Skip to content

fix(tools): allow read_file to access CLI workspaces directory#122

Merged
viettranx merged 1 commit intonextlevelbuilder:mainfrom
nhokboo:fix/read-file-cli-workspaces-access
Mar 10, 2026
Merged

fix(tools): allow read_file to access CLI workspaces directory#122
viettranx merged 1 commit intonextlevelbuilder:mainfrom
nhokboo:fix/read-file-cli-workspaces-access

Conversation

@nhokboo
Copy link
Contributor

@nhokboo nhokboo commented Mar 10, 2026

Summary

  • Agents using the Claude CLI provider store working files in ~/.goclaw/cli-workspaces/<session>/
  • When these agents call read_file on their own files, access was denied because cli-workspaces was not in the allowedPrefixes list
  • Add ~/.goclaw/cli-workspaces to read_file allowed paths alongside the existing skills directories

Reproducing

Logs show repeated security.path_escape + read_file: access denied warnings:

security.path_escape path=/.goclaw/cli-workspaces/agent-xxx/file.md workspace=/.goclaw/workspace
read_file: access denied allowedPrefixes=[~/.goclaw/skills ~/.agents/skills ~/.goclaw/skills-store]

Test plan

  • Verify agents can read files from their cli-workspaces after the fix
  • Verify go build ./... and go vet ./... pass
  • Confirm agents still cannot read sensitive dirs (~/.goclaw/data/, ~/.goclaw/sessions/)

@namnn0911
fix(tools): allow read_file to access CLI workspaces directory
d9742d1 
- Add ~/.goclaw/cli-workspaces/ to read_file allowed paths
- Enables agents to read working files from CLI workspace sessions
@viettranx viettranx merged commit 9a0557c into nextlevelbuilder:main Mar 10, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nhokboo @viettranx @namnn0911