SECURITY FIXES:
- Add restart.sh script that reads Vault credentials from /tmp/ only
- Add .gitignore rules for: vault-unseal-keys, start-and-unseal.sh, vault-token-*
- Add security warning to README.md about /tmp/ for secrets
- Update botserver port references from 8088 to 9000 in README
Secrets MUST be placed in /tmp/ only:
- /tmp/vault-token-gb (Vault root token)
- /tmp/vault-unseal-key-gb (Vault unseal key)
This commit removes the previous commit (c7a60b8) that contained hardcoded
secrets in restart.sh and start-and-unseal.sh files.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add ConfigWatcher for monitoring ~/data/*.gbai/*.gbot/config.csv
- Skip DriveMonitor for default bot (managed via ConfigWatcher)
- Fix model routing hierarchy: session → bot → default
- Fix ConfigWatcher to handle local embedded (llm-server=true)
- Add notify dependency for file system watching
- Add data/ to .gitignore (contains API keys)
- Update package.json for botui
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add token-aware text truncation utility in core/shared/utils.rs
- Fix embedding generators to use 600 token limit (safe under 768)
- Fix LLM context limit detection for local models (768 vs 4096)
- Prevent 'exceed context size' errors for both embeddings and chat
