mirror of https://github.com/garrytan/gstack.git
ea7dbc9a39
* fix: sidebar prompt injection defense — XML framing, command allowlist, arg plumbing Three security fixes for the Chrome sidebar: 1. XML-framed prompts with trust boundaries and escape of < > & in user messages to prevent tag injection attacks. 2. Bash command allowlist in system prompt — only browse binary commands ($B goto, $B click, etc.) allowed. All other bash commands forbidden. 3. Fix sidebar-agent.ts ignoring queued args — server-side --model and --allowedTools changes were silently dropped because the agent rebuilt args from scratch instead of using the queue entry. Also defaults sidebar to Opus (harder to manipulate). 12 new tests covering XML escaping, command allowlist, Opus default, trust boundary instructions, and arg plumbing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump version and changelog (v0.13.4.0) ML prompt injection defense design doc + P0 TODO for follow-up PR. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: clear stale worktree and claude session on sidebar reconnect loadSession() was restoring worktreePath and claudeSessionId from prior crashes. The worktree directory no longer existed (deleted on cleanup) and --resume with a dead session ID caused claude to fail silently. Now validates worktree exists on load and clears stale claude session IDs on every server restart. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| fixtures | ||
| activity.test.ts | ||
| adversarial-security.test.ts | ||
| browser-manager-unit.test.ts | ||
| bun-polyfill.test.ts | ||
| commands.test.ts | ||
| compare-board.test.ts | ||
| config.test.ts | ||
| cookie-import-browser.test.ts | ||
| cookie-picker-routes.test.ts | ||
| file-drop.test.ts | ||
| find-browse.test.ts | ||
| findport.test.ts | ||
| gstack-config.test.ts | ||
| gstack-update-check.test.ts | ||
| handoff.test.ts | ||
| path-validation.test.ts | ||
| platform.test.ts | ||
| server-auth.test.ts | ||
| sidebar-agent-roundtrip.test.ts | ||
| sidebar-agent.test.ts | ||
| sidebar-integration.test.ts | ||
| sidebar-security.test.ts | ||
| sidebar-unit.test.ts | ||
| snapshot.test.ts | ||
| state-ttl.test.ts | ||
| test-server.ts | ||
| url-validation.test.ts | ||
| watch.test.ts | ||