What's changed
Post-review hardening pass on top of v0.3.2's prompt optimization work.
Security
web_fetchSSRF defense: reject URLs targeting loopback (127.*,::1,localhost), link-local metadata (169.254.*including cloud-metadata169.254.169.254), and RFC1918 private ranges (10.*,192.168.*,172.16–31.*,fc*/fd*). Reduced--max-redirsfrom 5 → 3 (note: defense is best-effort — curl does not re-validate redirect targets).
Bug fixes
call_api: replaced globally-scopedRETURNtrap with explicitrm -f "$auth_file"after curl. The trap was firing on every subsequent function return across the script, stomping$auth_filestate.- Typo detector false-positives: tightened from the previous same-first-3/±2-char heuristic to strict prefix truncation only. Words like
helper,held,configureno longer get rejected with "did you mean 'help'?".sess→sessions,hel→help, and other genuine truncations still work. manage_context: switched summary-input cap fromhead -c 8000(byte-based, could split a multi-byte UTF-8 rune) tohead -n 200(line-based, UTF-8 safe).
Code quality
is_binary: simplified fragile$(...) && [[ ]] && return 0 || truechain into direct[[ ]] && return 0checks.read_file: dropped dead|| echo 0guards onwc -landgrep -c ''(never triggered).resume: removed redundant${SESSION_ID%%--*}double-strip.run_format_hook: documentedFORMAT_CMDtrust boundary (user-owned, chmod 600 config).
Version bump: SHOOP_VERSION → 0.3.3
v0.3.2 content (not separately released, folded here):
- Optimized system prompt, CRISP rewriter, and context summarizer with truncation awareness, denial handling, and error recovery guidance.