🛡️ Path Jail Security Checks
When an agent or custom skill requests reading or writing a file path, the sandbox runs validation sequences:- Fast Path string filter: Instantly rejects any path containing relative traversal directories (
..). - Prefix checks: Rejects absolute prefixes or drive letters (e.g.
C:\,/etc/) to ensure targets are relative to the sandbox root. - Canonical Resolution: If the path exists, Hiroshi calls
dunce::canonicalize()on both the base directory and the target resolved path, enforcing: - Ancestor Containment: If the file does not exist (write target), Hiroshi canonicalizes the deepest existing parent directory and verifies containment.
PermissionDenied error.