#13144: harden archive extraction, auth tokens, hook transforms, and queue limits

1. Tar archive extraction path traversal (src/infra/archive.ts) - Added a `filter` callback to `tar.x()` that validates each entry path resolves within the destination directory before extraction. The zip extraction path already had this check; tar did not. 2. Hook token timing attack (src/gateway/server-http.ts) - Replaced plain `!==` string comparison of the webhook hook token with `crypto.timingSafeEqual`, preventing character-by-character brute-force via response-time measurement. The main gateway auth already used timing-safe comparison; the hook endpoint did not. 3. TLS fingerprint pinning clarity (src/gateway/client.ts) - Documented why `rejectUnauthorized: false` is required when using certificate fingerprint pinning with self-signed certificates generated by the gateway's auto-TLS feature. 4. Hook transform module path traversal (src/gateway/hooks-mapping.ts) - `resolvePath()` previously accepted absolute paths and `../` sequences, allowing a malicious config to load and execute arbitrary JS files via `import()`. Now validates that the resolved path stays within the transforms base directory. 5. Unbounded command queue DoS (src/process/command-queue.ts) - Added a per-lane max queue depth (default 1000). Enqueue attempts beyond this limit are rejected immediately with an error, preventing memory exhaustion from unbounded task accumulation. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> Changes focus on hardening several security-sensitive areas: - Adds a path containment check for tar extraction entries (matching existing zip behavior). - Switches webhook hook token comparison to `timingSafeEqual`. - Documents the trust model when using TLS fingerprint pinning with self-signed gateway certs. - Restricts hook transform module resolution to remain within the configured transforms base directory. - Adds a per-lane maximum queue depth to prevent unbounded command queue growth. Overall, the PR moves multiple edge cases toward safer defaults, but there are a couple of correctness/portability issues in the new path and queue-limit checks that should be addressed before merging. <h3>Confidence Score: 3/5</h3> - This PR is directionally good but has a few correctness/portability issues to address before merging. - Security hardening changes are generally sound, but the new path containment check relies on string prefix logic that can misbehave on case-insensitive platforms, and the new queue limit semantics may not enforce the intended hard cap. These should be corrected to avoid false rejections or incomplete protection. - src/gateway/hooks-mapping.ts, src/process/command-queue.ts, src/infra/archive.ts <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->