fix(sandbox): set HOME inside bwrap

nanobot/agent/tools/sandbox.py

@@ -26,13 +26,22 @@ def _bwrap(command: str, workspace: str, cwd: str) -> str:
     except ValueError:
         sandbox_cwd = str(ws)
 
-    required  = ["/usr"]
+    required = ["/usr"]
-    optional  = ["/bin", "/lib", "/lib64", "/etc/alternatives",
+    optional = [
-                 "/etc/ssl/certs", "/etc/resolv.conf", "/etc/ld.so.cache"]
+        "/bin",
+        "/lib",
+        "/lib64",
+        "/etc/alternatives",
+        "/etc/ssl/certs",
+        "/etc/resolv.conf",
+        "/etc/ld.so.cache",
+    ]
 
-    args = ["bwrap", "--new-session", "--die-with-parent"]
+    args = ["bwrap", "--new-session", "--die-with-parent", "--setenv", "HOME", str(ws)]
-    for p in required: args += ["--ro-bind",     p, p]
+    for p in required:
-    for p in optional: args += ["--ro-bind-try", p, p]
+        args += ["--ro-bind", p, p]
+    for p in optional:
+        args += ["--ro-bind-try", p, p]
     args += [
         "--proc", "/proc", "--dev", "/dev", "--tmpfs", "/tmp",
         "--tmpfs", str(ws.parent),        # mask config dir

tests/tools/test_sandbox.py

@@ -37,6 +37,17 @@ class TestBwrapBackend:
         bind_idx = [i for i, t in enumerate(tokens) if t == "--bind"]
         assert any(tokens[i + 1] == ws and tokens[i + 2] == ws for i in bind_idx)
 
+    def test_home_env_points_to_workspace(self, tmp_path):
+        ws = str(tmp_path / "project")
+        result = wrap_command("bwrap", "echo $HOME", ws, ws)
+        tokens = _parse(result)
+
+        setenv_idx = [i for i, t in enumerate(tokens) if t == "--setenv"]
+        assert any(
+            tokens[i + 1] == "HOME" and tokens[i + 2] == str(tmp_path / "project")
+            for i in setenv_idx
+        )
+
     def test_parent_dir_masked_with_tmpfs(self, tmp_path):
         ws = tmp_path / "project"
         result = wrap_command("bwrap", "ls", str(ws), str(ws))