chore: fix goimports formatting in gitzip and shards test files

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

security(gitzip): always exclude sensitive files from upload regardle…

…ss of gitignore

Adds a hardcoded block list of sensitive file patterns (env files,
appsettings.json, certificates, private keys, tfvars, etc.) that are
stripped from ZIP archives across all three strategies — git archive,
git ls-files, and filepath.Walk — so secrets can never be uploaded
even if accidentally committed or left unignored.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

feat: surface privacy policy and auto-gitignore shard files

- updateGitignore now adds both .supermodel/ and *.graph.* to
  .gitignore automatically on first run, so shard files never
  clutter the repo
- Show a zero-data-retention note + privacy URL before every upload
  in Generate (the sync step users care most about)
- Surface the same privacy statement in the setup wizard's Shard Mode
  step, alongside an explanation that .graph files are gitignored
  automatically

Addresses user feedback: shard files cluttering repo, and lack of
visible trust signal during code upload.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

v0.6.7

Fixes Windows npm install failure caused by GNU tar misinterpreting C:paths as remote rsh hosts and Defender holding scan-locks on freshly-
downloaded zips. See #133, #134.

feat(watch): show syncing indicator when incremental update starts

Feature requested by @JustSuperHuman.

Adds an OnSyncing callback to DaemonConfig, called just before the
incremental API call so users see immediate feedback when a file change
is detected. The Watch command implements it as:

  ↻  Syncing N file(s)...

followed by the existing ✓ Updated line once the response arrives.

Also introduces an analyzeClient interface on Daemon so the callback
ordering can be tested without a real HTTP server.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

fix(npm): refactor extractZip for testability, add tests, fix tmpDir …

…cleanup

- Extract extractZip() as a testable function with injectable execFn
- Move side-effectful module-level code inside require.main guard so
  require('./install') no longer triggers a download
- Add try/finally to guarantee tmpDir cleanup even if copyFileSync throws
- Add 6 node:test tests covering tar path, PowerShell fallback, retry
  loop structure, and path interpolation

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

test(gitzip): add tests for large files, symlinks, and fallback via l…

…s-files path

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

fix(npm): unique tmpDir, neutral comment, fix heading hierarchy

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

fix(ci): fix install.sh tty check and scoop PATH in smoke tests

- install.sh: test /dev/tty open instead of -r permission check, which
  returns true in CI even when the device cannot actually be opened
- release.yml: merge scoop install steps and update PATH in same shell
  session so scoop shims are available to subsequent commands

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

docs(npm): add README to npm package

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>