Address Codex re-review findings against v0.1.1.
Fixes
Cache key bypass via fragment
fetchAllowed: strip target.hash before computing the cache key. Otherwise a client could append #foo, #bar, ... to the same URL to bypass both the 5-minute cache and the in-process inflight cap, and hammer the upstream API at full speed.
Queue length unbounded
enqueue: track queuedCount, refuse new lines once the chain exceeds QUEUE_MAX_PENDING (64). Refused lines emit a JSON-RPC -32603 reply ("Server is overloaded") and a stderr log. Previously a slow attacker could fill the chain indefinitely while inflight fetches drained, growing memory without bound.
stripTags CPU upper bound
Truncate input to STRIP_TAGS_MAX_INPUT (2 MiB) before regex passes. The 10 MiB response cap already bounded total bytes, but a single giant cell text could still drive regex CPU. 2 MiB is far above any legitimate Diet bill or speech length.
Reviewers: Claude Opus 4.7 (1M context), Codex (gpt-5.4)