feat(security): Enforce blacklist for discussion history files

tests/test_history_blacklist.py

@@ -0,0 +1,32 @@
+import pytest
+from pathlib import Path
+import mcp_client
+import aggregate
+
+def test_mcp_blacklist(tmp_path):
+    # Setup a "history" file
+    hist_file = tmp_path / "my_project_history.toml"
+    hist_file.write_text("secret history", encoding="utf-8")
+    
+    # Configure MCP client with the tmp_path as allowed
+    mcp_client.configure([{"path": str(hist_file)}], extra_base_dirs=[str(tmp_path)])
+    
+    # Try to read it - should fail
+    result = mcp_client.read_file(str(hist_file))
+    assert "ACCESS DENIED" in result or "BLACKLISTED" in result
+    
+    # Try to list it
+    result = mcp_client.list_directory(str(tmp_path))
+    assert "my_project_history.toml" not in result
+
+def test_aggregate_blacklist(tmp_path):
+    # Setup a "history" file
+    hist_file = tmp_path / "my_project_history.toml"
+    hist_file.write_text("secret history", encoding="utf-8")
+    
+    # Try to resolve paths including the history file
+    paths = aggregate.resolve_paths(tmp_path, "*_history.toml")
+    assert hist_file not in paths
+    
+    paths = aggregate.resolve_paths(tmp_path, "*")
+    assert hist_file not in paths