[BUG] Safety guard incorrectly blocks commands containing URLs

[cornjosh]

Quick Summary

When executing commands containing URLs, the safety guard incorrectly matches the URL path portion as a file system path, causing the command to be blocked. For example, agent-browser open https://github.com is incorrectly blocked.

Environment & Tools

• PicoClaw Version: b8f8e3f
• Go Version: go 1.26.1 linux/arm64
• AI Model & Provider: N/A
• Operating System: Linux 6.14.0-1018-oracle (aarch64)
• Channels: N/A

📸 Steps to Reproduce

1. Start PicoClaw with restrictToWorkspace safety restriction enabled
2. Execute a command containing a URL, e.g.: agent-browser open https://github.com
3. Observe the error in logs

❌ Actual Behavior

The command is blocked by the safety guard with the following error:

2026/03/07 03:31:32 [INFO] tool: Tool execution started {tool=exec, args=map[command:agent-browser open https://github.com]}
2026/03/07 03:31:32 [ERROR] tool: Tool execution failed {tool=exec, duration=0, error=Command blocked by safety guard (path outside working dir)}

✅ Expected Behavior

Commands containing URLs should execute normally without being blocked by the safety guard. URL path portions (e.g., https://github.com/user/repo) should not be treated as file system paths.

💬 Additional Context

Root Cause:

In pkg/tools/shell.go, the absolutePathPattern regex is used to match absolute file paths in commands:

absolutePathPattern = regexp.MustCompile(`[A-Za-z]:\\[^\\\"']+|/[^\s\"']+`)

The Unix path portion /[^\s\"']+ incorrectly matches URL path portions as absolute paths. For example:

• Input: https://github.com
• Match result: //github.com (mistakenly treated as a file path)

Since /github.com is not within the working directory, it triggers the "path outside working dir" error.

A fix will be submitted in a follow-up pull request.