BUG-001: web viewer login/session auth (in web viewer commit)
BUG-002: db_manager ALTER TABLE for missing channel_operations and
feed_message_queue columns on startup
BUG-015: scheduler thread blocked on future.result(); replaced all
blocking waits with add_done_callback (fire-and-forget)
BUG-016: reboot_radio sends meshcore.commands.reboot() before disconnect
BUG-017: radio disconnect uses asyncio.wait_for(timeout=10)
BUG-022: custom asyncio loop exception handler suppresses IndexError
from meshcore parser at DEBUG level
BUG-024: last_db_backup_run updated after each run; 2-min startup
window; last-run seeded from DB on restart
BUG-025: send_channel_message retries up to 2 times (2s delay) on
no_event_received via _is_no_event_received() helper
BUG-026: split_text_into_chunks() and get_max_message_length() added
to CommandManager; keyword dispatch uses send_response_chunked()
BUG-028: byte_data = b"" initialised before try block in
decode_meshcore_packet to prevent UnboundLocalError in except handler
TraceCommand: path nodes reversed and return path truncated; fixed
format_elapsed_display: UTC normalisation before elapsed computation (#75)
RepeaterManager: auto_manage_contacts guard before any purge logic (#50)
Command aliases: [Aliases] config section injects shorthands at startup
JSON logging: _JsonFormatter; json_logging = true in [Logging]
Structured JSON logging compatible with Loki, Elasticsearch, Splunk
Discord bridge, Telegram bridge, and all service plugins updated
MeshGraph edge promotion logic corrected
Shutdown: scheduler and meshcore disconnect joined cleanly; log spam fixed
All modules: ruff and mypy cleanup applied (type annotations, imports)
- Replaced the validate_safe_path function with a new resolve_path utility to simplify database path resolution in BotDataViewer, BotIntegration, and MapUploaderService.
- Updated the logic to ensure that both relative and absolute paths are handled correctly, enhancing the robustness of database connections.
- Improved code readability and maintainability by centralizing path resolution logic.
- Centralized placeholder handling in utils instead of individual function handlers
- Updated the validate_safe_path function to resolve the base directory to an absolute path and handle target paths more accurately.
- Enhanced logic to ensure that if the file_path is absolute, it is used directly; otherwise, it is joined with the base directory before resolution, improving handling of relative paths.
Security Improvements:
- Add DNS timeout (2.0s default) to validate_external_url() to prevent DoS
attacks from malicious URLs causing DNS resolution to hang
- Make path validation OS-aware: supports Windows, macOS (Darwin), and Linux
with platform-specific dangerous path detection
- Add validation for negative max_length values in sanitize_input()
Code Quality Improvements:
- Extract bot_root property in MeshCoreBot class to eliminate code duplication
(was calculated twice in __init__ and setup_logging)
- Use explicit bot_root directory instead of '.' for predictable path validation
in both database and log file path validation
- Make sanitize_input() max_length parameter Optional to allow disabling length
check for radio messages (firmware enforces 150-char limit at hardware level)
- Update message_handler.py to use max_length=None for radio messages while
preserving control character stripping for security
- Replace inline regex with centralized validate_pubkey_format() function in
base_command.py for consistency and maintainability
- Improve documentation: add comments about socket timeout behavior and
firmware-enforced message length limits
All improvements have been tested and verified:
- Syntax checks pass
- All functions work correctly
- No circular dependencies
- Bot initializes successfully with all attributes present
Files modified:
- modules/security_utils.py: DNS timeout, OS-aware paths, Optional max_length
- modules/core.py: bot_root property, explicit base directory usage
- modules/message_handler.py: max_length=None for radio messages
- modules/commands/base_command.py: centralized validation function