fix(exec): clarify auto routing semantics (#58897) (thanks @vincentkoc)

src/agents/bash-tools.exec-runtime.ts

@@ -221,6 +221,9 @@ export function isRequestedExecTargetAllowed(params: {
   configuredTarget: ExecTarget;
   requestedTarget: ExecTarget;
 }) {
+  // `auto` is a routing strategy, not a wildcard allowlist. Keep per-call host
+  // selection pinned to the configured/session-selected target so a sandboxed
+  // session cannot silently hop to gateway or node.
   return params.requestedTarget === params.configuredTarget;
 }
 
@@ -253,6 +256,9 @@ export function resolveExecTarget(params: {
     );
   }
   const selectedTarget = requestedTarget ?? configuredTarget;
+  // `auto` preserves the no-config "just work" default: sandbox when available,
+  // otherwise gateway. The YOLO part comes from security/ask defaults, not from
+  // `auto` itself.
   const effectiveHost =
     selectedTarget === "auto" ? (params.sandboxAvailable ? "sandbox" : "gateway") : selectedTarget;
   return {