1 月之前 · beb55f7c6c
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -62,6 +62,7 @@ This is the persistent context file for Claude Code. Keep it concise and useful.
 
				 
			
 
				 ## Config Fields We Added
			
 
				 - `image_viewer` — external image viewer command (default: `"mpv"`, `"default"` = system opener)
			
 
				+- `image_viewer_args` — explicit viewer args list, overrides auto-detection (default: `[]`, Wayland-friendly)
			
 
				 - `image_save_dir` — directory for saved images (supports `~/`, default: current dir)
			
 
				 - `keybinds.messages_list.save_image` — save image keybind (default: `S`)
			
 
				 - `keybinds.edit_config` — open config in editor from help overlay (default: `E`)
			
@@ -79,12 +80,17 @@ This is the persistent context file for Claude Code. Keep it concise and useful.
 
				 - Commit style: `type(scope): description` (e.g., `feat(ui/chat): add image viewer`)
			
 
				 - Branch: `master`
			
 
				 
			
 
				+## Our Changes (cont.)
			
 
				+- **Image viewer args**: `image_viewer_args` config field — explicit viewer args, bypasses xdotool auto-detection (Wayland-friendly)
			
 
				+- **God file split**: extracted `url_extractor.go`, `embed_renderer.go`, `attachment_handler.go` from `messages_list.go`
			
 
				+- **Editor security**: replaced `sh -c` with direct `exec.Command` + `strings.Fields` (merged editor files, no build tags)
			
 
				+
			
 
				 ## Audit Status
			
 
				 - Research audits in `./research/`: SECFILE.md, COMPLIANCE.md, TECHFILE.md
			
 
				 - Resolved all low-risk findings (marked ✅ FIXED in research files)
			
 
				-- Remaining unfixed: SEC #2 (editor command injection via `sh -c`), SEC #7 (raw events in debug), COMP #5 (god file split), COMP #11/13-16 (docs/logs), COMP #17/19-20 (perf), COMP #22/24 (linter/tests), TECH #1-3 (unmaintained deps)
			
 
				+- Remaining unfixed: SEC #7 (raw events in debug), COMP #17/19-20 (perf), COMP #22/24 (linter/tests), TECH #1-3 (unmaintained deps)
			
 
				 
			
 
				 ## Known Issues
			
 
				 - Discord ToS discourages third-party clients — use at own risk
			
 
				-- `xdotool` geometry detection only works on X11; on Wayland use compositor window rules for mpv positioning
			
 
				-- `viewerArgs()` only adds special flags for mpv; other viewers get plain `viewer path` invocation
			
 
				+- `xdotool` geometry detection only works on X11; on Wayland use `image_viewer_args` or compositor window rules for mpv positioning
			
 
				+- `viewerArgs()` only adds special flags for mpv; other viewers get plain `viewer path` invocation (use `image_viewer_args` to customize)