fix: validate server ID in status.ts before API calls (#2430)

status.ts passed server_id from history directly into Hetzner/DO API
URLs without calling validateServerIdentifier(). Both delete.ts and
connect.ts validate first; status.ts was the only gap. A tampered
~/.spawn/history.json could craft a server_id with path traversal
characters (e.g. "../v2/account") causing the Bearer token to be
sent to an unintended API endpoint (SSRF via URL path manipulation).

Fix: call validateServerIdentifier() after extracting serverId,
returning "unknown" gracefully on failure.

Agent: code-health

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: 3 people

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openrouter/spawn",
-  "version": "0.15.36",
+  "version": "0.15.37",
   "type": "module",
   "bin": {
     "spawn": "cli.js"

packages/cli/src/commands/status.ts

@@ -5,6 +5,7 @@ import * as p from "@clack/prompts";
 import pc from "picocolors";
 import { filterHistory, markRecordDeleted } from "../history.js";
 import { loadManifest } from "../manifest.js";
+import { validateServerIdentifier } from "../security.js";
 import { parseJsonObj } from "../shared/parse.js";
 import { isString, toRecord } from "../shared/type-guards.js";
 import { loadApiToken } from "../shared/ui.js";
@@ -115,6 +116,11 @@ async function checkServerStatus(record: SpawnRecord): Promise<LiveState> {
   if (!serverId) {
     return "unknown";
   }
+  try {
+    validateServerIdentifier(serverId);
+  } catch {
+    return "unknown";
+  }
 
   switch (conn.cloud) {
     case "hetzner": {