fix(agents): tighten workspace file opens#66636
Merged
Merged
Conversation
Contributor
Greptile SummaryThis PR tightens workspace file access in the agents gateway by routing Confidence Score: 5/5
Reviews (4): Last reviewed commit: "fix(agents): rethrow unexpected errors i..." | Re-trigger Greptile |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 53eb7ecc31
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Contributor
Author
|
@greptile review |
Contributor
Author
|
@codex review |
|
Codex Review: Didn't find any major issues. Keep them coming! ℹ️ About Codex in GitHubCodex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback". |
Contributor
|
@greptile review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e82c07b679
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Contributor
|
@greptile review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 149616372e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Match the narrow-SafeOpenError catch pattern that agents.files.get (commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal gateway error handling instead of being masked as 'unsafe workspace file'.
The mock functions are declared as vi.fn(async (..._args: unknown[]) => Stats | null) so mockImplementation callbacks must accept ...unknown[], not a narrowed (filePath: string) argument. The narrower signature works at runtime but trips tsgo's strict type check; switch to args[0] unpacking so the callbacks match the hoisted mock shape.
kvnkho
pushed a commit
to kvnkho/openclaw
that referenced
this pull request
Apr 17, 2026
* fix(agents): tighten workspace file opens * fix(agents): clarify symlink rejection tests * fix(agents): surface unsafe identity reads * fix(agents): use non-blocking opens for identity reads and write-mode probes * fix(fssafe): restore symlink read identity check * fix(worklog): append comment resolution status * fix(fssafe): close afterOpen handle leaks * fix(worklog): append comment resolution follow-up * fix(worklog): drop internal user file * fix(agents): rethrow unexpected errors in agents.files.get * changelog: note agents.files fs-safe routing + fd-first realpath (openclaw#66636) * fix(agents): rethrow unexpected errors in agents.files.set too Match the narrow-SafeOpenError catch pattern that agents.files.get (commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal gateway error handling instead of being masked as 'unsafe workspace file'. * test(agents): match fsStat/fsLstat mock signatures The mock functions are declared as vi.fn(async (..._args: unknown[]) => Stats | null) so mockImplementation callbacks must accept ...unknown[], not a narrowed (filePath: string) argument. The narrower signature works at runtime but trips tsgo's strict type check; switch to args[0] unpacking so the callbacks match the hoisted mock shape. --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
lovewanwan
pushed a commit
to lovewanwan/openclaw
that referenced
this pull request
Apr 28, 2026
* fix(agents): tighten workspace file opens * fix(agents): clarify symlink rejection tests * fix(agents): surface unsafe identity reads * fix(agents): use non-blocking opens for identity reads and write-mode probes * fix(fssafe): restore symlink read identity check * fix(worklog): append comment resolution status * fix(fssafe): close afterOpen handle leaks * fix(worklog): append comment resolution follow-up * fix(worklog): drop internal user file * fix(agents): rethrow unexpected errors in agents.files.get * changelog: note agents.files fs-safe routing + fd-first realpath (openclaw#66636) * fix(agents): rethrow unexpected errors in agents.files.set too Match the narrow-SafeOpenError catch pattern that agents.files.get (commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal gateway error handling instead of being masked as 'unsafe workspace file'. * test(agents): match fsStat/fsLstat mock signatures The mock functions are declared as vi.fn(async (..._args: unknown[]) => Stats | null) so mockImplementation callbacks must accept ...unknown[], not a narrowed (filePath: string) argument. The narrower signature works at runtime but trips tsgo's strict type check; switch to args[0] unpacking so the callbacks match the hoisted mock shape. --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
25 tasks
ogt-redknie
pushed a commit
to ogt-redknie/OPENX
that referenced
this pull request
May 2, 2026
* fix(agents): tighten workspace file opens * fix(agents): clarify symlink rejection tests * fix(agents): surface unsafe identity reads * fix(agents): use non-blocking opens for identity reads and write-mode probes * fix(fssafe): restore symlink read identity check * fix(worklog): append comment resolution status * fix(fssafe): close afterOpen handle leaks * fix(worklog): append comment resolution follow-up * fix(worklog): drop internal user file * fix(agents): rethrow unexpected errors in agents.files.get * changelog: note agents.files fs-safe routing + fd-first realpath (openclaw#66636) * fix(agents): rethrow unexpected errors in agents.files.set too Match the narrow-SafeOpenError catch pattern that agents.files.get (commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal gateway error handling instead of being masked as 'unsafe workspace file'. * test(agents): match fsStat/fsLstat mock signatures The mock functions are declared as vi.fn(async (..._args: unknown[]) => Stats | null) so mockImplementation callbacks must accept ...unknown[], not a narrowed (filePath: string) argument. The narrower signature works at runtime but trips tsgo's strict type check; switch to args[0] unpacking so the callbacks match the hoisted mock shape. --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
github-actions Bot
pushed a commit
to Desicool/openclaw
that referenced
this pull request
May 9, 2026
* fix(agents): tighten workspace file opens * fix(agents): clarify symlink rejection tests * fix(agents): surface unsafe identity reads * fix(agents): use non-blocking opens for identity reads and write-mode probes * fix(fssafe): restore symlink read identity check * fix(worklog): append comment resolution status * fix(fssafe): close afterOpen handle leaks * fix(worklog): append comment resolution follow-up * fix(worklog): drop internal user file * fix(agents): rethrow unexpected errors in agents.files.get * changelog: note agents.files fs-safe routing + fd-first realpath (openclaw#66636) * fix(agents): rethrow unexpected errors in agents.files.set too Match the narrow-SafeOpenError catch pattern that agents.files.get (commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal gateway error handling instead of being masked as 'unsafe workspace file'. * test(agents): match fsStat/fsLstat mock signatures The mock functions are declared as vi.fn(async (..._args: unknown[]) => Stats | null) so mockImplementation callbacks must accept ...unknown[], not a narrowed (filePath: string) argument. The narrower signature works at runtime but trips tsgo's strict type check; switch to args[0] unpacking so the callbacks match the hoisted mock shape. --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
globalcaos
pushed a commit
to globalcaos/tinkerclaw
that referenced
this pull request
May 13, 2026
* fix(agents): tighten workspace file opens * fix(agents): clarify symlink rejection tests * fix(agents): surface unsafe identity reads * fix(agents): use non-blocking opens for identity reads and write-mode probes * fix(fssafe): restore symlink read identity check * fix(worklog): append comment resolution status * fix(fssafe): close afterOpen handle leaks * fix(worklog): append comment resolution follow-up * fix(worklog): drop internal user file * fix(agents): rethrow unexpected errors in agents.files.get * changelog: note agents.files fs-safe routing + fd-first realpath (openclaw#66636) * fix(agents): rethrow unexpected errors in agents.files.set too Match the narrow-SafeOpenError catch pattern that agents.files.get (commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal gateway error handling instead of being masked as 'unsafe workspace file'. * test(agents): match fsStat/fsLstat mock signatures The mock functions are declared as vi.fn(async (..._args: unknown[]) => Stats | null) so mockImplementation callbacks must accept ...unknown[], not a narrowed (filePath: string) argument. The narrower signature works at runtime but trips tsgo's strict type check; switch to args[0] unpacking so the callbacks match the hoisted mock shape. --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
github-actions Bot
pushed a commit
to Desicool/openclaw
that referenced
this pull request
May 24, 2026
* fix(agents): tighten workspace file opens * fix(agents): clarify symlink rejection tests * fix(agents): surface unsafe identity reads * fix(agents): use non-blocking opens for identity reads and write-mode probes * fix(fssafe): restore symlink read identity check * fix(worklog): append comment resolution status * fix(fssafe): close afterOpen handle leaks * fix(worklog): append comment resolution follow-up * fix(worklog): drop internal user file * fix(agents): rethrow unexpected errors in agents.files.get * changelog: note agents.files fs-safe routing + fd-first realpath (openclaw#66636) * fix(agents): rethrow unexpected errors in agents.files.set too Match the narrow-SafeOpenError catch pattern that agents.files.get (commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal gateway error handling instead of being masked as 'unsafe workspace file'. * test(agents): match fsStat/fsLstat mock signatures The mock functions are declared as vi.fn(async (..._args: unknown[]) => Stats | null) so mockImplementation callbacks must accept ...unknown[], not a narrowed (filePath: string) argument. The narrower signature works at runtime but trips tsgo's strict type check; switch to args[0] unpacking so the callbacks match the hoisted mock shape. --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
jameslcowan
pushed a commit
to jameslcowan/openclaw
that referenced
this pull request
Jun 2, 2026
* fix(agents): tighten workspace file opens * fix(agents): clarify symlink rejection tests * fix(agents): surface unsafe identity reads * fix(agents): use non-blocking opens for identity reads and write-mode probes * fix(fssafe): restore symlink read identity check * fix(worklog): append comment resolution status * fix(fssafe): close afterOpen handle leaks * fix(worklog): append comment resolution follow-up * fix(worklog): drop internal user file * fix(agents): rethrow unexpected errors in agents.files.get * changelog: note agents.files fs-safe routing + fd-first realpath (openclaw#66636) * fix(agents): rethrow unexpected errors in agents.files.set too Match the narrow-SafeOpenError catch pattern that agents.files.get (commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal gateway error handling instead of being masked as 'unsafe workspace file'. * test(agents): match fsStat/fsLstat mock signatures The mock functions are declared as vi.fn(async (..._args: unknown[]) => Stats | null) so mockImplementation callbacks must accept ...unknown[], not a narrowed (filePath: string) argument. The narrower signature works at runtime but trips tsgo's strict type check; switch to args[0] unpacking so the callbacks match the hoisted mock shape. --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
agents.files.get,agents.files.set, and workspace file listing through the existing root-scopedfs-safehelpersChanges
src/gateway/server-methods/agents.tswithopenFileWithinRoot,readFileWithinRoot, andwriteFileWithinRootsrc/infra/fs-safe.tsto resolve opened file real paths from the open file descriptor before falling back to the current pathfs-saferegression that locks in the fd-first realpath behaviorValidation
pnpm test src/gateway/server-methods/agents-mutate.test.tspnpm test src/infra/fs-safe.test.tspnpm checkon the rebased branchNotes