fix: process_docs silently drops invalid paths instead of reporting rejection reason #155
Description
Severity: Medium
When `process_docs` receives paths that fail validation (traversal attempts, absolute paths outside the workspace), it silently returns an empty result set with no indication that paths were rejected. The caller cannot distinguish "no matching files" from "all paths were rejected for security reasons".
Current behavior
```json
// Input: paths: ["/etc/passwd", "../../../secret.md"]
{"result":[],"docs_loaded":0,"execution_time_ms":1,"metadata":{"paths":[],"total_size":0}}
```
Expected behavior
```json
{
"result": [],
"docs_loaded": 0,
"skipped_paths": [
{"path": "/etc/passwd", "reason": "absolute path outside workspace"},
{"path": "../../../secret.md", "reason": "path traversal rejected"}
],
"metadata": {...}
}
```
Fix
Collect rejected paths and reasons in the catch block of the document loader and include them in the tool response metadata.
Files to modify
- `src/tools/process-docs.ts` — collect `skipped_paths` array, include in response
- `tests/tools/process-docs.test.ts` — add test: rejected paths appear in skipped_paths