Refactor security framework to support context cancellation in HTTP operations

[sammcj]

Problem

The security framework's HTTP helper functions (SafeHTTPGet, SafeHTTPPost, etc.) currently use the standard http.Get() and http.Post() methods, which don't support context cancellation or timeout handling. This means:

1. HTTP operations cannot be cancelled when the parent context is cancelled
2. Timeouts cannot be properly enforced at the HTTP client level
3. Tools that use these security helpers must discard their context parameter

This was identified during code review in PR #127 when implementing the magic_ui and aceternity_ui tools.

Current Implementation

The current SafeHTTPGet implementation (internal/security/helpers.go:43-111):

func (o *Operations) SafeHTTPGet(urlStr string) (*SafeHTTPResponse, error) {
    // ... validation ...
    resp, err := http.Get(urlStr)  // No context support
    // ...
}

Proposed Solution

Refactor all HTTP helper functions to accept and use context.Context:

func (o *Operations) SafeHTTPGet(ctx context.Context, urlStr string) (*SafeHTTPResponse, error) {
    // ... validation ...
    req, err := http.NewRequestWithContext(ctx, "GET", urlStr, nil)
    if err != nil {
        return nil, err
    }
    
    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Functions to Update

All HTTP helper functions in internal/security/helpers.go:

• SafeHTTPGet(urlStr string) → SafeHTTPGet(ctx context.Context, urlStr string)
• SafeHTTPPost(urlStr string, body io.Reader) → SafeHTTPPost(ctx context.Context, urlStr string, body io.Reader)
• SafeHTTPGetWithHeaders(urlStr string, headers map[string]string) → SafeHTTPGetWithHeaders(ctx context.Context, urlStr string, headers map[string]string)
• SafeHTTPPostWithHeaders(urlStr string, body io.Reader, headers map[string]string) → SafeHTTPPostWithHeaders(ctx context.Context, urlStr string, body io.Reader, headers map[string]string)

Impact

This will require updating all tools that use these security helpers. A quick search shows these tools are affected:

• aceternity_ui
• aws_documentation
• github
• magic_ui
• packagedocs
• shadcnui (multiple files)
• terraform_documentation
• webfetch

Each tool will need to pass their context parameter through to the security framework calls.

Benefits

1. Proper resource cleanup when operations are cancelled
2. Better timeout handling for HTTP operations
3. Follows Go best practices for context propagation
4. Enables proper cancellation in long-running operations

Testing

• Unit tests should verify context cancellation works correctly
• Integration tests should verify timeout behaviour
• Ensure all existing tests still pass after refactoring

---

Priority: Medium
Complexity: Medium (requires updating multiple tools)
Type: Enhancement, Technical Debt