CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-06-24 02:29:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: merge origin/main (v1.38.0.0 fix wave) — defense-in-depth on top of choke-point sanitization

Browse Source 
Main shipped v1.38.0.0 with surrogate sanitization at the handleCommandInternal
choke point (cleaner architecture than ours). This merge keeps both:

- v1.38.0.0's handleCommandInternal sanitizing wrapper around
  handleCommandInternalImpl (choke point, all callers benefit automatically).
- This branch's buildCommandResponse extraction (exported, unit-testable) +
  stripLoneSurrogateEscapes for \uXXXX JSON-escape forms (handles bodies that
  were already stringified before reaching the choke point).

The two layers compose: choke point catches raw surrogates at result-build
time, response boundary catches escape-text forms.

CHANGELOG entry reframed to credit v1.38.0.0's choke-point fix and position
our additions as defense-in-depth. Net new in this release:
- Implementation Tasks across 4 review skills + autoplan JSONL aggregator (#1454)
- Root-level allowlist patterns + idempotent jq migration v1.38.1.0.sh (#1452)
- Defense-in-depth surrogate sanitization layer + buildCommandResponse
  extraction + 25 new unit tests (#1440 follow-up to v1.38.0.0).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-05-14 21:25:43 -07:00
parent 66c8a55dbb 3bf43766d5
commit 9878b2911c
27 changed files with 705 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+1 -1
View File
@@ -9,7 +9,7 @@
"make-pdf": "./make-pdf/dist/pdf"
},
"scripts": {
"build": "bun run vendor:xterm && bun run gen:skill-docs --host all; bun build --compile browse/src/cli.ts --outfile browse/dist/browse && bun build --compile browse/src/find-browse.ts --outfile browse/dist/find-browse && bun build --compile design/src/cli.ts --outfile design/dist/design && bun build --compile make-pdf/src/cli.ts --outfile make-pdf/dist/pdf && bun build --compile bin/gstack-global-discover.ts --outfile bin/gstack-global-discover && bash browse/scripts/build-node-server.sh && { git rev-parse HEAD 2>/dev/null || true; } > browse/dist/.version && { git rev-parse HEAD 2>/dev/null || true; } > design/dist/.version && { git rev-parse HEAD 2>/dev/null || true; } > make-pdf/dist/.version && chmod +x browse/dist/browse browse/dist/find-browse design/dist/design make-pdf/dist/pdf bin/gstack-global-discover && (rm -f .*.bun-build || true)",
"build": "bun run vendor:xterm && bun run gen:skill-docs --host all; bun build --compile browse/src/cli.ts --outfile browse/dist/browse && bun build --compile browse/src/find-browse.ts --outfile browse/dist/find-browse && bun build --compile design/src/cli.ts --outfile design/dist/design && bun build --compile make-pdf/src/cli.ts --outfile make-pdf/dist/pdf && bun build --compile bin/gstack-global-discover.ts --outfile bin/gstack-global-discover && bash browse/scripts/build-node-server.sh && ( git rev-parse HEAD 2>/dev/null || true ) > browse/dist/.version && ( git rev-parse HEAD 2>/dev/null || true ) > design/dist/.version && ( git rev-parse HEAD 2>/dev/null || true ) > make-pdf/dist/.version && chmod +x browse/dist/browse browse/dist/find-browse design/dist/design make-pdf/dist/pdf bin/gstack-global-discover && (rm -f .*.bun-build || true)",
"vendor:xterm": "mkdir -p extension/lib && cp node_modules/xterm/lib/xterm.js extension/lib/xterm.js && cp node_modules/xterm/css/xterm.css extension/lib/xterm.css && cp node_modules/xterm-addon-fit/lib/xterm-addon-fit.js extension/lib/xterm-addon-fit.js",
"dev:make-pdf": "bun run make-pdf/src/cli.ts",
"dev:design": "bun run design/src/cli.ts",