fix: Filesystem.contains cross-drive path bypass on Windows

[Nicoo01x]

Bug Description

Filesystem.contains() can be bypassed on Windows when the parent and child paths are on different drive letters (e.g., project on D:\ and attacker path on C:\).

Root Cause

path.relative() in Node.js, when comparing paths across different Windows drive letters, returns the absolute child path instead of a ..-prefixed relative path:

path.relative("D:\project", "C:\evil\file.txt")
// Returns: "C:\evil\file.txt"  (no ".." prefix)

Since contains() only checks !relative(parent, child).startsWith(".."), it incorrectly returns true, meaning it thinks C:\evil\file.txt is inside D:\project.

Impact

This affects File.read() and File.list() path traversal protection — an agent could potentially read or list files from any drive on the system.

Reproduction

import { Filesystem } from "./src/util/filesystem"

// BUG: returns true (should be false)
Filesystem.contains("D:\project", "C:\evil\file.txt")

Proposed Fix

Add a drive letter comparison guard in Filesystem.contains() before the path.relative() check. This is referenced by the existing TODO comments in src/file/index.ts (lines 499-500, 575-576).

Environment

• Platform: Windows 11
• Node.js: v22.17.0

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• Path traversal vulnerability via symlinks and cross-drive paths #8313: Covers the same Filesystem.contains() cross-drive path bypass on Windows (and symlink escapes) — nearly identical root cause and proposed fix referencing the same TODO comments in src/file/index.ts
• Potential path traversal in file read/write tools #11703: Also reports the Filesystem.contains() weakness via string-based path.relative() comparison, including the cross-drive Windows scenario

Please review those issues and consider closing this one in favor of the existing reports, or confirm that this addresses a distinct scenario.