Block remote URLs in look_at file_path

[devxoul]

Summary

• Block http:// and https:// URLs in look_at tool's file_path parameter.
• The tool only supports local files and base64 image data — remote URLs were silently mangled by pathToFileURL() instead of returning a clear error.

Changes

• Add remote URL check to validateArgs() in look-at-arguments.ts — rejects file_path starting with http:// or https:// (case-insensitive).
• Add 3 tests covering http://, https://, and mixed-case HTTPS:// URLs.

Testing

bun test src/tools/look-at/tools.test.ts
# 23 pass, 0 fail

---

Summary by cubic

Blocks remote HTTP/HTTPS URLs in look_at’s file_path to prevent silent mangling. Users now get a clear error and must use a local path or image_data.

• Bug Fixes
  • Added case-insensitive check in validateArgs to reject file_path starting with http:// or https://.
  • Added tests for http, https, and mixed-case schemes.

^{Written for commit 3eb7dc7. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 2 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

_{Auto-approved: Simple validation addition with comprehensive tests. Regex is correct (/^https?:///i), error message is clear, tests cover http/https and case-insensitivity. No logic changes to existing code, Purel}