tech-debt: --contain does not cover all CLI write paths (rename / write_dispatch) · Issue #1409 · patchloom/patchloom · GitHub
Skip to content

tech-debt: --contain does not cover all CLI write paths (rename / write_dispatch) #1409

Description

@SebTardif

Context

PR #1407 (open as of filing; implements #1406) adds global --contain and threads GlobalFlags::workspace_guard through:

  • src/cmd/output.rsrun_write / stage_for_write (engine-backed writes: create, delete, replace, tidy fix, patch, most md, etc.)
  • src/cmd/tx.rsexecute_and_collect(..., guard)

During implementation we grepped write_dispatch.rs / rename.rs and saw no PathGuard usage, then shipped the PR body as covering "CLI workspace path guarding" without tracking the gap.

Gap (partial containment)

With --contain set, paths that go through the binary / case-only rename path (src/cmd/write_dispatch.rs / execute_write) and any other non-stage_for_write CLI mutation path may still escape the workspace, while engine-backed creates are blocked.

That is worse than no flag: agents may believe --contain is a full sandbox when it is only partial.

Acceptance criteria

  • Audit every CLI mutation entrypoint for workspace_guard / PathGuard when global.contain is true:
    • write_dispatch / binary rename
    • text rename if separate from engine
    • any remaining direct atomic_write / fs:: mutators under src/cmd/
  • Integration or unit tests: rename (and any other non-engine path) with --contain and ../ fails with a clear containment error
  • Docs for --contain state which commands are covered (or claim full write coverage only after the audit passes)
  • Update enhancement: optional CLI path containment for agent --cwd workspaces #1406 acceptance if needed so "all write modes" is explicit

Related

How found

MPI adversarial cycle: create ../ escape under --cwd. Fixed for default docs + opt-in --contain on the engine path; incomplete command coverage noticed via grep of write_dispatch during the same implementation and not filed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    tech-debtFollow-up engineering work and deferred repo improvements

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions