vikingowl
2d41c2d46c
- store: validate session ID against store root to block path traversal in Load/Save - local: seed turnCount from LocalConfig.TurnCount so resumed sessions keep correct turn count - main: pass TurnCount from snapshot to LocalConfig on resume - main: suppress quality.json save when --incognito is active - main: handle UserConfigDir error in quality save defer instead of silently using wrong path - test: add TestSessionStore_Load/Save_RejectsPathTraversal