@quanta-intellect/vessel-browser 0.1.92 → 0.1.95

package/out/main/index.js

@@ -104,10 +104,23 @@ function canUseSafeStorage$1() {
     return false;
   }
 }
+function writePrivateFile(filePath2, data) {
+  fs.writeFileSync(filePath2, data, { mode: 384 });
+  try {
+    fs.chmodSync(filePath2, 384);
+  } catch {
+  }
+}
+function assertSafeStorageAvailable() {
+  if (!canUseSafeStorage$1()) {
+    throw new Error("OS-backed secret storage is unavailable; refusing to store secrets on disk.");
+  }
+}
 function readStoredProviderSecret() {
   try {
+    if (!canUseSafeStorage$1()) return null;
     const raw = fs.readFileSync(getChatProviderSecretPath());
-    const decoded = canUseSafeStorage$1() && electron.safeStorage.decryptString ? electron.safeStorage.decryptString(raw) : raw.toString("utf-8");
+    const decoded = electron.safeStorage.decryptString(raw);
     const parsed = JSON.parse(decoded);
     if (parsed && typeof parsed === "object" && typeof parsed.providerId === "string" && typeof parsed.apiKey === "string") {
       return parsed;
@@ -117,15 +130,12 @@ function readStoredProviderSecret() {
   return null;
 }
 function writeStoredProviderSecret(secret) {
+  assertSafeStorageAvailable();
   const filePath2 = getChatProviderSecretPath();
   fs.mkdirSync(path.dirname(filePath2), { recursive: true });
   const payload = JSON.stringify(secret);
-  if (canUseSafeStorage$1()) {
-    const encrypted = electron.safeStorage.encryptString(payload);
-    fs.writeFileSync(filePath2, encrypted, { mode: 384 });
-    return;
-  }
-  fs.writeFileSync(filePath2, payload, { mode: 384 });
+  const encrypted = electron.safeStorage.encryptString(payload);
+  writePrivateFile(filePath2, encrypted);
 }
 function clearStoredProviderSecret() {
   try {
@@ -138,8 +148,9 @@ function getCodexTokensPath() {
 }
 function readStoredCodexTokens() {
   try {
+    if (!canUseSafeStorage$1()) return null;
     const raw = fs.readFileSync(getCodexTokensPath());
-    const decoded = canUseSafeStorage$1() && electron.safeStorage.decryptString ? electron.safeStorage.decryptString(raw) : raw.toString("utf-8");
+    const decoded = electron.safeStorage.decryptString(raw);
     const parsed = JSON.parse(decoded);
     if (parsed && typeof parsed === "object" && typeof parsed.accessToken === "string" && typeof parsed.refreshToken === "string") {
       return parsed;
@@ -149,15 +160,12 @@ function readStoredCodexTokens() {
   return null;
 }
 function writeStoredCodexTokens(tokens) {
+  assertSafeStorageAvailable();
   const filePath2 = getCodexTokensPath();
   fs.mkdirSync(path.dirname(filePath2), { recursive: true });
   const payload = JSON.stringify(tokens);
-  if (canUseSafeStorage$1()) {
-    const encrypted = electron.safeStorage.encryptString(payload);
-    fs.writeFileSync(filePath2, encrypted, { mode: 384 });
-    return;
-  }
-  fs.writeFileSync(filePath2, payload, { mode: 384 });
+  const encrypted = electron.safeStorage.encryptString(payload);
+  writePrivateFile(filePath2, encrypted);
 }
 function clearStoredCodexTokens() {
   try {
@@ -268,9 +276,10 @@ function persistNow() {
   return fs.promises.mkdir(path.dirname(getSettingsPath()), { recursive: true }).then(
     () => fs.promises.writeFile(
       getSettingsPath(),
-      JSON.stringify(buildPersistedSettings(settings), null, 2)
+      JSON.stringify(buildPersistedSettings(settings), null, 2),
+      { encoding: "utf-8", mode: 384 }
     )
-  ).catch((err) => logger$n.error("Failed to save settings:", err));
+  ).then(() => fs.promises.chmod(getSettingsPath(), 384).catch(() => void 0)).catch((err) => logger$n.error("Failed to save settings:", err));
 }
 function saveSettings() {
   saveDirty = true;
@@ -375,6 +384,28 @@ function assertPermittedNavigationURL(url) {
     throw new Error(policyError);
   }
 }
+function loadPermittedNavigationURL(wc, url) {
+  assertPermittedNavigationURL(url);
+  return wc.loadURL(url);
+}
+function loadInternalDataURL(wc, dataUrl) {
+  if (!dataUrl.startsWith("data:text/html;charset=utf-8,")) {
+    throw new Error("Blocked unexpected internal data URL");
+  }
+  return wc.loadURL(dataUrl);
+}
+function loadTrustedAppURL(wc, url) {
+  const parsed = new URL(url);
+  if (!["file:", "http:", "https:"].includes(parsed.protocol)) {
+    throw new Error(`Blocked unexpected app URL scheme: ${parsed.protocol}`);
+  }
+  const isHttp = parsed.protocol === "http:" || parsed.protocol === "https:";
+  const isLocalhost = parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1";
+  if (isHttp && !isLocalhost) {
+    throw new Error(`Blocked unexpected app URL host: ${parsed.hostname}`);
+  }
+  return wc.loadURL(parsed.toString());
+}
 const MAX_CUSTOM_HISTORY = 50;
 const READER_MODE_DATA_URL_PREFIX = "data:text/html;charset=utf-8,";
 const logger$m = createLogger("Tab");
@@ -1103,7 +1134,7 @@ function createDebouncedJsonPersistence({
         data,
         typeof data === "string" ? { encoding: "utf-8", mode: 384 } : { mode: 384 }
       )
-    ).catch((err) => logger$l.error(`Failed to save ${logLabel}:`, err));
+    ).then(() => fs.promises.chmod(filePath2, 384).catch(() => void 0)).catch((err) => logger$l.error(`Failed to save ${logLabel}:`, err));
   };
   const schedule = () => {
     saveDirty2 = true;
@@ -1164,9 +1195,9 @@ function save$3() {
 }
 function emit$4() {
   if (!state$5) return;
-  const snapshot = { highlights: [...state$5.highlights] };
+  const snapshot2 = { highlights: [...state$5.highlights] };
   for (const listener of listeners$2) {
-    listener(snapshot);
+    listener(snapshot2);
   }
 }
 function normalizeUrl$1(rawUrl) {
@@ -1897,9 +1928,9 @@ function save$2() {
 }
 function emit$3() {
   if (!state$4) return;
-  const snapshot = { entries: [...state$4.entries] };
+  const snapshot2 = { entries: [...state$4.entries] };
   for (const listener of listeners$1) {
-    listener(snapshot);
+    listener(snapshot2);
   }
 }
 function getState$1() {
@@ -2093,6 +2124,8 @@ class DevToolsSession {
     this.tabId = tabId;
     this.wc = wc;
   }
+  tabId;
+  wc;
   attached = false;
   attachingPromise = null;
   consoleDomainEnabled = false;
@@ -3108,11 +3141,11 @@ class TabManager {
       note
     };
   }
-  restoreSession(snapshot) {
-    const tabs = snapshot.tabs.length > 0 ? snapshot.tabs : [{ id: "", url: "about:blank", title: "New Tab" }];
+  restoreSession(snapshot2) {
+    const tabs = snapshot2.tabs.length > 0 ? snapshot2.tabs : [{ id: "", url: "about:blank", title: "New Tab" }];
     const activeIndex = Math.max(
       0,
-      Math.min(snapshot.activeIndex, tabs.length - 1)
+      Math.min(snapshot2.activeIndex, tabs.length - 1)
     );
     this.destroyAllTabs();
     const restoredGroups = /* @__PURE__ */ new Map();
@@ -3375,6 +3408,7 @@ const Channels = {
   SETTINGS_UPDATE: "settings:update",
   SETTINGS_HEALTH_GET: "settings:health:get",
   SETTINGS_HEALTH_UPDATE: "settings:health:update",
+  MCP_REGENERATE_TOKEN: "mcp:regenerate-token",
   // Bookmarks
   BOOKMARKS_GET: "bookmarks:get",
   BOOKMARKS_UPDATE: "bookmarks:update",
@@ -3875,8 +3909,8 @@ function load$2() {
       const next = /* @__PURE__ */ new Map();
       if (!Array.isArray(raw)) return next;
       for (const entry of raw) {
-        const snapshot = normalizeStoredSnapshot(entry);
-        if (snapshot) next.set(snapshot.url, snapshot);
+        const snapshot2 = normalizeStoredSnapshot(entry);
+        if (snapshot2) next.set(snapshot2.url, snapshot2);
       }
       return next;
     }
@@ -3903,7 +3937,7 @@ function getSnapshot(normalizedUrl) {
 function saveSnapshot(rawUrl, title, textContent, headings) {
   const s = load$2();
   const key2 = normalizeUrl(rawUrl);
-  const snapshot = {
+  const snapshot2 = {
     url: key2,
     title,
     textContent: textContent.slice(0, MAX_TEXT_LENGTH),
@@ -3911,9 +3945,9 @@ function saveSnapshot(rawUrl, title, textContent, headings) {
     capturedAt: (/* @__PURE__ */ new Date()).toISOString()
   };
   s.delete(key2);
-  s.set(key2, snapshot);
+  s.set(key2, snapshot2);
   persistence$5.schedule();
-  return snapshot;
+  return snapshot2;
 }
 function flushPersist$2() {
   return persistence$5.flush();
@@ -4726,6 +4760,22 @@ const POSTHOG_API_KEY = process.env.POSTHOG_API_KEY || "phc_OMeM3P5cxJwl14lOKxYa
 const POSTHOG_HOST = process.env.POSTHOG_HOST || "https://us.i.posthog.com";
 const BATCH_INTERVAL_MS = 6e4;
 const MAX_BATCH_SIZE = 50;
+const SENSITIVE_PROPERTY_RE = /url|uri|query|prompt|content|text|token|secret|key|password|credential|email|domain/i;
+const SENSITIVE_STRING_VALUE_RE = /https?:\/\/|www\.|[^\s@]+@[^\s@]+\.[^\s@]+|bearer\s+\S+|eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.|(?:sk|pk|rk|gh[pousr]|xox[baprs])-[-_A-Za-z0-9]{12,}/i;
+const EMPTY_PROPERTY_ALLOWLIST = /* @__PURE__ */ new Set();
+const TELEMETRY_PROPERTY_ALLOWLIST = {
+  app_launched: /* @__PURE__ */ new Set(["electron_version", "chrome_version"]),
+  app_session_ended: /* @__PURE__ */ new Set(["duration_minutes"]),
+  tool_called: /* @__PURE__ */ new Set(["tool_name", "page_type"]),
+  provider_configured: /* @__PURE__ */ new Set(["provider_id"]),
+  page_type_detected: /* @__PURE__ */ new Set(["page_type"]),
+  setting_changed: /* @__PURE__ */ new Set(["setting_key"]),
+  approval_mode_changed: /* @__PURE__ */ new Set(["mode"]),
+  bookmark_action: /* @__PURE__ */ new Set(["action"]),
+  vault_action: /* @__PURE__ */ new Set(["action"]),
+  extraction_failed: /* @__PURE__ */ new Set(["reason"]),
+  premium_funnel: /* @__PURE__ */ new Set(["step", "status", "reason"])
+};
 function getDeviceIdPath() {
   return path.join(electron.app.getPath("userData"), ".vessel-device-id");
 }
@@ -4741,7 +4791,8 @@ function getDeviceId() {
   deviceId = crypto$1.randomUUID();
   try {
     fs.mkdirSync(path.dirname(idPath), { recursive: true });
-    fs.writeFileSync(idPath, deviceId, "utf-8");
+    fs.writeFileSync(idPath, deviceId, { encoding: "utf-8", mode: 384 });
+    fs.chmodSync(idPath, 384);
   } catch {
   }
   return deviceId;
@@ -4754,12 +4805,27 @@ function isEnabled() {
   if (process.env.VESSEL_DEV === "1") return false;
   return loadSettings().telemetryEnabled !== false;
 }
+function sanitizeTelemetryProperties(properties, allowedKeys) {
+  const safe = {};
+  for (const [key2, value] of Object.entries(properties)) {
+    if (allowedKeys && !allowedKeys.has(key2)) continue;
+    if (!allowedKeys?.has(key2) && SENSITIVE_PROPERTY_RE.test(key2)) continue;
+    if (typeof value === "string" || typeof value === "number" || typeof value === "boolean" || value === null) {
+      if (typeof value === "string" && SENSITIVE_STRING_VALUE_RE.test(value)) {
+        continue;
+      }
+      safe[key2] = typeof value === "string" ? value.slice(0, 120) : value;
+    }
+  }
+  return safe;
+}
 function trackEvent(event, properties = {}) {
   if (!isEnabled()) return;
+  const allowedKeys = TELEMETRY_PROPERTY_ALLOWLIST[event] ?? EMPTY_PROPERTY_ALLOWLIST;
   eventQueue.push({
     event,
     properties: {
-      ...properties,
+      ...sanitizeTelemetryProperties(properties, allowedKeys),
       premium_status: isPremium() ? "premium" : "free",
       app_version: electron.app.getVersion(),
       platform: process.platform,
@@ -4794,8 +4860,8 @@ function trackBookmarkAction(action) {
 function trackVaultAction(action) {
   trackEvent("vault_action", { action });
 }
-function trackExtractionFailed(domain, reason) {
-  trackEvent("extraction_failed", { domain, reason });
+function trackExtractionFailed(_domain, reason) {
+  trackEvent("extraction_failed", { reason });
 }
 function trackPremiumFunnel(step, context) {
   trackEvent("premium_funnel", { step, ...context });
@@ -6774,9 +6840,9 @@ function getMcpStatus() {
   return state$3.mcp.status;
 }
 function emitRuntimeHealthChange() {
-  const snapshot = getRuntimeHealth();
+  const snapshot2 = getRuntimeHealth();
   for (const listener of runtimeHealthChangeListeners) {
-    listener(snapshot);
+    listener(snapshot2);
   }
 }
 const state$3 = {
@@ -6942,7 +7008,7 @@ function isClickReadLoop(names) {
   return clickReadPairs >= 2;
 }
 const ANTHROPIC_MAX_TOKENS = 4096;
-function isRecord(value) {
+function isRecord$1(value) {
   return value !== null && typeof value === "object" && !Array.isArray(value);
 }
 function anthropicModelLikelySupportsThinking(model) {
@@ -7066,7 +7132,7 @@ class AnthropicProvider {
             } else if (event.type === "content_block_stop" && currentToolUse) {
               try {
                 const input = JSON.parse(currentToolUse.inputJson || "{}");
-                if (!isRecord(input)) {
+                if (!isRecord$1(input)) {
                   throw new Error("Tool input must be a JSON object");
                 }
                 toolUseBlocks.push({
@@ -8473,6 +8539,20 @@ class OpenAICompatProvider {
     this.abortController?.abort();
   }
 }
+async function openExternalAllowlisted(url, rule) {
+  const parsed = new URL(url);
+  const schemes = rule.schemes ?? ["https:"];
+  if (!schemes.includes(parsed.protocol)) {
+    throw new Error(`Blocked external URL scheme: ${parsed.protocol}`);
+  }
+  if (parsed.username || parsed.password) {
+    throw new Error("Blocked external URL with embedded credentials");
+  }
+  if (rule.hosts && !rule.hosts.includes(parsed.hostname)) {
+    throw new Error(`Blocked external URL host: ${parsed.hostname}`);
+  }
+  await electron.shell.openExternal(parsed.toString());
+}
 const logger$g = createLogger("CodexOAuth");
 const ISSUER = "https://auth.openai.com";
 const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
@@ -8538,54 +8618,6 @@ function parseTokenExpiry(accessToken) {
   }
   return Date.now() + 36e5;
 }
-async function exchangeIdTokenForApiKey(idToken) {
-  const body = new URLSearchParams({
-    grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
-    client_id: CLIENT_ID,
-    requested_token: "openai-api-key",
-    subject_token: idToken,
-    subject_token_type: "urn:ietf:params:oauth:token-type:id_token"
-  });
-  const response = await fetch(`${ISSUER}/oauth/token`, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: body.toString()
-  });
-  if (!response.ok) {
-    let errorMsg = `OpenAI API token exchange failed: ${response.status}`;
-    try {
-      const err = await response.json();
-      if (typeof err.error_description === "string") {
-        errorMsg = err.error_description;
-      } else if (typeof err.error === "string") {
-        errorMsg = err.error;
-      }
-    } catch {
-    }
-    throw new Error(errorMsg);
-  }
-  const data = await response.json();
-  if (!data.access_token) {
-    throw new Error("OpenAI API token exchange did not return an access token");
-  }
-  return data.access_token;
-}
-async function ensureCodexApiKey(tokens) {
-  if (tokens.apiKey) return tokens;
-  if (!tokens.idToken) return tokens;
-  try {
-    return {
-      ...tokens,
-      apiKey: await exchangeIdTokenForApiKey(tokens.idToken)
-    };
-  } catch (err) {
-    logger$g.warn(
-      "Codex API-key token exchange failed; continuing with ChatGPT OAuth tokens:",
-      err
-    );
-    return tokens;
-  }
-}
 async function exchangeCodeForTokens(code, redirectUri, codeVerifier) {
   const body = new URLSearchParams({
     grant_type: "authorization_code",
@@ -8623,7 +8655,7 @@ async function exchangeCodeForTokens(code, redirectUri, codeVerifier) {
     accountId: claims?.accountId || "",
     accountEmail: claims?.email
   };
-  return ensureCodexApiKey(tokens);
+  return tokens;
 }
 async function refreshAccessToken(tokens) {
   const body = new URLSearchParams({
@@ -8659,7 +8691,7 @@ async function refreshAccessToken(tokens) {
     accountId: claims?.accountId || tokens.accountId || "",
     accountEmail: claims?.email || tokens.accountEmail
   };
-  return ensureCodexApiKey(refreshedTokens);
+  return refreshedTokens;
 }
 function startServer(port, pkce, expectedState, resolve, reject) {
   const server = http.createServer(async (req, res) => {
@@ -8809,7 +8841,7 @@ async function startCodexOAuth(onStatus) {
       activeFlow.port = port;
       const authUrl = buildAuthorizeUrl(port, pkce, state2);
       safeOnStatus("waiting");
-      electron.shell.openExternal(authUrl).catch((err) => {
+      openExternalAllowlisted(authUrl, { hosts: ["auth.openai.com"] }).catch((err) => {
         logger$g.warn("Failed to open browser, user will need the URL:", err);
       });
     }).catch(wrappedReject);
@@ -8830,12 +8862,57 @@ const logger$f = createLogger("CodexProvider");
 const REFRESH_WINDOW_MS = 5 * 60 * 1e3;
 const CODEX_BACKEND_BASE_URL = "https://chatgpt.com/backend-api/codex";
 const CODEX_CLIENT_VERSION = "0.129.0";
+function isRecord(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+async function createCodexFunctionCallOutput(functionCall, availableToolNames, onChunk, onToolCall) {
+  const callId = functionCall.call_id || functionCall.id || "";
+  const name = functionCall.name || "";
+  if (!callId) {
+    return {
+      type: "function_call_output",
+      call_id: callId,
+      output: "Error: Function call was missing a call_id. Please retry the tool call."
