Darko Gjorgjievski darkogj
darkogj
/ gist:e3a9b40a9a47e88cbbff534b01d5275c
Created
November 5, 2025 12:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Strict font allowlist (absolute paths only) | |
| const FONT_MAP = Object.freeze({ | |
| "dejavu-sans": "/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf", | |
| "dejavu-sans-bold": "/usr/share/fonts/truetype/dejavu/DejaVuSans-Bold.ttf", | |
| "dejavu-mono": "/usr/share/fonts/truetype/dejavu/DejaVuSansMono.ttf", | |
| "noto-sans": "/usr/share/fonts/noto/NotoSans-Regular.ttf", | |
| "liberation-sans": "/usr/share/fonts/truetype/liberation/LiberationSans-Regular.ttf" | |
| }); | |
| // Validate and sanitize text (reject ImageMagick coders) |
darkogj
/ gist:69ebf29a6942517f93db611c6055fa07
Created
November 5, 2025 11:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Trust boundaries: Anything from network = untrusted data | |
| // Anything from LLM = untrusted instructions | |
| // Tool scoping with policy allow-list | |
| const ALLOWED_TOOLS = { | |
| azure_invoke: { |
darkogj
/ gist:1ce29cd909f9cc453e1266be02322608
Created
November 5, 2025 11:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Helper: create a null-prototype object with fields | |
| function obj(data) { | |
| return Object.assign(Object.create(null), data) | |
| } | |
| // Safe deep merge that prevents prototype pollution |