gstack

History

Garry Tan 22ad3e5b64 fix: Codex filesystem boundary — prevent skill-file prompt injection (v0.12.10.0) (#570 ) * fix: add filesystem boundary to all codex prompts Codex CLI can read files outside the repo root despite -s read-only. It discovers ~/.claude/skills/ and ~/.agents/skills/, treats SKILL.md files as instructions, and executes preamble scripts instead of reviewing code. Fix: prepend a boundary instruction to all 11 codex exec/review callsites across codex/SKILL.md.tmpl (3), autoplan/ SKILL.md.tmpl (3), and scripts/resolvers/review.ts (5). Add rabbit- hole detection rule and 5 regression tests. * chore: bump version and changelog (v0.12.10.0) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>		2026-03-27 08:42:19 -06:00
..
browse.ts	feat: worktree isolation for E2E tests + infrastructure elegance (v0.11.12.0) (#425 )	2026-03-23 23:05:22 -07:00
codex-helpers.ts	feat: worktree isolation for E2E tests + infrastructure elegance (v0.11.12.0) (#425 )	2026-03-23 23:05:22 -07:00
constants.ts	feat: worktree isolation for E2E tests + infrastructure elegance (v0.11.12.0) (#425 )	2026-03-23 23:05:22 -07:00
design.ts	fix: resolve codex exec -C repo root eagerly to prevent wrong-project reviews (v0.12.6.0) (#549 )	2026-03-26 23:52:05 -06:00
index.ts	fix: community PRs + security hardening + E2E stability (v0.12.7.0) (#552 )	2026-03-26 23:21:27 -06:00
preamble.ts	feat: voice directive for all skills (v0.12.3.0) (#520 )	2026-03-26 17:31:53 -06:00
review.ts	fix: Codex filesystem boundary — prevent skill-file prompt injection (v0.12.10.0) (#570 )	2026-03-27 08:42:19 -06:00
testing.ts	fix: zsh glob compatibility across all skill templates (v0.12.8.1) (#559 )	2026-03-27 00:23:37 -06:00
types.ts	feat: worktree isolation for E2E tests + infrastructure elegance (v0.11.12.0) (#425 )	2026-03-23 23:05:22 -07:00
utility.ts	fix: zsh glob compatibility across all skill templates (v0.12.8.1) (#559 )	2026-03-27 00:23:37 -06:00