Skip to content

feat(web,server): allow file preview for system temp paths#1351

Open
bj456736 wants to merge 1 commit into
MoonshotAI:mainfrom
bj456736:today-pr-20260703-1801
Open

feat(web,server): allow file preview for system temp paths#1351
bj456736 wants to merge 1 commit into
MoonshotAI:mainfrom
bj456736:today-pr-20260703-1801

Conversation

@bj456736

@bj456736 bj456736 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Problem

When the model references files in (or platform equivalents like and ), the web UI previously rejected them with and the server rejected them with path errors. This meant users couldn't preview files written to temp by tools (e.g. outputting to ).

Changes

Server side:

  • Add and to , with cross-platform temp prefix support and rejection
  • Add in , used by , , and so temp files can be read, downloaded, opened, and revealed without weakening normal workspace containment

Web side:

  • now passes through paths directly
  • no longer drops absolute temp paths, letting temp images display inline

Tests:

  • Add and coverage (8 new tests)
  • All 19 fs-path-safety tests pass; agent-core (3457) and server (685) suites also pass (1 pre-existing unrelated failure in )

Backwards Compatibility

  • Normal relative paths still go through unchanged
  • , , , etc. still reject absolute paths — only // gain temp support, matching web preview needs

Closes

  • web支持temp路径 (P1 Backlog)

When the model references files in /tmp (or platform equivalents like
/var/tmp and /dev/shm), the web UI previously rejected them with
'outsideWorkspace' and the server rejected them with 'absolute' path errors.

This change enables previewing temp files across both layers:

Server side:
- Add isTempPath() and resolveTempPath() to fsPathSafety.ts, with
  cross-platform temp prefix support and '..' rejection
- Add resolveWithTempFallback() in FsService, used by read(),
  resolveDownload(), and resolvePath() so temp files can be read,
  downloaded, opened, and revealed without weakening the normal
  workspace containment checks

Web side:
- normalizePreviewPath() now passes through /tmp/... paths directly
- resolveImageUrl() no longer drops absolute temp paths, letting
  images written to temp by tools (e.g. ReadMediaFile) display inline

Tests:
- Add isTempPath and resolveTempPath coverage (8 new tests)
- All 19 fs-path-safety tests pass; agent-core (3457) and server (685)
  suites also pass (1 pre-existing unrelated failure in fileLaunch)
@changeset-bot

changeset-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: fa76212

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@pkg-pr-new

pkg-pr-new Bot commented Jul 3, 2026

Copy link
Copy Markdown
pnpm dlx https://pkg.pr.new/@moonshot-ai/kimi-code@fa76212
npx https://pkg.pr.new/@moonshot-ai/kimi-code@fa76212

commit: fa76212

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fa76212698

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment on lines +119 to +122
const resolved = path.resolve(inputPath);
return {
absolute: resolved,
relative: resolved,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Re-check symlink-resolved temp paths

When a requested temp path traverses a symlink under /tmp (for example /tmp/link -> /etc and then reading /tmp/link/passwd), this returns the lexical path without resolving the existing prefix, so the later fs.stat/read/download calls follow the symlink and can access files outside both the workspace and the temp directory. resolveSafePath prevents this by realpathing the longest existing prefix before returning; the temp fallback needs the same realpath-and-containment check against the allowed temp roots before exposing the path.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant