Garry Tan 12fdc6391c refactor(security): loosen /connect rate limit from 3/min to 300/min ...

Setup keys are 24 random bytes (unbruteforceable), so a tight rate limit
does not meaningfully prevent key guessing. It exists only to cap
bandwidth, CPU, and log-flood damage from someone who discovered the
ngrok URL. A legitimate pair-agent session hits /connect once; 300/min
is 60x that pattern and never hit accidentally.

3/min caused pairing to fail on any retry flow (network blip, second
paired client) with no upside. Per-IP tracking was considered and
rejected — adds a bounded Map + LRU for defense already adequate at the
global layer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 20:31:03 -07:00

..

bin

feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)

2026-03-19 18:20:50 -07:00

scripts

fix: ngrok Windows build + close CI error-swallowing gap (v0.18.0.1) (#1024)

2026-04-16 13:49:04 -07:00

src

refactor(security): loosen /connect rate limit from 3/min to 300/min

2026-04-21 20:31:03 -07:00

test

feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089)

2026-04-20 22:18:37 +08:00

PLAN-snapshot-dropdown-interactive.md

fix: snapshot -i auto-detects dropdown/popover interactive elements (#845)

2026-04-05 22:57:45 -07:00

SKILL.md

feat(v1.4.0.0): /make-pdf — markdown to publication-quality PDFs (#1086)

2026-04-20 13:20:30 +08:00

SKILL.md.tmpl

feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)

2026-04-18 23:25:33 +08:00