fix(python): bound galaxy-browse --depth; assert no _text leak in JSON

Guard _galaxy_browse against unbounded recursion by rejecting --depth
values outside [0, 50] with a descriptive BadParameter. Add test coverage
for --depth 99 and --depth -1 rejection, and assert _text is never
present in the JSON output from galaxy-browse.

clients/python/tests/test_cli.py

@@ -392,6 +392,7 @@ def test_galaxy_browse_serializes_nested_nodes(monkeypatch: pytest.MonkeyPatch)
 
     assert result.exit_code == 0, result.output
     payload = json.loads(result.output)
+    assert "_text" not in payload
     assert payload["command"] == "galaxy-browse"
     assert len(payload["nodes"]) == 1
     node = payload["nodes"][0]
@@ -491,3 +492,20 @@ def test_galaxy_commands_are_registered() -> None:
         result = runner.invoke(main, [command, "--help"])
         assert result.exit_code == 0, result.output
         assert "--endpoint" in result.output
+
+
+@pytest.mark.parametrize("depth_arg", ["99", "-1"])
+def test_galaxy_browse_rejects_out_of_range_depth(
+    monkeypatch: pytest.MonkeyPatch,
+    depth_arg: str,
+) -> None:
+    """--depth values outside [0, 50] must be rejected with a non-zero exit."""
+    _patch_galaxy_connect(monkeypatch, _FakeGalaxyClient(browse_roots=[]))
+
+    result = CliRunner().invoke(
+        main,
+        ["galaxy-browse", "--plaintext", "--depth", depth_arg, "--json"],
+    )
+
+    assert result.exit_code != 0
+    assert "--depth must be between 0 and 50" in result.output