fix(permissions): harden shell auto-approval path checks (#972)

Co-authored-by: RinZ27 <222222878+RinZ27@users.noreply.github.com>
Co-authored-by: Letta <noreply@letta.com>

src/tests/permissions/readOnlyShell.test.ts

@@ -237,6 +237,10 @@ describe("isReadOnlyShellCommand", () => {
       expect(isReadOnlyShellCommand("  ")).toBe(false);
     });
 
+    test("allows relative cd chaining with read-only git", () => {
+      expect(isReadOnlyShellCommand("cd src && git status")).toBe(true);
+    });
+
     test("blocks unknown commands", () => {
       expect(isReadOnlyShellCommand("rm file")).toBe(false);
       expect(isReadOnlyShellCommand("mv a b")).toBe(false);