8d511ddb678ae9a46023683a21921d2967bd8b2a
Introduces path-guard.ts with guardPath (symlink-aware) and guardPathUnsafe (lexical-only) that throw SandboxEscapeError on any escape attempt. Replaces weak containment checks in file-tools, git-tools, and shell-tools with strict guards. Adds 12 unit tests covering traversal, absolute-path, and sibling-dir escape vectors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Description
Self-hosted multi-user AI agent platform — web dashboard, TUI, remote control, shared memory, mission orchestration
Releases
15
mosaic v0.0.31
Latest
Languages
TypeScript
81.1%
Shell
15.3%
PowerShell
1.8%
JavaScript
0.9%
Python
0.6%
Other
0.1%