From 495fa6531dadce2188e3ef3c407614f6dd37506c Mon Sep 17 00:00:00 2001
From: Nick Tindle <nick@ntindle.com>
Date: Thu, 5 Feb 2026 22:25:00 -0600
Subject: [PATCH] docs: clarify double-scan behavior is intentional

---
 docs/platform/workspace-media-architecture.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/docs/platform/workspace-media-architecture.md b/docs/platform/workspace-media-architecture.md
index ab7eee4d41..5afcdac8a5 100644
--- a/docs/platform/workspace-media-architecture.md
+++ b/docs/platform/workspace-media-architecture.md
@@ -197,13 +197,19 @@ output = await store_media_file(
 |-----------|--------|-------|
 | `store_media_file()` | ✅ Yes | Scans **all** content before writing to local disk |
 | `WorkspaceManager.write_file()` | ✅ Yes | Scans content before persisting (defense in depth) |
-| Upload API endpoints | ✅ Yes | Also scan before calling WorkspaceManager (fail fast) |
+| `WriteWorkspaceFileTool` | ✅ Yes | Scans before calling WorkspaceManager (fail fast) |
 
 **Defense in depth:** Scanning happens at multiple layers:
 1. `store_media_file()` scans everything it downloads/decodes
-2. API endpoints scan uploads for early rejection
+2. CoPilot tools (e.g., `WriteWorkspaceFileTool`) scan for early rejection
 3. `WorkspaceManager.write_file()` scans as a final gate before persistence
 
+**Note on double scanning:** Some paths (like `WriteWorkspaceFileTool`) will scan twice — once at the API/tool layer and once in `WorkspaceManager.write_file()`. This is intentional:
+- **First scan (tool layer):** Fail fast, reject bad content before any processing
+- **Second scan (persistence layer):** Defense in depth, catches any caller that forgot to scan
+
+The performance cost is acceptable since scanning is fast and security is critical.
+
 ### Persistence
 
 | Component | Persists To | Lifecycle |