P0: Remove test-mode path validation bypass (SELFWARE_TEST_MODE)

## Source
ChatGPT security review feedback

## Problem

`validate_tool_path` contains a `#[cfg(test)]` block that returns `Ok(())` if `SELFWARE_TEST_MODE` is set, bypassing all path validation. Even under `cfg(test)`, this normalizes the idea that safety checks are optional and is the kind of thing a security reviewer will screenshot.

## Fix

**Option A (recommended):**
- Delete the env var bypass entirely
- For tests, inject a `SafetyConfig` with an allowlist rooted in a temp dir
- If E2E fixtures need bypass, hard-restrict to `tests/e2e-projects/` with a compile-time flag

**Option B (next-level — capability-based filesystem):**
- Introduce a `WorkspaceRoot` capability (like `cap-std` style)
- Require every file tool to operate relative to it
- Path validation becomes structural — escaping is impossible by design

## Priority
P0 — credibility multiplier before public push

## Labels
security, P0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

P0: Remove test-mode path validation bypass (SELFWARE_TEST_MODE) #59

Source

Problem

Fix

Priority

Labels

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

P0: Remove test-mode path validation bypass (SELFWARE_TEST_MODE) #59

Description

Source

Problem

Fix

Priority

Labels

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions