Three-layer sandboxing:
1. --append-system-prompt with SANDBOX boundary instructions
2. PROMPT.md templates include SANDBOX BOUNDARY (HARD LIMIT) section
3. Agent starts in src/ with only cloned repo visible
Agents are instructed to reject absolute paths, cd .., and any
file operations outside the repository. Violations cause work rejection.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace all fmt.Errorf and errors.New in production code with
coreerr.E("caller.Method", "message", err) from go-log. Replace
all os.ReadFile/os.WriteFile/os.MkdirAll/os.Remove with coreio.Local
equivalents from go-io. Test files are intentionally untouched.
Co-Authored-By: Virgil <virgil@lethean.io>
Brain and agentic subsystems now live in core/agent/pkg/ instead of
core/mcp/pkg/mcp/. core-agent binary uses core/cli for proper command
framework. Usage: core-agent mcp
One repo, one clone, everything works.
Co-Authored-By: Virgil <virgil@lethean.io>
