Merge remote-tracking branch 'origin/main' into hooks/claude-code-compatible

* origin/main: (70 commits)
  feat: allow goose askai bot to search goose codebase (#7508)
  Revert "Reapply "fix: prevent crashes in long-running Electron sessions""
  Reapply "fix: prevent crashes in long-running Electron sessions"
  Revert "fix: prevent crashes in long-running Electron sessions"
  fix: replace unwrap() with graceful error in scheduler execute_job (#7436)
  fix: Dictation API error message shows incorrect limit (#7423)
  fix(acp): Use ACP schema types for session/list (#7409)
  fix(desktop): make bundle and updater asset naming configurable (#7337)
  fix(openai): preserve order in Responses API history (#7500)
  Use the correct Goose emoji 🪿 instead of Swan in README.md (#7485)
  feat(ui): implement fullscreen and pip display modes for MCP Apps (#7312)
  fix: prevent crashes in long-running Electron sessions
  Disable tool pair summarization (#7481)
  fix: New Recipe Warning does not close on cancel (#7524)
  The client is not the source of truth (#7438)
  feat: support Anthropic adaptive thinking (#7356)
  copilot instructions: reword no prerelease docs (#7101)
  fix(acp): don't fail session creation when model listing is unavailable (#7484)
  feat: simplify developer extension (#7466)
  feat: add goose-powered release notes generator workflow (#7503)
  ...

# Conflicts:
#	Cargo.lock

Author: tlongwell-block

.cargo/config.toml

@@ -0,0 +1,5 @@
+[target.x86_64-pc-windows-msvc]
+rustflags = ["-C", "link-args=/FORCE:MULTIPLE"]
+
+[target.aarch64-pc-windows-msvc]
+rustflags = ["-C", "link-args=/FORCE:MULTIPLE"]

.github/copilot-instructions.md

@@ -34,8 +34,8 @@
 - Async/await misuse or blocking operations in async contexts
 - Improper trait implementations
 
-### No Prerelease Docs
-- If the PR contains both code changes to features/functionality AND updates in `/documentation`: Documentation updates must be separated to keep public docs in sync with released versions. Either mark new topics with `unlisted: true` or remove/hide the documentation.
+### No Doc Updates with Code Changes
+- PRs with code changes shouldn't update `/documentation` - docs deploy on merge, code on release. Use `unlisted: true` or remove/hide docs.
 
 ## Project-Specific Context
 

.github/workflows/goose-issue-solver.yml

@@ -181,9 +181,11 @@ jobs:
         run: |
           echo "number=$(jq -r '.number' /tmp/issue.json)" >> $GITHUB_OUTPUT
 
-          echo "title<<TITLE_EOF" >> $GITHUB_OUTPUT
+          # SECURITY: Use random delimiter to prevent injection if title contains our delimiter
+          DELIMITER="EOF_$(openssl rand -hex 8)"
+          echo "title<<$DELIMITER" >> $GITHUB_OUTPUT
           jq -r '.title' /tmp/issue.json >> $GITHUB_OUTPUT
-          echo "TITLE_EOF" >> $GITHUB_OUTPUT
+          echo "$DELIMITER" >> $GITHUB_OUTPUT
 
       - name: Run goose
         id: goose
@@ -202,9 +204,11 @@ jobs:
 
           if [ -n "$(git status --porcelain)" ] && [ -f /tmp/issue_summary.txt ]; then
             echo "has_changes=true" >> $GITHUB_OUTPUT
-            echo "summary<<SUMMARY_EOF" >> $GITHUB_OUTPUT
+            # SECURITY: Use random delimiter to prevent injection if summary contains our delimiter
+            SUMMARY_DELIMITER="EOF_$(openssl rand -hex 8)"
+            echo "summary<<$SUMMARY_DELIMITER" >> $GITHUB_OUTPUT
             cat /tmp/issue_summary.txt >> $GITHUB_OUTPUT
-            echo "SUMMARY_EOF" >> $GITHUB_OUTPUT
+            echo "$SUMMARY_DELIMITER" >> $GITHUB_OUTPUT
           else
             echo "has_changes=false" >> $GITHUB_OUTPUT
           fi

.github/workflows/goose-pr-reviewer.yml

@@ -274,9 +274,11 @@ jobs:
             INSTRUCTIONS="No specific instructions - perform a general code review."
           fi
           
-          echo "instructions<<INSTRUCTIONS_EOF" >> $GITHUB_OUTPUT
+          # SECURITY: Use random delimiter to prevent injection if comment contains our delimiter
+          DELIMITER="EOF_$(openssl rand -hex 8)"
+          echo "instructions<<$DELIMITER" >> $GITHUB_OUTPUT
           echo "$INSTRUCTIONS" >> $GITHUB_OUTPUT
-          echo "INSTRUCTIONS_EOF" >> $GITHUB_OUTPUT
+          echo "$DELIMITER" >> $GITHUB_OUTPUT
 
       - name: Run goose review
         id: goose
@@ -285,14 +287,16 @@ jobs:
           PR_TITLE: ${{ github.event.issue.title }}
           PR_BODY: ${{ github.event.issue.body }}
           REVIEW_INSTRUCTIONS: ${{ steps.instructions.outputs.instructions }}
+          # SECURITY: Pass issue JSON via environment variable to avoid heredoc injection
+          # (GHSA-mm8p-57gq-3xj6) - user-controlled content could terminate heredoc early
+          ISSUE_JSON: ${{ toJson(github.event.issue) }}
         run: |
           mkdir -p $HOME/.local/share/goose/sessions
           mkdir -p $HOME/.config/goose
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
-          cat > /tmp/pr.json << 'PRJSON'
-          ${{ toJson(github.event.issue) }}
-          PRJSON
+          # SECURITY: Use printf with env var instead of heredoc to prevent injection
+          printf '%s' "$ISSUE_JSON" > /tmp/pr.json
 
           echo "$GOOSE_RECIPE" | envsubst '$PR_NUMBER $PR_TITLE $PR_BODY $REVIEW_INSTRUCTIONS' > /tmp/recipe.yaml