Fixing Provider Registry Mutations and Sandbox Permissions in git-with-intent

The Bug: Global State Corruption git-with-intent runs AI agents that interact with LLM providers. Each tenant registers their own custom providers — API keys, model configurations, cost metadata. The CustomProviderRegistry managed these registrations. The problem: registering a custom provider for one tenant polluted the global registry for every other tenant. // BEFORE: Modifies shared global state register ( config : CustomProviderConfig ): void { const key = ` ${ parsed . provider } : ${ parsed . model } ` ; this . customProviders . set ( key , { config : parsed , registeredAt : Date . now () }); // These two lines cause the bug: ( PROVIDER_CAPABILITIES as Record < string , ProviderCapabilities > )[ key ] = capabilities ; ( PROVIDER_COSTS as Record < string , ProviderCostMetadata > )[ key ] = costMeta ; } PROVIDER_CAPABILITIES and PROVIDER_COSTS are module-level constants — shared across the entire Node.js process. When tenant A registers a provider, tenant B sees it. When tenant A