fix: improve agent output schema, tool descriptions, and shutdown robustness

- Rename status→outputType, responded/silent→message/log for clarity
- Remove scheduled task special-casing: userMessage now sent for all contexts
- Update schema, tool, and CLAUDE.md descriptions to be clear and
  non-contradictory about communication mechanisms
- Use full tool name mcp__nanoclaw__send_message in docs
- Change schedule_task target_group to accept JID instead of folder name
- Only show target_group_jid parameter to main group agents
- Add defense-in-depth sanitization and error callback to exec() in shutdown
- Use "user or group" consistently (supports both 1:1 and group chats)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/group-queue.ts

@@ -256,8 +256,16 @@ export class GroupQueue {
     // Stop all active containers gracefully
     for (const { jid, proc, containerName } of activeProcs) {
       if (containerName) {
-        logger.info({ jid, containerName }, 'Stopping container');
-        exec(`container stop ${containerName}`);
+        // Defense-in-depth: re-sanitize before shell interpolation.
+        // Primary sanitization is in container-runner.ts when building the name,
+        // but we sanitize again here since exec() runs through a shell.
+        const safeName = containerName.replace(/[^a-zA-Z0-9-]/g, '');
+        logger.info({ jid, containerName: safeName }, 'Stopping container');
+        exec(`container stop ${safeName}`, (err) => {
+          if (err) {
+            logger.warn({ jid, containerName: safeName, err: err.message }, 'container stop failed');
+          }
+        });
       } else {
         logger.info({ jid, pid: proc.pid }, 'Sending SIGTERM to process');
         proc.kill('SIGTERM');