v0.2.2 — security hardening pass

Security hardening pass — reviewed against four independent AI code reviews (codex / deepseek / glm / kimi). No CRITICAL findings.

Highlights

• Uninstall data-safety — full uninstall no longer deletes /home/pai/.claude (PAI memory, Claude OAuth/session) via userdel -r while printing that it preserved the data. Home deletion now requires --purge-data with a typed confirmation. Tailscale Serve cleanup no longer runs a global serve reset that wiped unrelated loopback routes.
• Gateway — loopback-validated pulseOrigin (closes an authenticated SSRF / open-proxy), pairing rate-limit now persisted across restarts (no fresh attempt-window on crash-loop), safe reset-access rotation (aborts before writing if the managed user is unresolved; loud on restart failure), Server version header stripped, HSTS added, tightened cookie/pairing validation.
• Install — pinned @anthropic-ai/claude-code@2.1.183 and verified the Tailscale apt signing-key fingerprint (both were previously unverified code-execution paths); tty-gated pairing-code display (no leak to curl|bash/tee/CI logs); stopped writing the Tailscale auth URL to world-readable /tmp; single-flight flock; scoped ERR→rollback trap; and self-bootstrap so the advertised curl … | sudo bash paste install actually fetches and builds the gateway.
• CI / backup / repo — pin-bot PR body fixed (was a literal $(cat …)) and third-party actions SHA-pinned; root-only enforcement before sourcing the backup off-site env; untracked .omc working artifacts; scrubbed local-path topology from CLAUDE.md.

Verification

tsc --noEmit + 52 bun test + shellcheck -S warning + the full shell-test suite — all green. Adds regression tests for the SSRF, rate-limit persistence, pairing/cookie validation, pairing-code leak, and uninstall data/route preservation.

Install

curl -fsSL https://raw.githubusercontent.com/gl0bal01/pai-anywhere/v0.2.2/install.sh | sudo bash