Fix documentation and security issues from PR #71 review

- Fix CLI version in README (0.1.0 → 0.2.0)
- Update 16 path references in AGENTS.md (.codeforge/ → defaults/codeforge/)
- Replace unsafe eval pattern with getent passwd in 9 install scripts

The eval echo "~$USERNAME" pattern could theoretically allow command
injection if username validation were removed in future changes.
Using getent passwd is safer and matches the pattern already used
in codex-cli/install.sh.

Author: claude

README.md

@@ -7,7 +7,7 @@ Monorepo for CodeForge — an AI-powered development environment for Claude Code
 | Package | Description | Version |
 |---------|-------------|---------|
 | [`container/`](container/) | CodeForge DevContainer (`@coredirective/cf-container` on npm) | 2.2.0 |
-| [`cli/`](cli/) | CodeForge CLI (`codeforge-cli`) | 0.1.0 |
+| [`cli/`](cli/) | CodeForge CLI (`codeforge-cli`) | 0.2.0 |
 | [`docs/`](docs/) | Documentation site ([codeforge.core-directive.com](https://codeforge.core-directive.com)) | — |
 
 ## Quick Start

container/.devcontainer/AGENTS.md

@@ -6,17 +6,17 @@ CodeForge devcontainer for AI-assisted development with Claude Code.
 
 | File | Purpose |
 |------|---------|
-| `.codeforge/config/settings.json` | Model, tokens, permissions, plugins, env vars |
-| `.codeforge/config/main-system-prompt.md` | System prompt defining assistant behavior |
-| `.codeforge/config/orchestrator-system-prompt.md` | Orchestrator mode prompt (delegation-first) |
-| `.codeforge/config/ccstatusline-settings.json` | Status bar widget layout (deployed to ~/.config/ccstatusline/) |
-| `.codeforge/config/disabled-hooks.json` | Disable individual plugin hooks by script name |
-| `.codeforge/config/claude-code-router.json` | LLM provider routing config (deployed to ~/.claude-code-router/) |
-| `.codeforge/file-manifest.json` | Controls which config files deploy and when |
+| `defaults/codeforge/config/settings.json` | Model, tokens, permissions, plugins, env vars |
+| `defaults/codeforge/config/main-system-prompt.md` | System prompt defining assistant behavior |
+| `defaults/codeforge/config/orchestrator-system-prompt.md` | Orchestrator mode prompt (delegation-first) |
+| `defaults/codeforge/config/ccstatusline-settings.json` | Status bar widget layout (deployed to ~/.config/ccstatusline/) |
+| `defaults/codeforge/config/disabled-hooks.json` | Disable individual plugin hooks by script name |
+| `defaults/codeforge/config/claude-code-router.json` | LLM provider routing config (deployed to ~/.claude-code-router/) |
+| `defaults/codeforge/file-manifest.json` | Controls which config files deploy and when |
 | `devcontainer.json` | Container definition: image, features, mounts |
 | `.env` | Boolean flags controlling setup steps |
 
-Config files deploy via `.codeforge/file-manifest.json` on every container start. Most deploy to `~/.claude/`; ccstatusline config deploys to `~/.config/ccstatusline/`. Each entry supports `overwrite`: `"if-changed"` (default, sha256), `"always"`, or `"never"`. Supported variables: `${CLAUDE_CONFIG_DIR}`, `${WORKSPACE_ROOT}`, `${HOME}`.
+Config files deploy via `defaults/codeforge/file-manifest.json` on every container start. Most deploy to `~/.claude/`; ccstatusline config deploys to `~/.config/ccstatusline/`. Each entry supports `overwrite`: `"if-changed"` (default, sha256), `"always"`, or `"never"`. Supported variables: `${CLAUDE_CONFIG_DIR}`, `${WORKSPACE_ROOT}`, `${HOME}`.
 
 ## Commands
 
@@ -62,11 +62,11 @@ Declared in `settings.json` under `enabledPlugins`, auto-activated on start:
 
 ## Rules System
 
-Rules in `.codeforge/config/rules/` deploy to `.claude/rules/` on every container start. They load into ALL sessions automatically.
+Rules in `defaults/codeforge/config/rules/` deploy to `.claude/rules/` on every container start. They load into ALL sessions automatically.
 
