CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-11 15:27:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

merge: origin/main into garrytan/multi-checkpoint-resume

Browse Source 
Catches up commit 822e843a from main:
- fix: headed browser auto-shutdown + disconnect cleanup (v0.18.1.0) (#1025)

Version collision resolution:
Both main (822e843a) and my branch (6d879cd4) bumped to v0.18.1.0.
Per CLAUDE.md's CHANGELOG rule ("Merging main does NOT mean adopting main's
version. Your branch still needs its OWN version bump on top"), I preserved
main's v0.18.1.0 entry (headed browser fix) as-is and bumped this branch
to v0.18.2.0. VERSION + package.json updated to match.

CHANGELOG.md conflict resolved: main's v0.18.1.0 entry stays (it landed
first); my context-rot-defense entry moves to v0.18.2.0 at the top.
TODOS.md auto-merged cleanly (main added a new Browse TODO about scoping
sidebar-agent kill to session PID — that stays).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-04-17 07:06:08 +08:00
parent 6d879cd473 822e843a60
commit b01c6b8bce
9 changed files with 255 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TODOS.md
+14
View File
@@ -1,5 +1,19 @@
# TODOS
## Browse
### Scope sidebar-agent kill to session PID, not `pkill -f sidebar-agent\.ts`
**What:** `shutdown()` in `browse/src/server.ts:1193` uses `pkill -f sidebar-agent\.ts` to kill the sidebar-agent daemon, which matches every sidebar-agent on the machine, not just the one this server spawned. Replace with PID tracking: store the sidebar-agent PID when `cli.ts` spawns it (via state file or env), then `process.kill(pid, 'SIGTERM')` in `shutdown()`.
**Why:** A user running two Conductor worktrees (or any multi-session setup), each with its own `$B connect`, closes one browser window ... and the other worktree's sidebar-agent gets killed too. The blast radius was there before, but the v0.18.1.0 disconnect-cleanup fix makes it more reachable: every user-close now runs the full `shutdown()` path, whereas before user-close bypassed it.
**Context:** Surfaced by /ship's adversarial review on v0.18.1.0. Pre-existing code, not introduced by the fix. Fix requires propagating the sidebar-agent PID from `cli.ts` spawn site (~line 885) into the server's state file so `shutdown()` can target just this session's agent. Related: `browse/src/cli.ts` spawns with `Bun.spawn(...).unref()` and already captures `agentProc.pid`.
**Effort:** S (human: ~2h / CC: ~15min)
**Priority:** P2
**Depends on:** None
## Sidebar Security
### ML Prompt Injection Classifier