fn IsTrustedSystemPath(PathToCheck: &Path) -> boolExpand description
Return true when PathToCheck falls under a directory that Land itself
manages and the sandbox should not gate.
Covered roots:
${Lodge}(explicit override, if set).$HOME/.land/**- the canonical namespace for user-installed extensions, agent plugins, global storage, and any other Land-owned state that lives outside the VS Code-style profile tree.- The Mountain executable’s own
extensions/,../Resources/extensions/and../Resources/app/extensions/neighbours - built-in extension roots that ship inside the.appbundle. $APPDATA-equivalents: Tauri’s resolved app-data / app-config / app-local directories (via$XDG_DATA_HOME,$XDG_CONFIG_HOMEif set; on macOS theLibrary/Application Support/land.editor.*tree).${TMPDIR}+/tmp,/private/tmp,/var/tmp- scratch dirs language servers write their port-handoff / socket / lock files to.TMPDIRon macOS points at/var/folders/.../T/but extensions hardcode/tmp/<tool>directly.- Third-party tool state under
$HOME/{.gitkraken,.gk,.copilot, .config/git}- probed by GitLens, copilot-chat, etc. Application state, not user content.
Anything outside this list still flows through the workspace-folder check. The set is intentionally narrow: it unblocks Land’s own bookkeeping reads + cooperating neighbour-tool probes without handing extensions an unbounded filesystem.