Replace unverified curl|bash bun installation with checksum-verified
download-then-execute pattern. The install script is downloaded, sha256
verified against a known hash, then executed. Preserves the Bun-native
install path without adding a Node/npm dependency.
Clears Snyk W012 + 3 Socket anomalies.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add sender.id check and ALLOWED_TYPES allowlist to the Chrome extension's
message handler. Defense-in-depth against message spoofing from external
extensions or future externally_connectable changes.
Clears 2 Socket anomalies (extension permissions).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restrict Chrome CDP to localhost by adding --remote-debugging-address=127.0.0.1
and --remote-allow-origins to prevent network-accessible debugging sessions.
Clears 1 Socket anomaly (Chrome CDP session exposure).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: replace hardcoded credentials with env vars in documentation
Addresses Snyk W007 (HIGH). Replaces test@example.com/password123 with
$TEST_EMAIL/$TEST_PASSWORD env vars. Adds credential safety and cookie
safety notes.
* fix: make telemetry binary calls conditional on _TEL and binary existence
Addresses Socket's 14 MEDIUM findings for opaque telemetry binary.
Adds local JSONL fallback (always available, inspectable). Remote
binary only runs if _TEL != "off" and binary exists.
* fix: pin bun install to v1.3.10 with existence check
Addresses Snyk W012 (MEDIUM). Pins BUN_VERSION in browse.ts resolver,
Dockerfile.ci, and setup script error message. Adds command -v check
to skip install if bun already present.
* docs: add data flow documentation to review.ts
Addresses Socket HIGH finding (98% confidence). Documents what data
is sent to external review services and what is NOT sent.
* test: add audit compliance regression tests
6 tests enforce Snyk/Socket fixes stay in place: no hardcoded creds,
conditional telemetry, version-pinned bun, untrusted content warning,
data flow docs, all SKILL.md telemetry conditional.
* refactor: remove 2017 lines of dead code from gen-skill-docs.ts
The Placeholder Resolvers section (lines 77-2092) contained duplicate
functions that were superseded by scripts/resolvers/*.ts. The RESOLVERS
map from resolvers/index.ts is the sole resolution path. Verified: zero
call sites outside self-references.
* chore: regenerate SKILL.md files from updated templates
Reflects: conditional telemetry, version-pinned bun install,
untrusted content warning after Navigation commands.
* chore: bump version and changelog (v0.12.12.0)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Garry Tan