+    };
+  }
+  if (!name || !availableToolNames.has(name)) {
+    onChunk(`
+<<tool:${name || "unknown"}:⚠ unsupported>>
+`);
+    return {
+      type: "function_call_output",
+      call_id: callId,
+      output: `Error: Unsupported tool${name ? `: ${name}` : ""}. Use one of the provided tools.`
+    };
+  }
+  let args;
+  try {
+    const parsed = JSON.parse(functionCall.arguments || "{}");
+    if (!isRecord(parsed)) throw new Error("Tool arguments must be a JSON object");
+    args = parsed;
+  } catch {
+    onChunk(`
+<<tool:${name}:⚠ invalid args>>
+`);
+    return {
+      type: "function_call_output",
+      call_id: callId,
+      output: "Error: Invalid JSON in tool arguments. Please retry with a valid JSON object."
+    };
+  }
+  const output = await onToolCall(name, args);
+  return {
+    type: "function_call_output",
+    call_id: callId,
+    output
+  };
+}
 class CodexProvider {
   agentToolProfile;
   tokens;
   model;
   abortController = null;
-  constructor(tokens, model, _baseUrl) {
+  constructor(tokens, model) {
     this.tokens = tokens;
     this.model = model;
     this.agentToolProfile = "default";
@@ -8854,7 +8931,7 @@ class CodexProvider {
       );
     }
   }
-  backendHeaders() {
+  backendHeaders(turnState) {
     const headers = {
       Authorization: `Bearer ${this.tokens.accessToken}`,
       "Content-Type": "application/json",
@@ -8865,6 +8942,9 @@ class CodexProvider {
     if (this.tokens.accountId) {
       headers["ChatGPT-Account-ID"] = this.tokens.accountId;
     }
+    if (turnState) {
+      headers["x-codex-turn-state"] = turnState;
+    }
     return headers;
   }
   buildInput(userMessage, history) {
@@ -8873,7 +8953,7 @@ class CodexProvider {
       input.push({
         type: "message",
         role: msg.role,
-        content: [{ type: "input_text", text: msg.content }]
+        content: [{ type: msg.role === "assistant" ? "output_text" : "input_text", text: msg.content }]
       });
     }
     input.push({
@@ -8883,7 +8963,7 @@ class CodexProvider {
     });
     return input;
   }
-  handleStreamEvent(raw, onChunk, emittedTextFromDelta) {
+  handleStreamEvent(raw, onChunk, acc) {
     if (!raw.trim() || raw.trim() === "[DONE]") return;
     let event;
     try {
@@ -8892,13 +8972,28 @@ class CodexProvider {
       return;
     }
     if (event.type === "response.output_text.delta" && event.delta) {
-      emittedTextFromDelta.value = true;
+      acc.emittedTextFromDelta = true;
+      acc.text += event.delta;
       onChunk(event.delta);
       return;
     }
-    if (event.type === "response.output_item.done" && !emittedTextFromDelta.value) {
-      const text = event.item?.content?.filter((item) => item.type === "output_text" && item.text).map((item) => item.text).join("");
-      if (text) onChunk(text);
+    if (event.type === "response.function_call_arguments.delta" && event.delta) {
+      const key2 = event.call_id || event.item_id || "";
+      if (key2) {
+        acc.functionCallArgs.set(key2, (acc.functionCallArgs.get(key2) || "") + event.delta);
+      }
+      return;
+    }
+    if (event.type === "response.output_item.done" && event.item) {
+      const item = event.item;
+      if (item.type === "function_call") {
+        const key2 = item.call_id || item.id || "";
+        const args = acc.functionCallArgs.get(key2) || item.arguments || "";
+        acc.functionCallArgs.delete(key2);
+        acc.items.push({ ...item, arguments: args });
+      } else if (item.type === "message") {
+        acc.items.push(item);
+      }
       return;
     }
     if (event.type === "response.failed") {
@@ -8907,18 +9002,12 @@ class CodexProvider {
       throw new Error(message);
     }
   }
-  async streamCodexResponse(systemPrompt, userMessage, onChunk, history) {
+  async streamCodexResponse(requestBody, onChunk, turnState) {
     const response = await fetch(`${CODEX_BACKEND_BASE_URL}/responses`, {
       method: "POST",
-      headers: this.backendHeaders(),
+      headers: this.backendHeaders(turnState),
       signal: this.abortController?.signal,
-      body: JSON.stringify({
-        model: this.model,
-        instructions: systemPrompt,
-        input: this.buildInput(userMessage, history),
-        stream: true,
-        store: false
-      })
+      body: JSON.stringify(requestBody)
     });
     if (!response.ok) {
       const text = await response.text().catch(() => "");
@@ -8929,33 +9018,53 @@ class CodexProvider {
     if (!response.body) {
       throw new Error("Codex backend returned an empty response stream");
     }
+    const newTurnState = response.headers.get("x-codex-turn-state") || null;
     const reader = response.body.getReader();
-    const decoder = new TextDecoder();
-    let buffer = "";
-    const emittedTextFromDelta = { value: false };
-    while (true) {
-      const { value, done } = await reader.read();
-      if (done) break;
-      buffer += decoder.decode(value, { stream: true });
-      let separatorIndex;
-      while ((separatorIndex = buffer.indexOf("\n\n")) !== -1) {
-        const block = buffer.slice(0, separatorIndex);
-        buffer = buffer.slice(separatorIndex + 2);
-        const data = block.split("\n").filter((line) => line.startsWith("data:")).map((line) => line.slice(5).trimStart()).join("\n");
-        this.handleStreamEvent(data, onChunk, emittedTextFromDelta);
-      }
-    }
-    const trailing = buffer.trim();
-    if (trailing) {
-      const data = trailing.split("\n").filter((line) => line.startsWith("data:")).map((line) => line.slice(5).trimStart()).join("\n");
-      this.handleStreamEvent(data, onChunk, emittedTextFromDelta);
+    try {
+      const decoder = new TextDecoder();
+      let buffer = "";
+      const acc = {
+        text: "",
+        items: [],
+        emittedTextFromDelta: false,
+        functionCallArgs: /* @__PURE__ */ new Map()
+      };
+      while (true) {
+        const { value, done } = await reader.read();
+        if (done) break;
+        buffer += decoder.decode(value, { stream: true });
+        let separatorIndex;
+        while ((separatorIndex = buffer.indexOf("\n\n")) !== -1) {
+          const block = buffer.slice(0, separatorIndex);
+          buffer = buffer.slice(separatorIndex + 2);
+          const data = block.split("\n").filter((line) => line.startsWith("data:")).map((line) => line.slice(5).trimStart()).join("\n");
+          this.handleStreamEvent(data, onChunk, acc);
+        }
+      }
+      const trailing = buffer.trim();
+      if (trailing) {
+        const data = trailing.split("\n").filter((line) => line.startsWith("data:")).map((line) => line.slice(5).trimStart()).join("\n");
+        this.handleStreamEvent(data, onChunk, acc);
+      }
+      return { text: acc.text, items: acc.items, turnState: newTurnState };
+    } finally {
+      reader.releaseLock();
     }
   }
   async streamQuery(systemPrompt, userMessage, onChunk, onEnd, history) {
     await this.ensureFreshTokens();
     this.abortController = new AbortController();
     try {
-      await this.streamCodexResponse(systemPrompt, userMessage, onChunk, history);
+      await this.streamCodexResponse(
+        {
+          model: this.model,
+          instructions: systemPrompt,
+          input: this.buildInput(userMessage, history),
+          stream: true,
+          store: false
+        },
+        onChunk
+      );
     } catch (err) {
       if (err.name !== "AbortError") {
         const msg = err instanceof Error ? err.message : String(err);
@@ -8969,11 +9078,59 @@ class CodexProvider {
       onEnd();
     }
   }
-  async streamAgentQuery(systemPrompt, userMessage, _tools, onChunk, _onToolCall, onEnd, history) {
+  async streamAgentQuery(systemPrompt, userMessage, tools, onChunk, onToolCall, onEnd, history) {
     await this.ensureFreshTokens();
     this.abortController = new AbortController();
+    const maxIterations = getEffectiveMaxIterations();
+    const availableToolNames = new Set(tools.map((tool) => tool.name));
+    let iterationsUsed = 0;
+    const convertedTools = tools.map((tool) => ({
+      type: "function",
+      name: tool.name,
+      description: tool.description || "",
+      parameters: tool.input_schema
+    }));
+    let currentInput = this.buildInput(userMessage, history);
+    let turnState = null;
     try {
-      await this.streamCodexResponse(systemPrompt, userMessage, onChunk, history);
+      for (let i = 0; i < maxIterations; i++) {
+        iterationsUsed = i + 1;
+        const result = await this.streamCodexResponse(
+          {
+            model: this.model,
+            instructions: systemPrompt,
+            input: currentInput,
+            tools: convertedTools,
+            stream: true,
+            store: false
+          },
+          onChunk,
+          turnState || void 0
+        );
+        turnState = result.turnState || turnState;
+        const functionCalls = result.items.filter(
+          (item) => item.type === "function_call"
+        );
+        if (functionCalls.length === 0) {
+          break;
+        }
+        currentInput = [];
+        for (const fc of functionCalls) {
+          currentInput.push(
+            await createCodexFunctionCallOutput(
+              fc,
+              availableToolNames,
+              onChunk,
+              onToolCall
+            )
+          );
+        }
+      }
+      if (iterationsUsed >= maxIterations) {
+        onChunk(`
+
+[Reached maximum tool call limit (${maxIterations} steps). You can adjust this in Settings → Max Tool Iterations, or continue by sending another message.]`);
+      }
     } catch (err) {
       if (err.name !== "AbortError") {
         const msg = err instanceof Error ? err.message : String(err);
@@ -9057,11 +9214,11 @@ function buildLlamaCppCtxWarning(ctxSize) {
 }
 async function fetchCodexBackendModels(tokens) {
   const url = new URL("https://chatgpt.com/backend-api/codex/models");
-  url.searchParams.set("client_version", "0.129.0");
+  url.searchParams.set("client_version", CODEX_CLIENT_VERSION);
   const headers = {
     Authorization: `Bearer ${tokens.accessToken}`,
     originator: "codex_cli_rs",
-    "User-Agent": "codex_cli_rs/0.129.0 Vessel"
+    "User-Agent": `codex_cli_rs/${CODEX_CLIENT_VERSION} Vessel`
   };
   if (tokens.accountId) {
     headers["ChatGPT-Account-ID"] = tokens.accountId;
@@ -9164,7 +9321,7 @@ function createProvider(config) {
         "OpenAI Codex requires authentication. Open settings to connect your ChatGPT account."
