Add per-user filesystem sandbox via current_user

Fork: 0

root / navi-1

Browse code Add per-user filesystem sandbox via current_user_id ContextVar - tools/base.py: add current_user_id ContextVar (set by Agent before every tool call, cleared after) - core/agent.py: set current_user_id in run_stream from session.user_id and in run_ephemeral from parent_session.user_id; restore in finally - tools/filesystem.py: _check_path resolves all paths inside user_data/<user_id>/ when current_user_id is present; legacy mode (no user_id) falls back to FS_ALLOWED_PATHS - tools/share_file.py: validate source path is inside user sandbox Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> feature/navi-code master vmkdemo
1 parent 33ff944 commit df61f7600ad682b16a304671644aebb1e8fb842c Eugene Sukhodolskiy authored on 8 May

Browse code

Add per-user filesystem sandbox via current_user_id ContextVar

- tools/base.py: add current_user_id ContextVar (set by Agent before
  every tool call, cleared after)
- core/agent.py: set current_user_id in run_stream from session.user_id
  and in run_ephemeral from parent_session.user_id; restore in finally
- tools/filesystem.py: _check_path resolves all paths inside
  user_data/<user_id>/ when current_user_id is present; legacy mode
  (no user_id) falls back to FS_ALLOWED_PATHS
- tools/share_file.py: validate source path is inside user sandbox

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feature/navi-code master vmkdemo

1 parent 33ff944 commit df61f7600ad682b16a304671644aebb1e8fb842c

Eugene Sukhodolskiy authored on 8 May

Patch

Unified Split

Showing 4 changed files

Ignore Space Show notes View navi/core/agent.py

Ignore Space Show notes View navi/tools/base.py

Ignore Space Show notes View navi/tools/filesystem.py

Ignore Space Show notes View navi/tools/share_file.py

Show line notes below