The part that worries me here is the diff. Does it happen in the host or in the guest? What code gets run when you run `yoloai diff`?
It actually runs git (with hooks disabled) to generate the diff. It happens on the host when using copy mode, and inside the sandbox when using overlay mode.
The above example doesn't specify workdir mounting mode, so it would be copy, not overlay.
loading story #47685556