v1.38.1.0 fix wave: surrogate-safe page captures (#1440), Implementation Tasks across review skills (#1454), root-level artifact patterns (#1452)

[garrytan]

Summary

Three filed issues land together as a coordinated bug-fix wave.

Browse — Page captures with mixed-script Unicode round-trip cleanly to the Claude API (#1440)

• browse/src/sanitize.ts (new) — two surrogate-stripping utilities (stripLoneSurrogates, stripLoneSurrogateEscapes) plus sanitizeBody that picks the right pass for text/plain vs application/json bodies.
• buildCommandResponse extracted from handleCommand and exported for testability. Sanitizes every response body before new Response().
• /batch was bypassing the chokepoint via its own JSON.stringify({results, ...}). Each per-result string is now sanitized AND the envelope gets a second stripLoneSurrogateEscapes pass on the JSON-escape form.
• Defense in depth at the highest-volume DOM-text emitters: getCleanText, getCleanTextWithStripping, html, accessibility, all three return points in snapshot.ts.

Review skills — Implementation Tasks checklist + JSONL handoff (#1454)

• plan-ceo-review, plan-design-review, plan-eng-review, plan-devex-review each emit a markdown ## Implementation Tasks section AND write a jq-built JSONL artifact to ~/.gstack/projects/$SLUG/tasks-{phase}-{datetime}.jsonl. Never hand-rolled echo — jq -nc keeps the file valid when titles/findings contain quotes, newlines, or backslashes.
• /autoplan Phase 4 reads all four JSONL files, scopes by current branch + 5-commit window, dedupes on exact (component, sorted(files), title), renders aggregated tasks inside the Final Approval Gate.
• Standalone review runs (/plan-eng-review alone, etc.) produce their own task list and JSONL even outside autoplan — the JSONL is the handoff contract.
• New resolvers: scripts/resolvers/tasks-section.ts (emit + aggregate), scripts/task-emission-schema.ts (shared schema).

Federation sync — Root-level design + test-plan docs (#1452)

• bin/gstack-artifacts-init adds projects/*/*-design-*.md and projects/*/*-test-plan-*.md to all three managed blocks: .brain-allowlist, .brain-privacy-map.json (class artifact), .gitattributes (merge=union).
• Idempotent migration gstack-upgrade/migrations/v1.36.0.0.sh patches existing installs in place. Uses jq for the JSON file (preserves validity). NEVER calls gstack-artifacts-init — that would git commit + push and clobber user state.

Issue closed without code: #1441 — verified already fixed in v1.27.0.0 (alignment of setup-gbrain and gstack-brain-sync on the artifacts_sync_mode key, plus the v1.27.0.0 migration). Comment posted, issue closed.

Follow-up filed: #1503 — the v1.34.2.0 fix for #1428 uses a dual-path approach where the bare path no longer carries the filesystem boundary. Surfaces a token-efficiency concern when diffs touch .claude/skills/. Documented, not blocking this release.

Test Coverage

[+] browse/src/sanitize.ts                  [★★★ TESTED]  browse/test/sanitize.test.ts (18 cases)
[+] browse/src/server.ts buildCommandResponse [★★★ TESTED] browse/test/build-command-response.test.ts (7 cases)
[+] browse/src/server.ts /batch sanitize    [★★ TESTED]    Existing batch.test.ts + manual smoke
[+] browse/src/read-commands.ts wraps       [★ COVERED]    via getCleanText round-trip
[+] browse/src/snapshot.ts wraps            [★ COVERED]    via existing snapshot tests (44 pass)
[+] bin/gstack-artifacts-init blocks        [★★★ TESTED]  test/artifacts-init-migration.test.ts (7 cases)
[+] gstack-upgrade/migrations/v1.36.0.0.sh  [★★★ TESTED]  same — idempotency, missing-file, jq-absent paths
[+] scripts/resolvers/tasks-section.ts      [★★ TESTED]    via gen-skill-docs tests (385 pass) + template-render

COVERAGE: 8/8 new code paths tested (100%)  |  Code: 5/5  |  Skills: 3/3
QUALITY: ★★★:4 ★★:3 ★:1  |  GAPS: 0

Tests: full free-tier bun test green on the impacted files (sanitize ×18, build-command-response ×7, artifacts-init-migration ×7, host-config ×73, gen-skill-docs ×385, content-security ×58, snapshot ×44 pass + 1 pre-existing closeTab failure unrelated to this work).

Pre-Landing Review

No structural issues. Diff has no SQL, no auth surface, no new LLM trust boundary. The sanitizer regexes use ES2018+ negative lookbehind, which Bun supports. The migration is per-file independent (allowlist missing doesn't skip privacy-map repair) and idempotent (re-runs are no-ops). /codex review ran twice during planning (28 findings total, all incorporated except those that became #1503 follow-up after the v1.34.2.0 collision).

Plan Completion

Plan at ~/.claude/plans/system-instruction-you-are-working-sorted-teacup.md. All planned items shipped:

• ✅ Fix 4 (surrogate sanitization) — chokepoint + defense in depth + JSON-escape variant + /batch
• ✅ Fix 1 (Implementation Tasks) — 4 review skills + autoplan aggregator + JSONL schema
• ✅ Fix 2 (allowlist + privacy + gitattributes + migration)
• ✅ Fix 3 (/setup-gbrain Step 7 sets wrong config key (gbrain_sync_mode); brain-sync reads artifacts_sync_mode → federation silently never runs #1441 verified, closed with comment)
• ⏭️ Fix 5 (/codex review broken on Codex CLI ≥ 0.130.0 — passes [PROMPT] + --base together, which the CLI now rejects #1428) — dropped from this branch; already shipped by v1.34.2.0 with a different approach. Follow-up /codex review: bare-path drops filesystem boundary on diffs that touch .claude/skills/ #1503 filed for the boundary-drop concern.

TODOS

No TODO items completed in this PR.

Test plan

• bun test passes on browse/test/sanitize.test.ts (18 cases)
• bun test passes on browse/test/build-command-response.test.ts (7 cases)
• bun test passes on test/artifacts-init-migration.test.ts (7 cases)
• bun test passes on test/host-config.test.ts (73 — golden fixtures refreshed)
• bun test passes on test/gen-skill-docs.test.ts (385 — all hosts regenerated)
• bun test passes on browse/test/content-security.test.ts (58 — source-level regression updated to accept post-sanitize form)
• Migration smoke-tested on tmpdir fixture: adds patterns, preserves user customizations, jq keeps JSON valid, re-run is no-op
• bun run gen:skill-docs regenerates cleanly for all 12 hosts
• Issue /setup-gbrain Step 7 sets wrong config key (gbrain_sync_mode); brain-sync reads artifacts_sync_mode → federation silently never runs #1441 closed with comment citing v1.27.0.0 migration
• Follow-up /codex review: bare-path drops filesystem boundary on diffs that touch .claude/skills/ #1503 filed for the bare-path boundary-drop concern

🤖 Generated with Claude Code

[github-actions]

E2E Evals: ✅ PASS

20/20 tests passed | $3.00 total cost | 12 parallel runners

Suite	Result	Status	Cost
e2e-browse	2/2	✅	$0.15
e2e-deploy	2/2	✅	$0.31
e2e-design	2/2	✅	$0.35
e2e-plan	6/6	✅	$1.27
e2e-qa-workflow	1/1	✅	$0.56
e2e-review	1/1	✅	$0.1
e2e-workflow	1/1	✅	$0.16
llm-judge	5/5	✅	$0.1

---

12x ubicloud-standard-8 (Docker: pre-baked toolchain + deps) | wall clock ≈ slowest suite

[NikhileshNanduri]

Review: v1.36.0.0 bug-fix wave

Solid PR overall. The surrogate sanitization is well-designed (chokepoint + defense in depth + /batch envelope), the migration is idempotent, and the test coverage is thorough. A few findings below.

Summary:

• Bug (near-dup annotation): The "possible-duplicate marker injected by the renderer" comment + schema docstring promise behavior that the jq implementation doesn't deliver. Near-duplicates surface without any cross-reference marker.
• Dead code: dedupKey in task-emission-schema.ts is exported but never called.
• Accumulation: JSONL task files grow unboundedly with no housekeeping.
• Migration sed: The sed -i.bak inline insert syntax has a subtle portability note.

[NikhileshNanduri]

Near-duplicate annotation is mentioned but never implemented.

