fix(companion): absolute node path for MCP spawn + restrict to mcp tools

claude resolves the MCP server command against the child env (no PATH), so a
bare 'node' failed to spawn (status:failed). Use process.execPath. Also pass
--tools to drop claude's built-ins (Bash/Read/Write/…) — companion gets only
the four mcp__void__* tools.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

lib/api/routes/companion.js

@@ -75,7 +75,9 @@ spacesScopedRouter.post('/turn',
     const mcpConfig = {
       mcpServers: {
         void: {
-          command: 'node',
+          // Absolute node path: claude resolves `command` against the MCP child's
+          // env (which has no PATH), so a bare 'node' fails to spawn ("status:failed").
+          command: process.execPath,
           args: [COMPANION_STDIO_PATH],
           env: {
             VOID_SPACE_ID: req.params.space_id,
@@ -92,6 +94,13 @@ spacesScopedRouter.post('/turn',
     const claudeExe = req.app.locals.claudeExe || process.env.CLAUDE_EXE || 'claude';
     const draftIds = [];
 
+    const companionTools = [
+      'mcp__void__search',
+      'mcp__void__read',
+      'mcp__void__context',
+      'mcp__void__propose_change'
+    ];
+
     let result;
     try {
       result = await runClaudeTurn({
@@ -99,12 +108,10 @@ spacesScopedRouter.post('/turn',
         systemPrompt: SYSTEM,
         userText: text,
         mcpConfigPath,
-        allowedTools: [
-          'mcp__void__search',
-          'mcp__void__read',
-          'mcp__void__context',
-          'mcp__void__propose_change'
-        ],
+        // `tools` restricts the session to ONLY our tools (no built-in Bash/Read/…);
+        // `allowedTools` auto-approves them in non-interactive (--print) mode.
+        tools: companionTools,
+        allowedTools: companionTools,
         claudeExe,
         home: process.env.VOID_CLAUDE_HOME || undefined,
         onEvent: (e) => {