Context
PR #1407 (open as of filing; implements #1406) adds global --contain and threads GlobalFlags::workspace_guard through:
src/cmd/output.rs → run_write / stage_for_write (engine-backed writes: create, delete, replace, tidy fix, patch, most md, etc.)
src/cmd/tx.rs → execute_and_collect(..., guard)
During implementation we grepped write_dispatch.rs / rename.rs and saw no PathGuard usage, then shipped the PR body as covering "CLI workspace path guarding" without tracking the gap.
Gap (partial containment)
With --contain set, paths that go through the binary / case-only rename path (src/cmd/write_dispatch.rs / execute_write) and any other non-stage_for_write CLI mutation path may still escape the workspace, while engine-backed creates are blocked.
That is worse than no flag: agents may believe --contain is a full sandbox when it is only partial.
Acceptance criteria
Related
How found
MPI adversarial cycle: create ../ escape under --cwd. Fixed for default docs + opt-in --contain on the engine path; incomplete command coverage noticed via grep of write_dispatch during the same implementation and not filed.
Context
PR #1407 (open as of filing; implements #1406) adds global
--containand threadsGlobalFlags::workspace_guardthrough:src/cmd/output.rs→run_write/stage_for_write(engine-backed writes: create, delete, replace, tidy fix, patch, most md, etc.)src/cmd/tx.rs→execute_and_collect(..., guard)During implementation we grepped
write_dispatch.rs/rename.rsand saw no PathGuard usage, then shipped the PR body as covering "CLI workspace path guarding" without tracking the gap.Gap (partial containment)
With
--containset, paths that go through the binary / case-only rename path (src/cmd/write_dispatch.rs/execute_write) and any other non-stage_for_writeCLI mutation path may still escape the workspace, while engine-backed creates are blocked.That is worse than no flag: agents may believe
--containis a full sandbox when it is only partial.Acceptance criteria
workspace_guard/PathGuardwhenglobal.containis true:write_dispatch/ binary renameatomic_write/fs::mutators undersrc/cmd/rename(and any other non-engine path) with--containand../fails with a clear containment error--containstate which commands are covered (or claim full write coverage only after the audit passes)Related
How found
MPI adversarial cycle:
create ../escape under--cwd. Fixed for default docs + opt-in--containon the engine path; incomplete command coverage noticed via grep ofwrite_dispatchduring the same implementation and not filed.