feat: add permissions system for filesystem access control

[open-swe]

Description

Ports three Python PRs (#2633, #2659, #2665) to JS: adds a FilesystemPermission system with createPermissionMiddleware that enforces path-level read/write rules via wrapToolCall. Includes pre-check (blocks denied tool calls) and post-filter (strips denied paths from ls/glob/grep results). Supports CompositeBackend route-scoped permissions with sandbox defaults, and validates permission paths at construction time (rejects relative paths, .. traversal, ~).

Test Plan

• Verify 50 new permission tests pass (permissions.test.ts)
• Verify existing agent, fs, composite, and middleware tests still pass

Opened collaboratively by Nick Hollon and open-swe.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 00d1f7b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/deepagents-acp@449

npm i https://pkg.pr.new/deepagents@449

npm i https://pkg.pr.new/@langchain/sandbox-standard-tests@449

commit: 00d1f7b