refactor: integrate secure file system operations across services

This commit replaces direct file system operations with a secure file system adapter to enhance security by enforcing path validation. The changes include:

- Replaced `fs` imports with `secureFs` in various services and utilities.
- Updated file operations in `agent-service`, `auto-mode-service`, `feature-loader`, and `settings-service` to use the secure file system methods.
- Ensured that all file I/O operations are validated against the ALLOWED_ROOT_DIRECTORY.

This refactor aims to prevent unauthorized file access and improve overall security posture.

Tests: All unit tests passing.

🤖 Generated with Claude Code

apps/server/src/routes/agent/index.ts

@@ -5,6 +5,7 @@
 import { Router } from "express";
 import { AgentService } from "../../services/agent-service.js";
 import type { EventEmitter } from "../../lib/events.js";
+import { validatePathParams } from "../../middleware/validate-paths.js";
 import { createStartHandler } from "./routes/start.js";
 import { createSendHandler } from "./routes/send.js";
 import { createHistoryHandler } from "./routes/history.js";
@@ -18,8 +19,8 @@ export function createAgentRoutes(
 ): Router {
   const router = Router();
 
-  router.post("/start", createStartHandler(agentService));
-  router.post("/send", createSendHandler(agentService));
+  router.post("/start", validatePathParams("workingDirectory?"), createStartHandler(agentService));
+  router.post("/send", validatePathParams("workingDirectory?", "imagePaths[]"), createSendHandler(agentService));
   router.post("/history", createHistoryHandler(agentService));
   router.post("/stop", createStopHandler(agentService));
   router.post("/clear", createClearHandler(agentService));