sec(python/js): AI framework wrappers don't propagate execution limits from framework config

[chaliy]

Summary

The AI framework integrations (LangChain, Anthropic, OpenAI, PydanticAI, DeepAgents) create `BashTool` instances with either default or user-specified limits. However, the framework-level tool configuration (e.g., LangChain's tool timeout, Anthropic's tool use timeout) is not propagated to bashkit's execution limits. This means:

1. A framework may expect a 5-second tool timeout, but bashkit's default is 30 seconds
2. The framework-side timeout kills the tool call, but bashkit continues executing in the background

Threat category: TM-DOS (Denial of Service) — framework integration gap
Severity: Medium
Component: `crates/bashkit-js/anthropic.ts`, `crates/bashkit-js/openai.ts`, `crates/bashkit-python/bashkit/langchain.py`, etc.

Root Cause

The integration wrappers create tools with fixed or user-specified limits:

// anthropic.ts
export function createBashTool(options?: BashToolOptions) {
    const tool = new BashTool(options);
    // No propagation of Anthropic SDK timeout settings
}

# langchain.py
class BashkitTool(BaseTool):
    def __init__(self, bash_tool=None, **kwargs):
        # LangChain tool config (timeout, max_retries) not mapped to bashkit limits

When a framework cancels a tool call due to its own timeout, the underlying bashkit execution may continue running until bashkit's own timeout fires (up to 30 seconds later).

Impact

• Orphaned execution: Framework considers the tool call failed, but bashkit continues consuming resources
• Unexpected behavior: Script side effects continue after the framework has moved on
• Resource waste: CPU and memory consumed by orphaned executions

Acceptance Criteria

• Map framework timeout settings to bashkit execution timeout
• Use `AbortSignal` / cancellation token to propagate framework cancellation to bashkit
• Add integration tests verifying timeout propagation
• Document how to configure execution limits in framework integration context