Fix missing dependencies, CLI exit behavior, and security issues

[Copilot]

Description

Resolves TypeScript compilation failures caused by missing npm dependencies, and addresses several security and correctness issues found in code review: unsafe process termination, early AI service instantiation, insecure config file permissions, raw secret injection into AI prompts, non-atomic file writes, and credential leakage in logs.

Dependency fixes

• Added @google/generative-ai, zod, @octokit/rest, pino to package.json — these were imported but not declared, causing tsc --noEmit to fail with TS2307/TS7006 errors.

pr-command.ts

• Origin-check error path: return → process.exit(1) so CLI callers receive a non-zero exit code.
• handleSelect: replaced process.exit(0) with renderInstance.unmount() + await renderInstance.waitUntilExit() for clean Ink teardown instead of forceful termination.

index.ts

• Deferred new AIService(configService) from module-level into the ai-commit action handler — prevents startup crash when config file is absent.

AIService.ts

• Added else branch in initClient() throwing Error: Unsupported AI provider: ${provider} — fails fast at construction rather than silently leaving this.model as null.

ConfigService.ts

• writeFileSync now uses { mode: 0o600 } — config file containing API keys/tokens is no longer world-readable.

ConflictResolver.ts

• Prompt sanitization: sanitizeContent() extracts only <<<<<<<…>>>>>>> conflict hunks and redacts private-key blocks, API-key patterns, standalone base64 blobs, and hex hashes before sending content to the external AI model.
• Atomic write: replaced direct O_TRUNC open with write-to-temp (O_CREAT|O_EXCL|O_NOFOLLOW, PID + 8 random hex bytes suffix) → fsync → close → rename(). Temp file is unlinked on any error path.

GitHubService.ts

• Added sanitizeUrl() that strips userinfo from both HTTPS and SSH-style git remote URLs; used in all logger.error calls to prevent credential leakage in logs.

Related Issue

Closes #

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to change)
• 📝 Documentation update
• 🔧 Refactor / internal improvement
• 🤖 CI/CD or tooling change
• ⬆️ Dependency update

Checklist

• I have read the CONTRIBUTING guidelines (if present)
• My code follows the existing code style
• I have added or updated tests that cover my changes
• All existing tests pass locally
• I have updated the documentation where necessary
• My changes do not introduce new security vulnerabilities

How Has This Been Tested?

npm run lint (tsc --noEmit) passes with exit code 0. CodeQL static analysis found 0 alerts.

Screenshots (if applicable)

N/A

Additional Notes

The base64 redaction pattern uses negative lookahead/lookbehind word boundaries ((?<![A-Za-z0-9])…(?![A-Za-z0-9])) to reduce false positives on legitimate long identifiers. Some content may still be redacted conservatively — this is intentional for the security boundary.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.