security: openhome-cli MEDIUMs — tmpdir, key-detection, version pinning

[Bradymck]

Summary

openhome-cli MEDIUM bucket from the audit.

MEDIUM — Agent prompt written to /tmp on Linux

`src/commands/agents-edit.ts` wrote the in-flight prompt to `os.tmpdir()` — on Linux that's `/tmp` mode 1777, readable by any local user while the editor session is open. Now uses `~/.openhome/tmp` (mode 0o700) via `mkdtempSync`, file written 0o600.

MEDIUM — Hardcoded-key detection regex missed common providers

`HARDCODED_KEY_PATTERN` only caught `sk_/sk-/key_` prefixes followed by plain alphanumerics. Missed: OpenAI project keys, Anthropic keys, Stripe, GitHub PATs, AWS access keys, Slack bot tokens, Google API keys. Replaced with a single alternation covering every common provider format.

MEDIUM — Auto-update re-exec used remote version string with weak validation

`src/cli.ts` fetched `openhome-cli@latest` and passed the version into `execFileSync("npx", [`openhome-cli@${latest}`, …])`. The `/^\d+.\d+.\d+$/` check allowed arbitrarily long digit runs and ran AFTER the cache write. Tightened to `/^\d{1,5}.\d{1,5}.\d{1,5}$/` with a 32-char cap, and re-validates on every cache READ too so a poisoned-by-older-CLI cache value is discarded.

Test plan

• `tsc --noEmit` — same 5 pre-existing errors in unrelated files; none from this PR (verified locally)
• `openhome agents edit ` creates the temp file under `~/.openhome/tmp/agent-edit-XXXX/` with mode 0o600
• An ability with embedded `AKIA…` / `ghp_…` / `sk-proj-…` / `AIza…` is now flagged by the validator
• Hand-poisoned `config.json` with `latest_version_cache: "999.0.0.999999"` is rejected on next CLI invocation

🤖 Generated with Claude Code