singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
singularity-forge/src/resources
History
Mikael Hugo 66ff949c11 cherry-pick(security): harden project-controlled surfaces (PR #4755 partial) 
Cherry-pick of gsd-build/gsd-2 65ca5aa2e — applies the security hardening
hunks that conflicted minimally:

- mcp-server/env-writer: validate writes against a strict allowlist
- web/api/files: enforce path containment via web/lib/secure-path
- vscode-extension: read binaryPath/autoStart only from trusted
  global/default scopes (resolveTrustedSfStartupConfig), avoiding
  workspace-controlled override (renamed Gsd → Sf for sf naming)
- New regression tests: mcp-client-security, vscode-startup-security,
  web-files-symlink

Skipped hunks (drifted): mcp-server/server.ts, mcp-client/index.ts,
mcp-server/README.md.

Co-Authored-By: Jeremy <jeremy@fluxlabs.net>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-28 05:37:07 +02:00
..
agents refactor: rebrand gsd_ tool names and references to sf_ namespace 2026-04-15 15:51:38 +02:00
extensions cherry-pick(security): harden project-controlled surfaces (PR #4755 partial) 2026-04-28 05:37:07 +02:00
skills chore: init sf 2026-04-21 01:38:02 +02:00
SF-WORKFLOW.md refactor(native): rename gsd_parser.rs to forge_parser.rs 2026-04-15 14:58:21 +02:00