From 024ddf0b8b567447f6f3ff4161930eecb18c46bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B0=8F=E6=A9=98?= <xiaoju@shazhou.work>
Date: Sat, 25 Apr 2026 06:19:18 +0000
Subject: [PATCH] fix(workflow-generator): restrict coder to only touch target
 workflow dir
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prevents coder from modifying other workflow directories like
sense-generator when generating a new workflow.

小橘 🍊（NEKO Team）
---
 workflows/workflow-generator/index.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/workflows/workflow-generator/index.ts b/workflows/workflow-generator/index.ts
index 3df2ae6..03f0545 100644
--- a/workflows/workflow-generator/index.ts
+++ b/workflows/workflow-generator/index.ts
@@ -776,6 +776,9 @@ ${fixSection}
    \`\`\`
    Do not remove or overwrite unrelated senses, reflexes, or other workflow entries. Preserve valid YAML.
 
+## CRITICAL constraints
+- **ONLY touch files inside \`${WORKFLOWS_DIR}/${wfName}/\` and \`${NERVE_ROOT}/nerve.yaml\`.** Do NOT read, modify, or create files in any other workflow directory (e.g. \`sense-generator/\`, \`hello-world/\`). The reference code is provided inline above — you do not need to open it from disk.
+
 ## Implementation patterns (when applicable)
 - \`resolveDashScopeProvider\`, \`nerveAgentContext\`, \`readNerveYaml\`, \`cursorAgent\`, \`llmExtract\`, \`spawnSafe\`, \`formatSpawnFailure\` from \`@uncaged/nerve-workflow-utils\` as in sense-generator.
 - No dynamic \`import()\` in the new workflow code.