- Add session name as third arg to guard hook (passed from agent-session.sh)
- Detect formula sessions (supervisor-*, gardener-*, planner-*, predictor-*)
- Guard 6: block filesystem access to factory root from worktrees, exempt formulas
- Guard 7: restrict system commands (kill, docker, tmux) to supervisor only
- Guard 2: allow formula agents rm -rf within factory root
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Guard 2: add /tmp/* to allowlist so normal temp file cleanup is not blocked
- Guard 1: block bare `git push --force` (no branch arg) since upstream may
point to primary branch
- Guard 4: allow flags between verb and branch (`git switch --detach main`),
escape branch name for regex safety, exclude -b/-B/-c/-C (branch creation)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
