fix: harden ACP secret handling and exec preflight boundaries

2026-04-19 04:07:28 +00:00 · 2026-02-19 15:33:25 +01:00
parent 3d7ad1cfca
commit b40821b068
14 changed files with 412 additions and 36 deletions
--- a/docs/tools/exec.md
+++ b/docs/tools/exec.md
@@ -41,6 +41,9 @@ Notes:
 - Important: sandboxing is **off by default**. If sandboxing is off, `host=sandbox` runs directly on
  the gateway host (no container) and **does not require approvals**. To require approvals, run with
  `host=gateway` and configure exec approvals (or enable sandboxing).
+- Script preflight checks (for common Python/Node shell-syntax mistakes) only inspect files inside the
+  effective `workdir` boundary. If a script path resolves outside `workdir`, preflight is skipped for
+  that file.

 ## Config