Harden public repo security and validation

[jvogan]

Summary

• harden local daemon and bridge access with loopback-only URL validation, response limits, path validation, multipart caps, and operation cancellation
• require SHA-256 verification for remote model artifacts, add VibeVoice/Voxtral catalog integrity metadata, and verify installed packs during refresh recovery
• expand public repo audits, secret/history scans, Dependabot coverage, and validation scripts while removing public-facing private-token placeholders

Validation

• make validate-public
• swift test --package-path apps/ValarCLI --jobs 1
• swift build --package-path apps/ValarDaemon --scratch-path --jobs 1
• bun audit
• bun run typecheck
• bash tools/public_repo_secret_scan.sh --root . --include-ignored
• bash tools/public_repo_history_scan.sh --root .
• bash tools/public_repo_audit.sh --root .

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6b3a5fbd59

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve non-ASCII passphrases in extraction

Normalizing phraseWords with normalise(...).filter(Boolean) before any matching makes passphrases written in non-ASCII scripts (for example Japanese or Cyrillic) collapse to an empty token list, which now forces passphraseFound to false even when the transcript contains the exact phrase. Before this change, the non-aligner path used a direct case-insensitive substring check and would accept such phrases; this regression blocks multilingual passphrase workflows entirely.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Avoid global 120s timeout for daemon requests

Setting a default 120-second timeout in the shared daemonFetch helper applies to all bridge operations (including synthesis/transcription calls) and can abort valid long-running requests, returning a generic daemon-unavailable error even when the daemon is healthy. Since this wrapper is now used across tools, the new hard cap introduces request failures for larger inputs that previously completed successfully.

Useful? React with 👍 / 👎.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.