bug: workDir validation error leaks allowed directories list to authenticated users

[OneStepAt4time]

Summary

When a session is created with an invalid workDir, the error response includes the full list of allowed directories on the host filesystem.

Reproduction

curl -X POST -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" \
  -d '{"prompt":"test","workDir":"/nonexistent/path"}' \
  http://127.0.0.1:9100/v1/sessions

Expected

{"code": "INVALID_WORKDIR", "message": "workDir is not in the allowed directories list"}

Actual

{
  "code": "INVALID_WORKDIR",
  "message": "workDir /nonexistent/path is not in the allowed directories list. Allowed: /home/bubuntu, /home/bubuntu/projects/aegis"
}

Impact

• Reveals host filesystem structure to authenticated users
• An attacker learns the allowed paths and can target them specifically
• In hosted/multi-tenant scenarios, this leaks server filesystem layout

Version

Aegis v0.6.7-preview.1

Severity

Low — requires authentication, but unnecessary information disclosure

[OneStepAt4time]

Fixed in #3375 — workDir validation error no longer leaks allowed directories.

[aegis-gh-agent]

Resolved by PR #3375 (squash-merged on 2026-05-14).