Conversation
#2096) * Support combined folder search with multiple -c flags search -c s -c d now returns Classic shared folders and KeeperDrive folders together in one JSON response. Changed -c from action='store' to action='append' so repeated flags accumulate instead of overwriting. JSON details field now shows Folder Category: Classic or Folder Category: KeeperDrive for folder results. * Fix nested_share_folder details always shown in JSON search output NSF folders with no parent UID previously rendered an empty details field. Now always shows Folder Category: NestedShare, with Parent UID appended when the folder is not at root level. * Fix help text for -c flag to use Nested Share Folders instead of KeeperDrive
…e delete response handling (#2097)
* fix: honor bundled certifi store on Windows * fix: rename os-keychain plugin directory to os_keychain for valid Python package name The hyphen in os-keychain caused find_packages() to skip the directory, so it was not included in the PyPI wheel. PyInstaller also failed to bundle it correctly. Renaming to os_keychain (underscore) fixes both. loader.py normalises the URI scheme (os-keychain -> os_keychain) before resolving the plugin module, so config.json entries are unchanged. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: sshrushanth-ks <sshrushanth@keepersecurity.com> Co-authored-by: Cursor <cursoragent@cursor.com>
…osed (#2109) When the WebRTC peer connection reached the "closed" state without a preceding channel_closed signal (ICE timeout, network drop, etc.), Commander logged the state change and returned — leaving the Rust tube running and any active forwarded TCP sessions (SSH, MySQL, etc.) still proxying while Commander stopped reporting the tunnel entirely. Mirror the channel_closed cleanup: call close_tube (idempotent if Rust already closed), stop the dedicated WebSocket, and unregister the tunnel session so the tunnel is fully cleaned up regardless of which path triggered the close. Co-authored-by: Micah Roberts <mroberts@keepersecurity.com>
* Add --silent flag that disables all logging Some customers use the Keeper CLI within PowerShell scripts (not native PS module), and want to avoid noise in their logging. Added a --silent flag that launches Keeper with logging statements disabled. * Add silent flag to print statements
… ls, and nsf-get commands (#2105) * KC-1261, KC-1267 & KC-1291: Fix: consistent folder JSON response across get, ls, and nsf-get commands (#2092) * Fix: consistent folder JSON response across get, ls, and nsf-get commands * enrich ls and folder get responses with location block and record names * addressed PR review comments * --include-dag flag update * added source discriminator to record get JSON response * added folder location block to record get and nsf-get JSON responses, and fixed --include-dag flag issue * included NSF records in ls output and standardize record source to nested/classic
* Use batch v3 endpoint to create records from cloud secrets in Keeper Drive folders.
* Fix circular KSM import Moved KSM, gateway_helper and router_helper into their respective functions to avoid an issue with circular imports when importing commands, eg: `from keepercommander.commands.utils import WhoamiCommand` `from keepercommander.commands.discoveryrotation import PAMGatewayListCommand` * Changed KSM import in pam.gateway_helper KSMCommand import in pam.gateway_helper doesn't point to the core file where KSMCommand is defined. While this doesn't appear to cause an issue, fixed to avoid any future circular import problems.
…h read path, local-vault config_uid, set_launch_credentials, discovery_common+keeper_dag parity, tests)
…ault config_uid, set_launch_credentials, USE_LOCAL_DAG warning
…link perms mismatch)
Improvements for `epm scim ad` help menu: - Document support for hostname and IP address for `--ad-url` - Add `\` escape character for `--ad-user` - Clarify that `--ad-password` is optional and will be prompted if unset
Service mode applies a global flask-limiter default limit to every route. The /health endpoint had no explicit limiter configuration, so it inherited that default and counted against the shared per-client rate-limit budget. Liveness/readiness probes and load balancer health checks poll /health frequently, so the budget is eventually exhausted. Once that happens /health starts returning HTTP 429, probes fail, and the orchestrator replaces the pod -- which resets the in-memory counter and repeats the cycle on a fixed interval. Decorating the endpoint with @limiter.exempt removes it from all rate-limit calculations. /health performs no backend calls and returns a static status, so exempting it has no security impact.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.