fix: separate runtime protected paths from file allowlist

[Mr-Lucky]

Summary

Separate runtime protected path matching from the file allowlist so sensitive runtime file reads still require approval when expected. This also threads runtime protected paths through the evaluator/protection flow and adds regression coverage for absolute home-path protected files.

Type

• Bug fix
• New feature / detection rule
• Refactoring
• Documentation

Testing

• npm run build passes
• npm test passes (377 tests)
• Manually tested the change

Related Issues

Closes #81

[github-actions]

AgentGuard PR Review

1. medium — src/runtime/evaluator.ts / src/runtime/types.ts
runtimeFilesystemAllowlist() now falls back to ['*'] whenever policy.filesystemAllowlist is unset, and EffectiveRuntimePolicy adds an optional filesystemAllowlist that is never populated in this diff. If any caller relies on the OSS action scanner’s filesystem checks for non-OpenClaw paths, this patch effectively disables path restrictions there and can turn unauthorized file access into “allow”.
   • What can go wrong: runtime evaluation may stop flagging disallowed filesystem access for agents that do not pass options.filesystemAllowlist, weakening security decisions.
   • Fix: default the scanner input to the existing security boundary (policy.protectedPaths or an explicitly derived safe allowlist) instead of ['*'], and only use workspace allowlists for callers that intentionally provide them.