mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-02 11:45:20 +02:00
Garry Tan
1a1a182251
Covers the pure-string operations that must behave deterministically in both
compiled and source-mode bun contexts:
* THRESHOLDS ordering invariant (BLOCK > WARN > LOG_ONLY > 0)
* combineVerdict ensemble rule — THE critical path:
- Empty signals → safe
- Canary leak always blocks (regardless of ML signals)
- Both ML layers >= WARN → BLOCK (ensemble_agreement)
- Single layer >= BLOCK → WARN (single_layer_high) — the Stack Overflow
FP mitigation that prevents one classifier killing sessions alone
- Max-across-duplicates when multiple signals reference the same layer
* Canary generation + injection + recursive checking:
- Unique CANARY-XXXXXXXXXXXX tokens (>= 48 bits entropy)
- Recursive structure scan for tool_use inputs, nested URLs, commands
- Null / primitive handling doesn't throw
* Payload hashing (salted sha256) — deterministic per-device, differs across
payloads, 64-char hex shape
* logAttempt writes to ~/.gstack/security/attempts.jsonl
* writeSessionState + readSessionState round-trip (cross-process)
* getStatus returns valid SecurityStatus shape
* extractDomain returns hostname only, empty string on bad input
All 25 tests pass in 18ms — no ML, no network, no subprocess spawning.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>