signal insight

ZeroClaw fixes shell-policy handling to distinguish git -C from git -c

ZeroClaw merged a security-policy fix that distinguishes git -C from git -c in its shell controls. The change addresses an over-broad policy behavior that could block legitimate Git workflows while trying to enforce safer command execution.

Published May 3, 2026 Updated May 4, 2026 1 sources

securityshell-policygitdeveloper-experiencesecurity-update

Summary

What changed

ZeroClaw merged a security fix for its shell policy so git -C is no longer treated like git -c.

Why it matters

Agent security controls only help if they are strict without breaking common workflows. This kind of policy hardening matters because false positives erode operator trust just as much as missing protections do.

Evidence excerpt

The PR was merged on May 3, 2026 and explicitly fixes security policy handling to distinguish git -C from git -c.

Sources

github.com