* fix(security): prevent shell injection in WebSocket handler and harden auth
- Replace hardcoded JWT secret with auto-generated per-installation secret
- Add database validation to WebSocket authentication
- Add token expiration (7d) with auto-refresh
- Validate projectPath and sessionId in shell handler
- Use cwd instead of shell string interpolation for project paths
- Add CORS exposedHeaders for token refresh
* fix: small fix on languages
Update .env.example with comprehensive CLI command documentation and
clearer DATABASE_PATH configuration comments. Enhance README.md with
restructured installation guide featuring new cloudcli commands,
detailed PM2 background service setup instructions, and improved
organization of global installation benefits and restart procedures.
Add CLI command reference showing cloudcli start, status, help, and
version commands. Expand PM2 section with separate subsections for
installation, service startup, and auto-start configuration.
Implement comprehensive API key management functionality including
generation, validation, and CRUD operations.
Changes:
- Add API key database schema and operations (create, validate, delete,
toggle)
- Generating a commit message will now work properly with claude sdk and cursor cli and return a suggested commit message
- Implement crypto-based key generation with 'ck_' prefix
- Add session ID tracking in claude-sdk.js and cursor-cli.js
- Update database layer with API key validation and last_used tracking
- Support multi-user API key management with user association
This enables secure programmatic access to the agent service
