Sync main back to beta: bring Copilot fixes from #426 onto beta

Closes the final 55-line content drift between beta and main. PR #426
was squash-merged into main, so the two Copilot review fixes I pushed
during its review cycle landed on main as part of the squash commit
but never made it back to beta:

- Path-traversal guard in tests/integration/_self_update_fixture.py
  (mirrors update_reload_runner.gd's runtime check)
- Negative-path tests for v2.4.0+ addon-shape preflight in
  tests/unit/test_self_update_smoke_harness.py (+4 tests)

After this merges, beta and main are content-identical and the
merge graph reflects an ongoing-convergence relationship.

https://claude.ai/code/session_01VgXf3Lqv2ypt36g6EqpRYg

# Conflicts:
#	tests/integration/_self_update_fixture.py

Author: claude

tests/integration/_self_update_fixture.py

@@ -279,6 +279,11 @@ def extract_addon_from_zip(zip_path: Path, target_addon: Path) -> None:
             if not info.filename.startswith("addons/godot_ai/") or info.is_dir():
                 continue
             rel = Path(info.filename).relative_to("addons/godot_ai")
+            if rel.is_absolute() or any(part in ("", ".", "..") for part in rel.parts):
+                raise ValueError(
+                    f"Refusing unsafe zip entry {info.filename!r}: relative path "
+                    f"{rel!s} contains absolute or traversal segments"
+                )
             out = target_addon / rel
             out.parent.mkdir(parents=True, exist_ok=True)
             out.write_bytes(zf.read(info.filename))

tests/unit/test_self_update_smoke_harness.py

@@ -9,6 +9,8 @@
 from pathlib import Path
 from types import ModuleType
 
+import pytest
+
 ROOT = Path(__file__).resolve().parents[2]
 SCRIPT = ROOT / "script" / "local-self-update-smoke"
 
@@ -208,6 +210,54 @@ def test_self_update_smoke_harness_refuses_unmarked_existing_dir(tmp_path: Path)
     assert "not marked as a smoke fixture" in result.stderr
 
 
+def _make_addon_with(tmp_path: Path, *, present: tuple[str, ...]) -> Path:
+    addon = tmp_path / "addon"
+    (addon / "utils").mkdir(parents=True)
+    for rel in present:
+        (addon / rel).write_text("# fixture stub\n", encoding="utf-8")
+    return addon
+
+
+def test_v240_preflight_passes_when_both_files_present(tmp_path: Path) -> None:
+    smoke = load_smoke_script()
+    addon = _make_addon_with(
+        tmp_path,
+        present=("utils/server_lifecycle.gd", "utils/update_manager.gd"),
+    )
+    smoke._require_v240_plus_addon_shape(addon, "2.4.0")
+
+
+@pytest.mark.parametrize(
+    ("present", "expected_missing"),
+    [
+        (("utils/update_manager.gd",), "utils/server_lifecycle.gd"),
+        (("utils/server_lifecycle.gd",), "utils/update_manager.gd"),
+    ],
+)
+def test_v240_preflight_raises_clear_harness_error_for_single_missing_file(
+    tmp_path: Path, present: tuple[str, ...], expected_missing: str
+) -> None:
+    smoke = load_smoke_script()
+    addon = _make_addon_with(tmp_path, present=present)
+    with pytest.raises(smoke.HarnessError) as exc_info:
+        smoke._require_v240_plus_addon_shape(addon, "2.3.2")
+    message = str(exc_info.value)
+    assert expected_missing in message, message
+    assert "2.3.2" in message, message
+    assert "v2.4.0" in message, message
+    assert "--base-from-release-tag" in message, message
+
+
+def test_v240_preflight_lists_all_missing_files_when_both_absent(tmp_path: Path) -> None:
+    smoke = load_smoke_script()
+    addon = _make_addon_with(tmp_path, present=())
+    with pytest.raises(smoke.HarnessError) as exc_info:
+        smoke._require_v240_plus_addon_shape(addon, "2.3.2")
+    message = str(exc_info.value)
+    assert "utils/server_lifecycle.gd" in message, message
+    assert "utils/update_manager.gd" in message, message
+
+
 def test_self_update_smoke_harness_refuses_suspicious_marker(tmp_path: Path) -> None:
     project = tmp_path / "existing-project"
     (project / ".godot-ai-self-update-smoke").mkdir(parents=True)