…s/infra)

Closes everything remaining from CODEC-FULL-AUDIT-2026-05-30.md beyond
the Top-10 already landed in PR #158. Pytest: 2026 → 2099 (+73 new
regression tests, 0 regressions).

SECURITY (B1)
- B1/SR-14: X-Content-Type-Options:nosniff + Referrer-Policy:same-origin
  applied to every response via CSPMiddleware.
- B1/SR-15: /api/upload Content-Length pre-check + decoded-size cap +
  base64 expansion guard (3-layer defense vs memory exhaustion at 50MB).
- B1/SR-16: prompt-injection fence markers wrap uploaded-doc text via
  _fence_user_document — `<<<USER_DOCUMENT name="...">>> ... <<<END>>>`.
  Source-side fence stripping prevents attacker smuggling a fake "end"
  to escape the marker.

CODE QUALITY (B2)
- B2/SR-17: narrowed 14 bare `except Exception: pass` sites to specific
  types — OSError in codec_dictate (10 sites: os.unlink + proc cleanup),
  ProcessLookupError⊂OSError in codec_textassist (2), (ImportError,
  AttributeError) in codec_dispatch's license gate.
- B2/SR-18: codec_watcher + codec_dictate now import service URLs from
  codec_config (was: 5 hardcoded localhost URLs that silently desynced
  on a non-default setup).
- B2/SR-19: codec_heartbeat._is_dangerous fallback now fail-CLOSED (was:
  silent fallback to an 11-pattern stale blocklist while PR-2G has 50+).
- B2/SR-20: codec_session 4 raw `sqlite3.connect` sites migrated to
  `with sqlite3.connect(...) as c` + busy_timeout=5000. Auto-commit on
  clean exit, auto-rollback on exception, no leaked connections.

TEST COVERAGE (B3)
- B3/SR-21: tests/test_security.py crew floor bumped 8 → 12.
- B3/SR-22: tests/test_wake_word.py (NEW, 19 tests) — covers homophone
  set, ≥5-char gate, case-insensitivity, anti-false-wake. Was: ZERO
  unit tests on the highest-traffic security-relevant code.
- B3/SR-23: tests/test_skill_isolation_shadowing.py (NEW, 3 tests) —
  pins that codec_dispatch does NOT load from ~/.codec/skills/, plus
  per-skill exception isolation invariants.
- B3/SR-24: tests/test_all_crews_build.py (NEW, 36 tests) — parametrized
  smoke for every crew in CREW_REGISTRY (registration, builder returns
  Crew, allowed_tools non-empty). Was: only 3 of 12 had runtime tests.
- B3/SR-25: tests/test_oauth_flow_e2e.py (NEW, 4 tests) — pins PKCE
  format + provider TTL constants + scope-escalation guard.

DOCUMENTATION (B4)
- B4/SR-26: 3 trigger collisions resolved —
  * Removed "open google" from chrome_open → "open google docs" now
    routes to google_docs as intended.
  * Removed bare "find file"/"my files"/"recent files" from google_drive
    + added "my files"/"list my files"/"recent files" to file_search →
    "list my files" now routes to local FS, not Drive.
  * Removed "search the web"/"web search"/"search for" from chrome_search
    → "search the web" now routes to web_search (text result) instead of
    Chrome.
- B4/SR-26: FEATURES.md Section 6 cleanup — removed phantom `codec
  (meta-dispatcher)` entry (file doesn't exist), added 4 real skills
  that were missing (active_window, audit_verify, pilot, plugin_approve),
  renumbered Section 7 sequence break at lines 248-264 (was 22→18 jump).

INFRASTRUCTURE (B5)
- B5/SR-27: install.sh now checks Apple Silicon (warns on Intel) +
  macOS version floor (warns below Ventura 13).
- B5/SR-28: PWA manifest declares 192x192 + 512x512 icon entries (maskable
  purpose) — Android Add-to-Home-Screen no longer warns about missing
  standard sizes.
- B5/SR-29: codec_vibe.html's two cdnjs.cloudflare.com references gained
  crossorigin="anonymous" so SRI hash pinning is a one-line addition
  (`integrity="sha384-..."`) once hashes are computed.

CLOUD LLM (B7)
- B7/SR-30: codec_ava_client.ava_chat now adds `cache_control: ephemeral`
  to the system + first-user message when routing to Claude models.
  50-75% input-token cost savings on repeat turns of the same session.
  New _tag_messages_for_anthropic_cache lifts string-content into
  rich-content format for cache_control attachment. Idempotent.

AUTH HARDENING (B8)
- B8/SR-31: codec_pinhash.py (NEW) — hash_pin/verify_pin/needs_rehash
  with argon2id (memory-hard, GPU-resistant) for new hashes and
  backward-compat SHA-256 verification for legacy hashes. routes/auth.py
  /api/auth/pin uses the new verify_pin (handles both formats).
  argon2-cffi added to requirements.txt; falls back to SHA-256 with
  warning if missing.
- tests/test_pinhash.py (NEW, 9 tests) — argon2id round-trip, legacy
  SHA-256 round-trip, format detection, empty/malformed rejection,
  needs_rehash signaling.

DEFERRED (B6 architecture refactor)
- chat_completion (608 LOC) extraction → chat_pipeline.py: deferred.
  High-risk for in-session execution; the handler has many implicit
  module-level state dependencies (cfg cache, _step_budgets, _saved_
  agents). Worth a dedicated PR with thorough manual verification.
- codec_hooks.py split into runtime + trust store: same reason.
- Dashboard route-group extraction (the remaining /api/qchat, /api/vibe,
  /api/heartbeat, /api/schedules, /api/cortex, /api/audit, /api/observer,
  /api/notifications groups): genuinely sprint-sized, not in scope here.

Full pytest: 2099 passed, 82 skipped (env-dependent), 0 failed (1m34s).
Audit reports: ~/codec-audit-reports/CODEC-FULL-AUDIT-2026-05-30.md

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>