task: Security & install-safety hardening (3 issues)

[DeusData]

Scope

Umbrella tracker for security / install-safety / supply-chain concerns.

Sub-issues

• Security scan results for codebase-memory-mcp — MCPSafe AIVSS 82/100 (Grade B) #343 — MCPSafe AIVSS 82/100 (Grade B) — CLOSED (informational): 0 critical / 0 high; medium findings inherent to local FS-access; auto-updating third-party badge declined.
• Security: predictable /tmp filename in cbm-code-discovery-gate (symlink attack vector) #384 — predictable /tmp filename in cbm-code-discovery-gate — FIXED (removed in c29e6d5/v0.7.0; stateless augmenter writes no temp file; regression guard 61453e9).
• Add an install plan receipt before mutating agent configs/hooks #388 — install plan receipt before mutating configs/hooks — DONE (4c38c5a): install --plan emits the agent.install.plan.v1 JSON receipt via record-only mode (no drift, no mutation); --dry-run covers the human case.

Status (2026-05-31) — COMPLETE

All three children resolved. The discovery-gate temp-file vector is gone (#384), the MCPSafe scan is triaged (#343), and the machine-readable install receipt ships (#388). Two non-blocking follow-ups noted on #388 (receipt before -y apply; richer hook schema) — neither is a vulnerability.

Acceptance

1. MCPSafe findings triaged. ✅
2. discovery-gate /tmp hardened — exceeded (temp file removed entirely). ✅
3. install emits a machine-readable plan before mutating. ✅ (install --plan)