From bc879386fe51e85a03b1a23f4e2336d216961490 Mon Sep 17 00:00:00 2001
From: Shiniese <135589327+Shiniese@users.noreply.github.com>
Date: Wed, 1 Apr 2026 15:45:02 +0800
Subject: [PATCH] fix(shell): allow media directory access when
 restrict_to_workspace is enabled

---
 nanobot/agent/tools/shell.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/nanobot/agent/tools/shell.py b/nanobot/agent/tools/shell.py
index dd3a44335..77803e8b3 100644
--- a/nanobot/agent/tools/shell.py
+++ b/nanobot/agent/tools/shell.py
@@ -183,7 +183,16 @@ class ExecTool(Tool):
                     p = Path(expanded).expanduser().resolve()
                 except Exception:
                     continue
-                if p.is_absolute() and cwd_path not in p.parents and p != cwd_path:
+
+                from nanobot.config.paths import get_runtime_subdir
+                media_path = get_runtime_subdir("media").resolve()
+
+                if (p.is_absolute() 
+                    and cwd_path not in p.parents 
+                    and p != cwd_path
+                    and media_path not in p.parents
+                    and p != media_path
+                ):
                     return "Error: Command blocked by safety guard (path outside working dir)"
 
         return None