Why TOFU Security?
LazyWorktree’s.wt files execute arbitrary shell commands when you create or switch to a worktree. This powerful feature enables automatic environment setup, dependency installation, and workspace configuration—but it also presents a security risk.
To protect against malicious or accidental command execution, LazyWorktree implements Trust On First Use (TOFU) security. This ensures you explicitly approve each .wt file before its commands can run.
How TOFU Works
First Encounter
When LazyWorktree encounters a.wt file for the first time (or detects it has been modified), you’ll see a prompt with three options:
- Trust - Execute the commands and remember this file’s hash for future use
- Block - Skip execution for this session without trusting
- Cancel - Abort the operation entirely
Hash Storage
When you trust a file, LazyWorktree calculates its SHA-256 hash and stores it in:XDG_DATA_HOME is set:
Hashes are calculated using SHA-256 on the entire file contents. Even a single character change will produce a different hash and trigger a new trust prompt.
Subsequent Uses
Each time you interact with a worktree that has a.wt file:
- LazyWorktree calculates the current file’s hash
- Compares it against the stored hash in
trusted.json - If they match → commands execute automatically
- If different → new trust prompt appears
.wt files, whether changed by malicious actors or accidental edits.
Trust Mode Configuration
Configure TOFU behavior using thetrust_mode option:
tofu (Default)
Prompt on first encounter or modification. Recommended for most users.
never
Skip all .wt file execution without prompting. Use when you don’t need .wt functionality or want maximum security.
always
Trust all .wt files without prompting. Not recommended unless you have complete control over your repository sources.
Security Best Practices
Review .wt files before trusting
Review .wt files before trusting
Always read the
.wt file contents before selecting Trust. Look for:- Unfamiliar commands
- Network requests to unknown hosts
- File system modifications outside the worktree
- Commands that require elevated privileges
Use trust_mode: tofu for shared repositories
Use trust_mode: tofu for shared repositories
Keep trusted.json backed up
Keep trusted.json backed up
Your trust database at
~/.local/share/lazyworktree/trusted.json contains your security decisions. Back it up when migrating systems or include it in dotfile repositories.Periodically audit trusted files
Periodically audit trusted files
Review your You can manually remove entries from the JSON file if needed.
trusted.json periodically and remove entries for projects you no longer use:Be cautious with always mode
Be cautious with always mode
Only use
trust_mode: always in environments where:- You control all repository sources
- The system is isolated from sensitive data
- You understand the security implications
Understanding the Hash Calculation
LazyWorktree uses SHA-256 hashing to verify file integrity. The hash is calculated on the entire file contents using a 64KB buffer for efficient reading. From/home/daytona/workspace/source/internal/security/trust.go:90-122:
- Reads file in 64KB chunks
- Calculates SHA-256 hash
- Returns 64-character hexadecimal string
- Any content change produces a completely different hash
Troubleshooting Trust Issues
File keeps prompting despite trusting
The file content has changed. Even whitespace changes trigger new hashes. Review the file to see what changed:Lost trust database
Iftrusted.json is deleted or corrupted, LazyWorktree treats all .wt files as untrusted. You’ll need to re-approve each one.
Trust database is corrupt
LazyWorktree automatically starts fresh if it detects invalid JSON intrusted.json. Check the file manually:
Permission denied on trusted.json
The trust database is created with0600 permissions (owner read/write only). If you see permission errors:
Related Configuration
- See .wt Files for
.wtfile command syntax and thelink_topsymlinksbuilt-in command