Define remote installer trust policy for setup profiles

[codeforester]

Finding

Base intentionally invokes remote installers in a few places:

• Homebrew bootstrap uses Homebrew's official install/HEAD/install.sh path.
• The optional ai setup profile runs the official Codex CLI and Claude Code installer URLs.

The Homebrew trust decision is documented, and the AI profile is opt-in, but v1 should have one clear policy for remote shell installers across setup surfaces. This is especially important because Base is a bootstrap tool: users are being asked to trust it very early on a new machine.

Project fields

• Priority: P2
• Size: M
• Initiative: Security

Expected outcome

Define and implement a consistent remote-installer policy for Base setup and setup profiles.

The policy should answer:

• Which remote installer URLs does Base allow by default?
• Which commands require explicit profile opt-in or confirmation?
• How should dry-run display remote installer commands?
• How should non-interactive usage behave?
• What does Base document for teams that require managed-device or pinned-installer controls?
• How are installer command outputs logged and redacted?

Suggested implementation

• Add a dedicated docs section for remote installer trust decisions.
• Centralize remote installer definitions and policy checks where practical.
• Consider an explicit confirmation or --yes behavior for optional profile installers when running interactively.
• Keep CI and non-interactive setup deterministic.
• Ensure dry-run never downloads or executes remote installer content.
• Add tests for AI profile setup, dry-run, and non-interactive behavior.

Validation

• Add BATS/Python tests around profile installer policy behavior.
• Verify README/docs explain Homebrew and AI installer trust boundaries in one place.
• Verify basectl setup --profile ai --dry-run shows planned installer commands without execution.
• Run env -u BASE_HOME ./bin/base-test.

[codeforester]

Completed by PR #520.