fix(tools): prevent searching root directory in grep and glob tools

[coderzc]

Description

Adds validation to prevent the grep and glob tools from searching the root directory (/), which can cause performance issues and scan unintended system files.

Related Issue(s)

Fixes #12051
Related to #14445
Related to #8754 (complementary - this PR specifically targets root directory while #8754 handles general sandboxing)

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature
• Breaking change
• Documentation update

Changes

• Added validation in grep.ts to throw an error when attempting to search the root directory
• Added validation in glob.ts to throw an error when attempting to search the root directory

Testing

• Verified that grep pattern=\"test\" path=\"/\" throws: \"Searching root directory is not allowed: /\"
• Verified that glob pattern=\"**/*.ts\" path=\"/\" throws: \"Searching root directory is not allowed: /\"
• Verified that normal project directory searches still work correctly

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

Additional Context

Searching the root directory (/) can:

• Scan system directories like /System, /Volumes, etc. on macOS
• Cause significant performance issues
• Return irrelevant results

This PR complements #8754 which adds general sandboxing - while #8754 restricts searches to the project directory using Filesystem.contains(), this PR specifically hard-blocks root directory searches which is a common edge case that should never be allowed.

[github-actions]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

1. Open an issue describing the bug/feature (if one doesn't exist)
2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

[github-actions]

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

• PR description is missing required template sections. Please use the PR template.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Found a related PR:

PR #8754: fix(sandbox): glob and grep to project directory
#8754

This PR appears to address a very similar concern - sandboxing glob and grep tools to the project directory to prevent unintended filesystem access. This may be related to or a predecessor of the current PR (#15534), which specifically targets preventing root directory searches.

[github-actions]

This pull request has been automatically closed because it was not updated to meet our contributing guidelines within the 2-hour window.

Feel free to open a new pull request that follows our guidelines.