fix(tools): exec guard must not treat relative paths as root-absolute

[Chris-dash-T4]

📝 Description

The path scanner used /[^\s"']+ anywhere in the command string, so archive/SKILL.md matched /SKILL.md, Abs resolved it to the filesystem root, and Rel produced .. chains that tripped the workspace check.

Require Unix-looking absolutes to follow a shell delimiter (including / so file:/// paths still match). Parse with FindAllStringSubmatchIndex.

Extend web URL exemption: after adding / as a delimiter, https://host can match /host with a single leading slash; detect via scheme suffix on the trimmed prefix before the match.

Add TestShellTool_RelativePathWithSlashNotTreatedAsAbsolute.

Made-with: Cursor

🗣️ Type of Change

• 🐞 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 📖 Documentation update
• ⚡ Code refactoring (no functional changes, no api changes)

🤖 AI Code Generation

• 🤖 Fully AI-generated (100% AI, 0% Human)
• 🛠️ Mostly AI-generated (AI draft, Human verified/modified)
• 👨‍💻 Mostly Human-written (Human lead, AI assisted or none)

🔗 Related Issue

Fixes #2749

📚 Technical Context (Skip for Docs)

• Reference URL: N/A
• Reasoning: Added a fixed prefix to the regex to ensure /path would only be matched at the beginning of the line or after a whitespace-like delimiter. Thus, wc /path/to/file will match, while wc path/to/file will pass through.

🧪 Test Environment

• Hardware: Desktop PC
• OS: Ubuntu 24.04, on Docker
• Model/Provider: GLM-4.7-Flash on Llama.cpp
• Channels: Discord, OneBot

📸 Evidence (Optional)

Click to view Logs/Screenshots

As of a94ba82, before fix:

After fix:

☑️ Checklist

• My code/docs follow the style of this project.
  • Note: make lint identified issues outside of the scope of this PR, mainly in pkg/config and web/
• I have performed a self-review of my own changes.
• [NA] I have updated the documentation accordingly.

[CLAassistant]

All committers have signed the CLA.