From 8cf6c89ebcf4138506205c4dd250f93d6012a602 Mon Sep 17 00:00:00 2001
From: Lawyered <ethlawyer1@gmail.com>
Date: Mon, 16 Feb 2026 22:35:01 -0500
Subject: [PATCH] docs(security): document single-ampersand blocking in command
 policy

---
 src/security/policy.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/security/policy.rs b/src/security/policy.rs
index 14cd4f7..9383f3a 100644
--- a/src/security/policy.rs
+++ b/src/security/policy.rs
@@ -341,6 +341,7 @@ impl SecurityPolicy {
     /// - Blocks subshell operators (`` ` ``, `$(`) that hide arbitrary execution
     /// - Splits on command separators (`|`, `&&`, `||`, `;`, newlines) and
     ///   validates each sub-command against the allowlist
+    /// - Blocks single `&` background chaining (`&&` remains supported)
     /// - Blocks output redirections (`>`, `>>`) that could write outside workspace
     pub fn is_command_allowed(&self, command: &str) -> bool {
         if self.autonomy == AutonomyLevel::ReadOnly {