fix(tools): land #31015 from @haosenwang1018

Co-authored-by: haosenwang1018 <1293965075@qq.com>
2026-05-10 17:54:58 +00:00 · 2026-03-02 01:00:49 +00:00
parent ac3e1e769b
commit da80e22d89
3 changed files with 21 additions and 4 deletions
--- a/src/agents/pi-tools.read.host-edit-access.test.ts
+++ b/src/agents/pi-tools.read.host-edit-access.test.ts
@@ -43,7 +43,7 @@ describe("createHostWorkspaceEditTool host access mapping", () => {
  });

  it.runIf(process.platform !== "win32")(
-    "maps outside-workspace safe-open failures to EACCES",
+    "silently passes access for outside-workspace paths so readFile reports the real error",
    async () => {
      tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-edit-access-test-"));
      const workspaceDir = path.join(tmpDir, "workspace");
@@ -58,9 +58,13 @@ describe("createHostWorkspaceEditTool host access mapping", () => {
      createHostWorkspaceEditTool(workspaceDir, { workspaceOnly: true });
      expect(mocks.operations).toBeDefined();

+      // access must NOT throw for outside-workspace paths; the upstream
+      // library replaces any access error with a misleading "File not found".
+      // By resolving silently the subsequent readFile call surfaces the real
+      // "Path escapes workspace root" / "outside-workspace" error instead.
      await expect(
        mocks.operations!.access(path.join(workspaceDir, "escape", "secret.txt")),
-      ).rejects.toMatchObject({ code: "EACCES" });
+      ).resolves.toBeUndefined();
    },
  );
 });
--- a/src/agents/pi-tools.read.ts
+++ b/src/agents/pi-tools.read.ts
@@ -843,7 +843,17 @@ function createHostEditOperations(root: string, options?: { workspaceOnly?: bool
      });
    },
    access: async (absolutePath: string) => {
-      const relative = toRelativePathInRoot(root, absolutePath);
+      let relative: string;
+      try {
+        relative = toRelativePathInRoot(root, absolutePath);
+      } catch {
+        // Path escapes workspace root.  Don't throw here – the upstream
+        // library replaces any `access` error with a misleading "File not
+        // found" message.  By returning silently the subsequent `readFile`
+        // call will throw the same "Path escapes workspace root" error
+        // through a code-path that propagates the original message.
+        return;
+      }
      try {
        const opened = await openFileWithinRoot({
          rootDir: root,
@@ -855,7 +865,9 @@ function createHostEditOperations(root: string, options?: { workspaceOnly?: bool
          throw createFsAccessError("ENOENT", absolutePath);
        }
        if (error instanceof SafeOpenError && error.code === "outside-workspace") {
-          throw createFsAccessError("EACCES", absolutePath);
+          // Don't throw here – see the comment above about the upstream
+          // library swallowing access errors as "File not found".
+          return;
        }
        throw error;
      }