Mission Run Overview
Mission Run: Untrusted-Path Containment Hardening
Guarantee no externally-influenced path segment can read or write outside its trusted repo-derived root, across the whole CLI.
spec-kitty consumes path segments (mission/feature slugs, WP ids) from untrusted on-disk content such as status.events.jsonl, meta.json, and frontmatter; without containment validation a crafted value can traverse outside the repo's derived and spec directories. This mission closes that vulnerability class through one canonical validation seam, building on the hardening already landed in PR #2036.
Total Tasks
5
0 planned
In Progress
0
Review
0
Approved
0
Completed
5
100% done