mirror of https://github.com/garrytan/gstack.git
0361acfb6a
SIDEBAR_MESSAGE_FLOW.md: new "Terminal flow" section. Documents the WS upgrade path (/pty-session cookie mint → /ws Origin + cookie gate → lazy claude spawn), the dual-token model (AUTH_TOKEN for /pty-session, gstack_pty cookie for /ws, INTERNAL_TOKEN for server↔agent loopback), and the threat-model boundary — the Terminal tab bypasses the entire prompt-injection security stack on purpose; user keystrokes are the trust source. That trust assumption is load-bearing on three transport guarantees: local-only listener, Origin gate, cookie auth. Drop any one of those three and the tab becomes unsafe. CLAUDE.md: extends the "Sidebar architecture" note to include terminal-agent.ts in the read-this-first list. Adds a "Terminal tab is its own process" note so a future contributor doesn't bolt PTY logic onto sidebar-agent.ts. TODOS.md: three new follow-ups under a new "Sidebar Terminal" section: - v1.1: PTY session survives sidebar reload (Issue 1C deferred). - v1.1+: audit /health AUTH_TOKEN distribution (codex finding #2 — a pre-existing soft leak that cc-pty-import sidesteps but doesn't fix). - v1.1+: apply terminal-agent's process.on exception handlers to sidebar-agent.ts (codex finding #4 — chat path has no fatal handlers). |
||
|---|---|---|
| .. | ||
| BUN_NATIVE_INFERENCE.md | ||
| CHROME_VS_CHROMIUM_EXPLORATION.md | ||
| CONDUCTOR_CHROME_SIDEBAR_INTEGRATION.md | ||
| CONDUCTOR_SESSION_API.md | ||
| DESIGN_SHOTGUN.md | ||
| DESIGN_TOOLS_V1.md | ||
| GCOMPACTION.md | ||
| GSTACK_BROWSER_V0.md | ||
| ML_PROMPT_INJECTION_KILLER.md | ||
| PACING_UPDATES_V0.md | ||
| PLAN_TUNING_V0.md | ||
| PLAN_TUNING_V1.md | ||
| SELF_LEARNING_V0.md | ||
| SESSION_INTELLIGENCE.md | ||
| SIDEBAR_MESSAGE_FLOW.md | ||
| SLATE_HOST.md | ||
| SLOP_SCAN_FOR_REVIEW_SHIP.md | ||