fix: sync CLI agents fingerprinting + fix dompurify XSS vulnerability

- Agents page: Added droid, openclaw, copilot, opencode to fingerprinting list
  (synced with CLI Tools — now 14 providers total)
- Fixed dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides
  forcing dompurify ^3.3.2 across all transitive deps (monaco-editor)
- npm audit now reports 0 vulnerabilities

package-lock.json

@@ -14606,15 +14606,6 @@
         "marked": "14.0.0"
       }
     },
-    "node_modules/monaco-editor/node_modules/dompurify": {
-      "version": "3.2.7",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.7.tgz",
-      "integrity": "sha512-WhL/YuveyGXJaerVlMYGWhvQswa7myDG17P7Vu65EWC05o8vfeNbvNf4d/BOvH99+ZW+LlQsc1GDKMa1vNK6dw==",
-      "license": "(MPL-2.0 OR Apache-2.0)",
-      "optionalDependencies": {
-        "@types/trusted-types": "^2.0.7"
-      }
-    },
     "node_modules/motion": {
       "version": "12.38.0",
       "resolved": "https://registry.npmjs.org/motion/-/motion-12.38.0.tgz",

package.json

@@ -155,5 +155,8 @@
       "omniroute",
       "sharp"
     ]
+  },
+  "overrides": {
+    "dompurify": "^3.3.2"
   }
 }

src/app/(dashboard)/dashboard/agents/page.tsx

@@ -205,6 +205,10 @@ export default function AgentsPage() {
                 "kilocode",
                 "cline",
                 "qwen",
+                "droid",
+                "openclaw",
+                "copilot",
+                "opencode",
               ] as const
             ).map((providerId) => {
               const providerMeta = Object.values(AI_PROVIDERS).find(