mirror of
https://github.com/instructkr/claude-code.git
synced 2026-05-14 09:56:44 +00:00
3a8ce83234
Worker-3's path-scope regression showed outside read_file paths were blocked by the workspace wrapper after dispatch instead of by the permission enforcer. File, glob, and grep tools now classify path scope before dispatch and require danger-full-access for paths that resolve outside the current workspace. Constraint: G002-alpha-security requires permission-mode event/status visibility for blocked file and shell paths Rejected: relying only on runtime wrapper errors | it hides the active permission-mode denial contract from callers Confidence: high Scope-risk: narrow Directive: keep path-sensitive tool permission classification aligned with workspace wrapper resolution Tested: cargo test -p tools --test path_scope_enforcement --manifest-path rust/Cargo.toml --quiet; cargo test -p tools given_workspace_write_enforcer_when_bash --manifest-path rust/Cargo.toml --quiet; cargo check --manifest-path rust/Cargo.toml --workspace; cargo fmt --all --manifest-path rust/Cargo.toml -- --check Not-tested: full workspace test suite after this small permission-classification follow-up Co-authored-by: OmX <omx@oh-my-codex.dev>