fix(exec): fail closed when sandbox is unavailable and harden deny followups (#56800)

* fix(exec): fail closed when sandbox is unavailable and harden deny followups

* docs(changelog): note exec fail-closed fix

src/agents/bash-tools.exec.path.test.ts

@@ -251,25 +251,14 @@ describe("exec host env validation", () => {
     }
   });
 
-  it("defaults to sandbox when sandbox runtime is unavailable", async () => {
+  it("fails closed when the implicit sandbox host has no sandbox runtime", async () => {
     const tool = createExecTool({ security: "full", ask: "off" });
 
-    const result = await tool.execute("call1", {
-      command: "echo ok",
-    });
-    const text = normalizeText(result.content.find((c) => c.type === "text")?.text);
-    expect(text).toContain("ok");
-
-    const err = await tool
-      .execute("call2", {
+    await expect(
+      tool.execute("call1", {
         command: "echo ok",
-        host: "gateway",
-      })
-      .then(() => null)
-      .catch((error: unknown) => (error instanceof Error ? error : new Error(String(error))));
-    expect(err).toBeTruthy();
-    expect(err?.message).toMatch(/exec host not allowed/);
-    expect(err?.message).toMatch(/tools\.exec\.host=sandbox/);
+      }),
+    ).rejects.toThrow(/sandbox runtime is unavailable/);
   });
 
   it("fails closed when sandbox host is explicitly configured without sandbox runtime", async () => {