Skip to main content
Syndicate Code

Worktree path confinement

Subprocess working directories restricted to registered worktree path.

Status: shipped | Area: policy | Published: 2026-03-20

Control impact: Prevents operations outside intended worktree scope.

  • SymbolicCommandExecutor.SetWorktreePath enforces workdir confinement
  • Returns ErrWorkDirNotAllowed for violations