       );
     }
-    return new CodexProvider(tokens, normalized.model, normalized.baseUrl);
+    return new CodexProvider(tokens, normalized.model);
   }
   return new OpenAICompatProvider(normalized);
 }
@@ -12476,9 +12633,9 @@ function assignDefinedBookmarkFields(bookmark, fields) {
 }
 function emit$2() {
   if (!state$2) return;
-  const snapshot = cloneState(state$2);
+  const snapshot2 = cloneState(state$2);
   for (const listener of listeners) {
-    listener(snapshot);
+    listener(snapshot2);
   }
 }
 function escapeBookmarkHtml(value) {
@@ -12999,7 +13156,7 @@ async function captureLiveHighlightSnapshot(wc, savedHighlights = []) {
     savedHighlights.map((highlight) => normalizeText(highlight.text)).filter(Boolean)
   );
   try {
-    const snapshot = await wc.executeJavaScript(`(() => {
+    const snapshot2 = await wc.executeJavaScript(`(() => {
       const selection = window.getSelection?.()?.toString().trim() || "";
       const pageHighlights = Array.from(
         document.querySelectorAll("mark.__vessel-highlight-text[data-vessel-highlight]")
@@ -13021,7 +13178,7 @@ async function captureLiveHighlightSnapshot(wc, savedHighlights = []) {
       };
     })()`, true);
     const seen = /* @__PURE__ */ new Set();
-    const pageHighlights = (snapshot.pageHighlights ?? []).map((highlight) => ({
+    const pageHighlights = (snapshot2.pageHighlights ?? []).map((highlight) => ({
       text: normalizeText(highlight.text),
       color: highlight.color?.trim() || void 0
     })).filter((highlight) => highlight.text.length > 0).filter((highlight) => {
@@ -13033,24 +13190,24 @@ async function captureLiveHighlightSnapshot(wc, savedHighlights = []) {
       ...highlight,
       persisted: savedTexts.has(highlight.text)
     }));
-    const activeSelection = normalizeText(snapshot.activeSelection) || void 0;
+    const activeSelection = normalizeText(snapshot2.activeSelection) || void 0;
     return { activeSelection, pageHighlights };
   } catch {
     return { pageHighlights: [] };
   }
 }
-function formatLiveSelectionSection(snapshot) {
+function formatLiveSelectionSection(snapshot2) {
   const sections = [];
-  if (snapshot.activeSelection) {
-    const preview = snapshot.activeSelection.length > 400 ? `${snapshot.activeSelection.slice(0, 397)}...` : snapshot.activeSelection;
+  if (snapshot2.activeSelection) {
+    const preview = snapshot2.activeSelection.length > 400 ? `${snapshot2.activeSelection.slice(0, 397)}...` : snapshot2.activeSelection;
     sections.push(
       `## Active User Selection
 The user currently has this text selected on screen:
 - "${preview}"`
     );
   }
-  if (snapshot.pageHighlights.length > 0) {
-    const lines = snapshot.pageHighlights.map((highlight) => {
+  if (snapshot2.pageHighlights.length > 0) {
+    const lines = snapshot2.pageHighlights.map((highlight) => {
       const preview = highlight.text.length > 180 ? `${highlight.text.slice(0, 177)}...` : highlight.text;
       const details = [
         highlight.persisted ? "saved" : "visible only",
@@ -13551,7 +13708,7 @@ async function saveNamedSession(tabManager, name) {
     const entries = await captureLocalStorageForOrigin(tabManager, origin);
     localStorage.push({ origin, entries });
   }
-  const snapshot = tabManager.snapshotSession(`Named session: ${normalizedName}`);
+  const snapshot2 = tabManager.snapshotSession(`Named session: ${normalizedName}`);
   const domains = [...new Set(cookies.map((cookie) => cookie.domain))].sort();
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const data = {
@@ -13563,7 +13720,7 @@ async function saveNamedSession(tabManager, name) {
     domains,
     cookies,
     localStorage,
-    snapshot
+    snapshot: snapshot2
   };
   writeSessionFile(getSessionPath(normalizedName), data);
   return {
@@ -13918,8 +14075,8 @@ function compactSearchLikeResult(text) {
     return limitText(cleaned, 16, 1400);
   }
   const summary = cleaned.slice(0, markerIndex).trim();
-  const snapshot = cleaned.slice(markerIndex + marker.length).trim();
-  return [summary, compactReadPageResult(snapshot)].filter(Boolean).join("\n\n");
+  const snapshot2 = cleaned.slice(markerIndex + marker.length).trim();
+  return [summary, compactReadPageResult(snapshot2)].filter(Boolean).join("\n\n");
 }
 function compactCurrentTabResult(text) {
   try {
@@ -14968,7 +15125,7 @@ async function inspectElement(wc, selector, limit = 8) {
   return lines.join("\n");
 }
 async function getLocaleSnapshot(wc) {
-  const snapshot = await executePageScript(
+  const snapshot2 = await executePageScript(
     wc,
     `
     (function() {
@@ -14987,13 +15144,13 @@ async function getLocaleSnapshot(wc) {
       label: "locale snapshot"
     }
   );
-  if (!snapshot || snapshot === PAGE_SCRIPT_TIMEOUT || typeof snapshot !== "object") {
+  if (!snapshot2 || snapshot2 === PAGE_SCRIPT_TIMEOUT || typeof snapshot2 !== "object") {
     return null;
   }
   return {
-    lang: typeof snapshot.lang === "string" ? snapshot.lang.trim() : "",
-    url: typeof snapshot.url === "string" ? snapshot.url : wc.getURL(),
-    title: typeof snapshot.title === "string" ? snapshot.title : wc.getTitle()
+    lang: typeof snapshot2.lang === "string" ? snapshot2.lang.trim() : "",
+    url: typeof snapshot2.url === "string" ? snapshot2.url : wc.getURL(),
+    title: typeof snapshot2.title === "string" ? snapshot2.title : wc.getTitle()
   };
 }
 function primaryLanguageTag(value) {
@@ -15009,31 +15166,31 @@ function localeChanged(before, after) {
   const localeHint = /[?&](lang|locale|language|hl)=|\/(ja|jp|en|fr|de|es|it|ko|zh)(\/|$)/i;
   return before.url !== after.url && localeHint.test(after.url);
 }
-async function restoreLocaleSnapshot(wc, snapshot) {
-  if (!snapshot || wc.isDestroyed()) return;
+async function restoreLocaleSnapshot(wc, snapshot2) {
+  if (!snapshot2 || wc.isDestroyed()) return;
   try {
     if (typeof wc.canGoBack === "function" && wc.canGoBack()) {
       wc.goBack();
       await waitForLoad(wc, 3e3);
       const reverted = await getLocaleSnapshot(wc);
-      if (!localeChanged(snapshot, reverted)) {
+      if (!localeChanged(snapshot2, reverted)) {
         return;
       }
     }
   } catch (err) {
     logger$c.warn("Failed to restore locale via history navigation, trying URL reload fallback:", err);
   }
-  if (snapshot.url && snapshot.url !== wc.getURL()) {
+  if (snapshot2.url && snapshot2.url !== wc.getURL()) {
     try {
-      assertSafeURL(snapshot.url);
-      await wc.loadURL(snapshot.url);
+      assertSafeURL(snapshot2.url);
+      await wc.loadURL(snapshot2.url);
       await waitForLoad(wc, 3e3);
       return;
     } catch (err) {
       logger$c.warn("Failed to restore locale via safe URL load, trying page reload fallback:", err);
     }
   }
-  if (snapshot.url) {
+  if (snapshot2.url) {
     try {
       await wc.reload();
       await waitForLoad(wc, 3e3);
@@ -18983,9 +19140,9 @@ function capturePageToVault({
   if (page.excerpt.trim()) {
     bodyLines.push("## Excerpt", "", page.excerpt.trim(), "");
   }
-  const snapshot = trimContent(page.content);
-  if (snapshot) {
-    bodyLines.push("## Page Snapshot", "", snapshot, "");
+  const snapshot2 = trimContent(page.content);
+  if (snapshot2) {
+    bodyLines.push("## Page Snapshot", "", snapshot2, "");
   }
   return writeMemoryNote({
     title: noteTitle,
@@ -19410,8 +19567,8 @@ Exception: ${result.exceptionDetails}`);
         {},
         async () => {
           const session = getOrCreateSession(tabManager);
-          const snapshot = await session.getPerformanceSnapshot();
-          return JSON.stringify(snapshot, null, 2);
+          const snapshot2 = await session.getPerformanceSnapshot();
+          return JSON.stringify(snapshot2, null, 2);
         }
       );
     }
@@ -19469,6 +19626,16 @@ const logger$b = createLogger("VaultShared");
 const ALGORITHM = "aes-256-gcm";
 const IV_LENGTH = 12;
 const AUTH_TAG_LENGTH = 16;
+const KEY_STORAGE_PREFIX = "base64:";
+function encodeEncryptionKeyForStorage(key2) {
+  return `${KEY_STORAGE_PREFIX}${key2.toString("base64")}`;
+}
+function decodeEncryptionKeyFromStorage(value) {
+  if (value.startsWith(KEY_STORAGE_PREFIX)) {
+    return Buffer.from(value.slice(KEY_STORAGE_PREFIX.length), "base64");
+  }
+  return Buffer.from(value, "utf-8");
+}
 function assertSecretStorageAvailable(customMessage) {
   if (!electron.safeStorage.isEncryptionAvailable()) {
     throw new Error(
@@ -19481,12 +19648,19 @@ function getOrCreateEncryptionKey(keyFilename) {
   const keyPath = path$1.join(electron.app.getPath("userData"), keyFilename);
   if (fs$1.existsSync(keyPath)) {
     const encryptedKey = fs$1.readFileSync(keyPath);
-    return Buffer.from(electron.safeStorage.decryptString(encryptedKey), "utf-8");
+    const key22 = decodeEncryptionKeyFromStorage(
+      electron.safeStorage.decryptString(encryptedKey)
+    );
+    if (key22.length !== 32) {
+      throw new Error("Stored vault encryption key has an invalid length.");
+    }
+    return key22;
   }
   const key2 = crypto$2.randomBytes(32);
   fs$1.mkdirSync(path$1.dirname(keyPath), { recursive: true });
-  const encrypted = electron.safeStorage.encryptString(key2.toString("utf-8"));
+  const encrypted = electron.safeStorage.encryptString(encodeEncryptionKeyForStorage(key2));
   fs$1.writeFileSync(keyPath, encrypted, { mode: 384 });
+  fs$1.chmodSync(keyPath, 384);
   return key2;
 }
 function createEncryptDecrypt(keyFilename) {
@@ -19551,7 +19725,7 @@ function createVaultIO(vaultFilename, encrypt2, decrypt2) {
     const encrypted = encrypt2(json);
     const vaultPath = getVaultPath();
     fs$1.mkdirSync(path$1.dirname(vaultPath), { recursive: true });
-    fs$1.writeFileSync(vaultPath, encrypted);
+    fs$1.writeFileSync(vaultPath, encrypted, { mode: 384 });
     fs$1.chmodSync(vaultPath, 384);
     cachedEntries = entries;
   }
@@ -19560,15 +19734,21 @@ function createVaultIO(vaultFilename, encrypt2, decrypt2) {
   }
   return { loadVault: loadVault2, saveVault: saveVault2, resetCache };
 }
-function domainMatches(pattern, hostname) {
-  const p = pattern.toLowerCase().trim();
-  const h = hostname.toLowerCase().trim();
-  if (p === h) return true;
-  if (p.startsWith("*.")) {
-    const suffix = p.slice(2);
-    return h === suffix || h.endsWith("." + suffix);
+function normalizeCredentialHost(value) {
+  try {
+    const parsed = new URL(value.includes("://") ? value : `https://${value}`);
+    return parsed.hostname.toLowerCase().replace(/^www\./, "");
+  } catch {
+    const normalized = value.toLowerCase().trim().replace(/^(https?:\/\/)?(www\.)?/, "").replace(/\/.*$/, "");
+    return normalized && !normalized.includes(" ") ? normalized : null;
   }
-  return false;
+}
+function domainMatches(pattern, hostname) {
+  const isWildcard = pattern.trim().startsWith("*.");
+  const p = normalizeCredentialHost(isWildcard ? pattern.slice(2) : pattern);
+  const h = normalizeCredentialHost(hostname);
+  if (!p || !h) return false;
+  return isWildcard ? h.endsWith("." + p) : p === h;
 }
 function generateTotpCode(secret) {
   const epoch = Math.floor(Date.now() / 1e3);
@@ -19601,12 +19781,20 @@ function createAuditLog(filename, maxEntries) {
     try {
       const auditPath = getAuditPath2();
       fs$1.mkdirSync(path$1.dirname(auditPath), { recursive: true });
-      fs$1.appendFileSync(auditPath, JSON.stringify(entry) + "\n");
+      fs$1.appendFileSync(auditPath, JSON.stringify(entry) + "\n", {
+        encoding: "utf-8",
+        mode: 384
+      });
+      fs$1.chmodSync(auditPath, 384);
       try {
         const lines = fs$1.readFileSync(auditPath, "utf-8").split("\n").filter((l) => l.trim());
         if (lines.length > maxEntries) {
           const trimmed = lines.slice(-maxEntries);
-          fs$1.writeFileSync(auditPath, trimmed.join("\n") + "\n");
+          fs$1.writeFileSync(auditPath, trimmed.join("\n") + "\n", {
+            encoding: "utf-8",
+            mode: 384
+          });
+          fs$1.chmodSync(auditPath, 384);
         }
       } catch {
       }
@@ -19639,12 +19827,8 @@ function listEntries$1() {
   return loadVault$1().map(({ password, totpSecret, ...rest }) => rest);
 }
 function findEntriesForDomain(url) {
-  let hostname;
-  try {
-    hostname = new URL(url).hostname;
-  } catch {
-    return [];
-  }
+  const hostname = normalizeCredentialHost(url);
+  if (!hostname) return [];
   return loadVault$1().filter((e) => domainMatches(e.domainPattern, hostname)).map(({ password, totpSecret, ...rest }) => rest);
 }
 function addEntry(entry) {
@@ -19737,7 +19921,11 @@ function appendAuditEntry(entry) {
   try {
     const auditPath = getAuditPath();
     fs$1.mkdirSync(path$1.dirname(auditPath), { recursive: true });
-    fs$1.appendFileSync(auditPath, JSON.stringify(entry) + "\n");
+    fs$1.appendFileSync(auditPath, JSON.stringify(entry) + "\n", {
+      encoding: "utf-8",
+      mode: 384
+    });
+    fs$1.chmodSync(auditPath, 384);
   } catch (err) {
     logger$a.error("Failed to write audit log:", err);
   }
@@ -19767,12 +19955,7 @@ const auditLog = createAuditLog(
   AUDIT_MAX_ENTRIES
 );
 function extractDomain(url) {
-  try {
-    const parsed = new URL(url.startsWith("http") ? url : `https://${url}`);
-    return parsed.hostname.toLowerCase();
-  } catch {
