fix: harden utils.js edge cases and add input validation

- Guard findFiles() against null/undefined dir and pattern parameters
  (previously crashed with TypeError on .replace() or fs.existsSync())
- Wrap countInFile() and grepFile() regex construction in try-catch to
  handle invalid regex strings like '(unclosed' (previously crashed with
  SyntaxError: Invalid regular expression)
- Add try-catch to replaceInFile() with descriptive error logging
- Add 1MB size limit to readStdinJson() matching the PostToolUse hooks
  (previously had unbounded stdin accumulation)
- Improve ensureDir() error message to include the directory path
- Add 128-char length limit to setAlias() to prevent oversized alias
  names from inflating the JSON store
- Update utils.d.ts with new maxSize option on ReadStdinJsonOptions

scripts/lib/session-aliases.js

@@ -194,6 +194,10 @@ function setAlias(alias, sessionPath, title = null) {
     return { success: false, error: 'Session path cannot be empty' };
   }
 
+  if (alias.length > 128) {
+    return { success: false, error: 'Alias name cannot exceed 128 characters' };
+  }
+
   if (!/^[a-zA-Z0-9_-]+$/.test(alias)) {
     return { success: false, error: 'Alias name must contain only letters, numbers, dashes, and underscores' };
   }