From ce887772e96c11af9330af6fea81ae1c29b0a400 Mon Sep 17 00:00:00 2001
From: primit1v0 <primit1v0@users.noreply.github.com>
Date: Sun, 7 Jun 2026 23:14:04 +0700
Subject: [PATCH] fix(sandbox): set HOME inside bwrap

---
 nanobot/agent/tools/sandbox.py | 21 +++++++++++++++------
 tests/tools/test_sandbox.py    | 11 +++++++++++
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/nanobot/agent/tools/sandbox.py b/nanobot/agent/tools/sandbox.py
index 459ce16a3..5800f353e 100644
--- a/nanobot/agent/tools/sandbox.py
+++ b/nanobot/agent/tools/sandbox.py
@@ -26,13 +26,22 @@ def _bwrap(command: str, workspace: str, cwd: str) -> str:
     except ValueError:
         sandbox_cwd = str(ws)
 
-    required  = ["/usr"]
-    optional  = ["/bin", "/lib", "/lib64", "/etc/alternatives",
-                 "/etc/ssl/certs", "/etc/resolv.conf", "/etc/ld.so.cache"]
+    required = ["/usr"]
+    optional = [
+        "/bin",
+        "/lib",
+        "/lib64",
+        "/etc/alternatives",
+        "/etc/ssl/certs",
+        "/etc/resolv.conf",
+        "/etc/ld.so.cache",
+    ]
 
-    args = ["bwrap", "--new-session", "--die-with-parent"]
-    for p in required: args += ["--ro-bind",     p, p]
-    for p in optional: args += ["--ro-bind-try", p, p]
+    args = ["bwrap", "--new-session", "--die-with-parent", "--setenv", "HOME", str(ws)]
+    for p in required:
+        args += ["--ro-bind", p, p]
+    for p in optional:
+        args += ["--ro-bind-try", p, p]
     args += [
         "--proc", "/proc", "--dev", "/dev", "--tmpfs", "/tmp",
         "--tmpfs", str(ws.parent),        # mask config dir
diff --git a/tests/tools/test_sandbox.py b/tests/tools/test_sandbox.py
index 82232d83e..462d9937f 100644
--- a/tests/tools/test_sandbox.py
+++ b/tests/tools/test_sandbox.py
@@ -37,6 +37,17 @@ class TestBwrapBackend:
         bind_idx = [i for i, t in enumerate(tokens) if t == "--bind"]
         assert any(tokens[i + 1] == ws and tokens[i + 2] == ws for i in bind_idx)
 
+    def test_home_env_points_to_workspace(self, tmp_path):
+        ws = str(tmp_path / "project")
+        result = wrap_command("bwrap", "echo $HOME", ws, ws)
+        tokens = _parse(result)
+
+        setenv_idx = [i for i, t in enumerate(tokens) if t == "--setenv"]
+        assert any(
+            tokens[i + 1] == "HOME" and tokens[i + 2] == str(tmp_path / "project")
+            for i in setenv_idx
+        )
+
     def test_parent_dir_masked_with_tmpfs(self, tmp_path):
         ws = tmp_path / "project"
         result = wrap_command("bwrap", "ls", str(ws), str(ws))