ed/manual_slop
Private
Public Access
0
0
Fork 0
Code Activity

docs(tier2): workflow.md hard bans - AppData denied (no exception)

Browse Source 
Updated conductor/workflow.md §'Tier 2 Autonomous Sandbox' hard bans
table. The 'File access outside Tier 2 clone + app-data dir' row
now says: 'File access outside Tier 2 clone (AppData, Temp,
Documents, etc. all denied at the OpenCode * level + targeted
*AppData\\\\* deny)'.

Per the user's 2026-06-18 'NEVER USE APPDATA' directive.

Refs: conductor/tracks/tier2_no_appdata_20260618
This commit is contained in:
Edward R. Gonzalez
2026-06-18 14:41:26 -04:00
parent 64bee77f9f
commit f9bd8505c9
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
conductor/workflow.md
+1 -1
View File
@@ -383,7 +383,7 @@ The Tier 2 autonomous mode is the unattended execution mode for tracks. See `doc
| `git checkout*` (any form) | `permission.bash` deny rule | n/a | `post-checkout` hook logs the checkout |
| `git restore*` (any form) | `permission.bash` deny rule | n/a | n/a |
| `git reset*` (any form) | `permission.bash` deny rule | n/a | n/a |
| File access outside Tier 2 clone + app-data dir | `permission.read`/`write` path allowlist | Windows restricted token + ACLs | n/a |
| File access outside Tier 2 clone (AppData, Temp, Documents, etc. all denied at the OpenCode `*` level + targeted `*AppData\\*` deny) | `permission.read`/`write` path allowlist | Windows restricted token + ACLs | n/a |
### Review and merge workflow (user-side)