Safety Model

Hexi enforces safety at execution boundaries.

1) Path safety

All file operations are constrained to workspace root. Path traversal is rejected.

2) Command safety

Only allowlisted commands are permitted. Disallowed/destructive bases are blocked.

3) Scope safety

Single-step execution naturally limits blast radius.

4) Context safety

Diff and file-read payloads are bounded to prevent unbounded context growth.

  1. Keep allowlist narrow and explicit.
  2. Lower read/diff caps for sensitive repositories.
  3. Require branch-based review for all generated edits.
  4. Monitor runlog error patterns for policy tuning.