1. fix(security): prevent JSON DoS via size cap on auto-parse
- Add MAX_JSON_AUTOPARSE_CHARS (20KB) to detectJson()
- Prevents UI freeze from multi-MB JSON in assistant/tool messages
- Addresses Aisle Security High severity CWE-400
2. fix(ux): prevent STT transcripts going to wrong session
- Add cleanupChatModuleState() export in chat.ts
- Call cleanup in applyTabSelection when leaving chat tab
- Stops active recording to prevent voice input to unintended session
- Addresses Greptile critical UX bug
3. fix(security): redact sensitive values in config diff panel
- Add renderDiffValue() with stream-mode + sensitive-path checks
- Use in diff panel rendering instead of raw truncateValue()
- Prevents secrets from appearing during screen sharing
- Addresses Aisle Security Medium severity CWE-200
f4f8eac3a3