singularity-forge

History

Mikael Hugo 66ff949c11 cherry-pick(security): harden project-controlled surfaces (PR #4755 partial) Cherry-pick of gsd-build/gsd-2 65ca5aa2e — applies the security hardening hunks that conflicted minimally: - mcp-server/env-writer: validate writes against a strict allowlist - web/api/files: enforce path containment via web/lib/secure-path - vscode-extension: read binaryPath/autoStart only from trusted global/default scopes (resolveTrustedSfStartupConfig), avoiding workspace-controlled override (renamed Gsd → Sf for sf naming) - New regression tests: mcp-client-security, vscode-startup-security, web-files-symlink Skipped hunks (drifted): mcp-server/server.ts, mcp-client/index.ts, mcp-server/README.md. Co-Authored-By: Jeremy <jeremy@fluxlabs.net> Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-28 05:37:07 +02:00
..
api	cherry-pick(security): harden project-controlled surfaces (PR #4755 partial)	2026-04-28 05:37:07 +02:00
globals.css	feat(web): Dark mode contrast — raise token floor and flatten opacity tier system (#2734 )	2026-03-26 16:17:03 -06:00
layout.tsx	chore: sync workspace state after rebrand	2026-04-15 14:54:20 +02:00
page.tsx	wip: rename gsd-parser dir + exports, fix native package.json	2026-04-15 14:22:21 +02:00