RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/.agents/skills
History
Garry Tan 11695e3aca
fix: security audit compliance — credentials, telemetry, bun pin, untrusted warning (v0.12.12.0) (#574) 
* fix: replace hardcoded credentials with env vars in documentation

Addresses Snyk W007 (HIGH). Replaces test@example.com/password123 with
$TEST_EMAIL/$TEST_PASSWORD env vars. Adds credential safety and cookie
safety notes.

* fix: make telemetry binary calls conditional on _TEL and binary existence

Addresses Socket's 14 MEDIUM findings for opaque telemetry binary.
Adds local JSONL fallback (always available, inspectable). Remote
binary only runs if _TEL != "off" and binary exists.

* fix: pin bun install to v1.3.10 with existence check

Addresses Snyk W012 (MEDIUM). Pins BUN_VERSION in browse.ts resolver,
Dockerfile.ci, and setup script error message. Adds command -v check
to skip install if bun already present.

* docs: add data flow documentation to review.ts

Addresses Socket HIGH finding (98% confidence). Documents what data
is sent to external review services and what is NOT sent.

* test: add audit compliance regression tests

6 tests enforce Snyk/Socket fixes stay in place: no hardcoded creds,
conditional telemetry, version-pinned bun, untrusted content warning,
data flow docs, all SKILL.md telemetry conditional.

* refactor: remove 2017 lines of dead code from gen-skill-docs.ts

The Placeholder Resolvers section (lines 77-2092) contained duplicate
functions that were superseded by scripts/resolvers/*.ts. The RESOLVERS
map from resolvers/index.ts is the sole resolution path. Verified: zero
call sites outside self-references.

* chore: regenerate SKILL.md files from updated templates

Reflects: conditional telemetry, version-pinned bun install,
untrusted content warning after Navigation commands.

* chore: bump version and changelog (v0.12.12.0)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 		2026-03-27 12:06:58 -06:00
..
gstack/agents fix: zsh glob compatibility in skill preamble (v0.11.7.0) (#386) 2026-03-23 07:36:58 -07:00
gstack-autoplan/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-benchmark/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-browse/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-canary/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-careful/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-connect-chrome fix: security audit compliance — credentials, telemetry, bun pin, untrusted warning (v0.12.12.0) (#574) 2026-03-27 12:06:58 -06:00
gstack-cso/agents fix: zsh glob compatibility in skill preamble (v0.11.7.0) (#386) 2026-03-23 07:36:58 -07:00
gstack-design-consultation/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-design-review/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-document-release/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-freeze/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-guard/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-investigate/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-land-and-deploy/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-office-hours/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-plan-ceo-review/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-plan-design-review/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-plan-eng-review/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-qa/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-qa-only/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-retro/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-review/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-setup-browser-cookies/agents feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359) 2026-03-23 22:15:23 -07:00
gstack-setup-deploy/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-ship/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-unfreeze/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00
gstack-upgrade/agents fix: add codex skill metadata for gstack skills (#339) 2026-03-23 07:32:08 -07:00