fix(ax): use JoinPath in monitor path handling

Co-Authored-By: Virgil <virgil@lethean.io>

pkg/brain/brain.go

@@ -17,7 +17,7 @@ import (
 
 // fs provides unrestricted filesystem access for shared brain credentials.
 //
-//	keyPath := core.Concat(home, "/.claude/brain.key")
+//	keyPath := core.JoinPath(home, ".claude", "brain.key")
 //	if r := fs.Read(keyPath); r.OK {
 //		apiKey = core.Trim(r.Value.(string))
 //	}

pkg/monitor/harvest.go

@@ -208,7 +208,7 @@ func (m *Subsystem) checkSafety(srcDir string) string {
 			return core.Sprintf("binary file added: %s", file)
 		}
 
-		fullPath := core.Concat(srcDir, "/", file)
+		fullPath := core.JoinPath(srcDir, file)
 		if stat := fs.Stat(fullPath); stat.OK {
 			if info, ok := stat.Value.(interface{ Size() int64 }); ok && info.Size() > 1024*1024 {
 				return core.Sprintf("large file: %s (%d bytes)", file, info.Size())

pkg/monitor/monitor.go

@@ -21,7 +21,7 @@ import (
 
 // fs provides unrestricted filesystem access (root "/" = no sandbox).
 //
-//	r := fs.Read(core.Concat(wsRoot, "/", name, "/status.json"))
+//	r := fs.Read(core.JoinPath(wsRoot, name, "status.json"))
 //	if text, ok := resultString(r); ok { _ = core.JSONUnmarshalString(text, &st) }
 var fs = agentic.LocalFs()
 

pkg/monitor/sync.go

@@ -67,7 +67,7 @@ func (m *Subsystem) syncRepos() string {
 		if repoName == "." || repoName == ".." || repoName == "" {
 			continue
 		}
-		repoDir := core.Concat(basePath, "/", repoName)
+		repoDir := core.JoinPath(basePath, repoName)
 		if !fs.Exists(repoDir) || fs.IsFile(repoDir) {
 			continue
 		}