The comment says "possible-duplicate marker injected by the renderer" but the jq that follows does:

group_by([.component, (.files | sort), .title])
| map(sort_by(...) | .[0])

This is exact-match dedup only. Tasks with the same logical intent but slightly different wording or file lists (e.g., the same sanitizer bug flagged by both CEO and eng review, one listing browse/src/sanitize.ts and the other also adding browse/src/server.ts) get neither collapsed nor annotated.

The PR description says:

Near-duplicates surface separately with a possible-duplicate note for human resolution.

Neither the template code nor the generated SKILL.md injects such a note. Either:

1. Remove the "possible-duplicate marker injected by the renderer" comment (and fix the matching schema docstring at scripts/task-emission-schema.ts:56), or
2. Implement the annotation: after group_by, tasks that share the same title but differ in files could emit a sibling with a note field appended to the markdown line.

[NikhileshNanduri]

dedupKey is exported but never called — it's dead code.

The aggregator in scripts/resolvers/tasks-section.ts reimplements the dedup logic inline as a jq filter. This TypeScript function is never imported or invoked. If it's meant as documentation of the dedup algorithm, a comment on the jq block would be clearer. If it's meant for a future TypeScript-based aggregator, it should be marked // TODO: wire up when aggregator moves to TypeScript.

As-is, a future author could change the jq key and forget to update this, creating silent divergence.

[NikhileshNanduri]

JSONL files accumulate indefinitely in ~/.gstack/projects/$SLUG/.

Each review run writes a new tasks-{phase}-{datetime}.jsonl. The aggregator reads the latest run_id and ignores older files, but they're never deleted. After 50+ autoplan runs over a few months, this directory fills with hundreds of JSONL files.

Consider one of:

1. Use a canonical filename like tasks-{phase}-latest.jsonl (overwrite, not append) — simpler, and the timestamp in run_id inside each record already provides the freshness information the aggregator needs.
2. Prune stale files at write time: before writing the new file, delete any existing tasks-{phase}-*.jsonl for the same phase.
3. At minimum, document the accumulation behavior so users know to occasionally rm ~/.gstack/projects/$SLUG/tasks-*.jsonl.

[NikhileshNanduri]

sed -i.bak inline insert: verify on GNU sed / Alpine.

The multi-line form:

sed -i.bak "/^# ---- USER ADDITIONS BELOW/i\\
${PATTERN}
" "${ALLOWLIST}"

works on macOS BSD sed and GNU sed on Ubuntu/Debian, but some minimal Linux distributions (Alpine with musl sed, BusyBox) interpret the i\ command differently — they require the text on the SAME line as the command, not on the next line.

The current patterns (projects/*/*-design-*.md, projects/*/*-test-plan-*.md) don't contain backslashes or & chars so the pattern itself is safe. But the portability concern means any future caller who extends NEW_PATTERNS with a path containing \ or adds a Linux CI matrix on Alpine would hit this.

Safer cross-platform alternative using awk:

awk -v pat="${PATTERN}" '/^# ---- USER ADDITIONS BELOW/ { print pat } { print }' "${ALLOWLIST}" > "${ALLOWLIST}.tmp" && mv "${ALLOWLIST}.tmp" "${ALLOWLIST}"

No backup file to clean up, works on all POSIX awk variants.

[NikhileshNanduri]

[C-Fc-f] character class in LONE_SURROGATE_HIGH_ESCAPE — correct but worth a note.

[C-Fc-f] matches C, D, E, F (uppercase) and c, d, e, f (lowercase), which correctly covers the second hex digit of low-surrogate escapes (\uDC00–\uDFFF). The regex is correct.

However, the lookahead in LONE_SURROGATE_HIGH_ESCAPE checks (?!\\u[Dd][C-Fc-f][0-9A-Fa-f]{2}) — this correctly validates that a high-surrogate escape is NOT followed by a low-surrogate escape, leaving valid pairs (\uD83D\uDE00 = 😀) untouched.

Minor: adding a test case for the boundary escape \uDBFF\uDC00 (both boundary values of valid pair) would close the coverage gap on the edge of the character class ranges. The existing test covers \uD83D\uDE00 which is mid-range; the boundary pair verifies no off-by-one in the [89ABab]/[C-Fc-f] classes.