Security
- Closed a path-traversal / arbitrary-file-write vulnerability across the checkpoint, session, and agent-lifecycle paths: identifiers read from the shared
entire/checkpoints/v1branch or from agent hook input flowed into filesystem paths without validation, so a crafted session ID could overwrite arbitrary files onentire session resume/entire checkpoint rewind. IDs are now validated at the read/dispatch boundaries, withos.Rootcontainment as defense in depth (#1365)
Fixed
git-remote-entirenow relays helper-status before checking the send-pack exit code, so per-ref rejections (branch protection, ref-name conflicts, permission denials) surface as! [remote rejected]with the real reason instead of a baresend-pack exited with error: exit status 1(#1364)