Snider da1c45b4df feat: sandbox dispatched agents to workspace directory ...

Three-layer sandboxing:
1. --append-system-prompt with SANDBOX boundary instructions
2. PROMPT.md templates include SANDBOX BOUNDARY (HARD LIMIT) section
3. Agent starts in src/ with only cloned repo visible

Agents are instructed to reject absolute paths, cd .., and any
file operations outside the repository. Violations cause work rejection.

Co-Authored-By: Virgil <virgil@lethean.io>

2026-03-17 04:12:54 +00:00

46 MiB

Executable file

Raw History

View raw