v2.33.0

v2.33.0 — Web security hardening

Security-hardening release closing a cross-origin / DNS-rebinding gap in C3's local web servers, plus two related hardenings and two c3_read fixes.

pip install -U code-context-control

🔒 Security

• Cross-origin / CSRF + DNS-rebinding hardening for all local web servers. The Hub, per-project UI, and Oracle bind to loopback but had no auth, no Origin/Host validation, and wildcard CORS — so any web page open in the user's browser could drive state-changing endpoints (the launch-ide custom command, adding a malicious MCP server, downgrading Claude permissions, wiping data) and read the Oracle Discovery bearer token. A new shared guard (core/web_security.py) now enforces a Host-header allowlist (defeats DNS rebinding) + an Origin/Referer check on every request (defeats CSRF), and replaces wildcard CORS with scoped, same-origin reflection. Loopback and non-browser API clients are unaffected; non-loopback binds honour host/bind_host + an optional allowed_hosts list. Oracle Discovery bearer auth still applies on top.
• api_projects_open (Hub + UI) now refuses non-directory paths, so it can no longer launch an arbitrary file via the OS default handler.
• c3_shell blocklist strengthened to also cover rm -rf /*, rm -rf of a whole top-level system directory, and Windows whole-drive-root wipes (del/rd/format C:\). Nested-path deletes stay allowed. Documented explicitly as a best-effort guard, not a sandbox.

🐛 Fixed

• c3_read silently returned the file map instead of source for lines range reads — MCP serializes lines as a string (e.g. "[22, 193]"), which fell through the range logic. lines is now coerced like symbols.
• Comma-separated symbols ("a,b,c") now split into multiple targets instead of being read as one ambiguous name.

✅ Quality

• New tests: tests/test_web_security.py, tests/test_read_coercion.py; extended tests/test_c3_shell.py. Full suite green across macOS/Ubuntu/Windows × py3.10–3.12.

See CHANGELOG.md for full details.