diff --git a/tests/tools/test_filesystem_tools.py b/tests/tools/test_filesystem_tools.py index ca6629edb..21ecffe58 100644 --- a/tests/tools/test_filesystem_tools.py +++ b/tests/tools/test_filesystem_tools.py @@ -321,6 +321,22 @@ class TestWorkspaceRestriction: assert "Test Skill" in result assert "Error" not in result + @pytest.mark.asyncio + async def test_read_allowed_in_media_dir(self, tmp_path, monkeypatch): + workspace = tmp_path / "ws" + workspace.mkdir() + media_dir = tmp_path / "media" + media_dir.mkdir() + media_file = media_dir / "photo.txt" + media_file.write_text("shared media", encoding="utf-8") + + monkeypatch.setattr("nanobot.agent.tools.filesystem.get_media_dir", lambda: media_dir) + + tool = ReadFileTool(workspace=workspace, allowed_dir=workspace) + result = await tool.execute(path=str(media_file)) + assert "shared media" in result + assert "Error" not in result + @pytest.mark.asyncio async def test_extra_dirs_does_not_widen_write(self, tmp_path): from nanobot.agent.tools.filesystem import WriteFileTool diff --git a/tests/tools/test_tool_validation.py b/tests/tools/test_tool_validation.py index 98a3dc903..0fd15e383 100644 --- a/tests/tools/test_tool_validation.py +++ b/tests/tools/test_tool_validation.py @@ -142,6 +142,19 @@ def test_exec_guard_blocks_quoted_home_path_outside_workspace(tmp_path) -> None: assert error == "Error: Command blocked by safety guard (path outside working dir)" +def test_exec_guard_allows_media_path_outside_workspace(tmp_path, monkeypatch) -> None: + media_dir = tmp_path / "media" + media_dir.mkdir() + media_file = media_dir / "photo.jpg" + media_file.write_text("ok", encoding="utf-8") + + monkeypatch.setattr("nanobot.agent.tools.shell.get_media_dir", lambda: media_dir) + + tool = ExecTool(restrict_to_workspace=True) + error = tool._guard_command(f'cat "{media_file}"', str(tmp_path / "workspace")) + assert error is None + + def test_exec_guard_blocks_windows_drive_root_outside_workspace(monkeypatch) -> None: import nanobot.agent.tools.shell as shell_mod