fix: freeze boundary check silently blocks edits through symlinks#781
Open
km-git007 wants to merge 2 commits intogarrytan:mainfrom
Open
fix: freeze boundary check silently blocks edits through symlinks#781km-git007 wants to merge 2 commits intogarrytan:mainfrom
km-git007 wants to merge 2 commits intogarrytan:mainfrom
Conversation
added 2 commits
April 3, 2026 18:57
The _resolve_path() function now properly handles symlinks by cd'ing into directories and using pwd -P to resolve them canonically. Previously, it would resolve parent directories but leave symlinks in the final component unresolved, causing the boundary check to silently block legitimate edits when symlinks were involved. The fix detects if the input is a directory and resolves it in one go, rather than splitting into dirname/basename which loses symlink information in the final component. This prevents silent failures where editing a file accessed via a symlink (e.g., /home/user/project_link/file.txt) would be blocked even though /home/user/project_link was set as the freeze boundary.
Change pwd to pwd -P when saving the freeze directory, ensuring that if a user provides a symlink path (e.g., /home/user/project_link), it gets stored as the canonical real path. This prevents the hook from silently blocking edits when the file is accessed via the symlink. Aligns the skill's path resolution with the improved hook behavior.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The
/freezeskill's boundary check silently blocks legitimate edits when symlinks are involved. When a user sets the freeze boundary to a symlinked directory (e.g.,/home/user/project_link→/home/user/real_project), attempting to edit a file accessed via the real path gets blocked with no warning.Why
Two root causes:
pwdinstead ofpwd -P_resolve_path()left symlinks in final path component unresolvedHow
_resolve_path()infreeze/bin/check-freeze.shto resolve symlinks by cd'ing into directoriespwdtopwd -Pin skill, updated docsTesting
Verified: symlinked freeze boundaries now allow edits via the real path
Notes