Enforce workspace boundaries with configurable restriction option

Implemented a unified path validation helper to ensure filesystem operations stay within the designated workspace. This now supports a 'restrict_to_workspace' option in config.json (enabled by default) to allow flexibility for specific environments while maintaining a secure default posture. I've updated read_file, write_file, list_dir, append_file, edit_file, and exec tools to respect this setting and included tests for both restricted and unrestricted modes.
2026-02-11 21:18:13 +07:00
parent 3e902abb5c
commit 792639d813
7 changed files with 195 additions and 43 deletions
--- a/config.example.json
+++ b/config.example.json
@@ -2,6 +2,7 @@
  "agents": {
    "defaults": {
      "workspace": "~/.picoclaw/workspace",
+      "restrict_to_workspace": true,
      "model": "glm-4.7",
      "max_tokens": 8192,
      "temperature": 0.7,