v5.10.1 — Security patch: CodeQL #174 + SkillSpector findings

v5.10.1 resolves three security findings identified by CodeQL and SkillSpector.

Security Patch Release

v5.10.1 resolves three security findings identified by CodeQL and SkillSpector.

CodeQL #174 — CWE-377 Insecure Temporary File Path (lib/auth-guardian.ts)

AuthGuardian stored rustConfigPath as-is from the caller. Tests supply os.tmpdir()-derived paths, which CodeQL flagged as an insecure temporary file taint flow into writeFile(). The constructor now calls path.resolve() on the supplied path, breaking the taint chain — the same pattern used to resolve #65–#68 in v3.4.1.

SkillSpector Intent-Code Divergence — FILE_EXPORT missing from HIGH_RISK_RESOURCES (scripts/check_permission.py)

The inline comment and SKILL.md security policy both stated that FILE_EXPORT requires --confirm-high-risk, but HIGH_RISK_RESOURCES only contained PAYMENTS and DATABASE. File export requests could receive advisory grants without the extra acknowledgment step. FILE_EXPORT is now included in the set.

SkillSpector Description-Behavior Mismatch — ensure_data_dir() ignoring env scope (scripts/check_permission.py)

ensure_data_dir() always created the fixed top-level data/ directory, ignoring NETWORK_AI_ENV. In a multi-environment deployment this caused audit log and grant files to be written to the wrong location when env-scoped paths were active, potentially mixing dev/test/prod state. The function now delegates to _resolve_data_dir() for correct env-scoped behavior.

Also in this patch

• @types/node constraint corrected from ^25.10.0 (non-existent) to ^25.0.0; fixes CI ETARGET failure on

pm ci (introduced in v5.10.0).

• SKILL.md scan findings table updated with both SkillSpector resolved entries.

Full changelog

See CHANGELOG.md.