Tim Lingo
071c0eeb9f
Neuron Soul CI / build (pull_request) Failing after 5m7s
Confine the agentic file tools (read_file, write_file, list_files, grep) to a configured workspace subtree via a lexical path check, and run run_command with its cwd set to that root. Root comes from state key "agent_workspace_root" or env NEURON_AGENT_ROOT. When no root is set, behavior is unchanged (unscoped) for backward compatibility. Defense-in-depth, NOT a hard boundary: the lexical guard does not resolve symlinks and cannot stop an arbitrary shell command from cd-ing out of the root. Real confinement needs runtime support (cwd-locked exec / sandbox-exec / chroot) in el_runtime.c. Compile-checked with elc (darwin arm64); not link/run-gated locally (darwin elb unavailable). Needs a soul build + smoke test before merge. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>