| Name | Type | Description |
|---|---|---|
project_root* | Path | Path to the project root directory. |
Find project-specific AGENTS.md file(s).
Checks two locations and returns ALL that exist:
Both files will be loaded and combined if both exist.
Candidates with symlinked path components are followed only when the
resolved target stays inside project_root. The returned Path is the
resolved target when any symlink component was traversed, so
FilesystemBackend.download_files opens a regular file rather than
tripping O_NOFOLLOW on the link itself. Symlinks pointing outside the
project root, symlink loops, and unreadable parents are skipped with a
warning. Broken symlinks are treated as missing files (no warning),
matching the pre-existing behavior for absent candidates.
Why: project AGENTS.md is auto-discovered and loaded into the system
prompt before the first model call. Without the in-tree check, a
malicious clone could ship AGENTS.md -> ~/.ssh/config (or any other
locally-readable file) and have its contents injected as agent
instructions on first run.
