fix(@scripts): 🐛 secure remote command handling by base64 encoding user input

Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>

bin/remote-run

@@ -22,9 +22,13 @@ shift
 
 session="claude-$(whoami)-$$-$(date +%s)"
 
-# Single-quote-escape the user command for safe embedding in remote bootstrap.
+# Base64-encode the user command so it embeds safely no matter what quotes,
+# pipes, semicolons, or newlines it contains. The remote side decodes it to a
+# script file and runs THAT — user content never lands in a shell-quoted
+# context where a stray " could break parsing (the old sed-escape only handled
+# ' and broke on any embedded ", splitting the command at the next | or ;).
 user_cmd=$*
-quoted_cmd=$(printf %s "$user_cmd" | sed "s/'/'\\\\''/g")
+cmd_b64=$(printf %s "$user_cmd" | base64 | tr -d '\n')
 
 # Remote bootstrap — runs the user command in its own bash subshell so that
 # any `exit` or `set -e` inside it does NOT short-circuit our exit-capture.
@@ -32,8 +36,10 @@ remote_cmd=$(cat <<REMOTE
 session='${session}'
 log="/tmp/\${session}.log"
 exitf="/tmp/\${session}.exit"
+cmdf="/tmp/\${session}.cmd"
+printf %s '${cmd_b64}' | base64 -d > "\$cmdf"
 : > "\$log"
-tmux new-session -d -s "\$session" "bash -c '${quoted_cmd}' > \$log 2>&1; echo \\\$? > \$exitf; tmux wait-for -S done-\$session" 2>/tmp/\${session}.tmuxerr
+tmux new-session -d -s "\$session" "bash \$cmdf > \$log 2>&1; echo \\\$? > \$exitf; tmux wait-for -S done-\$session" 2>/tmp/\${session}.tmuxerr
 if [ \$? -ne 0 ]; then
     echo "tmux failed to start session:" >&2
     cat /tmp/\${session}.tmuxerr >&2
@@ -49,7 +55,7 @@ kill \$tail_pid 2>/dev/null || true
 wait \$tail_pid 2>/dev/null || true
 code=\$(cat "\$exitf" 2>/dev/null || echo 1)
 tmux kill-session -t "\$session" 2>/dev/null || true
-rm -f "\$log" "\$exitf"
+rm -f "\$log" "\$exitf" "\$cmdf"
 exit \$code
 REMOTE
 )