mirror of
https://github.com/multica-ai/multica.git
synced 2026-07-05 21:39:54 +02:00
Add state parameter to CLI browser login flow for CSRF protection — CLI generates a random state, frontend passes it through, CLI verifies on callback. Also restrict cli_callback to http: scheme only. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>