mirror of https://github.com/garrytan/gstack.git
6591b02563
#1308's writeSecureFile wrapper added Windows icacls hardening for the 4 state-file write sites in server.ts, but #1310's regression test grep's for fs.writeFileSync(tmpStatePath()) calls. The two changes are technically compatible only if the test relaxes — keeping the test strict (the safer choice for catching regressions on the cold-start race) means the 4 state- file sites stay on fs.writeFileSync(..., { mode: 0o600 }). POSIX 0o600 hardening is preserved on those 4 sites. Windows icacls hardening still applies to all the other writeSecureFile call sites #1308 added (auth.json, mkdirSecure, etc.). Also refreshes golden baselines after #1302 / port + minor wording tweak in scripts/resolvers/review.ts to keep gen-skill-docs.test.ts assertion 'Cite the specific file' satisfied. |
||
|---|---|---|
| .. | ||
| golden | ||
| mode-posture | ||
| plans | ||
| coverage-audit-fixture.ts | ||
| eval-baselines.json | ||
| forcing-finding-seeds.ts | ||
| golden-ship-claude.md | ||
| overlay-nudges.ts | ||
| qa-eval-checkout-ground-truth.json | ||
| qa-eval-ground-truth.json | ||
| qa-eval-spa-ground-truth.json | ||
| review-army-migration.sql | ||
| review-army-n-plus-one.rb | ||
| review-eval-design-slop.css | ||
| review-eval-design-slop.html | ||
| review-eval-enum-diff.rb | ||
| review-eval-enum.rb | ||
| review-eval-vuln.rb | ||