Thanks @Ravandevil25 — the control-character \u00XX escaping logic is correct (no double-escaping, and the guard before the 6-byte write is right). Since this is a foundation serializer used in every MCP response, please add a reproduce-first test: a string containing 0x00–0x1f control characters must serialize to valid JSON with \u00XX escapes (red on current main, green with the fix). With that it's ready. 🙏

Thanks @Ravandevil25 — the cbm_json_escape fix in str_util.c is real and valuable (that helper is used in 40+ places). Two things before it can land:

1. The second hunk targets src/git/git_context.c, which doesn't exist on main or on your branch — the diff looks built against a stale tree. Please rebase on current main and drop that hunk.
2. Please add the reproduce-first test requested earlier: a control byte (e.g. 0x01) must round-trip to � rather than vanish.

One note: the pipeline escapers in pass_definitions.c / pass_parallel.c intentionally degrade control bytes to a space — that's a deliberate, different design, so please leave those as-is rather than touch them. 🙏

Correction to my earlier note — apologies, that was my mistake. I'd checked src/git/git_context.c against a stale local checkout. It does exist on current main, and it has the same c < 0x20 → continue control-char-drop bug that your str_util.c fix addresses (see json_escaped_len around line 318). So your git_context.c hunk is valid and welcome — please keep it; disregard my "drop that hunk" point entirely.

The one remaining item before merge is the reproduce-first test: assert that a control byte (e.g. 0x01) round-trips to � rather than vanishing. With that added, this is good to go.

Thanks for the fix, and sorry for the confusion. 🙏