fix(plan): sandbox path resolution in Plan Mode to prevent hallucinations (#22737)

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

packages/core/src/utils/planUtils.ts

@@ -13,8 +13,8 @@ import { isSubpath, resolveToRealPath } from './paths.js';
  * Shared between backend tools and CLI UI for consistency.
  */
 export const PlanErrorMessages = {
-  PATH_ACCESS_DENIED:
-    'Access denied: plan path must be within the designated plans directory.',
+  PATH_ACCESS_DENIED: (planPath: string, plansDir: string) =>
+    `Access denied: plan path (${planPath}) must be within the designated plans directory (${plansDir}).`,
   FILE_NOT_FOUND: (path: string) =>
     `Plan file does not exist: ${path}. You must create the plan file before requesting approval.`,
   FILE_EMPTY:
@@ -32,14 +32,14 @@ export const PlanErrorMessages = {
 export async function validatePlanPath(
   planPath: string,
   plansDir: string,
-  targetDir: string,
 ): Promise<string | null> {
-  const resolvedPath = path.resolve(targetDir, planPath);
+  const safeFilename = path.basename(planPath);
+  const resolvedPath = path.join(plansDir, safeFilename);
   const realPath = resolveToRealPath(resolvedPath);
   const realPlansDir = resolveToRealPath(plansDir);
 
   if (!isSubpath(realPlansDir, realPath)) {
-    return PlanErrorMessages.PATH_ACCESS_DENIED;
+    return PlanErrorMessages.PATH_ACCESS_DENIED(planPath, realPlansDir);
   }
 
   if (!(await fileExists(resolvedPath))) {