feat(web,server): allow file preview for system temp paths#1351
feat(web,server): allow file preview for system temp paths#1351bj456736 wants to merge 1 commit into
Conversation
When the model references files in /tmp (or platform equivalents like /var/tmp and /dev/shm), the web UI previously rejected them with 'outsideWorkspace' and the server rejected them with 'absolute' path errors. This change enables previewing temp files across both layers: Server side: - Add isTempPath() and resolveTempPath() to fsPathSafety.ts, with cross-platform temp prefix support and '..' rejection - Add resolveWithTempFallback() in FsService, used by read(), resolveDownload(), and resolvePath() so temp files can be read, downloaded, opened, and revealed without weakening the normal workspace containment checks Web side: - normalizePreviewPath() now passes through /tmp/... paths directly - resolveImageUrl() no longer drops absolute temp paths, letting images written to temp by tools (e.g. ReadMediaFile) display inline Tests: - Add isTempPath and resolveTempPath coverage (8 new tests) - All 19 fs-path-safety tests pass; agent-core (3457) and server (685) suites also pass (1 pre-existing unrelated failure in fileLaunch)
|
commit: |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: fa76212698
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| const resolved = path.resolve(inputPath); | ||
| return { | ||
| absolute: resolved, | ||
| relative: resolved, |
There was a problem hiding this comment.
Re-check symlink-resolved temp paths
When a requested temp path traverses a symlink under /tmp (for example /tmp/link -> /etc and then reading /tmp/link/passwd), this returns the lexical path without resolving the existing prefix, so the later fs.stat/read/download calls follow the symlink and can access files outside both the workspace and the temp directory. resolveSafePath prevents this by realpathing the longest existing prefix before returning; the temp fallback needs the same realpath-and-containment check against the allowed temp roots before exposing the path.
Useful? React with 👍 / 👎.
Problem
When the model references files in (or platform equivalents like and ), the web UI previously rejected them with and the server rejected them with path errors. This meant users couldn't preview files written to temp by tools (e.g. outputting to ).
Changes
Server side:
Web side:
Tests:
Backwards Compatibility
Closes