Expand description
The real local-filesystem SessionEnv.
Tools run against a real directory on disk via tokio::fs +
tokio::process. Path containment is enforced: model-facing paths are
relative, .. is rejected, and resolved paths must stay under the
canonicalized root.
See SECURITY.md: this is not an OS-level sandbox (no chroot/landlock/
UID separation). It prevents accidental path escape; it is not a defense
against a determined adversary until OS isolation lands.
Structsยง
- Local
Session Env - A
SessionEnvbacked by a real local directory.