-    return url.toLowerCase().replace(/^(https?:\/\/)?(www\.)?/, "").replace(/\/.*$/, "");
-  }
+  return normalizeCredentialHost(url) ?? "";
 }
 function listEntries() {
   return loadVault().map(({ password, totpSecret, ...rest }) => rest);
@@ -19957,6 +20140,7 @@ function writeMcpAuthFile(endpoint, token) {
       JSON.stringify({ endpoint, token, pid: process.pid }, null, 2) + "\n",
       { mode: 384 }
     );
+    fs$1.chmodSync(filePath2, 384);
   } catch (err) {
     logger$9.warn("Failed to write auth file:", err);
   }
@@ -19982,10 +20166,18 @@ function clearMcpAuthFile() {
       ) + "\n",
       { mode: 384 }
     );
+    fs$1.chmodSync(filePath2, 384);
   } catch (err) {
     logger$9.warn("Failed to clear auth file:", err);
   }
 }
+function regenerateMcpAuthToken() {
+  const endpoint = getRuntimeHealth().mcp.endpoint;
+  if (!httpServer || !endpoint) return null;
+  mcpAuthToken = crypto$2.randomBytes(32).toString("hex");
+  writeMcpAuthFile(endpoint, mcpAuthToken);
+  return { endpoint };
+}
 function asTextResponse(text) {
   return { content: [{ type: "text", text }] };
 }
@@ -20011,6 +20203,11 @@ function asPromptResponse(text) {
 function isDangerousMcpAction(name) {
   return name === "close_tab" || isDangerousAction(name);
 }
+function requiresExplicitMcpApproval(name, args) {
+  if (name === "delete_session" || name === "close_tab" || name === "load_session") return true;
+  if (name === "remove_bookmark_folder" && args.delete_contents === true) return true;
+  return false;
+}
 function getActiveTabSummary(tabManager) {
   const activeTab = tabManager.getActiveTab();
   const activeTabId = tabManager.getActiveTabId();
@@ -20099,6 +20296,7 @@ async function withAction(runtime2, tabManager, name, args, executor) {
       args,
       tabId: tabManager.getActiveTabId(),
       dangerous: isDangerousMcpAction(name),
+      requiresApproval: requiresExplicitMcpApproval(name, args),
       executor
     });
     const stateInfo = await getPostActionState(tabManager, name);
@@ -23841,6 +24039,43 @@ function uninstallKit(id, scheduledKitIds) {
     return errorResult("Failed to remove the kit file.");
   }
 }
+const trustedIpcSenderIds = /* @__PURE__ */ new Set();
+function registerTrustedIpcSender(wc) {
+  trustedIpcSenderIds.add(wc.id);
+  wc.once("destroyed", () => trustedIpcSenderIds.delete(wc.id));
+}
+function assertTrustedIpcSender(event) {
+  if (!trustedIpcSenderIds.has(event.sender.id)) {
+    throw new Error("Blocked IPC from untrusted renderer");
+  }
+}
+function isManagedTabIpcSender(event, tabManager) {
+  return Boolean(tabManager.findTabByWebContentsId(event.sender.id));
+}
+function assertString(value, name) {
+  if (typeof value !== "string") throw new Error(`${name} must be a string`);
+}
+function assertOptionalString(value, name) {
+  if (value !== void 0 && typeof value !== "string") {
+    throw new Error(`${name} must be a string`);
+  }
+}
+function assertNumber(value, name) {
+  if (typeof value !== "number" || Number.isNaN(value)) {
+    throw new Error(`${name} must be a number`);
+  }
+}
+const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+function isValidEmail(value) {
+  return EMAIL_RE.test(value.trim());
+}
+function getActiveTabInfo(tabManager) {
+  const tab = tabManager.getActiveTab();
+  if (!tab) return null;
+  const wc = tab.view.webContents;
+  if (wc.isDestroyed()) return null;
+  return { tab, wc };
+}
 const logger$7 = createLogger("Scheduler");
 let jobs = [];
 let removeIdleListener = null;
@@ -23864,7 +24099,13 @@ function loadJobs() {
 }
 function saveJobs() {
   try {
-    fs$1.writeFileSync(getJobsPath(), JSON.stringify(jobs, null, 2), "utf-8");
+    const jobsPath = getJobsPath();
+    fs$1.mkdirSync(path$1.dirname(jobsPath), { recursive: true });
+    fs$1.writeFileSync(jobsPath, JSON.stringify(jobs, null, 2), {
+      encoding: "utf-8",
+      mode: 384
+    });
+    fs$1.chmodSync(jobsPath, 384);
   } catch (err) {
     logger$7.warn("Failed to save jobs:", err);
   }
@@ -24068,8 +24309,12 @@ function registerScheduleHandlers(windowState, runtime2, sendToAll) {
     tick(windowState, runtime2);
     setInterval(() => tick(windowState, runtime2), 6e4);
   }, msToNextMinute);
-  electron.ipcMain.handle(Channels.SCHEDULE_GET_ALL, () => jobs);
-  electron.ipcMain.handle(Channels.SCHEDULE_CREATE, (_, rawJob) => {
+  electron.ipcMain.handle(Channels.SCHEDULE_GET_ALL, (event) => {
+    assertTrustedIpcSender(event);
+    return jobs;
+  });
+  electron.ipcMain.handle(Channels.SCHEDULE_CREATE, (event, rawJob) => {
+    assertTrustedIpcSender(event);
     if (!isValidJobData(rawJob)) {
       throw new Error(
         "Invalid job data. Required: kitId, kitName, kitIcon, renderedPrompt, schedule, enabled."
@@ -24086,7 +24331,8 @@ function registerScheduleHandlers(windowState, runtime2, sendToAll) {
     sendToAll(Channels.SCHEDULE_JOBS_UPDATE, jobs);
     return newJob;
   });
-  electron.ipcMain.handle(Channels.SCHEDULE_UPDATE, (_, id, updates) => {
+  electron.ipcMain.handle(Channels.SCHEDULE_UPDATE, (event, id, updates) => {
+    assertTrustedIpcSender(event);
     if (typeof id !== "string") throw new Error("id must be a string");
     const job = jobs.find((j) => j.id === id);
     if (!job) return null;
@@ -24112,7 +24358,8 @@ function registerScheduleHandlers(windowState, runtime2, sendToAll) {
     sendToAll(Channels.SCHEDULE_JOBS_UPDATE, jobs);
     return job;
   });
-  electron.ipcMain.handle(Channels.SCHEDULE_DELETE, (_, id) => {
+  electron.ipcMain.handle(Channels.SCHEDULE_DELETE, (event, id) => {
+    assertTrustedIpcSender(event);
     if (typeof id !== "string") throw new Error("id must be a string");
     const before = jobs.length;
     jobs = jobs.filter((j) => j.id !== id);
@@ -24122,30 +24369,6 @@ function registerScheduleHandlers(windowState, runtime2, sendToAll) {
     return true;
   });
 }
-function assertString(value, name) {
-  if (typeof value !== "string") throw new Error(`${name} must be a string`);
-}
-function assertOptionalString(value, name) {
-  if (value !== void 0 && typeof value !== "string") {
-    throw new Error(`${name} must be a string`);
-  }
-}
-function assertNumber(value, name) {
-  if (typeof value !== "number" || Number.isNaN(value)) {
-    throw new Error(`${name} must be a number`);
-  }
-}
-const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-function isValidEmail(value) {
-  return EMAIL_RE.test(value.trim());
-}
-function getActiveTabInfo(tabManager) {
-  const tab = tabManager.getActiveTab();
-  if (!tab) return null;
-  const wc = tab.view.webContents;
-  if (wc.isDestroyed()) return null;
-  return { tab, wc };
-}
 const SAVE_DEBOUNCE_MS = 250;
 const PROFILE_FIELDS = [
   "label",
@@ -24485,24 +24708,29 @@ function sanitizeAutofillUpdates(value) {
   return updates;
 }
 function registerAutofillHandlers(windowState) {
-  electron.ipcMain.handle(Channels.AUTOFILL_LIST, () => {
+  electron.ipcMain.handle(Channels.AUTOFILL_LIST, (event) => {
+    assertTrustedIpcSender(event);
     return listProfiles();
   });
   electron.ipcMain.handle(
     Channels.AUTOFILL_ADD,
-    (_, profile) => {
+    (event, profile) => {
+      assertTrustedIpcSender(event);
       return addProfile(sanitizeAutofillProfile(profile));
     }
   );
-  electron.ipcMain.handle(Channels.AUTOFILL_UPDATE, (_, id, updates) => {
+  electron.ipcMain.handle(Channels.AUTOFILL_UPDATE, (event, id, updates) => {
+    assertTrustedIpcSender(event);
     assertString(id, "id");
     return updateProfile(id, sanitizeAutofillUpdates(updates));
   });
-  electron.ipcMain.handle(Channels.AUTOFILL_DELETE, (_, id) => {
+  electron.ipcMain.handle(Channels.AUTOFILL_DELETE, (event, id) => {
+    assertTrustedIpcSender(event);
     assertString(id, "id");
     return deleteProfile(id);
   });
-  electron.ipcMain.handle(Channels.AUTOFILL_FILL, async (_, profileId) => {
+  electron.ipcMain.handle(Channels.AUTOFILL_FILL, async (event, profileId) => {
+    assertTrustedIpcSender(event);
     assertString(profileId, "profileId");
     const profile = getProfile(profileId);
     if (!profile) throw new Error("Profile not found");
@@ -24537,13 +24765,26 @@ function registerAutofillHandlers(windowState) {
   });
 }
 function registerPageDiffHandlers(windowState, sendToRendererViews) {
-  electron.ipcMain.handle(Channels.PAGE_DIFF_GET, () => {
+  const pageEventBuckets = /* @__PURE__ */ new Map();
+  const allowPageEvent = (webContentsId) => {
+    const now = Date.now();
+    const bucket = pageEventBuckets.get(webContentsId);
+    if (!bucket || bucket.resetAt <= now) {
+      pageEventBuckets.set(webContentsId, { count: 1, resetAt: now + 1e3 });
+      return true;
+    }
+    bucket.count += 1;
+    return bucket.count <= 20;
+  };
+  electron.ipcMain.handle(Channels.PAGE_DIFF_GET, (event) => {
+    assertTrustedIpcSender(event);
     const activeTab = windowState.tabManager.getActiveTab();
     const wc = activeTab?.view.webContents;
     if (!wc) return null;
     return getLatestPageDiff(wc.getURL());
   });
-  electron.ipcMain.handle(Channels.PAGE_DIFF_HISTORY, () => {
+  electron.ipcMain.handle(Channels.PAGE_DIFF_HISTORY, (event) => {
+    assertTrustedIpcSender(event);
     try {
       if (!isPremiumActiveState(getPremiumState())) {
         return { error: "Premium required" };
@@ -24559,21 +24800,27 @@ function registerPageDiffHandlers(windowState, sendToRendererViews) {
   electron.ipcMain.on(Channels.PAGE_DIFF_ACTIVITY, (event) => {
     const wc = event.sender;
     if (!wc || wc.isDestroyed()) return;
+    if (!isManagedTabIpcSender(event, windowState.tabManager)) return;
+    if (!allowPageEvent(wc.id)) return;
     notePageMutationActivity(wc, sendToRendererViews);
   });
   electron.ipcMain.on(Channels.PAGE_DIFF_DIRTY, (event) => {
     const wc = event.sender;
     if (!wc || wc.isDestroyed()) return;
+    if (!isManagedTabIpcSender(event, windowState.tabManager)) return;
+    if (!allowPageEvent(wc.id)) return;
     schedulePageSnapshotCapture(wc, sendToRendererViews);
   });
 }
 function registerVaultHandlers() {
-  electron.ipcMain.handle(Channels.VAULT_LIST, () => {
+  electron.ipcMain.handle(Channels.VAULT_LIST, (event) => {
+    assertTrustedIpcSender(event);
     return listEntries$1();
   });
   electron.ipcMain.handle(
     Channels.VAULT_ADD,
-    (_, entry) => {
+    (event, entry) => {
+      assertTrustedIpcSender(event);
       if (!entry || typeof entry !== "object") {
         throw new Error("Invalid vault entry");
       }
@@ -24598,7 +24845,8 @@ function registerVaultHandlers() {
   );
   electron.ipcMain.handle(
     Channels.VAULT_UPDATE,
-    (_, id, updates) => {
+    (event, id, updates) => {
+      assertTrustedIpcSender(event);
       assertString(id, "id");
       if (!updates || typeof updates !== "object") {
         throw new Error("Invalid updates");
@@ -24606,12 +24854,14 @@ function registerVaultHandlers() {
       return updateEntry$1(id, updates) !== null;
     }
   );
-  electron.ipcMain.handle(Channels.VAULT_REMOVE, (_, id) => {
+  electron.ipcMain.handle(Channels.VAULT_REMOVE, (event, id) => {
+    assertTrustedIpcSender(event);
     assertString(id, "id");
     trackVaultAction("credential_removed");
     return removeEntry$1(id);
   });
-  electron.ipcMain.handle(Channels.VAULT_AUDIT_LOG, (_, limit) => {
+  electron.ipcMain.handle(Channels.VAULT_AUDIT_LOG, (event, limit) => {
+    assertTrustedIpcSender(event);
     return readAuditLog$1(limit);
   });
 }
@@ -24630,17 +24880,20 @@ function normalizeTags(value) {
   return tags.length > 0 ? tags : void 0;
 }
 function registerHumanVaultHandlers() {
-  electron.ipcMain.handle(Channels.HUMAN_VAULT_LIST, (_, domain) => {
+  electron.ipcMain.handle(Channels.HUMAN_VAULT_LIST, (event, domain) => {
+    assertTrustedIpcSender(event);
     if (domain !== void 0) assertString(domain, "domain");
     return domain ? findForDomain(domain) : listEntries();
   });
-  electron.ipcMain.handle(Channels.HUMAN_VAULT_GET, (_, id) => {
+  electron.ipcMain.handle(Channels.HUMAN_VAULT_GET, (event, id) => {
+    assertTrustedIpcSender(event);
     assertString(id, "id");
     return getEntrySafe(id);
   });
   electron.ipcMain.handle(
     Channels.HUMAN_VAULT_SAVE,
-    (_, input) => {
+    (event, input) => {
+      assertTrustedIpcSender(event);
       if (!input || typeof input !== "object") {
         throw new Error("Invalid credential entry");
       }
@@ -24670,7 +24923,8 @@ function registerHumanVaultHandlers() {
   );
   electron.ipcMain.handle(
     Channels.HUMAN_VAULT_UPDATE,
-    (_, id, updates) => {
+    (event, id, updates) => {
+      assertTrustedIpcSender(event);
       assertString(id, "id");
       if (!updates || typeof updates !== "object") {
         throw new Error("Invalid updates");
@@ -24712,26 +24966,31 @@ function registerHumanVaultHandlers() {
       return safe;
     }
   );
-  electron.ipcMain.handle(Channels.HUMAN_VAULT_REMOVE, (_, id) => {
+  electron.ipcMain.handle(Channels.HUMAN_VAULT_REMOVE, (event, id) => {
+    assertTrustedIpcSender(event);
     assertString(id, "id");
     return removeEntry(id);
   });
-  electron.ipcMain.handle(Channels.HUMAN_VAULT_AUDIT_LOG, (_, limit) => {
+  electron.ipcMain.handle(Channels.HUMAN_VAULT_AUDIT_LOG, (event, limit) => {
+    assertTrustedIpcSender(event);
     return readAuditLog(limit);
   });
 }
