P0: Symlink safety — make file operations fd-based end-to-end

## Source
ChatGPT security review feedback

## Problem

`path_validator.rs` already uses `O_NOFOLLOW` to prevent TOCTOU symlink races (good), but there are still non-atomic checks elsewhere (`is_symlink()` then `read_link()` flows) which are raceable.

## Fix

For any "real" file operation:
1. Open the path with fd-based APIs (or capability dir handles)
2. Resolve realpath from the fd
3. Perform the action via fd (or via path derived from fd)
4. Have path validation operate on the resolved target of that fd

Consider integrating `cap-std` for capability-based filesystem access.

## Relevant Code
- `src/safety/path_validator.rs`
- `src/tools/file.rs`
- `src/cognitive/self_edit.rs` (symlink bypass fix already applied)

## Priority
P0 — completes existing security work

## Labels
security, P0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

P0: Symlink safety — make file operations fd-based end-to-end #63

Source

Problem

Fix

Relevant Code

Priority

Labels

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

P0: Symlink safety — make file operations fd-based end-to-end #63

Description

Source

Problem

Fix

Relevant Code

Priority

Labels

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions