fix(tools): sandbox glob and grep to project directory

[androolloyd]

Summary

Adds path containment checks to glob and grep tools to prevent searches outside the project directory.

Problem

When an AI agent provides a path parameter that resolves outside the project directory (e.g., ~, /Users/username, or ../), the glob and grep tools would happily traverse the entire filesystem. On macOS, this triggers permission dialogs for protected directories like:

• ~/Library
• ~/Music
• ~/Photos
• ~/Pictures

This is both a security concern and a poor UX (permission dialog spam).

Solution

Mirror the existing sandboxing pattern from bash.ts (line 88) which uses Filesystem.contains() to validate paths:

if (!Filesystem.contains(Instance.directory, searchPath)) {
  throw new Error(`Search path "..." is outside the project directory...`)
}

Changes

• glob.ts: Add Filesystem import and containment check after path resolution
• grep.ts: Add path import, Filesystem import, resolve relative paths, and add containment check

Testing

Verified the logic correctly:

• ✅ Allows searches within project directory
• ✅ Allows searches in subdirectories
• ✅ Blocks $HOME directory
• ✅ Blocks ../ escape attempts
• ✅ Blocks absolute paths outside project
• ✅ Blocks protected macOS directories

Related

This fixes the same class of issue that bash tool already handles, bringing glob/grep tools to parity.