fix: address security vulnerabilities and code quality issues in Devfile Creator

- Fix command injection in kubeconfig injection via base64 encoding
- Add Fastify JSON Schema validation for agent creation endpoint
- Add authentication checks to terminal proxy endpoints
- Fix operator precedence bug in isWebSocketChannel
- Disable automountServiceAccountToken on agent pods
- Remove hardcoded --dangerously-skip-permissions fallback
- Add terminal port range validation (1024-65535)
- Restrict postMessage to same origin instead of wildcard
- Key terminal URL cache on namespace/agentId to prevent collisions
- Replace fragile regex with js-yaml for devfile YAML parsing
- Add in-memory caching with TTL for AI agent registry ConfigMap reads
- Remove dead code in terminal helpers
- Resolve MIT license entries for CodeMirror and Lezer dependencies
- Update tests for configMap watcher and agent pod listener

Signed-off-by: Oleksii Orel <oorel@redhat.com>
Assisted-by: Claude Sonnet 4.5
Signed-off-by: Oleksii Orel <oorel@redhat.com>

Author: olexii4

.deps/EXCLUDED/dev.md

@@ -4,5 +4,5 @@ This file contains a manual contribution to .deps/dev.md and it's needed because
 | --- | --- |
 | `@eclipse-che/api@7.86.0` | ecd.che |
 | `@eclipse-che/license-tool@2.0.0` | ecd.che |
-| `@webassemblyjs/helper-buffer@1.14.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@webassemblyjs/helper-buffer/1.14.1) |
+
 

.deps/EXCLUDED/prod.md

@@ -2,35 +2,30 @@ This file lists dependencies that do not need CQs or auto-detection does not wor
 
 | Packages | Resolved CQs |
 | --- | --- |
+| `@codemirror/autocomplete@6.20.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@codemirror/autocomplete/6.20.1) |
+| `@codemirror/commands@6.10.3` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@codemirror/commands/6.10.3) |
+| `@codemirror/lang-yaml@6.1.3` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@codemirror/lang-yaml/6.1.3) |
+| `@codemirror/language@6.12.3` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@codemirror/language/6.12.3) |
+| `@codemirror/lint@6.9.5` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@codemirror/lint/6.9.5) |
+| `@codemirror/state@6.6.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@codemirror/state/6.6.0) |
+| `@codemirror/view@6.41.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@codemirror/view/6.41.0) |
 | `@eclipse-che/che-devworkspace-generator@7.113.0-next-7b6a101` | ecd.che |
 | `@fastify/busboy@3.0.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@fastify/busboy/3.0.1) |
 | `@fastify/cors@11.2.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@fastify/cors/11.2.0) |
 | `@fastify/http-proxy@11.4.4` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@fastify/http-proxy/11.4.4) |
-| `@fastify/oauth2@8.2.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@fastify/oauth2/8.2.0) |
 | `@fastify/reply-from@12.6.2` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@fastify/reply-from/12.6.2) |
 | `@fastify/static@9.0.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@fastify/static/9.0.0) |
-| `@fastify/swagger-ui@5.2.5` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@fastify/swagger-ui/5.2.5) |
-| `@fastify/swagger@9.7.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@fastify/swagger/9.7.0) |
-| `@hapi/hoek@10.0.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@hapi/hoek/10.0.1) |
 | `@isaacs/brace-expansion@5.0.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@isaacs/brace-expansion/5.0.1) |
-| `@patternfly/react-icons@6.4.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@patternfly/react-icons/6.4.0) |
+| `@lezer/common@1.5.2` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@lezer/common/1.5.2) |
+| `@lezer/lr@1.4.8` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@lezer/lr/1.4.8) |
+| `@lezer/yaml@1.0.4` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@lezer/yaml/1.0.4) |
 | `@uiw/codemirror-theme-github@4.25.8` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@uiw/codemirror-theme-github/4.25.8) |
 | `@uiw/codemirror-themes@4.25.8` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@uiw/codemirror-themes/4.25.8) |
 | `any-signal@4.2.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/any-signal/4.2.0) |
-| `blueimp-md5@2.19.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/blueimp-md5/2.19.0) |
-| `create-hash@1.1.3` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/create-hash/1.1.3) |
 | `cronstrue@3.13.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/cronstrue/3.13.0) |
-| `fast-json-stringify@6.3.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/fast-json-stringify/6.3.0) |
 | `fast-uri@2.4.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/fast-uri/2.4.0) |
 | `fastify-plugin@5.2.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/fastify-plugin/5.2.1) |
 | `fastify@5.8.4` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/fastify/5.8.4) |
-| `file-selector@2.1.2` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/file-selector/2.1.2) |
 | `jsep@1.3.9` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/jsep/1.3.9) |
-| `light-my-request@6.6.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/light-my-request/6.6.0) |
-| `lodash@4.18.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/lodash/4.18.1) |
-| `pino@10.3.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/pino/10.3.1) |
-| `qs@6.5.5` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/qs/6.5.5) |
-| `real-require@0.2.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/real-require/0.2.0) |
-| `undici@7.24.6` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/undici/7.24.6) |
-| `yaml@2.8.3` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/yaml/2.8.3) |
+
 

.deps/dev.md

@@ -148,7 +148,6 @@
 | `@types/babel__template@7.4.3` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/babel__template/7.4.3) |
 | `@types/babel__traverse@7.20.3` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/babel__traverse/7.20.3) |
 | `@types/caseless@0.12.4` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/caseless/0.12.4) |
-| `@types/codemirror@5.60.15` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/codemirror/5.60.15) |
 | `@types/eslint-scope@3.7.7` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/eslint-scope/3.7.7) |
 | `@types/eslint@8.44.6` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/eslint/8.44.6) |
 | `@types/eslint@9.6.1` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/eslint/9.6.1) |
@@ -191,7 +190,6 @@
 | `@types/stack-utils@2.0.2` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/stack-utils/2.0.2) |
 | `@types/stack-utils@2.0.3` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/stack-utils/2.0.3) |
 | `@types/stream-buffers@3.0.8` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/stream-buffers/3.0.8) |
-| `@types/tern@0.23.9` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/tern/0.23.9) |
 | `@types/tough-cookie@4.0.4` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/tough-cookie/4.0.4) |
 | `@types/webpack@5.28.5` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/webpack/5.28.5) |
 | `@types/ws@8.18.1` | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@types/ws/8.18.1) |