From 624f6078729fa3622416796a3eb08e1e9d7b608c Mon Sep 17 00:00:00 2001
From: Shiniese <135589327+Shiniese@users.noreply.github.com>
Date: Wed, 1 Apr 2026 16:19:53 +0800
Subject: [PATCH] fix(filesystem): add media directory exemption to filesystem
 tool path checks

---
 nanobot/agent/tools/filesystem.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nanobot/agent/tools/filesystem.py b/nanobot/agent/tools/filesystem.py
index d4094e7f3..a0e470fa9 100644
--- a/nanobot/agent/tools/filesystem.py
+++ b/nanobot/agent/tools/filesystem.py
@@ -21,7 +21,9 @@ def _resolve_path(
         p = workspace / p
     resolved = p.resolve()
     if allowed_dir:
-        all_dirs = [allowed_dir] + (extra_allowed_dirs or [])
+        from nanobot.config.paths import get_runtime_subdir
+        media_path = get_runtime_subdir("media").resolve()
+        all_dirs = [allowed_dir] + [media_path] + (extra_allowed_dirs or []) 
         if not any(_is_under(resolved, d) for d in all_dirs):
             raise PermissionError(f"Path {path} is outside allowed directory {allowed_dir}")
     return resolved