Safety Model
Hexi enforces safety at execution boundaries.
1) Path safety
All file operations are constrained to workspace root. Path traversal is rejected.
2) Command safety
Only allowlisted commands are permitted. Disallowed/destructive bases are blocked.
3) Scope safety
Single-step execution naturally limits blast radius.
4) Context safety
Diff and file-read payloads are bounded to prevent unbounded context growth.
Recommended hardening order
- Keep allowlist narrow and explicit.
- Lower read/diff caps for sensitive repositories.
- Require branch-based review for all generated edits.
- Monitor runlog error patterns for policy tuning.