gstack

mirror of https://github.com/garrytan/gstack.git synced 2026-05-05 13:15:24 +02:00

Files

T

Garry Tan fc04321bff fix: sidebar prompt injection defense — XML framing, command allowlist, arg plumbing

Three security fixes for the Chrome sidebar:

1. XML-framed prompts with trust boundaries and escape of < > & in user
   messages to prevent tag injection attacks.

2. Bash command allowlist in system prompt — only browse binary commands
   ($B goto, $B click, etc.) allowed. All other bash commands forbidden.

3. Fix sidebar-agent.ts ignoring queued args — server-side --model and
   --allowedTools changes were silently dropped because the agent rebuilt
   args from scratch instead of using the queue entry.

Also defaults sidebar to Opus (harder to manipulate).

12 new tests covering XML escaping, command allowlist, Opus default,
trust boundary instructions, and arg plumbing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-28 18:20:40 -07:00

bin

feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226 )

2026-03-19 18:20:50 -07:00

scripts

fix: Windows support — Node.js server fallback for Playwright (#255 )

2026-03-20 12:22:11 -07:00

src

fix: sidebar prompt injection defense — XML framing, command allowlist, arg plumbing

2026-03-28 18:20:40 -07:00

test

fix: sidebar prompt injection defense — XML framing, command allowlist, arg plumbing

2026-03-28 18:20:40 -07:00

SKILL.md

feat: user sovereignty — AI models recommend, users decide (v0.13.2.0) (#603 )

2026-03-28 10:25:37 -06:00

SKILL.md.tmpl

feat: worktree isolation for E2E tests + infrastructure elegance (v0.11.12.0) (#425 )

2026-03-23 23:05:22 -07:00