 function registerWindowControlHandlers(mainWindow) {
-  electron.ipcMain.handle(Channels.WINDOW_MINIMIZE, () => {
+  electron.ipcMain.handle(Channels.WINDOW_MINIMIZE, (event) => {
+    assertTrustedIpcSender(event);
     mainWindow.minimize();
   });
-  electron.ipcMain.handle(Channels.WINDOW_MAXIMIZE, () => {
+  electron.ipcMain.handle(Channels.WINDOW_MAXIMIZE, (event) => {
+    assertTrustedIpcSender(event);
     if (mainWindow.isMaximized()) {
       mainWindow.unmaximize();
     } else {
       mainWindow.maximize();
     }
   });
-  electron.ipcMain.handle(Channels.WINDOW_CLOSE, () => {
+  electron.ipcMain.handle(Channels.WINDOW_CLOSE, (event) => {
+    assertTrustedIpcSender(event);
     mainWindow.close();
   });
 }
@@ -24870,6 +25129,32 @@ function installAdBlockingForSession(ses, tabManager) {
   });
 }
 const filePath$1 = () => path$1.join(electron.app.getPath("userData"), "vessel-downloads.json");
+const EXECUTABLE_EXTENSIONS = /* @__PURE__ */ new Set([
+  ".appimage",
+  ".bat",
+  ".cmd",
+  ".command",
+  ".desktop",
+  ".exe",
+  ".msi",
+  ".ps1",
+  ".scr",
+  ".sh"
+]);
+function hasMisleadingDoubleExtension(filename) {
+  return /\.(pdf|docx?|xlsx?|pptx?|png|jpe?g|gif|txt|zip)\.(exe|msi|bat|cmd|ps1|sh|scr|appimage)$/i.test(filename);
+}
+function isExecutableDownload(savePath) {
+  return EXECUTABLE_EXTENSIONS.has(path$1.extname(savePath).toLowerCase());
+}
+function executableWarningDetail(item) {
+  return [
+    "This file can run code on your computer. Only open it if you trust the source.",
+    item.url ? `Source: ${item.url}` : null,
+    item.mimeType ? `Type: ${item.mimeType}` : null,
+    hasMisleadingDoubleExtension(item.filename) ? "Warning: this filename uses a misleading double extension." : null
+  ].filter(Boolean).join("\n");
+}
 function parse(raw) {
   if (!raw || typeof raw !== "object") return { items: [] };
   const items = Array.isArray(raw.items) ? raw.items : [];
@@ -24888,13 +25173,13 @@ function persist() {
   persistence$1.schedule();
 }
 function emit$1() {
-  broadcaster$1?.(Channels.DOWNLOADS_UPDATE, state.items);
+  broadcaster$1?.(Channels.DOWNLOADS_UPDATE, listDownloads());
 }
 function setDownloadBroadcaster(fn) {
   broadcaster$1 = fn;
 }
 function listDownloads() {
-  return state.items;
+  return state.items.map((item) => ({ ...item }));
 }
 function upsertDownload(input) {
   const now = (/* @__PURE__ */ new Date()).toISOString();
@@ -24918,7 +25203,19 @@ function clearDownloads() {
 }
 async function openDownload(id) {
   const item = state.items.find((d) => d.id === id);
-  if (!item || !fs$1.existsSync(item.savePath)) return false;
+  if (!item || item.state !== "completed" || !fs$1.existsSync(item.savePath)) return false;
+  if (isExecutableDownload(item.savePath)) {
+    const result = electron.dialog.showMessageBoxSync({
+      type: "warning",
+      buttons: ["Cancel", "Open Anyway"],
+      defaultId: 0,
+      cancelId: 0,
+      title: "Open executable download?",
+      message: `Open ${item.filename}?`,
+      detail: executableWarningDetail(item)
+    });
+    if (result !== 1) return false;
+  }
   return await electron.shell.openPath(item.savePath) === "";
 }
 async function showDownloadInFolder(id) {
@@ -24969,6 +25266,8 @@ function installDownloadHandlerForSession(targetSession, chromeView) {
     const info = {
       filename,
       savePath,
+      url: item.getURL(),
+      mimeType: typeof item.getMimeType === "function" ? item.getMimeType() : void 0,
       totalBytes: item.getTotalBytes(),
       receivedBytes: 0,
       state: "progressing"
@@ -25016,9 +25315,9 @@ function loadRenderers(chromeView, sidebarView, devtoolsPanelView) {
   const sidebarUrl = rendererUrlFor("sidebar");
   const devtoolsUrl = rendererUrlFor("devtools");
   if (chromeUrl && sidebarUrl && devtoolsUrl) {
-    chromeView.webContents.loadURL(chromeUrl);
-    sidebarView.webContents.loadURL(sidebarUrl);
-    devtoolsPanelView.webContents.loadURL(devtoolsUrl);
+    void loadTrustedAppURL(chromeView.webContents, chromeUrl);
+    void loadTrustedAppURL(sidebarView.webContents, sidebarUrl);
+    void loadTrustedAppURL(devtoolsPanelView.webContents, devtoolsUrl);
   } else {
     const rendererFile = resolveRendererFile();
     chromeView.webContents.loadFile(rendererFile, {
@@ -25244,7 +25543,7 @@ function loadPrivateRenderer(chromeView) {
     const url = new URL(devUrl);
     url.searchParams.set("view", "chrome");
     url.searchParams.set("private", "1");
-    chromeView.webContents.loadURL(url.toString());
+    void loadTrustedAppURL(chromeView.webContents, url.toString());
   } else {
     chromeView.webContents.loadFile(resolveRendererFile(), {
       query: { view: "chrome", private: "1" }
@@ -25479,7 +25778,7 @@ function loadSecondaryRenderer(chromeView) {
     const url = new URL(devUrl);
     url.searchParams.set("view", "chrome");
     url.searchParams.set("secondary", "1");
-    chromeView.webContents.loadURL(url.toString());
+    void loadTrustedAppURL(chromeView.webContents, url.toString());
   } else {
     chromeView.webContents.loadFile(resolveRendererFile(), {
       query: { view: "chrome", secondary: "1" }
@@ -25655,19 +25954,22 @@ function getSafeBookmarkExportName(name) {
   return safeName || "folder";
 }
 function registerBookmarkHandlers() {
-  electron.ipcMain.handle(Channels.BOOKMARKS_GET, () => {
+  electron.ipcMain.handle(Channels.BOOKMARKS_GET, (event) => {
+    assertTrustedIpcSender(event);
     return getState();
   });
   electron.ipcMain.handle(
     Channels.FOLDER_CREATE,
-    (_, name, summary) => {
+    (event, name, summary) => {
+      assertTrustedIpcSender(event);
       trackBookmarkAction("folder_create");
       return createFolderWithSummary(name, summary);
     }
   );
   electron.ipcMain.handle(
     Channels.BOOKMARK_SAVE,
-    (_, url, title, folderId, note, intent, expectedContent, keyFields, agentHints) => {
+    (event, url, title, folderId, note, intent, expectedContent, keyFields, agentHints) => {
+      assertTrustedIpcSender(event);
       trackBookmarkAction("save");
       const result = saveBookmarkWithPolicy(url, title, folderId, note, {
         onDuplicate: "update",
@@ -25688,18 +25990,21 @@ function registerBookmarkHandlers() {
   );
   electron.ipcMain.handle(
     Channels.BOOKMARK_UPDATE,
-    (_, id, updates) => {
+    (event, id, updates) => {
+      assertTrustedIpcSender(event);
       trackBookmarkAction("save");
       return updateBookmark(id, updates);
     }
   );
-  electron.ipcMain.handle(Channels.BOOKMARK_REMOVE, (_, id) => {
+  electron.ipcMain.handle(Channels.BOOKMARK_REMOVE, (event, id) => {
+    assertTrustedIpcSender(event);
     trackBookmarkAction("remove");
     return removeBookmark(id);
   });
   electron.ipcMain.handle(
     Channels.BOOKMARKS_EXPORT_HTML,
-    async (_, options) => {
+    async (event, options) => {
+      assertTrustedIpcSender(event);
       const { canceled, filePath: filePath2 } = await electron.dialog.showSaveDialog({
         title: "Export Bookmarks",
         defaultPath: "vessel-bookmarks.html",
@@ -25717,7 +26022,8 @@ function registerBookmarkHandlers() {
       };
     }
   );
-  electron.ipcMain.handle(Channels.BOOKMARKS_EXPORT_JSON, async () => {
+  electron.ipcMain.handle(Channels.BOOKMARKS_EXPORT_JSON, async (event) => {
+    assertTrustedIpcSender(event);
     const { canceled, filePath: filePath2 } = await electron.dialog.showSaveDialog({
       title: "Export Vessel Bookmark Archive",
       defaultPath: "vessel-bookmarks.json",
@@ -25734,7 +26040,8 @@ function registerBookmarkHandlers() {
   });
   electron.ipcMain.handle(
     Channels.FOLDER_EXPORT_HTML,
-    async (_, folderId, options) => {
+    async (event, folderId, options) => {
+      assertTrustedIpcSender(event);
       const folder = getFolder(folderId);
       if (!folder) return null;
       const { canceled, filePath: filePath2 } = await electron.dialog.showSaveDialog({
@@ -25755,7 +26062,8 @@ function registerBookmarkHandlers() {
       };
     }
   );
-  electron.ipcMain.handle(Channels.BOOKMARKS_IMPORT_HTML, async () => {
+  electron.ipcMain.handle(Channels.BOOKMARKS_IMPORT_HTML, async (event) => {
+    assertTrustedIpcSender(event);
     const { canceled, filePaths } = await electron.dialog.showOpenDialog({
       title: "Import Bookmarks",
       filters: [
@@ -25768,7 +26076,8 @@ function registerBookmarkHandlers() {
     trackBookmarkAction("import");
     return importBookmarksFromHtml(content);
   });
-  electron.ipcMain.handle(Channels.BOOKMARKS_IMPORT_JSON, async () => {
+  electron.ipcMain.handle(Channels.BOOKMARKS_IMPORT_JSON, async (event) => {
+    assertTrustedIpcSender(event);
     const { canceled, filePaths } = await electron.dialog.showOpenDialog({
       title: "Import Bookmarks",
       filters: [
@@ -25781,28 +26090,34 @@ function registerBookmarkHandlers() {
     trackBookmarkAction("import");
     return importBookmarksFromJson(content);
   });
-  electron.ipcMain.handle(Channels.FOLDER_REMOVE, (_, id, deleteContents) => {
+  electron.ipcMain.handle(Channels.FOLDER_REMOVE, (event, id, deleteContents) => {
+    assertTrustedIpcSender(event);
     trackBookmarkAction("folder_remove");
     return removeFolder(id, deleteContents ?? false);
   });
   electron.ipcMain.handle(
     Channels.FOLDER_RENAME,
-    (_, id, newName, summary) => {
+    (event, id, newName, summary) => {
+      assertTrustedIpcSender(event);
       return renameFolder(id, newName, summary);
     }
   );
 }
 function registerHistoryHandlers() {
-  electron.ipcMain.handle(Channels.HISTORY_GET, () => {
+  electron.ipcMain.handle(Channels.HISTORY_GET, (event) => {
+    assertTrustedIpcSender(event);
     return getState$1();
   });
-  electron.ipcMain.handle(Channels.HISTORY_SEARCH, (_, query) => {
+  electron.ipcMain.handle(Channels.HISTORY_SEARCH, (event, query) => {
+    assertTrustedIpcSender(event);
     return search(query);
   });
-  electron.ipcMain.handle(Channels.HISTORY_CLEAR, () => {
+  electron.ipcMain.handle(Channels.HISTORY_CLEAR, (event) => {
+    assertTrustedIpcSender(event);
     clearAll$1();
   });
-  electron.ipcMain.handle(Channels.HISTORY_EXPORT_HTML, async () => {
+  electron.ipcMain.handle(Channels.HISTORY_EXPORT_HTML, async (event) => {
+    assertTrustedIpcSender(event);
     const { canceled, filePath: filePath2 } = await electron.dialog.showSaveDialog({
       title: "Export History",
       defaultPath: "vessel-history.html",
@@ -25813,7 +26128,8 @@ function registerHistoryHandlers() {
     await fs.promises.writeFile(filePath2, content, "utf-8");
     return { filePath: filePath2, count: getState$1().entries.length };
   });
-  electron.ipcMain.handle(Channels.HISTORY_EXPORT_JSON, async () => {
+  electron.ipcMain.handle(Channels.HISTORY_EXPORT_JSON, async (event) => {
+    assertTrustedIpcSender(event);
     const { canceled, filePath: filePath2 } = await electron.dialog.showSaveDialog({
       title: "Export History",
       defaultPath: "vessel-history.json",
@@ -25824,7 +26140,8 @@ function registerHistoryHandlers() {
     await fs.promises.writeFile(filePath2, content, "utf-8");
     return { filePath: filePath2, count: getState$1().entries.length };
   });
-  electron.ipcMain.handle(Channels.HISTORY_IMPORT, async () => {
+  electron.ipcMain.handle(Channels.HISTORY_IMPORT, async (event) => {
+    assertTrustedIpcSender(event);
     const { canceled, filePaths } = await electron.dialog.showOpenDialog({
       title: "Import History",
       filters: [
@@ -25917,10 +26234,12 @@ function registerPremiumHandlers(tabManager, sendToRendererViews) {
       void handleUrl(currentUrl);
     }
   };
-  electron.ipcMain.handle(Channels.PREMIUM_GET_STATE, () => {
+  electron.ipcMain.handle(Channels.PREMIUM_GET_STATE, (event) => {
+    assertTrustedIpcSender(event);
     return getPremiumState();
   });
-  electron.ipcMain.handle(Channels.PREMIUM_ACTIVATION_START, async (_, email) => {
+  electron.ipcMain.handle(Channels.PREMIUM_ACTIVATION_START, async (event, email) => {
+    assertTrustedIpcSender(event);
     assertString(email, "email");
     if (!isValidEmail(email)) {
       return errorResult("Invalid email format");
@@ -25934,7 +26253,8 @@ function registerPremiumHandlers(tabManager, sendToRendererViews) {
   });
   electron.ipcMain.handle(
     Channels.PREMIUM_ACTIVATION_VERIFY,
-    async (_, email, code, challengeToken) => {
+    async (event, email, code, challengeToken) => {
+      assertTrustedIpcSender(event);
       assertString(email, "email");
       assertString(code, "code");
       assertString(challengeToken, "challengeToken");
@@ -25956,7 +26276,8 @@ function registerPremiumHandlers(tabManager, sendToRendererViews) {
       return result;
     }
   );
-  electron.ipcMain.handle(Channels.PREMIUM_CHECKOUT, async (_, email) => {
+  electron.ipcMain.handle(Channels.PREMIUM_CHECKOUT, async (event, email) => {
+    assertTrustedIpcSender(event);
     trackPremiumFunnel("checkout_clicked");
     const result = await getCheckoutUrl(email);
     if (result.ok && result.url) {
@@ -25965,19 +26286,22 @@ function registerPremiumHandlers(tabManager, sendToRendererViews) {
     }
     return result;
   });
-  electron.ipcMain.handle(Channels.PREMIUM_RESET, () => {
+  electron.ipcMain.handle(Channels.PREMIUM_RESET, (event) => {
+    assertTrustedIpcSender(event);
