Agentic.Sandbox.PathValidator (agentic v0.2.2)

Copy Markdown

Validates that tool-requested paths stay within an explicit allowlist of roots.

Prevents:

  • Absolute path injection
  • .. directory traversal
  • Symlink escapes (via expansion against known roots)
  • Access outside the workspace or agent-private directories

Summary

Functions

validate(relative_path, allowed_roots)

Non-raising version. Returns {:ok, expanded_path} or {:error, reason}.

validate!(relative_path, allowed_roots)

Validates a relative path against a list of allowed root directories.

Functions

validate(relative_path, allowed_roots)

@spec validate(String.t(), [String.t()]) :: {:ok, String.t()} | {:error, String.t()}

Non-raising version. Returns {:ok, expanded_path} or {:error, reason}.

validate!(relative_path, allowed_roots)

@spec validate!(String.t(), [String.t()]) :: String.t()

Validates a relative path against a list of allowed root directories.

Returns the expanded absolute path on success. Raises ArgumentError if the path is absolute, escapes all roots, or is empty.