🛡️ 1. Security Architecture
All target paths submitted by model toolcalls (fs_list, fs_read, fs_write, fs_move) must resolve against dunce::canonicalize and stay strictly inside user-approved root directories.
🚫 2. Boundary Verification Flow
- Canonical Base Resolution: Fully canonicalizes the core
~/workspace/folder. - Absolute Resolution: Converts the relative parameter input path into an absolute file structure location.
- Traversals Validation: If the absolute path attempts escaping via parent references (
../../) or symlinks loops, the engine blocks the turn and triggers aPermissionDeniederror.