     trackPremiumFunnel("reset");
     const state2 = resetPremium();
     sendToRendererViews(Channels.PREMIUM_UPDATE, state2);
     return state2;
   });
-  electron.ipcMain.handle(Channels.PREMIUM_TRACK_CONTEXT, (_, step) => {
+  electron.ipcMain.handle(Channels.PREMIUM_TRACK_CONTEXT, (event, step) => {
+    assertTrustedIpcSender(event);
     assertString(step, "step");
     if (PREMIUM_TRACKABLE_STEPS.includes(step)) {
       trackPremiumFunnel(step);
     }
   });
-  electron.ipcMain.handle(Channels.PREMIUM_PORTAL, async () => {
+  electron.ipcMain.handle(Channels.PREMIUM_PORTAL, async (event) => {
+    assertTrustedIpcSender(event);
     trackPremiumFunnel("portal_opened");
     const result = await getPortalUrl();
     if (result.ok && result.url) {
@@ -25987,18 +26311,22 @@ function registerPremiumHandlers(tabManager, sendToRendererViews) {
   });
 }
 function registerSessionHandlers(tabManager) {
-  electron.ipcMain.handle(Channels.SESSION_LIST, () => {
+  electron.ipcMain.handle(Channels.SESSION_LIST, (event) => {
+    assertTrustedIpcSender(event);
     return listNamedSessions();
   });
-  electron.ipcMain.handle(Channels.SESSION_SAVE, async (_, name) => {
+  electron.ipcMain.handle(Channels.SESSION_SAVE, async (event, name) => {
+    assertTrustedIpcSender(event);
     assertString(name, "name");
     return await saveNamedSession(tabManager, name);
   });
-  electron.ipcMain.handle(Channels.SESSION_LOAD, async (_, name) => {
+  electron.ipcMain.handle(Channels.SESSION_LOAD, async (event, name) => {
+    assertTrustedIpcSender(event);
     assertString(name, "name");
     return await loadNamedSession(tabManager, name);
   });
-  electron.ipcMain.handle(Channels.SESSION_DELETE, (_, name) => {
+  electron.ipcMain.handle(Channels.SESSION_DELETE, (event, name) => {
+    assertTrustedIpcSender(event);
     assertString(name, "name");
     return deleteNamedSession(name);
   });
@@ -26035,7 +26363,8 @@ function buildCertificateDetailsHtml(state2) {
 </html>`;
 }
 function registerSecurityHandlers(tabManager) {
-  electron.ipcMain.handle(Channels.SECURITY_SHOW_DETAILS, async (_, state2) => {
+  electron.ipcMain.handle(Channels.SECURITY_SHOW_DETAILS, async (event, state2) => {
+    assertTrustedIpcSender(event);
     const domain = (() => {
       try {
         return new URL(state2.url).hostname || state2.url;
@@ -26056,13 +26385,15 @@ function registerSecurityHandlers(tabManager) {
         spellcheck: false
       }
     });
-    void win.loadURL(`data:text/html;charset=utf-8,${encodeURIComponent(content)}`);
+    void loadInternalDataURL(win.webContents, `data:text/html;charset=utf-8,${encodeURIComponent(content)}`);
   });
-  electron.ipcMain.handle(Channels.SECURITY_PROCEED_ANYWAY, (_, tabId) => {
+  electron.ipcMain.handle(Channels.SECURITY_PROCEED_ANYWAY, (event, tabId) => {
+    assertTrustedIpcSender(event);
     assertString(tabId, "tabId");
     tabManager.proceedAnyway(tabId);
   });
-  electron.ipcMain.handle(Channels.SECURITY_GO_BACK_TO_SAFETY, (_, tabId) => {
+  electron.ipcMain.handle(Channels.SECURITY_GO_BACK_TO_SAFETY, (event, tabId) => {
+    assertTrustedIpcSender(event);
     assertString(tabId, "tabId");
     tabManager.goBackToSafety(tabId);
   });
@@ -26070,6 +26401,7 @@ function registerSecurityHandlers(tabManager) {
 const logger$5 = createLogger("CodexIPC");
 function registerCodexHandlers() {
   electron.ipcMain.handle(Channels.CODEX_START_AUTH, async (event) => {
+    assertTrustedIpcSender(event);
     const wc = event.sender;
     if (!wc || wc.isDestroyed()) {
       return {
@@ -26100,29 +26432,61 @@ function registerCodexHandlers() {
       };
     }
   });
-  electron.ipcMain.handle(Channels.CODEX_CANCEL_AUTH, () => {
+  electron.ipcMain.handle(Channels.CODEX_CANCEL_AUTH, (event) => {
+    assertTrustedIpcSender(event);
     cancelCodexOAuth();
     return { ok: true };
   });
-  electron.ipcMain.handle(Channels.CODEX_DISCONNECT, () => {
+  electron.ipcMain.handle(Channels.CODEX_DISCONNECT, (event) => {
+    assertTrustedIpcSender(event);
     clearStoredCodexTokens();
     return { ok: true };
   });
 }
 const filePath = () => path$1.join(electron.app.getPath("userData"), "vessel-permissions.json");
+const ALLOWED_PERMISSION_TYPES = /* @__PURE__ */ new Set([
+  "clipboard-read",
+  "fullscreen",
+  "geolocation",
+  "media",
+  "midiSysex",
+  "notifications",
+  "pointerLock"
+]);
+function parseOrigin(value) {
+  try {
+    const origin = new URL(value).origin;
+    return origin === "null" ? null : origin;
+  } catch {
+    return null;
+  }
+}
+function isPermissionRecord(value) {
+  if (!value || typeof value !== "object") return false;
+  const record = value;
+  return typeof record.origin === "string" && parseOrigin(record.origin) === record.origin && typeof record.permission === "string" && ALLOWED_PERMISSION_TYPES.has(record.permission) && (record.decision === "allow" || record.decision === "deny") && typeof record.updatedAt === "string";
+}
 let records = loadJsonFile({
   filePath: filePath(),
   fallback: [],
-  parse: (raw) => Array.isArray(raw) ? raw : []
+  parse: (raw) => Array.isArray(raw) ? raw.filter(isPermissionRecord) : []
 });
 const persistence = createDebouncedJsonPersistence({ debounceMs: 250, filePath: filePath(), getValue: () => records, logLabel: "permissions" });
+const sessionDecisions = /* @__PURE__ */ new Map();
 let broadcaster = null;
 function key(origin, permission) {
   return `${origin}
 ${permission}`;
 }
+function snapshot() {
+  return records.map((record) => ({ ...record }));
+}
 function emit() {
-  broadcaster?.(Channels.PERMISSIONS_GET, records);
+  broadcaster?.(Channels.PERMISSIONS_GET, snapshot());
+}
+function getDecision(origin, permission) {
+  const existing = records.find((r) => r.origin === origin && r.permission === permission);
+  return existing?.decision ?? sessionDecisions.get(key(origin, permission)) ?? null;
 }
 function save(origin, permission, decision) {
   const k = key(origin, permission);
@@ -26134,15 +26498,21 @@ function save(origin, permission, decision) {
   emit();
 }
 function listPermissions() {
-  return records;
+  return snapshot();
 }
 function clearPermissions() {
   records = [];
+  sessionDecisions.clear();
   persistence.schedule();
   emit();
 }
 function clearPermissionsForOrigin(origin) {
+  if (!parseOrigin(origin)) return;
   records = records.filter((record) => record.origin !== origin);
+  for (const storedKey of sessionDecisions.keys()) {
+    if (storedKey.startsWith(`${origin}
+`)) sessionDecisions.delete(storedKey);
+  }
   persistence.schedule();
   emit();
 }
@@ -26150,28 +26520,72 @@ function setPermissionBroadcaster(fn) {
   broadcaster = fn;
 }
 function installPermissionHandler() {
+  electron.session.defaultSession.setPermissionCheckHandler((webContents, permission, requestingOrigin) => {
+    if (!ALLOWED_PERMISSION_TYPES.has(permission)) return false;
+    const origin = parseOrigin(requestingOrigin || webContents.getURL());
+    if (!origin) return false;
+    return getDecision(origin, permission) === "allow";
+  });
   electron.session.defaultSession.setPermissionRequestHandler((webContents, permission, callback, details) => {
-    const origin = new URL(details.requestingUrl || webContents.getURL()).origin;
-    const existing = records.find((r) => r.origin === origin && r.permission === permission);
-    if (existing) {
-      callback(existing.decision === "allow");
+    if (!ALLOWED_PERMISSION_TYPES.has(permission)) {
+      callback(false);
+      return;
+    }
+    const origin = parseOrigin(details.requestingUrl || webContents.getURL());
+    if (!origin) {
+      callback(false);
+      return;
+    }
+    const k = key(origin, permission);
+    const decision = getDecision(origin, permission);
+    if (decision) {
+      callback(decision === "allow");
       return;
     }
     const result = electron.dialog.showMessageBoxSync({
       type: "question",
-      buttons: ["Deny", "Allow"],
+      buttons: [
+        "Deny Once",
+        "Deny Until Quit",
+        "Always Deny",
+        "Allow Once",
+        "Allow Until Quit",
+        "Always Allow"
+      ],
       defaultId: 0,
       cancelId: 0,
       title: "Site permission request",
       message: `${origin} wants to use ${permission}`,
-      detail: "Vessel will remember your choice. You can clear saved permissions in Settings > Privacy."
+      detail: "Temporary choices are safer for camera, microphone, location, and clipboard access. Persistent choices can be cleared in Settings > Privacy."
     });
-    const decision = result === 1 ? "allow" : "deny";
-    save(origin, permission, decision);
-    callback(decision === "allow");
+    if (result === 1) {
+      sessionDecisions.set(k, "deny");
+      callback(false);
+      return;
+    }
+    if (result === 2) {
+      save(origin, permission, "deny");
+      callback(false);
+      return;
+    }
+    if (result === 3) {
+      callback(true);
+      return;
+    }
+    if (result === 4) {
+      sessionDecisions.set(k, "allow");
+      callback(true);
+      return;
+    }
+    if (result === 5) {
+      save(origin, permission, "allow");
+      callback(true);
+      return;
+    }
+    callback(false);
   });
 }
-const NPM_PACKAGE_URL = "https://registry.npmjs.org/@quanta-intellect%2Fvessel-browser/latest";
+const GITHUB_LATEST_RELEASE_API_URL = "https://api.github.com/repos/unmodeled-tyler/quanta-vessel-browser/releases/latest";
 const RELEASES_URL = "https://github.com/unmodeled-tyler/quanta-vessel-browser/releases/latest";
 function normalizeVersion(version) {
   return version.replace(/^v/i, "").split(/[.-]/).slice(0, 3).map((part) => {
@@ -26192,21 +26606,22 @@ async function checkForUpdates() {
   const currentVersion = electron.app.getVersion();
   const checkedAt = (/* @__PURE__ */ new Date()).toISOString();
   try {
-    const response = await fetch(NPM_PACKAGE_URL, {
-      headers: { accept: "application/json", "user-agent": `Vessel/${currentVersion}` }
+    const response = await fetch(GITHUB_LATEST_RELEASE_API_URL, {
+      headers: { accept: "application/vnd.github+json", "user-agent": `Vessel/${currentVersion}` }
     });
     if (!response.ok) {
-      throw new Error(`Registry responded with ${response.status}`);
+      throw new Error(`GitHub Releases responded with ${response.status}`);
     }
     const body = await response.json();
-    const latestVersion = typeof body.version === "string" ? body.version : null;
-    if (!latestVersion) throw new Error("Registry response did not include a version");
+    const latestVersion = typeof body.tag_name === "string" ? body.tag_name : null;
+    if (!latestVersion) throw new Error("GitHub release response did not include a tag name");
+    const releaseUrl = typeof body.html_url === "string" && body.html_url.startsWith("https://github.com/") ? body.html_url : RELEASES_URL;
     return {
       currentVersion,
       latestVersion,
       updateAvailable: compareVersions(latestVersion, currentVersion) > 0,
       checkedAt,
-      releaseUrl: RELEASES_URL
+      releaseUrl
     };
   } catch (error) {
     return {
@@ -26220,7 +26635,7 @@ async function checkForUpdates() {
   }
 }
 async function openUpdateDownload() {
-  await electron.shell.openExternal(RELEASES_URL);
+  await openExternalAllowlisted(RELEASES_URL, { hosts: ["github.com"] });
 }
 let activeChatProvider = null;
 const logger$4 = createLogger("IPC");
@@ -26255,13 +26670,24 @@ async function togglePictureInPicture(tabManager) {
 }
 function registerIpcHandlers(windowState, runtime2) {
   const { tabManager, chromeView, sidebarView, devtoolsPanelView, mainWindow } = windowState;
-  electron.ipcMain.handle(Channels.OPEN_PRIVATE_WINDOW, () => {
+  registerTrustedIpcSender(chromeView.webContents);
+  registerTrustedIpcSender(sidebarView.webContents);
+  registerTrustedIpcSender(devtoolsPanelView.webContents);
+  const requireTrusted = (event) => {
+    assertTrustedIpcSender(event);
+  };
+  electron.ipcMain.handle(Channels.OPEN_PRIVATE_WINDOW, (event) => {
+    requireTrusted(event);
     createPrivateWindow();
   });
-  electron.ipcMain.handle(Channels.OPEN_NEW_WINDOW, () => {
+  electron.ipcMain.handle(Channels.OPEN_NEW_WINDOW, (event) => {
+    requireTrusted(event);
     createSecondaryWindow();
   });
-  electron.ipcMain.handle(Channels.IS_PRIVATE_MODE, () => false);
+  electron.ipcMain.handle(Channels.IS_PRIVATE_MODE, (event) => {
+    requireTrusted(event);
+    return false;
+  });
   let sidebarResizeRecoveryTimer = null;
   let sidebarResizeActive = false;
   let runtimeUpdateTimer = null;
@@ -26342,37 +26768,45 @@ function registerIpcHandlers(windowState, runtime2) {
   onAIStreamIdle(() => {
     sendToRendererViews(Channels.AI_STREAM_IDLE);
   });
-  electron.ipcMain.handle(Channels.TAB_CREATE, (_, url) => {
+  electron.ipcMain.handle(Channels.TAB_CREATE, (event, url) => {
+    requireTrusted(event);
     const id = tabManager.createTab(url || loadSettings().defaultUrl);
     layoutViews(windowState);
     return id;
   });
-  electron.ipcMain.handle(Channels.TAB_CLOSE, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_CLOSE, (event, id) => {
+    requireTrusted(event);
     tabManager.closeTab(id);
     layoutViews(windowState);
   });
