- acp/client.ts: add _sanitize helper with CR/LF escaping to prevent js/log-injection in 20 console.log/error calls (15 flagged alerts) - execFileNoThrowPortable.ts: remove redundant env:process.env from execaSync (already inherited by default) — fixes js/indirect-command-line-injection - toolCalls.ts: replace ambiguous regex [\w.-]* with non-backtracking [\w-]*(\.[\w-]*)+ and add 255-char length guard — fixes js/polynomial-redos Validation: bun run check:fix ✓, bunx tsc --noEmit (0 new errors) ✓, bun run build ✓ |
||
|---|---|---|
| .. | ||
| @ant | ||
| acp-link | ||
| agent-tools | ||
| audio-capture-napi | ||
| builtin-tools | ||
| color-diff-napi | ||
| image-processor-napi | ||
| mcp-client | ||
| modifiers-napi | ||
| remote-control-server | ||
| url-handler-napi | ||
| weixin | ||
| tsconfig.json | ||