From 903e4dff35d41af197e550d3bdd0b8511957011f Mon Sep 17 00:00:00 2001
From: Evan <evan@example.com>
Date: Mon, 2 Mar 2026 21:55:58 +0000
Subject: [PATCH] fix(sandbox): make /workspace bind mount read-only when
 workspaceAccess is not rw

This ensures that when workspaceAccess is set to 'ro' or 'none', the
sandbox workspace (/workspace inside the container) is mounted as
read-only, matching the documented behavior.

Previously, the condition was:
  workspaceAccess === 'ro' && workspaceDir === agentWorkspaceDir

This was always false in 'ro' mode because workspaceDir equals
sandboxWorkspaceDir, not agentWorkspaceDir.

Now the logic is simplified:
  - 'rw': /workspace is writable
  - 'ro': /workspace is read-only
  - 'none': /workspace is read-only
---
 src/agents/sandbox/docker.ts | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/agents/sandbox/docker.ts b/src/agents/sandbox/docker.ts
index e041c2d5c42..a3550ac76ef 100644
--- a/src/agents/sandbox/docker.ts
+++ b/src/agents/sandbox/docker.ts
@@ -452,8 +452,7 @@ async function createSandboxContainer(params: {
     bindSourceRoots: [workspaceDir, params.agentWorkspaceDir],
   });
   args.push("--workdir", cfg.workdir);
-  const mainMountSuffix =
-    params.workspaceAccess === "ro" && workspaceDir === params.agentWorkspaceDir ? ":ro" : "";
+  const mainMountSuffix = params.workspaceAccess === "rw" ? "" : ":ro";
   args.push("-v", `${workspaceDir}:${cfg.workdir}${mainMountSuffix}`);
   if (params.workspaceAccess !== "none" && workspaceDir !== params.agentWorkspaceDir) {
     const agentMountSuffix = params.workspaceAccess === "ro" ? ":ro" : "";