-  electron.ipcMain.handle(Channels.TAB_SWITCH, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_SWITCH, (event, id) => {
+    requireTrusted(event);
     tabManager.switchTab(id);
     layoutViews(windowState);
   });
   electron.ipcMain.handle(
     Channels.TAB_NAVIGATE,
-    (_, id, url, postBody) => {
+    (event, id, url, postBody) => {
+      requireTrusted(event);
       assertString(id, "tabId");
       assertString(url, "url");
       return tabManager.navigateTab(id, url, postBody);
     }
   );
-  electron.ipcMain.handle(Channels.TAB_BACK, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_BACK, (event, id) => {
+    requireTrusted(event);
     tabManager.goBack(id);
   });
-  electron.ipcMain.handle(Channels.TAB_FORWARD, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_FORWARD, (event, id) => {
+    requireTrusted(event);
     tabManager.goForward(id);
   });
-  electron.ipcMain.handle(Channels.TAB_RELOAD, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_RELOAD, (event, id) => {
+    requireTrusted(event);
     tabManager.reloadTab(id);
   });
-  electron.ipcMain.handle(Channels.TAB_TOGGLE_AD_BLOCK, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_TOGGLE_AD_BLOCK, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     const tab = tabManager.getTab(id);
     if (!tab) return null;
@@ -26380,87 +26814,108 @@ function registerIpcHandlers(windowState, runtime2) {
     tab.setAdBlockingEnabled(newState);
     return newState;
   });
-  electron.ipcMain.handle(Channels.TAB_ZOOM_IN, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_ZOOM_IN, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     tabManager.zoomIn(id);
   });
-  electron.ipcMain.handle(Channels.TAB_ZOOM_OUT, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_ZOOM_OUT, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     tabManager.zoomOut(id);
   });
-  electron.ipcMain.handle(Channels.TAB_ZOOM_RESET, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_ZOOM_RESET, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     tabManager.zoomReset(id);
   });
-  electron.ipcMain.handle(Channels.TAB_REOPEN_CLOSED, () => {
+  electron.ipcMain.handle(Channels.TAB_REOPEN_CLOSED, (event) => {
+    requireTrusted(event);
     const id = tabManager.reopenClosedTab();
     if (id) layoutViews(windowState);
     return id;
   });
-  electron.ipcMain.handle(Channels.TAB_DUPLICATE, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_DUPLICATE, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     const newId = tabManager.duplicateTab(id);
     if (newId) layoutViews(windowState);
     return newId;
   });
-  electron.ipcMain.handle(Channels.TAB_PIN, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_PIN, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     tabManager.pinTab(id);
   });
-  electron.ipcMain.handle(Channels.TAB_UNPIN, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_UNPIN, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     tabManager.unpinTab(id);
   });
-  electron.ipcMain.handle(Channels.TAB_GROUP_CREATE, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_GROUP_CREATE, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     return tabManager.createGroupFromTab(id);
   });
-  electron.ipcMain.handle(Channels.TAB_GROUP_ADD_TAB, (_, id, groupId) => {
+  electron.ipcMain.handle(Channels.TAB_GROUP_ADD_TAB, (event, id, groupId) => {
+    requireTrusted(event);
     assertString(id, "id");
     assertString(groupId, "groupId");
     tabManager.assignTabToGroup(id, groupId);
   });
-  electron.ipcMain.handle(Channels.TAB_GROUP_REMOVE_TAB, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_GROUP_REMOVE_TAB, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     tabManager.removeTabFromGroup(id);
   });
-  electron.ipcMain.handle(Channels.TAB_GROUP_TOGGLE_COLLAPSED, (_, groupId) => {
+  electron.ipcMain.handle(Channels.TAB_GROUP_TOGGLE_COLLAPSED, (event, groupId) => {
+    requireTrusted(event);
     assertString(groupId, "groupId");
     return tabManager.toggleGroupCollapsed(groupId);
   });
   electron.ipcMain.handle(
     Channels.TAB_GROUP_SET_COLOR,
-    (_, groupId, color) => {
+    (event, groupId, color) => {
+      requireTrusted(event);
       assertString(groupId, "groupId");
       assertString(color, "color");
       tabManager.setGroupColor(groupId, color);
     }
   );
-  electron.ipcMain.handle(Channels.TAB_TOGGLE_MUTE, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_TOGGLE_MUTE, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     return tabManager.toggleMuted(id);
   });
-  electron.ipcMain.handle(Channels.TAB_PRINT, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_PRINT, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     tabManager.printTab(id);
   });
-  electron.ipcMain.handle(Channels.TAB_PRINT_TO_PDF, (_, id) => {
+  electron.ipcMain.handle(Channels.TAB_PRINT_TO_PDF, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     return tabManager.saveTabAsPdf(id);
   });
-  electron.ipcMain.on(Channels.TAB_CONTEXT_MENU, (_event, id) => {
+  electron.ipcMain.on(Channels.TAB_CONTEXT_MENU, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     showTabContextMenu(tabManager, id, mainWindow, () => layoutViews(windowState));
   });
-  electron.ipcMain.on(Channels.TAB_GROUP_CONTEXT_MENU, (_event, groupId) => {
+  electron.ipcMain.on(Channels.TAB_GROUP_CONTEXT_MENU, (event, groupId) => {
+    requireTrusted(event);
     assertString(groupId, "groupId");
     showGroupContextMenu(tabManager, groupId, mainWindow);
   });
-  electron.ipcMain.handle(Channels.TAB_STATE_GET, () => ({
-    tabs: tabManager.getAllStates(),
-    activeId: tabManager.getActiveTabId() || ""
-  }));
-  electron.ipcMain.handle(Channels.AI_QUERY, async (_, query, history) => {
+  electron.ipcMain.handle(Channels.TAB_STATE_GET, (event) => {
+    requireTrusted(event);
+    return {
+      tabs: tabManager.getAllStates(),
+      activeId: tabManager.getActiveTabId() || ""
+    };
+  });
+  electron.ipcMain.handle(Channels.AI_QUERY, async (event, query, history) => {
+    requireTrusted(event);
     const settings2 = loadSettings();
     const chatConfig = settings2.chatProvider;
     if (!chatConfig) {
@@ -26503,10 +26958,12 @@ function registerIpcHandlers(windowState, runtime2) {
     })();
     return { accepted: true };
   });
-  electron.ipcMain.handle(Channels.AI_CANCEL, () => {
+  electron.ipcMain.handle(Channels.AI_CANCEL, (event) => {
+    requireTrusted(event);
     activeChatProvider?.cancel();
   });
-  electron.ipcMain.handle(Channels.AI_FETCH_MODELS, async (_, config) => {
+  electron.ipcMain.handle(Channels.AI_FETCH_MODELS, async (event, config) => {
+    requireTrusted(event);
     try {
       if (!config || typeof config !== "object" || !("id" in config)) {
         return errorResult("Invalid provider configuration", { models: [] });
@@ -26518,31 +26975,35 @@ function registerIpcHandlers(windowState, runtime2) {
       return errorResult(getErrorMessage(err), { models: [] });
     }
   });
-  electron.ipcMain.handle(Channels.CONTENT_EXTRACT, async () => {
+  electron.ipcMain.handle(Channels.CONTENT_EXTRACT, async (event) => {
+    requireTrusted(event);
     const activeTab = tabManager.getActiveTab();
     if (!activeTab) return null;
     return extractContent(activeTab.view.webContents);
   });
-  electron.ipcMain.handle(Channels.READER_MODE_TOGGLE, async () => {
+  electron.ipcMain.handle(Channels.READER_MODE_TOGGLE, async (event) => {
+    requireTrusted(event);
     const activeTab = tabManager.getActiveTab();
     if (!activeTab) return;
     if (activeTab.state.isReaderMode) {
       const originalUrl = activeTab.readerOriginalUrl;
       activeTab.setReaderMode(false);
       if (originalUrl) {
-        activeTab.view.webContents.loadURL(originalUrl);
+        void loadPermittedNavigationURL(activeTab.view.webContents, originalUrl);
       }
     } else {
       const originalUrl = activeTab.state.url;
       const content = await extractContent(activeTab.view.webContents);
       const html = generateReaderHTML(content);
       activeTab.setReaderMode(true, originalUrl);
-      activeTab.view.webContents.loadURL(
+      void loadInternalDataURL(
+        activeTab.view.webContents,
         `data:text/html;charset=utf-8,${encodeURIComponent(html)}`
       );
     }
   });
-  electron.ipcMain.handle(Channels.SIDEBAR_TOGGLE, () => {
+  electron.ipcMain.handle(Channels.SIDEBAR_TOGGLE, (event) => {
+    requireTrusted(event);
     windowState.uiState.sidebarOpen = !windowState.uiState.sidebarOpen;
     layoutViews(windowState);
     return {
@@ -26550,7 +27011,8 @@ function registerIpcHandlers(windowState, runtime2) {
       width: windowState.uiState.sidebarWidth
     };
   });
-  electron.ipcMain.handle(Channels.SIDEBAR_NAVIGATE, (_, tab) => {
+  electron.ipcMain.handle(Channels.SIDEBAR_NAVIGATE, (event, tab) => {
+    requireTrusted(event);
     assertString(tab, "tab");
     if (!windowState.uiState.sidebarOpen) {
       windowState.uiState.sidebarOpen = true;
@@ -26564,7 +27026,8 @@ function registerIpcHandlers(windowState, runtime2) {
       width: windowState.uiState.sidebarWidth
     };
   });
-  electron.ipcMain.handle(Channels.SIDEBAR_RESIZE_START, () => {
+  electron.ipcMain.handle(Channels.SIDEBAR_RESIZE_START, (event) => {
+    requireTrusted(event);
     sidebarResizeActive = true;
     clearSidebarResizeRecoveryTimer();
     const [width, height] = windowState.mainWindow.getContentSize();
@@ -26579,14 +27042,16 @@ function registerIpcHandlers(windowState, runtime2) {
     });
     scheduleSidebarResizeRecovery();
   });
-  electron.ipcMain.handle(Channels.SIDEBAR_RESIZE, (_, width) => {
+  electron.ipcMain.handle(Channels.SIDEBAR_RESIZE, (event, width) => {
+    requireTrusted(event);
     assertNumber(width, "width");
     const clamped = Math.max(240, Math.min(800, Math.round(width)));
     windowState.uiState.sidebarWidth = clamped;
     resizeSidebarViews(windowState);
     return clamped;
   });
-  electron.ipcMain.handle(Channels.SIDEBAR_RESIZE_COMMIT, () => {
+  electron.ipcMain.handle(Channels.SIDEBAR_RESIZE_COMMIT, (event) => {
+    requireTrusted(event);
     sidebarResizeActive = false;
     clearSidebarResizeRecoveryTimer();
     setSetting("sidebarWidth", windowState.uiState.sidebarWidth);
@@ -26594,7 +27059,8 @@ function registerIpcHandlers(windowState, runtime2) {
   });
   electron.ipcMain.on(
     Channels.RENDERER_VIEW_READY,
-    (_event, view) => {
+    (event, view) => {
+      requireTrusted(event);
       if (view !== "sidebar") return;
       if (!windowState.uiState.sidebarOpen) {
         windowState.uiState.sidebarOpen = true;
@@ -26602,12 +27068,14 @@ function registerIpcHandlers(windowState, runtime2) {
       }
     }
   );
-  electron.ipcMain.handle(Channels.FOCUS_MODE_TOGGLE, () => {
+  electron.ipcMain.handle(Channels.FOCUS_MODE_TOGGLE, (event) => {
+    requireTrusted(event);
     windowState.uiState.focusMode = !windowState.uiState.focusMode;
     layoutViews(windowState);
     return windowState.uiState.focusMode;
   });
-  electron.ipcMain.handle(Channels.SETTINGS_VISIBILITY, (_, open) => {
+  electron.ipcMain.handle(Channels.SETTINGS_VISIBILITY, (event, open) => {
+    requireTrusted(event);
     windowState.uiState.settingsOpen = open;
     if (open) {
       windowState.uiState.sidebarOpen = false;
@@ -26615,11 +27083,20 @@ function registerIpcHandlers(windowState, runtime2) {
     layoutViews(windowState);
     return windowState.uiState.settingsOpen;
   });
-  electron.ipcMain.handle(Channels.SETTINGS_GET, () => {
+  electron.ipcMain.handle(Channels.SETTINGS_GET, (event) => {
+    requireTrusted(event);
     return getRendererSettings();
   });
-  electron.ipcMain.handle(Channels.SETTINGS_HEALTH_GET, () => getRuntimeHealth());
-  electron.ipcMain.handle(Channels.SETTINGS_SET, async (_, key2, value) => {
+  electron.ipcMain.handle(Channels.SETTINGS_HEALTH_GET, (event) => {
+    requireTrusted(event);
+    return getRuntimeHealth();
+  });
+  electron.ipcMain.handle(Channels.MCP_REGENERATE_TOKEN, (event) => {
+    requireTrusted(event);
+    return regenerateMcpAuthToken();
+  });
+  electron.ipcMain.handle(Channels.SETTINGS_SET, async (event, key2, value) => {
+    requireTrusted(event);
     assertString(key2, "key");
     if (!SETTABLE_KEYS.has(key2)) {
       throw new Error(`Unknown setting key: ${key2}`);
@@ -26638,12 +27115,22 @@ function registerIpcHandlers(windowState, runtime2) {
     sendToRendererViews(Channels.SETTINGS_UPDATE, rendererSettings);
     return rendererSettings;
   });
-  electron.ipcMain.handle(Channels.AGENT_RUNTIME_GET, () => runtime2.getState());
-  electron.ipcMain.handle(Channels.AGENT_PAUSE, () => runtime2.pause());
-  electron.ipcMain.handle(Channels.AGENT_RESUME, () => runtime2.resume());
+  electron.ipcMain.handle(Channels.AGENT_RUNTIME_GET, (event) => {
+    requireTrusted(event);
+    return runtime2.getState();
+  });
+  electron.ipcMain.handle(Channels.AGENT_PAUSE, (event) => {
+    requireTrusted(event);
+    return runtime2.pause();
+  });
+  electron.ipcMain.handle(Channels.AGENT_RESUME, (event) => {
+    requireTrusted(event);
+    return runtime2.resume();
+  });
   electron.ipcMain.handle(
     Channels.AGENT_SET_APPROVAL_MODE,
-    (_, mode) => {
+    (event, mode) => {
+      requireTrusted(event);
