Val Alexander f4f8eac3a3 fix(ui): resolve 3 critical security and UX issues ...

1. fix(security): prevent JSON DoS via size cap on auto-parse
   - Add MAX_JSON_AUTOPARSE_CHARS (20KB) to detectJson()
   - Prevents UI freeze from multi-MB JSON in assistant/tool messages
   - Addresses Aisle Security High severity CWE-400

2. fix(ux): prevent STT transcripts going to wrong session
   - Add cleanupChatModuleState() export in chat.ts
   - Call cleanup in applyTabSelection when leaving chat tab
   - Stops active recording to prevent voice input to unintended session
   - Addresses Greptile critical UX bug

3. fix(security): redact sensitive values in config diff panel
   - Add renderDiffValue() with stream-mode + sensitive-path checks
   - Use in diff panel rendering instead of raw truncateValue()
   - Prevents secrets from appearing during screen sharing
   - Addresses Aisle Security Medium severity CWE-200

2026-03-06 00:47:59 -06:00

..

public

fix: migrate legacy gateway services

2026-01-30 04:01:31 +01:00

src

fix(ui): resolve 3 critical security and UX issues

2026-03-06 00:47:59 -06:00

index.html

revert(ui): remove UI portions of mixed commits from main

2026-02-22 13:01:22 -06:00

package.json

fix(ui): bump dompurify to 3.3.2 (#36781)

2026-03-05 17:08:42 -05:00

vite.config.ts

ui: refactor dashboard-v2 structure and behavior

2026-03-05 17:24:37 -06:00

vitest.config.ts

chore: update deps and add control ui routing tests

2025-12-30 14:30:46 +01:00

vitest.node.config.ts

chore: fix vitest standalone configs and update package description (#11865)

2026-02-08 05:24:50 -08:00