CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-02 11:45:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
daf13d822c520ade44863e50c9468d5774dedcd0
gstack/bin
T
History
Garry Tan 9b65041d1c fix(security): learnings input validation + cross-project trust gate 
Three fixes to the learnings system:

1. Input validation in gstack-learnings-log: type must be from allowed list,
   key must be alphanumeric, confidence must be 1-10 integer, source must
   be from allowed list. Prevents injection via malformed fields.

2. Prompt injection defense: insight field checked against 10 instruction-like
   patterns (ignore previous, system:, override, etc.). Rejected with clear
   error message.

3. Cross-project trust gate in gstack-learnings-search: AI-generated learnings
   from other projects are filtered out. Only user-stated learnings cross
   project boundaries. Prevents silent prompt injection across codebases.

Also adds trusted field (true for user-stated source, false for AI-generated)
to enable the trust gate at read time.

Closes #841

Co-Authored-By: Ziad Al Sharif <Ziadstr@users.noreply.github.com>
2026-04-13 09:36:33 -07:00
..
chrome-cdp
fix: security audit round 2 (v0.13.4.0) (#640)
2026-03-29 22:46:33 -06:00
dev-setup
feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)
2026-03-19 18:20:50 -07:00
dev-teardown
feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)
2026-03-19 18:20:50 -07:00
gstack-analytics
feat: opt-in usage telemetry + community intelligence platform (v0.8.6) (#210)
2026-03-19 17:21:05 -07:00
gstack-builder-profile
feat: relationship closing — office-hours adapts to repeat users (v0.16.2.0) (#937)
2026-04-08 22:21:28 -10:00
gstack-community-dashboard
fix: Supabase telemetry security lockdown (v0.11.16.0) (#460)
2026-03-24 15:01:31 -07:00
gstack-config
feat: composable skills — INVOKE_SKILL resolver + factoring infrastructure (v0.13.7.0) (#644)
2026-03-29 23:35:17 -06:00
gstack-diff-scope
feat: Review Army — parallel specialist reviewers for /review (v0.14.3.0) (#692)
2026-03-30 22:07:50 -06:00
gstack-extension
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
gstack-global-discover.ts
refactor: AI slop reduction with cross-model quality review (v0.16.3.0) (#941)
2026-04-10 17:13:15 -10:00
gstack-learnings-log
fix(security): learnings input validation + cross-project trust gate
2026-04-13 09:36:33 -07:00
gstack-learnings-search
fix(security): learnings input validation + cross-project trust gate
2026-04-13 09:36:33 -07:00
gstack-open-url
feat: community wave — 7 fixes, relink, sidebar Write, discoverability (v0.13.5.0) (#641)
2026-03-29 21:43:36 -06:00
gstack-patch-names
fix: ship idempotency + skill prefix name patching (v0.14.3.0) (#693)
2026-03-30 22:25:46 -06:00
gstack-platform-detect
feat: declarative multi-host platform + OpenCode, Slate, Cursor, OpenClaw (v0.15.5.0) (#793)
2026-04-04 15:32:20 -07:00
gstack-relink
fix: top-level skill dirs so Claude discovers unprefixed names (#761)
2026-04-02 18:34:00 -07:00
gstack-repo-mode
feat: test coverage catalog — shared audit across plan/ship/review (v0.10.1.0) (#259)
2026-03-22 11:28:16 -07:00
gstack-review-log
fix: community PRs + security hardening + E2E stability (v0.12.7.0) (#552)
2026-03-26 23:21:27 -06:00
gstack-review-read
fix: gstack-slug bash compatibility — source to eval (#354)
2026-03-22 21:02:01 -07:00
gstack-session-update
feat: team-friendly gstack install mode (v0.15.7.0) (#809)
2026-04-05 23:49:03 -07:00
gstack-settings-hook
fix(security): shell injection in bin/ scripts — use env vars instead of interpolation
2026-04-13 09:33:01 -07:00
gstack-slug
fix: gstack-slug produces deterministic slugs across sessions (#897)
2026-04-07 15:42:13 -10:00
gstack-specialist-stats
feat: adaptive gating + cross-review dedup for review army (v0.15.2.0) (#760)
2026-04-04 22:46:21 -07:00
gstack-team-init
fix(security): shell injection in bin/ scripts — use env vars instead of interpolation
2026-04-13 09:33:01 -07:00
gstack-telemetry-log
fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595)
2026-03-28 08:35:24 -06:00
gstack-telemetry-sync
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
gstack-timeline-log
feat: Session Intelligence Layer — /checkpoint + /health + context recovery (v0.15.0.0) (#733)
2026-04-01 00:50:42 -06:00
gstack-timeline-read
feat: Session Intelligence Layer — /checkpoint + /health + context recovery (v0.15.0.0) (#733)
2026-04-01 00:50:42 -06:00
gstack-uninstall
feat: team-friendly gstack install mode (v0.15.7.0) (#809)
2026-04-05 23:49:03 -07:00
gstack-update-check
fix: community PRs + security hardening + E2E stability (v0.12.7.0) (#552)
2026-03-26 23:21:27 -06:00