Enforce workspace boundaries with configurable restriction option

Implemented a unified path validation helper to ensure filesystem operations stay within the designated workspace. This now supports a 'restrict_to_workspace' option in config.json (enabled by default) to allow flexibility for specific environments while maintaining a secure default posture. I've updated read_file, write_file, list_dir, append_file, edit_file, and exec tools to respect this setting and included tests for both restricted and unrestricted modes.

pkg/tools/filesystem.go

@@ -5,9 +5,45 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 )
 
-type ReadFileTool struct{}
+// validatePath ensures the given path is within the workspace if restrict is true.
+func validatePath(path, workspace string, restrict bool) (string, error) {
+	if workspace == "" {
+		return path, nil
+	}
+
+	absWorkspace, err := filepath.Abs(workspace)
+	if err != nil {
+		return "", fmt.Errorf("failed to resolve workspace path: %w", err)
+	}
+
+	var absPath string
+	if filepath.IsAbs(path) {
+		absPath = filepath.Clean(path)
+	} else {
+		absPath, err = filepath.Abs(filepath.Join(absWorkspace, path))
+		if err != nil {
+			return "", fmt.Errorf("failed to resolve file path: %w", err)
+		}
+	}
+
+	if restrict && !strings.HasPrefix(absPath, absWorkspace) {
+		return "", fmt.Errorf("access denied: path is outside the workspace")
+	}
+
+	return absPath, nil
+}
+
+type ReadFileTool struct {
+	workspace string
+	restrict  bool
+}
+
+func NewReadFileTool(workspace string, restrict bool) *ReadFileTool {
+	return &ReadFileTool{workspace: workspace, restrict: restrict}
+}
 
 func (t *ReadFileTool) Name() string {
 	return "read_file"
@@ -36,7 +72,12 @@ func (t *ReadFileTool) Execute(ctx context.Context, args map[string]interface{})
 		return "", fmt.Errorf("path is required")
 	}
 
-	content, err := os.ReadFile(path)
+	resolvedPath, err := validatePath(path, t.workspace, t.restrict)
+	if err != nil {
+		return "", err
+	}
+
+	content, err := os.ReadFile(resolvedPath)
 	if err != nil {
 		return "", fmt.Errorf("failed to read file: %w", err)
 	}
@@ -44,7 +85,14 @@ func (t *ReadFileTool) Execute(ctx context.Context, args map[string]interface{})
 	return string(content), nil
 }
 
-type WriteFileTool struct{}
+type WriteFileTool struct {
+	workspace string
+	restrict  bool
+}
+
+func NewWriteFileTool(workspace string, restrict bool) *WriteFileTool {
+	return &WriteFileTool{workspace: workspace, restrict: restrict}
+}
 
 func (t *WriteFileTool) Name() string {
 	return "write_file"
@@ -82,19 +130,31 @@ func (t *WriteFileTool) Execute(ctx context.Context, args map[string]interface{}
 		return "", fmt.Errorf("content is required")
 	}
 
-	dir := filepath.Dir(path)
+	resolvedPath, err := validatePath(path, t.workspace, t.restrict)
+	if err != nil {
+		return "", err
+	}
+
+	dir := filepath.Dir(resolvedPath)
 	if err := os.MkdirAll(dir, 0755); err != nil {
 		return "", fmt.Errorf("failed to create directory: %w", err)
 	}
 
-	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
+	if err := os.WriteFile(resolvedPath, []byte(content), 0644); err != nil {
 		return "", fmt.Errorf("failed to write file: %w", err)
 	}
 
 	return "File written successfully", nil
 }
 
-type ListDirTool struct{}
+type ListDirTool struct {
+	workspace string
+	restrict  bool
+}
+
+func NewListDirTool(workspace string, restrict bool) *ListDirTool {
+	return &ListDirTool{workspace: workspace, restrict: restrict}
+}
 
 func (t *ListDirTool) Name() string {
 	return "list_dir"
@@ -123,7 +183,12 @@ func (t *ListDirTool) Execute(ctx context.Context, args map[string]interface{})
 		path = "."
 	}
 
-	entries, err := os.ReadDir(path)
+	resolvedPath, err := validatePath(path, t.workspace, t.restrict)
+	if err != nil {
+		return "", err
+	}
+
+	entries, err := os.ReadDir(resolvedPath)
 	if err != nil {
 		return "", fmt.Errorf("failed to read directory: %w", err)
 	}