fix(sandbox): always allow image tool
This commit is contained in:
Peter Steinberger
@@ -464,7 +464,7 @@ describe("Agent-specific sandbox config", () => {
|
|||||||
|
|
||||||
expect(context).toBeDefined();
|
expect(context).toBeDefined();
|
||||||
expect(context?.tools).toEqual({
|
expect(context?.tools).toEqual({
|
||||||
allow: ["read", "write"],
|
allow: ["read", "write", "image"],
|
||||||
deny: ["edit"],
|
deny: ["edit"],
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@@ -504,4 +504,30 @@ describe("Agent-specific sandbox config", () => {
|
|||||||
const sandbox = resolveSandboxConfigForAgent(cfg, "main");
|
const sandbox = resolveSandboxConfigForAgent(cfg, "main");
|
||||||
expect(sandbox.tools.allow).toContain("image");
|
expect(sandbox.tools.allow).toContain("image");
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("injects image into explicit sandbox allowlists", async () => {
|
||||||
|
const { resolveSandboxConfigForAgent } = await import("./sandbox.js");
|
||||||
|
|
||||||
|
const cfg: ClawdbotConfig = {
|
||||||
|
tools: {
|
||||||
|
sandbox: {
|
||||||
|
tools: {
|
||||||
|
allow: ["bash", "read"],
|
||||||
|
deny: [],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
agents: {
|
||||||
|
defaults: {
|
||||||
|
sandbox: {
|
||||||
|
mode: "all",
|
||||||
|
scope: "agent",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
const sandbox = resolveSandboxConfigForAgent(cfg, "main");
|
||||||
|
expect(sandbox.tools.allow).toContain("image");
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -475,17 +475,26 @@ export function resolveSandboxToolPolicyForAgent(
|
|||||||
key: "tools.sandbox.tools.deny",
|
key: "tools.sandbox.tools.deny",
|
||||||
} satisfies SandboxToolPolicySource);
|
} satisfies SandboxToolPolicySource);
|
||||||
|
|
||||||
|
const deny = Array.isArray(agentDeny)
|
||||||
|
? agentDeny
|
||||||
|
: Array.isArray(globalDeny)
|
||||||
|
? globalDeny
|
||||||
|
: DEFAULT_TOOL_DENY;
|
||||||
|
let allow = Array.isArray(agentAllow)
|
||||||
|
? agentAllow
|
||||||
|
: Array.isArray(globalAllow)
|
||||||
|
? globalAllow
|
||||||
|
: DEFAULT_TOOL_ALLOW;
|
||||||
|
|
||||||
|
// `image` is essential for multimodal workflows; always include it in sandboxed
|
||||||
|
// sessions unless explicitly denied.
|
||||||
|
if (!deny.includes("image") && !allow.includes("image")) {
|
||||||
|
allow = [...allow, "image"];
|
||||||
|
}
|
||||||
|
|
||||||
return {
|
return {
|
||||||
allow: Array.isArray(agentAllow)
|
allow,
|
||||||
? agentAllow
|
deny,
|
||||||
: Array.isArray(globalAllow)
|
|
||||||
? globalAllow
|
|
||||||
: DEFAULT_TOOL_ALLOW,
|
|
||||||
deny: Array.isArray(agentDeny)
|
|
||||||
? agentDeny
|
|
||||||
: Array.isArray(globalDeny)
|
|
||||||
? globalDeny
|
|
||||||
: DEFAULT_TOOL_DENY,
|
|
||||||
sources: {
|
sources: {
|
||||||
allow: allowSource,
|
allow: allowSource,
|
||||||
deny: denySource,
|
deny: denySource,
|
||||||
|
|||||||
Reference in New Issue
Block a user