#4226: Fix/sandbox containerworkdir rw access

## Summary Fixes #4171 - Cron isolated agent does not pass sandboxInfo to system prompt ## Problem When running a cron job with `sessionTarget: "isolated"` and sandbox enabled with `workspaceAccess: "rw"`, the agent receives the host workspace path (e.g., `/home/node/loom-novia`) in the system prompt instead of the Docker container mount path (`/workspace`). ## Root Cause The [buildEmbeddedSandboxInfo()](cci:1://file:///Users/ozgur/Documents/Repos/Apps/moltbot/moltbot/src/agents/pi-embedded-runner/sandbox-info.ts:4:0-36:1) function was only setting `agentWorkspaceMount` for read-only ([ro](cci:2://file:///Users/ozgur/Documents/Repos/Apps/moltbot/moltbot/src/agents/system-prompt.ts:12:0-12:53)) access, but not for read-write (`rw`) access. ## Changes - **[src/agents/pi-embedded-runner/sandbox-info.ts](cci:7://file:///Users/ozgur/Documents/Repos/Apps/moltbot/moltbot/src/agents/pi-embedded-runner/sandbox-info.ts:0:0-0:0)**: Added logic to set `agentWorkspaceMount` to `containerWorkdir` (typically `/workspace`) for `rw` access - **[src/agents/pi-embedded-runner.buildembeddedsandboxinfo.test.ts](cci:7://file:///Users/ozgur/Documents/Repos/Apps/moltbot/moltbot/src/agents/pi-embedded-runner.buildembeddedsandboxinfo.test.ts:0:0-0:0)**: Added 2 new test cases for `rw` and [ro](cci:2://file:///Users/ozgur/Documents/Repos/Apps/moltbot/moltbot/src/agents/system-prompt.ts:12:0-12:53) workspace access modes ## Testing - [x] All existing tests pass - [x] New test cases added for rw/ro access modes - [x] Lint passes - [x] Build passes ## AI-Assisted - [x] This PR was AI-assisted - [x] Lightly tested (unit tests only) - [x] I understand what the code does <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates `buildEmbeddedSandboxInfo` to populate `agentWorkspaceMount` for `workspaceAccess: "rw"` using the sandbox’s `containerWorkdir`, so system prompts reference the container-mounted workspace path (e.g. `/workspace`) instead of host paths. It also adds unit coverage for `rw`/`ro` access modes, and includes small doc/changelog updates. In the codebase, `EmbeddedSandboxInfo` is used to shape what the agent sees in the system prompt about its execution sandbox; this change ensures the prompt reflects the actual filesystem mount point when the agent has read/write workspace access inside the container. <h3>Confidence Score: 4/5</h3> - This PR is likely safe to merge and addresses the reported sandbox path issue with minimal surface area. - The change is localized to sandbox prompt info construction and is backed by new unit tests. Remaining risk is mostly around assumptions that `containerWorkdir` is always set for `rw`, and that tests don’t fully assert the originally reported host-vs-container path mismatch scenario. - src/agents/pi-embedded-runner/sandbox-info.ts; src/agents/pi-embedded-runner.buildembeddedsandboxinfo.test.ts <!-- greptile_other_comments_section --> _{(5/5) You can turn off certain types of comments like style [here](https://app.greptile.com/review/github)!} <!-- /greptile_comment -->