fix(agent): restrict background review agent to memory and skills toolsets

[luyao618]

What does this PR do?

The background skill/memory review agent was created without toolset restrictions, inheriting the full default tool set. This allowed it to use terminal, send_message, delegate_task, and other tools outside its intended scope, potentially performing unrelated side effects (e.g., sending messages to other agents via tmux, modifying unrelated files) after completing its skill creation task.

This PR restricts the review agent to only memory and skills toolsets by passing enabled_toolsets=["memory", "skills"] during AIAgent construction.

Related Issue

Fixes #15204

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)

Changes Made

• Add enabled_toolsets=["memory", "skills"] to the AIAgent() constructor call in _spawn_background_review() (run_agent.py), restricting the background review agent to only memory and skill management tools
• Add regression tests verifying the toolset restriction is applied

How to Test

1. Start a long conversation that triggers background skill review
2. Verify the review agent can still create/update skills and memory
3. Verify the review agent cannot use terminal, send_message, or other non-skill tools
4. Run the targeted test: pytest tests/run_agent/test_background_review_toolset_restriction.py -v
5. Run full suite: pytest tests/ -q --ignore=tests/integration --ignore=tests/e2e

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix
• I've run pytest tests/ -q and all tests pass
• I've added tests for my changes
• I've tested on my platform: macOS (Darwin 25.4.0, Apple Silicon), Python 3.11

Documentation & Housekeeping

• Updated relevant documentation — or N/A
• Updated cli-config.yaml.example — or N/A
• Updated contributing / agents docs — or N/A
• Considered cross-platform impact — or N/A
• Updated tool descriptions/schemas — or N/A

[teknium1]

Merged via #16569 — your commit was cherry-picked onto current main with your authorship preserved in git log. Thanks for the fix! #16569