- Rustup: Download script to temp file with shebang/size validation
before execution, matching mise/ollama pattern (line 1119)
- SKIP_EXPORTS: Refactor from embedded shell commands to base64-encoded
list decoded safely in VM, eliminating injection risk (line 478)
- Playwright symlink: Validate path is executable and within expected
cache directory before creating system symlinks (line 1053)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Establishes CLAUDE.md, CHANGELOG.md, and README.md as persistent
project memory. Adds documentation update triggers and semantic
versioning rules to ensure context is maintained across sessions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents all releases from v0.1.0 through v0.6.0 following
Keep a Changelog format with semantic versioning.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
