Harden security, robustness, and quality across automation, SSH, diagram, and AI modules

[JE-Chen]

Promotes the current dev work to main. Eight focused commits spanning security hardening, robustness fixes, and static-analysis compliance, each backed by tests (suite grew 75 → 248 unit tests; both integration smoke tests pass).

Highlights by area

• Shared helpers — app_dirs (~/.pybreeze) and subprocess_util (no-window flags, utf-8 child stdio) centralise repeated logic.
• Network / SSRF — outbound URL validation now blocks CGNAT, multicast, unspecified, and IPv6 transition forms (mapped/6to4/Teredo/NAT64); redirects re-validated; new size-capped streaming HTTP client; connect/read timeout tuples everywhere (Bandit B113 clean).
• Process executors — multi-file runners pass file paths through a shared helper; EOF busy-loops fixed; queue drained in batches; subprocess console-window flash suppressed; utf-8 forced so non-ASCII output isn't garbled on Windows.
• SSH — keepalive against idle drops, natural sort (directories first), POSIX remote paths, ANSI/OSC filtering, bounded scrollback, reader double-emit fixed, signals blocked during teardown. Host-key policy unchanged (no AutoAddPolicy).
• Diagram editor — Mermaid import expanded (shapes, arrows, quoted labels), cyclic-graph infinite loop fixed, Sugiyama layout with barycenter ordering + coordinate alignment, image-fetch SSRF guard, export failures surfaced, malformed-load tolerance.
• AI GUIs — single reused HTTP session for CoT review, dropped final-summary fixed, overlapping-QThread guard on resubmit, prompt-editor write-error handling.
• JupyterLab — fast-fail when the server dies early; localhost bind pinned.
• Quality — library no longer forces the root logger to DEBUG; every function now under cyclomatic and cognitive complexity 15; type-safety pass from mypy; property-based fuzzing of pure-logic and SSRF helpers.

Verification

• ruff check pybreeze/ test/ — clean
• pytest test/test_utils/ — 248 passed
• start_automation_test / extend_automation_test — exit 0

CI (Windows, Python 3.10/3.11/3.12) runs on this PR.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 79 complexity · -16 duplication

Metric	Results
Complexity	79
Duplication	-16

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud