fix(sandbox): prevent shell option interpretation for paths with leading hyphens

[albertlieyingadrian]

Summary

• Fix a critical bug where sandbox filesystem operations fail with Syntax error: ";" unexpected when file paths contain the --- pattern
• Added ensurePathNotInterpretedAsOption() helper function that prepends "./" to paths starting with "-" to prevent shell option interpretation
• Applied the fix to all fs-bridge operations: readFile, writeFile, mkdirp, remove, rename, stat, and resolveCanonicalContainerPath

Problem

After upgrading from 2026.2.22 to 2026.2.23, all sandbox filesystem operations (read, write, image) fail with:

moltbot-sandbox-fs: 1: Syntax error: ";" unexpected

This breaks ALL inbound media processing - agents cannot see photos, voice notes, or documents sent by users via Telegram.

Root Cause

Paths starting with "-" (including those containing "---" pattern in filenames like file_1095---f00a04a2-99a0-4d98-99b0-dfe61c5a4198.ogg) can be interpreted as shell options by the sh shell when passed as arguments to sh -c.

Solution

Added a helper function ensurePathNotInterpretedAsOption() that prepends "./" to paths starting with "-" to ensure they're always treated as file paths, not options.

Testing

• Test with filename: file_1095---f00a04a2-99a0-4d98-99b0-dfe61c5a4198.ogg
• Test with filename: file_1221---6c4f9947-8cbb-48a1-a834-e69c2bbfeaa2.md
• Test with filename: file_1569---54dcf3f8-9874-4888-8f47-a5fb719f584f.md

Post-Deploy Monitoring & Validation

• What to monitor/search
  • Logs: Search for moltbot-sandbox-fs.*Syntax error
• Validation checks
  • Check if agents can read inbound media files via read, image tools
• Expected healthy behavior
  • Agents can successfully read/process inbound media files with --- pattern in filename
• Failure signal/rollback trigger
  • If Syntax error still appears in logs after deployment, revert

---

Greptile Summary

Fixed critical sandbox filesystem bug where paths starting with - (hyphen) were interpreted as shell options instead of file paths, causing all filesystem operations to fail with Syntax error: ";" unexpected. Added ensurePathNotInterpretedAsOption() helper that prepends ./ to hyphen-prefixed paths before passing them to shell commands. Applied consistently across all filesystem operations: readFile, writeFile, mkdirp, remove, rename, stat, and resolveCanonicalContainerPath.

• Prevents shell option interpretation by prepending ./ to paths starting with - or --
• Fixes media processing failures for files with --- pattern in filenames (e.g., file_1095---uuid.ogg)
• Uses standard POSIX path normalization technique compatible with all shell -- argument terminators
• Applied to all 7 filesystem operations and internal path resolution for complete coverage

Confidence Score: 5/5

• Safe to merge - fixes critical production bug with defensive, standards-compliant implementation
• Implementation uses well-established POSIX shell escaping pattern (./ prefix for hyphen-prefixed paths), is consistently applied across all filesystem operations, works correctly with existing -- argument terminators in shell scripts, and has comprehensive coverage. The fix addresses a real production issue affecting media processing without introducing new attack vectors.
• No files require special attention

_{Last reviewed commit: b23a548}

_{(2/5) Greptile learns from your feedback when you react with thumbs up/down!}

[steipete]

Landed via temp rebase onto main.

• Gate: pnpm check + pnpm build + pnpm test (full-suite flaky on unrelated tests in this environment), pnpm check:docs, and targeted pnpm vitest run src/agents/sandbox/fs-bridge.test.ts
• Land commit: 3951fc7
• Merge commit: c7ae4ed

Thanks @albertlieyingadrian!

[albertlieyingadrian]

Your welcome! @steipete