fix(agents): map container workdir paths in workspace guard

Co-authored-by: Explorer1092 <32663226+Explorer1092@users.noreply.github.com>
2026-05-08 02:01:25 +00:00 · 2026-02-22 21:33:46 +01:00
parent 7bbd597383
commit 73fab7e445
4 changed files with 152 additions and 4 deletions
--- a/src/agents/pi-tools.read.workspace-root-guard.test.ts
+++ b/src/agents/pi-tools.read.workspace-root-guard.test.ts
@@ -0,0 +1,76 @@
+import path from "node:path";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { wrapToolWorkspaceRootGuardWithOptions } from "./pi-tools.read.js";
+import type { AnyAgentTool } from "./pi-tools.types.js";
+
+const assertSandboxPath = vi.fn(async () => ({ resolved: "/tmp/root", relative: "" }));
+
+vi.mock("./sandbox-paths.js", () => ({
+  assertSandboxPath: (...args: unknown[]) => assertSandboxPath(...args),
+}));
+
+function createToolHarness() {
+  const execute = vi.fn(async () => ({
+    content: [{ type: "text", text: "ok" }],
+  }));
+  const tool = {
+    name: "read",
+    description: "test tool",
+    inputSchema: { type: "object", properties: {} },
+    execute,
+  } as unknown as AnyAgentTool;
+  return { execute, tool };
+}
+
+describe("wrapToolWorkspaceRootGuardWithOptions", () => {
+  const root = "/tmp/root";
+
+  beforeEach(() => {
+    assertSandboxPath.mockClear();
+  });
+
+  it("maps container workspace paths to host workspace root", async () => {
+    const { tool } = createToolHarness();
+    const wrapped = wrapToolWorkspaceRootGuardWithOptions(tool, root, {
+      containerWorkdir: "/workspace",
+    });
+
+    await wrapped.execute("tc1", { path: "/workspace/docs/readme.md" });
+
+    expect(assertSandboxPath).toHaveBeenCalledWith({
+      filePath: path.resolve(root, "docs", "readme.md"),
+      cwd: root,
+      root,
+    });
+  });
+
+  it("maps file:// container workspace paths to host workspace root", async () => {
+    const { tool } = createToolHarness();
+    const wrapped = wrapToolWorkspaceRootGuardWithOptions(tool, root, {
+      containerWorkdir: "/workspace",
+    });
+
+    await wrapped.execute("tc2", { path: "file:///workspace/docs/readme.md" });
+
+    expect(assertSandboxPath).toHaveBeenCalledWith({
+      filePath: path.resolve(root, "docs", "readme.md"),
+      cwd: root,
+      root,
+    });
+  });
+
+  it("does not remap absolute paths outside the configured container workdir", async () => {
+    const { tool } = createToolHarness();
+    const wrapped = wrapToolWorkspaceRootGuardWithOptions(tool, root, {
+      containerWorkdir: "/workspace",
+    });
+
+    await wrapped.execute("tc3", { path: "/workspace-two/secret.txt" });
+
+    expect(assertSandboxPath).toHaveBeenCalledWith({
+      filePath: "/workspace-two/secret.txt",
+      cwd: root,
+      root,
+    });
+  });
+});