       assertString(mode, "mode");
       if (!VALID_APPROVAL_MODES.includes(mode)) {
         throw new Error(`Invalid approval mode: ${mode}`);
@@ -26655,34 +27142,44 @@ function registerIpcHandlers(windowState, runtime2) {
   );
   electron.ipcMain.handle(
     Channels.AGENT_APPROVAL_RESOLVE,
-    (_, approvalId, approved) => runtime2.resolveApproval(approvalId, approved)
+    (event, approvalId, approved) => {
+      requireTrusted(event);
+      return runtime2.resolveApproval(approvalId, approved);
+    }
   );
   electron.ipcMain.handle(
     Channels.AGENT_CHECKPOINT_CREATE,
-    (_, name, note) => runtime2.createCheckpoint(name, note)
-  );
-  electron.ipcMain.handle(
-    Channels.AGENT_CHECKPOINT_RESTORE,
-    (_, checkpointId) => runtime2.restoreCheckpoint(checkpointId)
-  );
-  electron.ipcMain.handle(
-    Channels.AGENT_CHECKPOINT_UPDATE_NOTE,
-    (_, checkpointId, note) => runtime2.updateCheckpointNote(checkpointId, note || "")
-  );
-  electron.ipcMain.handle(
-    Channels.AGENT_UNDO_LAST_ACTION,
-    () => runtime2.undoLastAction()
-  );
-  electron.ipcMain.handle(
-    Channels.AGENT_SESSION_CAPTURE,
-    (_, note) => runtime2.captureSession(note)
+    (event, name, note) => {
+      requireTrusted(event);
+      return runtime2.createCheckpoint(name, note);
+    }
   );
+  electron.ipcMain.handle(Channels.AGENT_CHECKPOINT_RESTORE, (event, checkpointId) => {
+    requireTrusted(event);
+    return runtime2.restoreCheckpoint(checkpointId);
+  });
+  electron.ipcMain.handle(Channels.AGENT_CHECKPOINT_UPDATE_NOTE, (event, checkpointId, note) => {
+    requireTrusted(event);
+    return runtime2.updateCheckpointNote(checkpointId, note || "");
+  });
+  electron.ipcMain.handle(Channels.AGENT_UNDO_LAST_ACTION, (event) => {
+    requireTrusted(event);
+    return runtime2.undoLastAction();
+  });
+  electron.ipcMain.handle(Channels.AGENT_SESSION_CAPTURE, (event, note) => {
+    requireTrusted(event);
+    return runtime2.captureSession(note);
+  });
   electron.ipcMain.handle(
     Channels.AGENT_SESSION_RESTORE,
-    (_, snapshot) => runtime2.restoreSession(snapshot)
+    (event, snapshot2) => {
+      requireTrusted(event);
+      return runtime2.restoreSession(snapshot2);
+    }
   );
   registerBookmarkHandlers();
-  electron.ipcMain.handle(Channels.HIGHLIGHT_CAPTURE, async () => {
+  electron.ipcMain.handle(Channels.HIGHLIGHT_CAPTURE, async (event) => {
+    requireTrusted(event);
     try {
       const activeTab = tabManager.getActiveTab();
       if (!activeTab) {
@@ -26726,10 +27223,12 @@ function registerIpcHandlers(windowState, runtime2) {
       logger$4.warn("Failed to persist auto-highlight selection:", err);
     }
   });
-  electron.ipcMain.handle(Channels.HIGHLIGHT_NAV_COUNT, () => {
+  electron.ipcMain.handle(Channels.HIGHLIGHT_NAV_COUNT, (event) => {
+    requireTrusted(event);
     return getActiveHighlightCountSafe();
   });
-  electron.ipcMain.handle(Channels.HIGHLIGHT_NAV_SCROLL, (_, index) => {
+  electron.ipcMain.handle(Channels.HIGHLIGHT_NAV_SCROLL, (event, index) => {
+    requireTrusted(event);
     const info = getActiveTabInfo(tabManager);
     if (!info) return false;
     try {
@@ -26739,7 +27238,8 @@ function registerIpcHandlers(windowState, runtime2) {
       return false;
     }
   });
-  electron.ipcMain.handle(Channels.HIGHLIGHT_NAV_REMOVE, async (_, index) => {
+  electron.ipcMain.handle(Channels.HIGHLIGHT_NAV_REMOVE, async (event, index) => {
+    requireTrusted(event);
     const info = getActiveTabInfo(tabManager);
     if (!info) return false;
     try {
@@ -26753,7 +27253,8 @@ function registerIpcHandlers(windowState, runtime2) {
       return false;
     }
   });
-  electron.ipcMain.handle(Channels.HIGHLIGHT_NAV_CLEAR, async () => {
+  electron.ipcMain.handle(Channels.HIGHLIGHT_NAV_CLEAR, async (event) => {
+    requireTrusted(event);
     const info = getActiveTabInfo(tabManager);
     if (!info) return false;
     try {
@@ -26768,22 +27269,27 @@ function registerIpcHandlers(windowState, runtime2) {
     }
   });
   const findBridge = createFindInPageBridge(tabManager, chromeView);
-  electron.ipcMain.handle(Channels.FIND_IN_PAGE_START, (_, text, options) => {
+  electron.ipcMain.handle(Channels.FIND_IN_PAGE_START, (event, text, options) => {
+    requireTrusted(event);
     return findBridge.start(text, options);
   });
-  electron.ipcMain.handle(Channels.FIND_IN_PAGE_NEXT, (_, forward) => {
+  electron.ipcMain.handle(Channels.FIND_IN_PAGE_NEXT, (event, forward) => {
+    requireTrusted(event);
     return findBridge.next(forward);
   });
-  electron.ipcMain.handle(Channels.FIND_IN_PAGE_STOP, (_, action) => {
+  electron.ipcMain.handle(Channels.FIND_IN_PAGE_STOP, (event, action) => {
+    requireTrusted(event);
     findBridge.stop(action);
   });
   registerHistoryHandlers();
-  electron.ipcMain.handle(Channels.DEVTOOLS_PANEL_TOGGLE, () => {
+  electron.ipcMain.handle(Channels.DEVTOOLS_PANEL_TOGGLE, (event) => {
+    requireTrusted(event);
     windowState.uiState.devtoolsPanelOpen = !windowState.uiState.devtoolsPanelOpen;
     layoutViews(windowState);
     return { open: windowState.uiState.devtoolsPanelOpen };
   });
-  electron.ipcMain.handle(Channels.DEVTOOLS_PANEL_RESIZE, (_, height) => {
+  electron.ipcMain.handle(Channels.DEVTOOLS_PANEL_RESIZE, (event, height) => {
+    requireTrusted(event);
     const clamped = Math.max(MIN_DEVTOOLS_PANEL, Math.min(MAX_DEVTOOLS_PANEL, Math.round(height)));
     windowState.uiState.devtoolsPanelHeight = clamped;
     layoutViews(windowState);
@@ -26796,20 +27302,24 @@ function registerIpcHandlers(windowState, runtime2) {
   registerHumanVaultHandlers();
   registerWindowControlHandlers(mainWindow);
   registerCodexHandlers();
-  electron.ipcMain.handle(Channels.AUTOMATION_GET_INSTALLED, () => {
+  electron.ipcMain.handle(Channels.AUTOMATION_GET_INSTALLED, (event) => {
+    requireTrusted(event);
     return getInstalledKits();
   });
-  electron.ipcMain.handle(Channels.AUTOMATION_INSTALL_FROM_FILE, async () => {
+  electron.ipcMain.handle(Channels.AUTOMATION_INSTALL_FROM_FILE, async (event) => {
+    requireTrusted(event);
     return await installKitFromFile();
   });
-  electron.ipcMain.handle(Channels.AUTOMATION_UNINSTALL, (_event, id) => {
+  electron.ipcMain.handle(Channels.AUTOMATION_UNINSTALL, (event, id) => {
+    requireTrusted(event);
     assertString(id, "id");
     return uninstallKit(id, getScheduledKitIds());
   });
   registerScheduleHandlers(windowState, runtime2, sendToRendererViews);
   registerAutofillHandlers(windowState);
   registerPageDiffHandlers(windowState, sendToRendererViews);
-  electron.ipcMain.handle(Channels.CLEAR_BROWSING_DATA, async (_, options) => {
+  electron.ipcMain.handle(Channels.CLEAR_BROWSING_DATA, async (event, options) => {
+    requireTrusted(event);
     const { cache, cookies, history, localStorage: clearLs, timeRange } = options;
     if (cache) {
       await electron.session.defaultSession.clearCache();
@@ -26826,25 +27336,47 @@ function registerIpcHandlers(windowState, runtime2) {
   });
   setDownloadBroadcaster(sendToRendererViews);
   setPermissionBroadcaster(sendToRendererViews);
-  electron.ipcMain.handle(Channels.DOWNLOADS_GET, () => listDownloads());
-  electron.ipcMain.handle(Channels.DOWNLOADS_CLEAR, () => {
+  electron.ipcMain.handle(Channels.DOWNLOADS_GET, (event) => {
+    requireTrusted(event);
+    return listDownloads();
+  });
+  electron.ipcMain.handle(Channels.DOWNLOADS_CLEAR, (event) => {
+    requireTrusted(event);
     clearDownloads();
     return true;
   });
-  electron.ipcMain.handle(Channels.DOWNLOADS_OPEN, (_event, id) => openDownload(id));
-  electron.ipcMain.handle(Channels.DOWNLOADS_SHOW_IN_FOLDER, (_event, id) => showDownloadInFolder(id));
-  electron.ipcMain.handle(Channels.PERMISSIONS_GET, () => listPermissions());
-  electron.ipcMain.handle(Channels.PERMISSIONS_CLEAR, () => {
+  electron.ipcMain.handle(Channels.DOWNLOADS_OPEN, (event, id) => {
+    requireTrusted(event);
+    return openDownload(id);
+  });
+  electron.ipcMain.handle(Channels.DOWNLOADS_SHOW_IN_FOLDER, (event, id) => {
+    requireTrusted(event);
+    return showDownloadInFolder(id);
+  });
+  electron.ipcMain.handle(Channels.PERMISSIONS_GET, (event) => {
+    requireTrusted(event);
+    return listPermissions();
+  });
+  electron.ipcMain.handle(Channels.PERMISSIONS_CLEAR, (event) => {
+    requireTrusted(event);
     clearPermissions();
     return true;
   });
-  electron.ipcMain.handle(Channels.PERMISSIONS_CLEAR_ORIGIN, (_event, origin) => {
+  electron.ipcMain.handle(Channels.PERMISSIONS_CLEAR_ORIGIN, (event, origin) => {
+    requireTrusted(event);
     clearPermissionsForOrigin(origin);
     return true;
   });
-  electron.ipcMain.handle(Channels.UPDATES_CHECK, () => checkForUpdates());
-  electron.ipcMain.handle(Channels.UPDATES_OPEN_DOWNLOAD, () => openUpdateDownload());
-  electron.ipcMain.handle(Channels.TAB_TOGGLE_PIP, async () => {
+  electron.ipcMain.handle(Channels.UPDATES_CHECK, (event) => {
+    requireTrusted(event);
+    return checkForUpdates();
+  });
+  electron.ipcMain.handle(Channels.UPDATES_OPEN_DOWNLOAD, (event) => {
+    requireTrusted(event);
+    return openUpdateDownload();
+  });
+  electron.ipcMain.handle(Channels.TAB_TOGGLE_PIP, async (event) => {
+    requireTrusted(event);
     return togglePictureInPicture(tabManager);
   });
 }
@@ -27276,6 +27808,7 @@ class AgentRuntime {
     this.state = this.loadPersistedState();
     onMcpStatusChange(() => this.emit());
   }
+  tabManager;
   state;
   updateListener = null;
   pendingResolvers = /* @__PURE__ */ new Map();
@@ -27287,11 +27820,11 @@ class AgentRuntime {
     }
   }
   getState() {
-    const snapshot = clone(this.state);
-    snapshot.mcpStatus = getMcpStatus();
-    snapshot.canUndo = this.canUndo();
-    snapshot.undoInfo = this.getUndoInfo();
-    return snapshot;
+    const snapshot2 = clone(this.state);
+    snapshot2.mcpStatus = getMcpStatus();
+    snapshot2.canUndo = this.canUndo();
+    snapshot2.undoInfo = this.getUndoInfo();
+    return snapshot2;
   }
   onTabStateChanged() {
     this.captureSession();
@@ -27327,13 +27860,13 @@ class AgentRuntime {
     return this.getState();
   }
   createCheckpoint(name, note) {
-    const snapshot = this.captureSession(note);
+    const snapshot2 = this.captureSession(note);
     const checkpoint = {
       id: crypto$2.randomUUID(),
       name: name?.trim() || `Checkpoint ${this.state.checkpoints.length + 1}`,
       createdAt: (/* @__PURE__ */ new Date()).toISOString(),
       note: note?.trim() || void 0,
-      snapshot
+      snapshot: snapshot2
     };
     this.state.checkpoints = [...this.state.checkpoints, checkpoint].slice(
       -20
@@ -27367,26 +27900,26 @@ class AgentRuntime {
     return { actionName: latest.actionName, capturedAt: latest.capturedAt };
   }
   undoLastAction() {
-    const snapshot = this.undoSnapshots.at(-1);
-    if (!snapshot) return null;
+    const snapshot2 = this.undoSnapshots.at(-1);
+    if (!snapshot2) return null;
     try {
-      this.tabManager.restoreSession(snapshot.snapshot);
+      this.tabManager.restoreSession(snapshot2.snapshot);
       this.undoSnapshots.pop();
     } catch (error) {
       logger$3.error("Failed to restore undo snapshot", error);
       return null;
     }
-    this.captureSession(`Undid ${snapshot.actionName}`);
-    return snapshot.actionName;
+    this.captureSession(`Undid ${snapshot2.actionName}`);
+    return snapshot2.actionName;
   }
   captureSession(note) {
-    const snapshot = this.tabManager.snapshotSession(note);
-    this.state.session = snapshot;
+    const snapshot2 = this.tabManager.snapshotSession(note);
+    this.state.session = snapshot2;
     this.emit();
-    return clone(snapshot);
+    return clone(snapshot2);
   }
-  restoreSession(snapshot) {
-    const target = snapshot || this.state.session;
+  restoreSession(snapshot2) {
+    const target = snapshot2 || this.state.session;
     if (!target) {
       return this.captureSession("No saved session to restore");
     }
@@ -27528,6 +28061,7 @@ ${progress}
     args = {},
     tabId = null,
     dangerous = false,
+    requiresApproval = false,
     undoable,
     executor
   }) {
@@ -27547,7 +28081,7 @@ ${progress}
       streamId: transcriptStreamId,
       mode: "replace"
     });
-    const approvalReason = this.getApprovalReason(dangerous);
+    const approvalReason = this.getApprovalReason(dangerous, requiresApproval);
     if (approvalReason) {
       this.publishTranscript({
         source,
@@ -27625,8 +28159,8 @@ ${progress}
       capturedAt: (/* @__PURE__ */ new Date()).toISOString()
     };
   }
-  pushUndoSnapshot(snapshot) {
-    this.undoSnapshots = [...this.undoSnapshots, snapshot].slice(
+  pushUndoSnapshot(snapshot2) {
+    this.undoSnapshots = [...this.undoSnapshots, snapshot2].slice(
       -10
     );
   }
@@ -27770,10 +28304,13 @@ ${progress}
       )
     };
   }
-  getApprovalReason(dangerous) {
+  getApprovalReason(dangerous, requiresApproval) {
     if (this.state.supervisor.paused) {
       return "Agent execution is paused";
     }
+    if (requiresApproval) {
+      return "Approval required: high-risk action";
+    }
     if (this.state.supervisor.approvalMode === "manual") {
       return "Approval required: ask every time mode";
     }