Greptile Summary

This PR fixes a regression from recent security hardening where mkdirp operations failed for existing subdirectories. The root cause was that boundary checks were hardcoded to only accept files, causing directory paths to fail validation.

Key Changes:

• Added SafeOpenSyncAllowedType ("file" | "directory") to allow configurable file type validation
• Modified openVerifiedFileSync to accept allowedTypes parameter (defaults to ["file"] for backward compatibility)
• Updated mkdirp to pass allowedTypes: ["directory"] during boundary checks
• Properly handled edge cases: hardlink checks and size validations now only apply to files, not directories
• Added comprehensive test coverage for both the low-level safe-open function and high-level mkdirp flow

Security Impact:
The fix maintains all existing security boundaries - it only corrects the file type check to properly support directories when explicitly requested. All TOCTOU protections, boundary validations, and path safety checks remain intact.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The fix is minimal, well-targeted, and properly tested. It introduces an optional parameter with a safe default, maintains all security boundaries, and includes comprehensive test coverage. The implementation correctly handles edge cases like hardlink and size checks for directories.
• No files require special attention

_{Last reviewed commit: a41a812}

Landed via temp rebase onto main.

• Gate: pnpm check && pnpm build && pnpm test && pnpm check:docs (local full gate blocked by unrelated baseline test failures in Ollama/Web reconnect tests); targeted regression tests passed: pnpm exec vitest run src/infra/safe-open-sync.test.ts src/agents/sandbox/fs-bridge.test.ts; docs gate passed: pnpm check:docs
• Land commit: 17cccc2
• Merge commit: 3be1343

Thanks @glitch418x!