Reduce risk with configurable filesystem isolation for tools

We introduced a restrict_to_base_dir parameter for PythonTools and MLXTranscribeTools, enabled by default. Tools now operate within a contextual base directory, minimizing blast radius and protecting local or mounted data during execution.

Details

On by default: tools read/write only within their base directory
Opt out per tool by setting restrict_to_base_dir=False
Adjust the base directory to allow intended paths while maintaining isolation

Who this is for: Security-conscious teams, multi-tenant deployments, and anyone running tools on shared infrastructure.