 **Current rules:** `auto-memory.md`, `explicit-start.md`, `plan-presentation.md`, `scope-discipline.md`, `session-search.md`, `spec-workflow.md`, `surface-decisions.md`, `workspace-scope.md`, `zero-tolerance-bugs.md`
 
-**Adding rules:** Create `.md` in `.codeforge/config/rules/`, add a manifest entry in `.codeforge/file-manifest.json`.
+**Adding rules:** Create `.md` in `defaults/codeforge/config/rules/`, add a manifest entry in `defaults/codeforge/file-manifest.json`.
 
 ## Authentication & Persistence
 
@@ -76,19 +76,19 @@ The `~/.claude/` directory is backed by a Docker named volume (`codeforge-claude
 
 Codex CLI credentials (`~/.codex/`) are backed by a separate Docker named volume (`codeforge-codex-config-${devcontainerId}`). Set `OPENAI_API_KEY` in `.devcontainer/.secrets` (or as a Codespaces secret) for automatic API key injection, or run `codex` interactively for browser-based ChatGPT OAuth.
 
-**Claude Code Router:** Set provider API keys (`ANTHROPIC_API_KEY`, `DEEPSEEK_API_KEY`, `GEMINI_API_KEY`, `OPENROUTER_API_KEY`) in `.devcontainer/.secrets`. Keys are exported as env vars on container start and read at runtime by the router's `$ENV_VAR` interpolation in `~/.claude-code-router/config.json`. Edit routing rules in `.codeforge/config/claude-code-router.json` and run `ccr-apply` to redeploy.
+**Claude Code Router:** Set provider API keys (`ANTHROPIC_API_KEY`, `DEEPSEEK_API_KEY`, `GEMINI_API_KEY`, `OPENROUTER_API_KEY`) in `.devcontainer/.secrets`. Keys are exported as env vars on container start and read at runtime by the router's `$ENV_VAR` interpolation in `~/.claude-code-router/config.json`. Edit routing rules in `defaults/codeforge/config/claude-code-router.json` and run `ccr-apply` to redeploy.
 
 ## Modifying Behavior
 
-1. **Change model**: Edit `.codeforge/config/settings.json` → `"model"` field
-2. **Change system prompt**: Edit `.codeforge/config/main-system-prompt.md`
-3. **Add config file**: Place in `.codeforge/config/`, add entry to `.codeforge/file-manifest.json`
+1. **Change model**: Edit `defaults/codeforge/config/settings.json` → `"model"` field
+2. **Change system prompt**: Edit `defaults/codeforge/config/main-system-prompt.md`
+3. **Add config file**: Place in `defaults/codeforge/config/`, add entry to `defaults/codeforge/file-manifest.json`
 4. **Add features**: Add to `"features"` in `devcontainer.json`
 5. **Disable features**: Set `"version": "none"` in the feature's config
 6. **Disable setup steps**: Set flags to `false` in `.env`
-7. **Customize status bar**: Edit `.codeforge/config/ccstatusline-settings.json`
+7. **Customize status bar**: Edit `defaults/codeforge/config/ccstatusline-settings.json`
 8. **Lock Claude Code version**: Set `CLAUDE_VERSION_LOCK=2.1.80` in `.env` — the update script installs that exact version on container start instead of updating to latest. Unset to resume auto-updates.
-9. **Disable individual hooks**: Add script name (without `.py`) to `disabled` array in `.codeforge/config/disabled-hooks.json` — takes effect immediately, no restart needed
+9. **Disable individual hooks**: Add script name (without `.py`) to `disabled` array in `defaults/codeforge/config/disabled-hooks.json` — takes effect immediately, no restart needed
 
 ## Plugin Development Notes
 

container/.devcontainer/features/ccburn/install.sh

@@ -66,7 +66,7 @@ fi
 echo "[ccburn] Installing for user: ${USERNAME}"
 
