[codex] Extract filesystem safety primitives (#77918)

* refactor: extract filesystem safety primitives

* refactor: use fs-safe for file access helpers

* refactor: reuse fs-safe for media reads

* refactor: use fs-safe for image reads

* refactor: reuse fs-safe in qqbot media opener

* refactor: reuse fs-safe for local media checks

* refactor: consume cleaner fs-safe api

* refactor: align fs-safe json option names

* fix: preserve fs-safe migration contracts

* refactor: use fs-safe primitive subpaths

* refactor: use grouped fs-safe subpaths

* refactor: align fs-safe api usage

* refactor: adapt private state store api

* chore: refresh proof gate

* refactor: follow fs-safe json api split

* refactor: follow reduced fs-safe surface

* build: default fs-safe python helper off

* fix: preserve fs-safe plugin sdk aliases

* refactor: consolidate fs-safe usage

* refactor: unify fs-safe store usage

* refactor: trim fs-safe temp workspace usage

* refactor: hide low-level fs-safe primitives

* build: use published fs-safe package

* fix: preserve outbound recovery durability after rebase

* chore: refresh pr checks

src/shared/avatar-policy.ts

@@ -1,4 +1,5 @@
 import path from "node:path";
+import { isPathInside } from "../infra/path-guards.js";
 import { normalizeLowercaseStringOrEmpty } from "./string-coerce.js";
 
 export const AVATAR_MAX_BYTES = 2 * 1024 * 1024;
@@ -64,11 +65,7 @@ export function isWorkspaceRelativeAvatarPath(value: string): boolean {
 }
 
 export function isPathWithinRoot(rootDir: string, targetPath: string): boolean {
-  const relative = path.relative(rootDir, targetPath);
-  if (relative === "") {
-    return true;
-  }
-  return !relative.startsWith("..") && !path.isAbsolute(relative);
+  return isPathInside(rootDir, targetPath);
 }
 
 export function looksLikeAvatarPath(value: string): boolean {