Subagent worktree instruction (`wt switch`) conflicts with sandbox write restrictions

[K1-R1]

Problem

The claude-md-template.md recommends wt switch <branch> for subagent worktree isolation:

Parallel subagents require worktrees. Each subagent MUST work in its own worktree (wt switch <branch>), not the main repo. Never share working directories.

The README recommends sandbox mode, where writes are restricted to the current working directory and its subdirectories.

These conflict: wt's default worktree-path template creates sibling directories (../repo.branch-name/), which are outside the sandbox write allowlist. When a sandboxed session runs wt switch --create <branch>, Seatbelt (macOS) or bubblewrap (Linux) blocks the write. The failure is silent or produces a confusing permission error, and Claude falls back to git checkout -b in the same directory, defeating the isolation that worktrees provide.

A separate issue applies even if wt is configured with an in-repo worktree-path: wt switch changes the directory via a shell function, but Claude Code's Bash tool runs each command as a subprocess so the cd doesn't persist between tool calls. More importantly, Claude Code's built-in tools (Read, Edit, Write, Glob, Grep) all resolve paths relative to the session's working directory, which wt cannot change. Only EnterWorktree or claude -w can change the session CWD. This means wt switch cannot achieve worktree isolation inside a Claude Code session regardless of path configuration.

Reproduction

1. Follow the setup guide (sandbox enabled, claude-md-template.md copied to ~/.claude/CLAUDE.md)
2. Start a Claude Code session with /sandbox enabled
3. Ask Claude to use parallel subagents -- it reads the CLAUDE.md instruction and attempts wt switch --create <branch>
4. Observe: Seatbelt blocks the write to ../repo.branch/

Context

merge-dependabot.md already has a similar carve-out for shallow clones: "Do NOT use wt switch -- shallow clones do not support worktrees reliably. Use git checkout directly when evaluating each PR."

Claude Code has built-in worktree mechanisms that are sandbox-compatible and handle CWD correctly:

• isolation: "worktree" on the Agent tool -- automatic per-subagent worktree isolation with cleanup
• claude -w <name> / EnterWorktree -- session-level worktree isolation

The wt Claude Code plugin (worktrunk.dev/claude-code/) provides a skill and activity tracking, but doesn't resolve the sandbox write restriction or the cd persistence problem. The plugin is designed for launching Claude into worktrees from outside (wt switch -x claude), not for switching worktrees from within a session.

Suggested fix

See the accompanying PR. Three changes:

1. CLI tools table -- scope wt to terminal use, note that subagents use isolation: "worktree"
2. Hooks and worktrees section -- replace wt switch with isolation: "worktree" on the Agent tool
3. Sandbox section in README -- note that tools creating directories outside CWD will be blocked

wt remains in the CLI tools table , the change only affects the in-session subagent instruction.