limiteinductive
0f000c70c9
Critical fixes: - Quoted heredoc prevents shell injection in CLAUDE.md generation - Block reserved system usernames (root, daemon, bin, etc.) - Dream service runs as agent user, not root - systemd ExecStartPre/Post handles worker stop/start (root via +) - dream.rs no longer calls systemctl directly Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>