fix(sandbox): normalize /workspace media paths to host sandbox root

Co-authored-by: echo931 <echo931@users.noreply.github.com>
2026-05-08 20:48:26 +00:00 · 2026-02-22 20:30:48 +01:00
parent 0932adf361
commit eefbf3dc5a
4 changed files with 74 additions and 0 deletions
--- a/src/agents/sandbox-paths.ts
+++ b/src/agents/sandbox-paths.ts
@@ -7,6 +7,7 @@ import { isNotFoundPathError, isPathInside } from "../infra/path-guards.js";
 const UNICODE_SPACES = /[\u00A0\u2000-\u200A\u202F\u205F\u3000]/g;
 const HTTP_URL_RE = /^https?:\/\//i;
 const DATA_URL_RE = /^data:/i;
+const SANDBOX_CONTAINER_WORKDIR = "/workspace";

 function normalizeUnicodeSpaces(str: string): string {
  return str.replace(UNICODE_SPACES, " ");
@@ -90,6 +91,13 @@ export async function resolveSandboxedMediaSource(params: {
      throw new Error(`Invalid file:// URL for sandboxed media: ${raw}`);
    }
  }
+  const containerWorkspaceMapped = mapContainerWorkspacePath({
+    candidate,
+    sandboxRoot: params.sandboxRoot,
+  });
+  if (containerWorkspaceMapped) {
+    candidate = containerWorkspaceMapped;
+  }
  const tmpMediaPath = await resolveAllowedTmpMediaPath({
    candidate,
    sandboxRoot: params.sandboxRoot,
@@ -105,6 +113,25 @@ export async function resolveSandboxedMediaSource(params: {
  return sandboxResult.resolved;
 }

+function mapContainerWorkspacePath(params: {
+  candidate: string;
+  sandboxRoot: string;
+}): string | undefined {
+  const normalized = params.candidate.replace(/\\/g, "/");
+  if (normalized === SANDBOX_CONTAINER_WORKDIR) {
+    return path.resolve(params.sandboxRoot);
+  }
+  const prefix = `${SANDBOX_CONTAINER_WORKDIR}/`;
+  if (!normalized.startsWith(prefix)) {
+    return undefined;
+  }
+  const rel = normalized.slice(prefix.length);
+  if (!rel) {
+    return path.resolve(params.sandboxRoot);
+  }
+  return path.resolve(params.sandboxRoot, ...rel.split("/").filter(Boolean));
+}
+
 async function resolveAllowedTmpMediaPath(params: {
  candidate: string;
  sandboxRoot: string;