From fb17bd2ff50a8971a03a596e41faa238a703d50b Mon Sep 17 00:00:00 2001 From: Garry Tan Date: Sun, 22 Mar 2026 13:16:22 -0700 Subject: [PATCH] docs: update project documentation for v0.11.0.0 Co-Authored-By: Claude Opus 4.6 --- CHANGELOG.md | 6 ++++-- CLAUDE.md | 1 + CONTRIBUTING.md | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 626945a8..63bcbdce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,8 +12,10 @@ ### Fixed -- **`gstack-slug` hardened against shell injection.** Output sanitized to alphanumeric, dot, dash, and underscore only. -- **Orphaned Chromium processes cleaned up on restart.** The browse server now kills the old process before starting a new one. +- **`gstack-slug` hardened against shell injection.** Output sanitized to alphanumeric, dot, dash, and underscore only. All remaining `eval $(gstack-slug)` callers migrated to `source <(...)`. +- **DNS rebinding protection.** `browse goto` now resolves hostnames to IPs and checks against the metadata blocklist — prevents attacks where a domain initially resolves to a safe IP, then switches to a cloud metadata endpoint. +- **Concurrent server start race fixed.** An exclusive lockfile prevents two CLI invocations from both killing the old server and starting new ones simultaneously, which could leave orphaned Chromium processes. +- **Smarter storage redaction.** Key matching now uses underscore-aware boundaries (won't false-positive on `keyboardShortcuts` or `monkeyPatch`). Value detection expanded to cover AWS, Stripe, Anthropic, Google, Sendgrid, and Supabase key prefixes. - **CI workflow YAML lint error fixed.** ### For contributors diff --git a/CLAUDE.md b/CLAUDE.md index 04f27d3f..0f057fdf 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -81,6 +81,7 @@ gstack/ ├── retro/ # Retrospective skill ├── document-release/ # /document-release skill (post-ship doc updates) ├── cso/ # /cso skill (OWASP Top 10 + STRIDE security audit) +├── design-consultation/ # /design-consultation skill (design system from scratch) ├── setup-deploy/ # /setup-deploy skill (one-time deploy config) ├── bin/ # CLI utilities (gstack-repo-mode, gstack-slug, gstack-config, etc.) ├── setup # One-time setup: build binary + symlink skills diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3040af30..8c790efc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -56,7 +56,7 @@ project where you actually felt the pain. ### Session awareness -When you have 3+ gstack sessions open simultaneously, every question tells you which project, which branch, and what's happening. No more staring at a question thinking "wait, which window is this?" The format is consistent across all 15 skills. +When you have 3+ gstack sessions open simultaneously, every question tells you which project, which branch, and what's happening. No more staring at a question thinking "wait, which window is this?" The format is consistent across all skills. ## Working on gstack inside the gstack repo