fix: add directory validation for session creation and retrieval

[zenyr]

Issues

Session creation allowed nonexistent directories or paths outside the project scope, causing invalid sessions. Retrieval failed when accessing sessions created in different project contexts.

Fixes

• Added async directory existence and project boundary checks in Session.create using Bun's native APIs to prevent invalid session creation.
• Improved Session.get with loop-based fallback to global project, enabling cross-project session access.

Question

Is allowing arbitrary directory specification (e.g., /root/ for a project in /user/foo) intentional? This enables cross-project work but may confuse users. Should we restrict to project-related directories?

Fixes API inconsistency reported in bug analysis.

[zenyr]

If allowing session creation in external folders (outside the project scope), it might be better to support full project CRUD operations instead, as the API currently lacks project deletion and management features.

[manno23]

I think that kind of secret contract just grew out of it being a single user, bundled application, I want to use this in cloudflare with client at home but this neede to get sorted out first for that. I dont know if you ever looked at the spec, but every operation endpoint has a single optional directory param that the client gives and yeah, its used to kind of push the server around when really the server should be locked down by configuration before it ever starts

[zenyr]

I think that kind of secret contract just grew out of it being a single user, bundled application, I want to use this in cloudflare with client at home but this neede to get sorted out first for that. I dont know if you ever looked at the spec, but every operation endpoint has a single optional directory param that the client gives and yeah, its used to kind of push the server around when really the server should be locked down by configuration before it ever starts

Yes, I actually discovered this bug while trying to set up a headless home lab like Google Jules, and that aspect was concerning from both security and design standpoints. However, I worried that hastily fixing the bug might disrupt existing workflows. That's why I included the question in the PR description.