fix: allow /root workspace path; guard against split on missing [Attached files]

Removes /root from _BLOCKED_SYSTEM_ROOTS in api/workspace.py, allowing
Hermes running as root (e.g. Docker, VPS) to use /root as a workspace
without a 'system directory' rejection.

Fixes a fragile string split in api/streaming.py: base_text extraction
now guards against msg_text that contains no '[Attached files:' marker,
preventing the split from producing empty-string on those messages.

Fixes: #510, partial fix from #521 (workspace + split guard only).
Co-authored-by: ccqqlo <ccqqlo@users.noreply.github.com>

api/streaming.py

@@ -595,7 +595,7 @@ def _run_agent_streaming(session_id, msg_text, model, workspace, stream_id, atta
                     if m.get('role') == 'user':
                         content = str(m.get('content', ''))
                         # Match if content is part of the sent message or vice-versa
-                        base_text = msg_text.split('\n\n[Attached files:')[0].strip()
+                        base_text = msg_text.split('\n\n[Attached files:')[0].strip() if '\n\n[Attached files:' in msg_text else msg_text
                         if base_text[:60] in content or content[:60] in msg_text:
                             m['attachments'] = attachments
                             break

api/workspace.py

@@ -243,7 +243,7 @@ def resolve_trusted_workspace(path: str | Path | None = None) -> Path:
     _BLOCKED_SYSTEM_ROOTS = {
         # Linux / macOS
         Path('/etc'), Path('/usr'), Path('/var'), Path('/bin'), Path('/sbin'),
-        Path('/boot'), Path('/proc'), Path('/sys'), Path('/dev'), Path('/root'),
+        Path('/boot'), Path('/proc'), Path('/sys'), Path('/dev'),
         Path('/lib'), Path('/lib64'), Path('/opt/homebrew'),
     }