- Trim and normalize target before use
- Validate with validateBridgeId allowlist (same as bridgeApi.ts)
- URL-encode compatTarget to prevent path traversal/injection
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
getBridgeAccessToken() provides the OAuth Bearer token, matching
the auth pattern used by bridgeApi.ts and codeSessionApi.ts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- webhookSanitizer: redact before truncate to avoid split secrets at boundary
- webhookSanitizer: return safe placeholder on error instead of raw content
- peerSessions: use discriminated union return type for type safety
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add BRIDGE_MODE to DEFAULT_FEATURES in dev.ts
- Implement peerSessions.ts: cross-session messaging via bridge API
- Implement webhookSanitizer.ts: redact secrets from webhook payloads
- Replace any stubs in controlTypes.ts with Zod schema-inferred types
- Fix tengu_bridge_system_init default to true for app "active" status
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
