downloadDirect fetched any caller-supplied media_url with redirect-follow
and no host/scheme validation; the route is reachable via a self-chosen
X-Recap-Install-Id, so a caller could probe the operator's LAN or cloud
metadata (169.254.169.254). Add safe-url.js: assertPublicHttpUrl rejects
non-http(s) schemes and hosts resolving to private/loopback/link-local/
reserved ranges, and safeFetch follows redirects manually, re-validating
each hop. Route downloadDirect through it (covers transcribe-url,
summarize-url, and admin-test-run).
AGENTS.md: append four real /admin routes the list omitted (job-output/:id, output-store-ids, settings/promote-prompt, test-run-suite); replace the stale HEAD hash with 'last code commit is v0.2.11, docs-only commits on top'. ROADMAP.md: fix the untracked count + HEAD wording; drop the two now-resolved doc-precision follow-ups.
- AGENTS.md: add Endpoints section — auth model (cloud operator-key path,
license/install-id path, admin session cookie, BTCPay HMAC) plus full
/relay/* surface (public + operator-key-only control plane), the
/admin/* dashboard, and the /admin/internal-meetings/* API.
- AGENTS.md: rewrite Current state with verified git facts — HEAD is the
prior docs commit, HEAD~1 is v0.2.11, working tree at v_0_2_124, file
counts pulled live from git status.
- ROADMAP.md: log two doc-precision follow-ups caught in review (the
working-tree counts drift fast; the admin-route shortlist silently
omits three real routes).
Keysat