Expand description
Workspace root enforcement for filesystem-touching tools.
A Workspace carries a canonical root directory plus a policy flag.
Every filesystem tool resolves caller-supplied paths through
Workspace::resolve (for paths that must already exist) or
Workspace::resolve_for_create (for paths that may not yet exist,
like write’s target file). Both refuse paths that escape the root
after symlink resolution.
The Workspace::unrestricted constructor disables the check and
exists solely so legacy callers and the existing unit tests keep
working without change. Production entry points (main.rs) build a
restricted workspace via Workspace::detect.
Structs§
- Workspace
- Shared handle passed into every filesystem-touching tool.