#14197: fix(security): harden browser API auth, token comparisons, and hook tokens

## Summary - **Extract `safeEqual()` to shared utility** (`src/security/safe-equal.ts`) for constant-time string comparison, replacing the local copy in `gateway/auth.ts` - **Fix 7 timing-unsafe token comparisons** across gateway hooks, device/node pairing, bridge server, and extension relay using the shared `safeEqual` - **Add Bearer token auth + Host header validation to browser control API** — secure by default with auto-generated token; opt-out via `browser.auth.enabled: false` - **Add `hooks.allowQueryToken` config flag** to control query-string token acceptance (default `true` for backward compat, with `Deprecation` header and migration path to `false`) - **Add security guardrails to AGENTS.md** — document safeEqual usage, browser auth config, hook token security, and DNS rebinding protection patterns Based on a Codex CLI security audit that identified three categories of vulnerability: 1. Unauthenticated browser control API with ~30+ mutation endpoints (Medium) 2. Hook auth token accepted via query string leaking in logs/referrers (Medium) 3. Non-constant-time token comparisons in 7 locations (Low) ## Test plan - [x] `pnpm build` passes - [x] `pnpm check` passes (type-check + lint + format) - [x] All 169 browser tests pass (28 test files) - [x] All hooks tests pass (5/5) - [x] All device/node pairing tests pass - [x] New `safeEqual` unit tests pass (5/5) - [x] Existing browser test mocks updated with `auth: { enabled: false }` - [x] AGENTS.md guardrails added for future contributors 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR strengthens several auth-related surfaces: - Introduces a shared `safeEqual()` helper for timing-safe string comparisons and replaces direct `===` token checks across gateway hooks, pairing flows, browser bridge/relay, and gateway auth. - Secures the browser control API by default with Bearer token auth (auto-generated token unless configured) and adds Host header validation to reduce DNS rebinding exposure. - Adds `hooks.allowQueryToken` to control whether hook tokens are accepted via query string, with deprecation messaging to encourage moving to header-based auth. Overall, the changes align with existing gateway auth patterns and tighten local control surfaces, but there is a correctness bug in the new browser Host validation (see comment). <h3>Confidence Score: 3/5</h3> - This PR is close to safe to merge but has a loopback Host validation bug that can break legitimate IPv6 local access to the browser control API. - Most changes are localized and add security hardening with minimal behavioral impact, but the new Host header allowlist in the browser server will incorrectly reject standard bracketed IPv6 hosts with ports (e.g. `[::1]:<port>`), which can cause 403s for valid requests until fixed. - src/browser/server.ts <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->