mirror of
https://github.com/garrytan/gstack.git
synced 2026-06-19 00:00:13 +02:00
Garry Tan
9878b2911c
Main shipped v1.38.0.0 with surrogate sanitization at the handleCommandInternal choke point (cleaner architecture than ours). This merge keeps both: - v1.38.0.0's handleCommandInternal sanitizing wrapper around handleCommandInternalImpl (choke point, all callers benefit automatically). - This branch's buildCommandResponse extraction (exported, unit-testable) + stripLoneSurrogateEscapes for \uXXXX JSON-escape forms (handles bodies that were already stringified before reaching the choke point). The two layers compose: choke point catches raw surrogates at result-build time, response boundary catches escape-text forms. CHANGELOG entry reframed to credit v1.38.0.0's choke-point fix and position our additions as defense-in-depth. Net new in this release: - Implementation Tasks across 4 review skills + autoplan JSONL aggregator (#1454) - Root-level allowlist patterns + idempotent jq migration v1.38.1.0.sh (#1452) - Defense-in-depth surrogate sanitization layer + buildCommandResponse extraction + 25 new unit tests (#1440 follow-up to v1.38.0.0). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>