
- Fix tool_call delta merge to use tool_call index

2026-03-08 18:54:35 +00:00

4.9 KiB

Raw Blame History

View Raw