 # === GET USER HOME ===
-USER_HOME=$(eval echo "~${USERNAME}")
+USER_HOME=$(getent passwd "${USERNAME}" | cut -d: -f6)
 if [ ! -d "${USER_HOME}" ]; then
     echo "[ccburn] ERROR: Home directory not found for user ${USERNAME}"
     exit 1

container/.devcontainer/features/ccstatusline/install.sh

@@ -59,7 +59,7 @@ fi
 echo "[ccstatusline] Installing for user: ${USERNAME}"
 
 # Get user's home directory
-USER_HOME=$(eval echo ~${USERNAME})
+USER_HOME=$(getent passwd "${USERNAME}" | cut -d: -f6)
 
 # Check if ccstatusline is available
 if sudo -u "${USERNAME}" bash -c 'npx -y ccstatusline@latest --version' &>/dev/null 2>&1; then

container/.devcontainer/features/ccusage/install.sh

@@ -71,7 +71,7 @@ fi
 echo "[ccusage] Installing for user: ${USERNAME}"
 
 # === GET USER HOME ===
-USER_HOME=$(eval echo "~${USERNAME}")
+USER_HOME=$(getent passwd "${USERNAME}" | cut -d: -f6)
 if [ ! -d "${USER_HOME}" ]; then
     echo "[ccusage] ERROR: Home directory not found for user ${USERNAME}"
     exit 1

container/.devcontainer/features/chromaterm/install.sh

@@ -31,7 +31,7 @@ if [[ "${USERNAME}" == "auto" || "${USERNAME}" == "automatic" ]]; then
     USERNAME="${USERNAME:-root}"
 fi
 
-USER_HOME="$(eval echo "~${USERNAME}")"
+USER_HOME="$(getent passwd "${USERNAME}" | cut -d: -f6)"
 
 echo "[chromaterm] Target user: ${USERNAME}"
 echo "[chromaterm] Version: ${CT_VERSION}"

container/.devcontainer/features/claude-code-router/install.sh

@@ -63,7 +63,7 @@ fi
 echo "[claude-code-router] Installing for user: ${USERNAME}"
 
 # === GET USER HOME ===
-USER_HOME=$(eval echo "~${USERNAME}")
+USER_HOME=$(getent passwd "${USERNAME}" | cut -d: -f6)
 if [ ! -d "${USER_HOME}" ]; then
     echo "[claude-code-router] ERROR: Home directory not found for user ${USERNAME}"
     exit 1

container/.devcontainer/features/claude-monitor/install.sh

@@ -31,7 +31,7 @@ if [[ "${USERNAME}" == "auto" || "${USERNAME}" == "automatic" ]]; then
     USERNAME="${USERNAME:-root}"
 fi
 
-USER_HOME="$(eval echo "~${USERNAME}")"
+USER_HOME="$(getent passwd "${USERNAME}" | cut -d: -f6)"
 
 echo "[claude-monitor] Target user: ${USERNAME}"
 echo "[claude-monitor] Home: ${USER_HOME}"

container/.devcontainer/features/dprint/install.sh

@@ -30,7 +30,7 @@ if [[ "${USERNAME}" == "auto" || "${USERNAME}" == "automatic" ]]; then
     USERNAME="${USERNAME:-root}"
 fi
 
-USER_HOME="$(eval echo "~${USERNAME}")"
+USER_HOME="$(getent passwd "${USERNAME}" | cut -d: -f6)"
 
 echo "[dprint] Target user: ${USERNAME}"
 echo "[dprint] Version: ${DPRINT_VERSION}"

container/.devcontainer/features/oh-my-claude/install.sh

@@ -41,7 +41,7 @@ elif [ "${USERNAME}" = "none" ] || ! id -u "${USERNAME}" >/dev/null 2>&1; then
     USERNAME=root
 fi
 
-USER_HOME=$(eval echo "~${USERNAME}")
+USER_HOME=$(getent passwd "${USERNAME}" | cut -d: -f6)
 
 # Install npm package
 echo "[oh-my-claude] Installing @lgcyaxi/oh-my-claude@${OMC_VERSION} globally..."