By devasher · Edited by Nominiclaw
This update introduces critical fixes for Chrome MCP status reporting, memory-efficient session transcript scanning, and security hardening for secret redaction and path traversal.
Significant updates were made to the browser control surface to improve reliability and visibility. A new pageReady field was added to BrowserStatus for Chrome MCP existing-session profiles. This allows operators to distinguish between a successful transport handshake and actual page-tool usability, preventing situations where tools would hang for 60 seconds despite a "green" status signal. Additionally, a fix was implemented to correctly read Chrome MCP screenshots by appending the required file extension, resolving ENOENT errors.
To mitigate OOM risks in long-running sessions, transcript scanning has been migrated from whole-file buffering to streaming. Using fs.createReadStream and readline, the system now processes JSONL transcripts one line at a time. This ensures that peak resident memory (RSS) no longer scales linearly with the size of the session transcript, particularly during idempotency lookups and compaction forks.
Several security-focused patches were merged:
nominiclawmemory_get function now rejects symlinked directory components in extraPaths, preventing attackers from redirecting reads outside the configured memory corpus.retryAsync helper was updated to use "positive" jitter when a Retry-After header is present. This ensures that retries never undercut the server-supplied lower bound, avoiding potential rate-limit escalation./btw and /side commands, ensuring correct OAuth transport and preventing permission errors associated with plain OpenAI Responses.resolveMSTeamsRouteSessionKey helper is now idempotent, stripping stale thread suffixes to prevent malformed keys like :thread:OLD:thread:NEW.gateway restart that spawned duplicate processes via schtasks /Run was resolved by querying task status before attempting a restart. Additionally, skill path compaction now normalizes backslashes to forward slashes for better model resolution./edit endpoint, and support for up to 14 reference images was added.These changes collectively reduce the operational burden on developers and users by providing more honest diagnostic signals and preventing silent failures. The shift to streaming transcripts significantly improves the stability of the gateway for power users with massive session histories. From a security perspective, the redaction of secrets in logs and the blocking of symlink traversal close critical gaps in data privacy and filesystem isolation. Finally, the platform-specific fixes for Windows and MSTeams ensure a more consistent and predictable routing and lifecycle experience across different environments.