Address security and code quality issues from PR review

[Copilot]

Description

Addresses security vulnerabilities and code quality issues identified in PR #17 review thread 3614513801. Masks sensitive API keys in UI, adds command validation to prevent execution of dangerous shell commands, fixes model detection false positives, and removes redundant code.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code refactoring
• Performance improvement
• Test addition or update
• Dependency update

Related Issues

Related to #17

Changes Made

Security Enhancements

• Mask API keys in buildApiKeySelectOptions - keys now display as ***<last4> in descriptions instead of plaintext
• Add validateCommand() to block dangerous patterns before shell execution: rm -rf /, fork bombs, mkfs, dd to disk devices

Bug Fixes

• Fix o1/o3 model detection to use /^o1(-|$)/ regex instead of startsWith("o1") - prevents false matches with "o10", "o100"
• Fix unused initial assignment in masked variable logic by checking storedValue directly

Code Quality

• Remove redundant resolvedBaseUrl variable in resolveLlmConfig() - use baseUrl directly

Screenshots (if applicable)

N/A

Testing

Test Configuration

• OS: Linux (GitHub Actions)
• Terminal: N/A
• Bun Version: 1.2.10

Test Cases

• Tested basic chat functionality
• Tested command system
• Tested mention system
• Tested keyboard shortcuts
• Tested with real API endpoint
• Tested error handling
• Ran type checking (bun run typecheck)
• Tested in multiple terminal emulators
• Other: Code review and static analysis

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings or errors
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published
• I have checked my code and corrected any misspellings
• I have updated the CHANGELOG.md file (if applicable)

Breaking Changes

None

Additional Notes

Changes are scoped to address specific review feedback. Command validation patterns are conservative - only blocking obviously dangerous operations while preserving flexibility for legitimate use cases.

Reviewer Checklist

• Code quality is acceptable
• Tests are adequate
• Documentation is updated
• No security concerns
• Performance impact is acceptable
• Breaking changes are justified and documented

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}