let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sandbox): avoid sandboxing main DM sessions

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-12 01:23:37 +00:00
parent b9ff4ca1fe
commit 58a12a757e
9 changed files with 207 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/agents/sandbox.ts
View File

@@ -546,11 +546,22 @@ export function resolveSandboxConfigForAgent(
function shouldSandboxSession(
cfg: SandboxConfig,
sessionKey: string,
mainKey: string,
mainSessionKey: string,
) {
if (cfg.mode === "off") return false;
if (cfg.mode === "all") return true;
return sessionKey.trim() !== mainKey.trim();
return sessionKey.trim() !== mainSessionKey.trim();
}
function resolveMainSessionKeyForSandbox(params: {
cfg?: ClawdbotConfig;
agentId: string;
}): string {
if (params.cfg?.session?.scope === "global") return "global";
return buildAgentMainSessionKey({
agentId: params.agentId,
mainKey: normalizeMainKey(params.cfg?.session?.mainKey),
});
}
export function resolveSandboxRuntimeStatus(params: {
@@ -571,10 +582,7 @@ export function resolveSandboxRuntimeStatus(params: {
});
const cfg = params.cfg;
const sandboxCfg = resolveSandboxConfigForAgent(cfg, agentId);
const mainSessionKey = buildAgentMainSessionKey({
agentId,
mainKey: normalizeMainKey(cfg?.session?.mainKey),
});
const mainSessionKey = resolveMainSessionKeyForSandbox({ cfg, agentId });
const sandboxed = sessionKey
? shouldSandboxSession(sandboxCfg, sessionKey, mainSessionKey)
: false;
@@ -1293,8 +1301,11 @@ export async function resolveSandboxContext(params: {
if (!rawSessionKey) return null;
const agentId = resolveAgentIdFromSessionKey(rawSessionKey);
const cfg = resolveSandboxConfigForAgent(params.config, agentId);
const mainKey = normalizeMainKey(params.config?.session?.mainKey);
if (!shouldSandboxSession(cfg, rawSessionKey, mainKey)) return null;
const mainSessionKey = resolveMainSessionKeyForSandbox({
cfg: params.config,
agentId,
});
if (!shouldSandboxSession(cfg, rawSessionKey, mainSessionKey)) return null;
await maybePruneSandboxes(cfg);
@@ -1373,8 +1384,11 @@ export async function ensureSandboxWorkspaceForSession(params: {
if (!rawSessionKey) return null;
const agentId = resolveAgentIdFromSessionKey(rawSessionKey);
const cfg = resolveSandboxConfigForAgent(params.config, agentId);
const mainKey = normalizeMainKey(params.config?.session?.mainKey);
if (!shouldSandboxSession(cfg, rawSessionKey, mainKey)) return null;
const mainSessionKey = resolveMainSessionKeyForSandbox({
cfg: params.config,
agentId,
});
if (!shouldSandboxSession(cfg, rawSessionKey, mainSessionKey)) return null;
const agentWorkspaceDir = resolveUserPath(
params.workspaceDir?.trim() || DEFAULT_AGENT_WORKSPACE_DIR,