Garry Tan 905d5a2e29 fix(security): cache device salt in-process to survive fs-unwritable ...

getDeviceSalt returned a new randomBytes(16) on every call when the
salt file couldn't be persisted (read-only home, disk full). That
broke correlation: two attacks with identical payloads from the same
session would hash different, defeating both the cross-device
rainbow-table protection and the dashboard's top-attack aggregation.

Cache the salt in a module-level variable on first generation. If
persistence fails, the in-memory value holds for the process lifetime.
Next process gets a new salt, but within-session correlation works.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-20 07:17:23 +08:00

..

bin

feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)

2026-03-19 18:20:50 -07:00

scripts

fix: ngrok Windows build + close CI error-swallowing gap (v0.18.0.1) (#1024)

2026-04-16 13:49:04 -07:00

src

fix(security): cache device salt in-process to survive fs-unwritable

2026-04-20 07:17:23 +08:00

test

test(security): source-level contracts for the security wiring

2026-04-20 07:09:52 +08:00

PLAN-snapshot-dropdown-interactive.md

fix: snapshot -i auto-detects dropdown/popover interactive elements (#845)

2026-04-05 22:57:45 -07:00

SKILL.md

fix(preamble): emit EXPLAIN_LEVEL + QUESTION_TUNING bash echoes

2026-04-20 07:05:43 +08:00

SKILL.md.tmpl

feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)

2026-04-18 23:25:33 +08:00