fix(shell): allow media directory access when restrict_to_workspace is enabled

2026-04-04 18:32:44 +00:00 · 2026-04-01 15:45:02 +08:00 · 2026-04-01 15:45:02 +08:00 · bc879386fe
commit bc879386fe
parent ca3b918cf0
1 changed files with 10 additions and 1 deletions
--- a/nanobot/agent/tools/shell.py
+++ b/nanobot/agent/tools/shell.py
@ -183,7 +183,16 @@ class ExecTool(Tool):
                    p = Path(expanded).expanduser().resolve()
                except Exception:
                    continue
-                if p.is_absolute() and cwd_path not in p.parents and p != cwd_path:
+
+                from nanobot.config.paths import get_runtime_subdir
+                media_path = get_runtime_subdir("media").resolve()
+
+                if (p.is_absolute() 
+                    and cwd_path not in p.parents 
+                    and p != cwd_path
+                    and media_path not in p.parents
+                    and p != media_path
+                ):
                    return "Error: Command blocked by safety guard (path outside working dir)"

        return None