Review army (6 specialists + red team) findings, all fixed:
- Indented fences replay byte-for-byte and indented diagram fences are NOT
extracted (red-team conf-9: the pre-pass reconstructed fences at column 0,
splitting any list containing fenced code — every ordinary document).
- String.replace $-pattern injection killed at every seam: substituteSlots,
mergeStyle, img/src rewrites all use function replacements (a diagram label
containing $' duplicated the document tail).
- Big-expression transport reworked: browse `eval <file>` (one spawn, any
size, Windows-safe) replaces the 64KB chunked window-buffer eval — fixes
the per-chunk spawn cost, the char-vs-byte argv units, AND the Windows
32,767-char command-line ceiling in one move.
- Staged-bundle trust: content verified by hash even when the file exists,
and the rename-failure path re-hashes the survivor (sticky-bit /tmp EPERM
would otherwise ride a pre-planted file past the check).
- Windows drive-letter img srcs (C:/x.png) reach the local-path branch
instead of being swallowed as unknown URL schemes.
- DOCX rasterize-failure now embeds the decoded source as visible text —
returning the figure made diagrams vanish silently (converter drops svg).
- Fence source preserved as base64 data-gstack-source attribute (the comment
encoding corrupted every '-->' arrow); decodeFigureSource() round-trips.
- inlineLocalImages memoizes per path; file:// uses fileURLToPath; preview
prints a divergence note for fences/local images; --to docx strips the
watermark div and warns about print-only flags; TOC links resolve in
html/docx (heading ids assigned); waitForExpression sleeps instead of
busy-spinning; escapeHtml/svg-dims deduped to single definitions;
typography stragglers (blockquote 12pt, footnotes 10pt, 42em screen
measure); bundle BUILD_INFO gains srcSha256 for no-node_modules drift
detection; MAX_TARGET_PX shared guard.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Garry Tan