v0.2.4

Security hardening, notebook sandbox, and naming cleanup

Security (23 vulnerabilities fixed)

• Path traversal protection on file read, pipeline scripts, and connector imports
• WebSocket authentication for agent and collaboration endpoints
• SQL validation (read-only enforcement) across query, CSV export, collaboration, and dashboard widgets
• Auth tokens hashed (SHA-256) before storage
• Secrets masked in notebook output
• _havn schema blocked from all user-facing query surfaces
• HTTP security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
• CORS restricted to explicit methods and headers
• Docker container runs as non-root user
• .env file permissions set to 0600 after write
• Login timing oracle fixed (constant-time on missing user)
• Connector target_schema blocked from writing to _havn
• Dashboard import validates widget types

Notebook sandbox

• AST validation blocks access to havn server internals and dunder-based escape patterns
• Guarded open() blocks .env and dotfile reads
• SafeDbProxy blocks _havn, ATTACH, INSTALL, LOAD, COPY TO via db connection
• 60-second per-cell execution timeout
• All standard packages remain available (os, pathlib, urllib, pandas, numpy, etc.)

Naming

• Internal DuckDB schema renamed from _dp_internal to _havn
• All dp_ prefixes replaced with havn_ (localStorage keys, temp schemas, metadata dirs)
• .cursorrules, LICENSE, docs, frontend updated

Breaking change: Existing warehouse.duckdb files still use the _dp_internal schema. Run ALTER SCHEMA _dp_internal RENAME TO _havn in DuckDB to migrate, or start fresh with havn init.