fix(security): harden workspace bootstrap boundary reads

2026-05-11 03:34:33 +00:00 · 2026-03-02 17:07:26 +00:00
parent 67b2dde7c5
commit 07b16d5ad0
8 changed files with 190 additions and 7 deletions
--- a/src/agents/sandbox/workspace.ts
+++ b/src/agents/sandbox/workspace.ts
@@ -1,5 +1,7 @@
+import syncFs from "node:fs";
 import fs from "node:fs/promises";
 import path from "node:path";
+import { openBoundaryFile } from "../../infra/boundary-file-read.js";
 import { resolveUserPath } from "../../utils.js";
 import {
  DEFAULT_AGENTS_FILENAME,
@@ -36,8 +38,20 @@ export async function ensureSandboxWorkspace(
        await fs.access(dest);
      } catch {
        try {
-          const content = await fs.readFile(src, "utf-8");
-          await fs.writeFile(dest, content, { encoding: "utf-8", flag: "wx" });
+          const opened = await openBoundaryFile({
+            absolutePath: src,
+            rootPath: seed,
+            boundaryLabel: "sandbox seed workspace",
+          });
+          if (!opened.ok) {
+            continue;
+          }
+          try {
+            const content = syncFs.readFileSync(opened.fd, "utf-8");
+            await fs.writeFile(dest, content, { encoding: "utf-8", flag: "wx" });
+          } finally {
+            syncFs.closeSync(opened.fd);
+          }
        } catch {
          // ignore missing seed file
        }