security: agent-shell WS tokens and dependency audit fixes (#409)

Replace spoofable Host/Origin WebSocket auth with short-lived bootstrap
tokens minted over the existing local-operator HTTP path. Docker/browser
shell sessions prefetch a token before connecting; loopback peers remain
unchanged.

Also bump backend ws to 8.21.0 and refresh frontend lockfile to clear
npm audit findings (dev toolchain only for frontend).

Fixes #405, #406, #407

Co-authored-by: Cursor <cursoragent@cursor.com>

frontend/src/components/MeshChat/AgentShellPanel.tsx

@@ -12,7 +12,7 @@ import { FitAddon } from '@xterm/addon-fit';
 
 import '@xterm/xterm/css/xterm.css';
 
-import { resolveAgentShellWsUrl } from '@/lib/agentShellWs';
+import { mintAgentShellWsToken, resolveAgentShellWsUrl } from '@/lib/agentShellWs';
 
 
 
@@ -302,11 +302,12 @@ export default function AgentShellPanel({ active, expanded, onExpandedChange }:
 
 
 
-    const ws = new WebSocket(resolveAgentShellWsUrl(storedCwd));
+    void (async () => {
+      const wsToken = await mintAgentShellWsToken();
+      const ws = new WebSocket(resolveAgentShellWsUrl(storedCwd, wsToken ?? undefined));
+      ws.binaryType = 'arraybuffer';
 
-    ws.binaryType = 'arraybuffer';
-
-    wsRef.current = ws;
+      wsRef.current = ws;
 
 
 
@@ -423,7 +424,7 @@ export default function AgentShellPanel({ active, expanded, onExpandedChange }:
       }
 
     });
-
+    })();
   }, []);