fix(scripted-tool): isolate extension invocation traces

[chaliy]

Motivation

• Prevent cross-tenant leakage caused by a shared Arc<Mutex<...>> invocation log that could mix raw argv across builds/clones.
• Ensure trace state is per-extension (or explicitly shared) and bounded to avoid unbounded growth and accidental disclosure.

Description

• Make ToolDefExtension::clone() allocate a fresh invocation log so clones do not share trace state.
• Add ToolDefInvocationTrace (with take_invocations) and ToolDefExtension::invocation_trace() to provide an explicit, intentional trace handle that can be cloned to share traces when desired.
• Change ToolDefExtension::take_invocations() to forward to the explicit trace handle and update ToolDefExtensionBuilder::build() docs to document the isolation contract.
• Re-export ToolDefInvocationTrace from the scripted_tool module and crate root, update tests to use invocation_trace(), and update specs/scripted-tool-orchestration.md to document the new behavior.

Testing

• Ran cargo test -p bashkit scripted_tool::tests::test_tool_def_extension --features scripted_tool and all scripted-tool tests in that group passed (5 passed, 0 failed).
• Ran cargo fmt --check and git diff --check with no reported issues.
• Updated unit tests under crates/bashkit/src/scripted_tool/mod.rs to assert per-build and per-clone isolation and to verify bounded/truncated invocation storage, and those tests passed.

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	bashkit	3b82ecd	Commit Preview URL	Jun 02 2026, 09:31 AM