rabbitblood 6b9be7b086 docs(provisioning): clarify separator-safety contract for the serialized-node string ... simplify-review note: the |/,-delimited node string is brittle if a future string-typed field is added without sanitization. Document which fields are user-typed (name — already sanitized) vs primitive (id is UUID, runtime is a slug, provisionTimeoutMs is numeric) so the next field-add doesn't accidentally introduce an injection vector for the splitter. Skipped (false-positive review finding): the agent flagged the prop > runtime-profile order as inconsistent with the docstring, but the docstring explicitly lists the prop at #2 (between node and runtime-profile) — matches both the implementation AND the original behavior pre-#2054 (the prop was 'timeoutMs ?? runtime-profile'). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-04-26 06:05:47 -07:00
..
e2e	fix(api): probe /cp/auth/me before redirecting on 401	2026-04-25 23:49:28 -07:00
public
src	docs(provisioning): clarify separator-safety contract for the serialized-node string	2026-04-26 06:05:47 -07:00
.env.example
.gitignore
components.json
Dockerfile	chore(canvas): upgrade node:20-alpine → node:22-alpine	2026-04-24 18:54:30 +00:00
next.config.ts
package-lock.json	fix(canvas): cascade-delete UX — require checkbox before Delete All (#1314)	2026-04-21 07:06:45 +00:00
package.json	fix(quickstart): make README cp-paste flow bugless end-to-end (#1871)	2026-04-23 19:53:43 +00:00
playwright.config.ts
playwright.staging.config.ts	feat(e2e): canary + canvas Playwright workflows; delegation mechanics	2026-04-21 04:15:10 -07:00
postcss.config.js
tailwind.config.ts
tsconfig.json
vitest.config.ts