Security fixes, type safety, and tooling improvements

## Summary

Audit identified security vulnerabilities, broken tooling, and type safety issues that need to be resolved.

## Issues

### Security
- **Command injection in `browser.ts`** — `exec()` with unsanitized URL input allows arbitrary shell command execution
- **Credential file permissions** — `credentials.json` created with default 0644 permissions, readable by all users on shared systems

### Type Safety
- **5 TypeScript type errors** — `pnpm typecheck` fails (unsafe casts, missing `paused` status in union type, incompatible `markedTerminal` type)

### Tooling
- **Biome 2.x config broken** — `biome.json` uses deprecated v1.x keys (`organizeImports`, `files.ignore`), linter cannot run
- **Lint auto-fixes** — template literals, import sorting, unused imports

### Reliability
- **Infinite polling in contents command** — async job handler has no timeout, can hang forever
- **Hardcoded User-Agent** — `valyu-cli/1.0.0` hardcoded in 4 places instead of using `VERSION` constant

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security fixes, type safety, and tooling improvements #13

Summary

Issues

Security

Type Safety

Tooling

Reliability

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security fixes, type safety, and tooling improvements #13

Description

Summary

Issues

Security

Type Safety

Tooling

Reliability

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions