pub fn apply_cwd_isolation(cmd: &mut Command) -> Result<PathBuf, AppError>Expand description
Apply CWD isolation to a subprocess command. Sets current_dir to an ephemeral directory without .mcp.json ancestors and CLAUDE_CONFIG_DIR to block user-level MCP inheritance.