1. Fix deny rule prefix matching without word boundary (execpolicy/lib.rs:351-353)
- Deny rule 'rm' now blocks 'rm -rf /' but NOT 'rmdir' or 'rmview'
- Previously used bare starts_with which matched any command starting with 'rm'
- Add word-boundary check: command must equal rule or start with rule+space
2. Fix fallback prefix match clarity (execpolicy/bash_arity.rs:362-374)
- Improve comment to clarify word-boundary matching behavior
- The trailing space in starts_with already provides word boundary
3. Fix hardcoded AskForApproval::OnRequest in HTTP API (app-server/lib.rs:283)
- Read approval_policy from config instead of hardcoding OnRequest
- Users with 'auto'/'yolo' policy now get UnlessTrusted for API calls
- Previously ignored user's configured security posture
4. Fix fuzzy indentation search destroying preceding text (tools/file.rs:714-735)
- When match starts mid-line after whitespace stripping, use exact position
- Previously always expanded to line start, destroying preceding content
- Now only expands to line start when match is at a line boundary
5. Fix potential underflow in apply_hunk start index (tools/apply_patch.rs:1110-1115)
- Use checked_add_signed to safely handle negative cumulative_offset
- Prevents isize overflow on adversarial patch input
- Clamp to lines.len() instead of relying on .max(0) cast
huqiantao
27fac5d704