Tracking issue grouping all follow-ups required to promote the cowork experimental flag to GA. Spun out of #913 (cowork-skills experimental support) following the APM Expert Review Panel verdict.
The PR for #913 (#926) ships behind experimental.cowork=false by default. CEO arbitration accepted the items below as follow-ups behind the flag, but all security items in #925 are hard gates on flipping the flag default to true or removing it from FLAGS.
Exit criteria for GA
Security (BLOCKING)
Security (tracking, non-blocking)
Maintainability (non-blocking, recommended)
Documentation gate
Before flipping the flag default:
Out of scope for this tracker
- Adding new cowork-host targets beyond M365 Copilot (separate proposal).
- Cross-platform OneDrive resolver hardening for Linux (no current path).
How to close
Close this issue once #925 is closed, the documentation gate items are checked, and the cowork entry is removed from FLAGS in src/apm_cli/core/experimental.py. #922, #923, #924 do not block closure but should be linked in the closing comment with their final state.
/cc panel review: #913, PR: #926
Tracking issue grouping all follow-ups required to promote the
coworkexperimental flag to GA. Spun out of #913 (cowork-skills experimental support) following the APM Expert Review Panel verdict.The PR for #913 (#926) ships behind
experimental.cowork=falseby default. CEO arbitration accepted the items below as follow-ups behind the flag, but all security items in #925 are hard gates on flipping the flag default totrueor removing it fromFLAGS.Exit criteria for GA
Security (BLOCKING)
coworkout of experimental #925 — Cowork security follow-ups (orphan cleanup on uninstall, NUL-byte / traversal validation inset_cowork_skills_dir, replace ad-hoc..substring withvalidate_path_segments)Security (tracking, non-blocking)
%2e%2eURL-encoded traversal in lockfile-path handling #924 —%2e%2eURL-encoded traversal in lockfile-path handling (mitigated today byensure_path_within; cleaner fix is to reject at parse time)Maintainability (non-blocking, recommended)
SkillIntegratorthroughtarget.deploy_path(), dedupe hot-pathresolve_cowork_skills_dir()calls, consolidateunset_*_dirhelpers behindupdate_config()cowork-skills-dirin_valid_config_keys(), fix verbose target log to print resolved root instead of placeholderDocumentation gate
Before flipping the flag default:
docs/src/content/docs/security-model.mdxto reflect thatcoworkwrites into a surface ingested by M365 Copilot.docs/src/content/docs/reference/experimental-flags.mdxinto the standard install/targets reference.Out of scope for this tracker
How to close
Close this issue once #925 is closed, the documentation gate items are checked, and the
coworkentry is removed fromFLAGSinsrc/apm_cli/core/experimental.py. #922, #923, #924 do not block closure but should be linked in the closing comment with their final state./cc panel review: #913, PR: #926