gm-skill 2.0.1600 → 2.0.1602

package/bin/gm-validate.js

@@ -230,7 +230,12 @@ async function validateBrowserEmbed() {
   if (!fs.existsSync(path.join(tbDir, 'docs'))) { v.skipped = true; v.errors.push('repo docs/ missing -- cannot serve a fixture page'); return v; }
 
   let serveProc = null;
-  const port = 3088;
+  let port;
+  try {
+    const r = cp.spawnSync(process.execPath, ['-e', "const net=require('net');const s=net.createServer();s.listen(0,'127.0.0.1',()=>{const p=s.address().port;s.close(()=>process.stdout.write(String(p)));});s.on('error',e=>{process.stderr.write(e.message);process.exit(1);});"], { encoding: 'utf-8', timeout: 5000 });
+    if (r.status !== 0) throw new Error('could not allocate free port: ' + (r.stderr || 'unknown'));
+    port = parseInt(r.stdout.trim(), 10);
+  } catch (e) { v.errors.push('free-port alloc: ' + e.message); return v; }
   try {
     serveProc = cp.spawn(process.platform === 'win32' ? 'npx.cmd' : 'npx', ['serve', 'docs', '-l', String(port)], {
       cwd: tbDir, detached: true, stdio: 'ignore', windowsHide: true, shell: process.platform === 'win32',

package/gm-plugkit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gm-plugkit",
-  "version": "2.0.1600",
+  "version": "2.0.1602",
   "description": "Bootstrap and daemon-spawn tool for gm plugkit binary. Downloads the correct platform binary, verifies SHA256, and starts the spool watcher daemon. Includes plugkit-wasm-wrapper for WASM-based spool watching.",
   "main": "index.js",
   "bin": {

package/gm-plugkit/plugkit-wasm-wrapper.js

@@ -165,13 +165,20 @@ function dispatchVerbToWasmInternal(instance, verb, body) {
   const bodyBytes = new TextEncoder().encode(body || '');
   const verbPtr = instance.exports.plugkit_alloc(verbBytes.length);
   const bodyPtr = instance.exports.plugkit_alloc(bodyBytes.length);
+  if ((verbBytes.length > 0 && verbPtr === 0) || (bodyBytes.length > 0 && bodyPtr === 0)) {
+    try { if (verbPtr !== 0) instance.exports.plugkit_free(verbPtr, verbBytes.length); } catch (_) {}
+    try { if (bodyPtr !== 0) instance.exports.plugkit_free(bodyPtr, bodyBytes.length); } catch (_) {}
+    throw new Error(`wasm-alloc-failed for dispatch_verb(${verb}): plugkit_alloc returned 0 (wasm OOM); refusing to write to a null offset and corrupt the heap`);
+  }
   try {
     new Uint8Array(instance.exports.memory.buffer, verbPtr, verbBytes.length).set(verbBytes);
     new Uint8Array(instance.exports.memory.buffer, bodyPtr, bodyBytes.length).set(bodyBytes);
     const result = dispatch(verbPtr, verbBytes.length, bodyPtr, bodyBytes.length);
     const ptr = Number(result & 0xffffffffn);
     const len = Number(result >> 32n);
-    const out = new TextDecoder().decode(new Uint8Array(instance.exports.memory.buffer, ptr, len));
+    const buffer = instance.exports.memory.buffer;
+    guardWasmRange(buffer, ptr, len, `dispatch_verb(${verb})`);
+    const out = new TextDecoder().decode(new Uint8Array(buffer, ptr, len));
     try { instance.exports.plugkit_free(ptr, len); } catch (_) {}
     return out;
   } finally {
@@ -1234,7 +1241,7 @@ function createWasiShim(instanceRef) {
           const base = iovs_ptr + i * 8;
           const ptr = dv.getUint32(base, true);
           const len = dv.getUint32(base + 4, true);
-          if (len > 0) {
+          if (len > 0 && ptr + len <= buf.byteLength) {
             chunks.push(new Uint8Array(buf, ptr, len).slice());
             total += len;
           }
@@ -1300,14 +1307,25 @@ function createWasiShim(instanceRef) {
   });
 }
 
+function guardWasmRange(buffer, ptr, len, where) {
+  const total = buffer.byteLength;
+  if (!Number.isInteger(ptr) || !Number.isInteger(len) || ptr < 0 || len < 0 || ptr + len > total) {
+    throw new Error(`wasm-memory-read-out-of-bounds at ${where}: ptr=${ptr} len=${len} buffer=${total} -- corrupt (ptr,len) from wasm, refusing the read instead of crashing the dispatch loop`);
+  }
+}
+
 function readWasmBytes(instance, ptr, len) {
   if (ptr === 0 || len === 0) return new Uint8Array(0);
-  return new Uint8Array(instance.exports.memory.buffer, ptr, len).slice();
+  const buffer = instance.exports.memory.buffer;
+  guardWasmRange(buffer, ptr, len, 'readWasmBytes');
+  return new Uint8Array(buffer, ptr, len).slice();
 }
 
 function readWasmStr(instance, ptr, len) {
   if (ptr === 0 || len === 0) return '';
-  const bytes = new Uint8Array(instance.exports.memory.buffer, ptr, len);
+  const buffer = instance.exports.memory.buffer;
+  guardWasmRange(buffer, ptr, len, 'readWasmStr');
+  const bytes = new Uint8Array(buffer, ptr, len);
   return new TextDecoder('utf-8').decode(bytes);
 }
 

package/gm-plugkit/plugkit.version

@@ -1 +1 @@
-0.1.396
+0.1.681

package/gm.json

@@ -1,6 +1,6 @@
 {
   "name": "gm",
-  "version": "2.0.1600",
+  "version": "2.0.1602",
   "description": "Spool-dispatch orchestration engine with unified state machine, skills, and automated git enforcement",
   "author": "AnEntrypoint",
   "license": "MIT",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gm-skill",
-  "version": "2.0.1600",
+  "version": "2.0.1602",
   "description": "Canonical universal harness — AI-native software engineering via skill-driven orchestration; bootstraps plugkit for task execution and session isolation. Install in any AI coding agent host.",
   "author": "AnEntrypoint",
   "license": "MIT",
@@ -32,7 +32,12 @@
     "lib/",
     "lang/",
     "scripts/",
-    "bin/",
+    "bin/bootstrap.js",
+    "bin/gm-validate.js",
+    "bin/gm-shell-validate.js",
+    "bin/plugkit.sha256",
+    "bin/plugkit.version",
+    "bin/plugkit.wasm.sha256",
     "gm-plugkit/",
     "AGENTS.md",
     "README.md",