v0.51.545 — Release TD (extension manifest asset bundles)

Release v0.51.545 — Release TD (extension manifest asset bundles)

Ships #4561 (santastabber). Maintainer-blessed (richer/more-full-featured extension system). Deep-gated for the security of the manifest loader.

Added

• Bundle extension assets with a manifest instead of long comma-separated URL lists (#4505). A new HERMES_WEBUI_EXTENSION_MANIFEST env points to a small JSON manifest (≤64 KB) listing an extension's scripts/stylesheets, replacing unwieldy HERMES_WEBUI_EXTENSION_SCRIPT_URLS strings for multi-extension self-hosters. Per-extension enabled: false skips a bundle. Manifest path is traversal-guarded; every asset URL still goes through the same same-origin allowlist validator (/extensions/ or /static/ only); capped at 32 + deduped; default-off. Thanks @santastabber.

Gate

• Full pytest suite: 9851 passed, 0 failed
• Codex: SAFE TO SHIP (re-confirm after fix)
• Opus: SAFE — adversarially verified: path traversal blocked (../, %2e%2e, in-dir symlink→/etc all rejected); same-origin allowlist preserved (https://evil, //evil, javascript:, data:, injection payloads all rejected); default-off byte-identical; html.escape belt-and-suspenders at injection
• One BRICK found + fixed at the gate: a ≤64 KB but deeply-nested manifest raised RecursionError in json.loads and escaped into the app-shell route (every page 503). Added RecursionError to the fail-safe handler + a regression test (verified red-without/green-with).

Closes #4505.