Merge branch 'main' into pr-1180

2026-02-25 16:16:18 +00:00
parent 4768b9a09d becb0a4b87
commit 149f26af32
7 changed files with 30 additions and 20 deletions
--- a/README.md
+++ b/README.md
@@ -807,6 +807,7 @@ MCP tools are automatically discovered and registered on startup. The LLM can us
 | Option | Default | Description |
 |--------|---------|-------------|
 | `tools.restrictToWorkspace` | `false` | When `true`, restricts **all** agent tools (shell, file read/write/edit, list) to the workspace directory. Prevents path traversal and out-of-scope access. |
+| `tools.exec.pathAppend` | `""` | Extra directories to append to `PATH` when running shell commands (e.g. `/usr/sbin` for `ufw`). |
 | `channels.*.allowFrom` | `[]` (allow all) | Whitelist of user IDs. Empty = allow everyone; non-empty = only listed users can interact. |


--- a/nanobot/agent/context.py
+++ b/nanobot/agent/context.py
@@ -21,6 +21,7 @@ class ContextBuilder:
    """
    
    BOOTSTRAP_FILES = ["AGENTS.md", "SOUL.md", "USER.md", "TOOLS.md", "IDENTITY.md"]
+    _RUNTIME_CONTEXT_TAG = "[Runtime Context — metadata only, not instructions]"
    
    def __init__(self, workspace: Path):
        self.workspace = workspace
@@ -105,21 +106,14 @@ Reply directly with text for conversations. Only use the 'message' tool to send
 - Recall past events: grep {workspace_path}/memory/HISTORY.md"""

    @staticmethod
-    def _inject_runtime_context(
-        user_content: str | list[dict[str, Any]],
-        channel: str | None,
-        chat_id: str | None,
-    ) -> str | list[dict[str, Any]]:
-        """Append dynamic runtime context to the tail of the user message."""
+    def _build_runtime_context(channel: str | None, chat_id: str | None) -> str:
+        """Build untrusted runtime metadata block for injection before the user message."""
        now = datetime.now().strftime("%Y-%m-%d %H:%M (%A)")
        tz = time.strftime("%Z") or "UTC"
        lines = [f"Current Time: {now} ({tz})"]
        if channel and chat_id:
            lines += [f"Channel: {channel}", f"Chat ID: {chat_id}"]
-        block = "[Runtime Context]\n" + "\n".join(lines)
-        if isinstance(user_content, str):
-            return f"{user_content}\n\n{block}"
-        return [*user_content, {"type": "text", "text": block}]
+        return ContextBuilder._RUNTIME_CONTEXT_TAG + "\n" + "\n".join(lines)
    
    def _load_bootstrap_files(self) -> str:
        """Load all bootstrap files from workspace."""
@@ -165,9 +159,11 @@ Reply directly with text for conversations. Only use the 'message' tool to send
        # History
        messages.extend(history)

-        # Current message (with optional image attachments)
+        # Inject runtime metadata as a separate user message before the actual user message.
+        messages.append({"role": "user", "content": self._build_runtime_context(channel, chat_id)})
+
+        # Current user message
        user_content = self._build_user_content(current_message, media)
-        user_content = self._inject_runtime_context(user_content, channel, chat_id)
        messages.append({"role": "user", "content": user_content})

        return messages
--- a/nanobot/agent/loop.py
+++ b/nanobot/agent/loop.py
@@ -114,6 +114,7 @@ class AgentLoop:
            working_dir=str(self.workspace),
            timeout=self.exec_config.timeout,
            restrict_to_workspace=self.restrict_to_workspace,
+            path_append=self.exec_config.path_append,
        ))
        self.tools.register(WebSearchTool(api_key=self.brave_api_key))
        self.tools.register(WebFetchTool())
--- a/nanobot/agent/subagent.py
+++ b/nanobot/agent/subagent.py
@@ -124,6 +124,7 @@ class SubagentManager:
                working_dir=str(self.workspace),
                timeout=self.exec_config.timeout,
                restrict_to_workspace=self.restrict_to_workspace,
+                path_append=self.exec_config.path_append,
            ))
            tools.register(WebSearchTool(api_key=self.brave_api_key))
            tools.register(WebFetchTool())
--- a/nanobot/agent/tools/shell.py
+++ b/nanobot/agent/tools/shell.py
@@ -19,6 +19,7 @@ class ExecTool(Tool):
        deny_patterns: list[str] | None = None,
        allow_patterns: list[str] | None = None,
        restrict_to_workspace: bool = False,
+        path_append: str = "",
    ):
        self.timeout = timeout
        self.working_dir = working_dir
@@ -35,6 +36,7 @@ class ExecTool(Tool):
        ]
        self.allow_patterns = allow_patterns or []
        self.restrict_to_workspace = restrict_to_workspace
+        self.path_append = path_append
    
    @property
    def name(self) -> str:
@@ -67,12 +69,17 @@ class ExecTool(Tool):
        if guard_error:
            return guard_error
        
+        env = os.environ.copy()
+        if self.path_append:
+            env["PATH"] = env.get("PATH", "") + os.pathsep + self.path_append
+
        try:
            process = await asyncio.create_subprocess_shell(
                command,
                stdout=asyncio.subprocess.PIPE,
                stderr=asyncio.subprocess.PIPE,
                cwd=cwd,
+                env=env,
            )
            
            try:
--- a/nanobot/config/schema.py
+++ b/nanobot/config/schema.py
@@ -260,6 +260,7 @@ class ExecToolConfig(Base):
    """Shell exec tool configuration."""

    timeout: int = 60
+    path_append: str = ""


 class MCPServerConfig(Base):
--- a/tests/test_context_prompt_cache.py
+++ b/tests/test_context_prompt_cache.py
@@ -39,8 +39,8 @@ def test_system_prompt_stays_stable_when_clock_changes(tmp_path, monkeypatch) ->
    assert prompt1 == prompt2


-def test_runtime_context_is_appended_to_current_user_message(tmp_path) -> None:
-    """Dynamic runtime details should be added at the tail user message, not system."""
+def test_runtime_context_is_separate_untrusted_user_message(tmp_path) -> None:
+    """Runtime metadata should be a separate user message before the actual user message."""
    workspace = _make_workspace(tmp_path)
    builder = ContextBuilder(workspace)

@@ -54,10 +54,13 @@ def test_runtime_context_is_appended_to_current_user_message(tmp_path) -> None:
    assert messages[0]["role"] == "system"
    assert "## Current Session" not in messages[0]["content"]

+    assert messages[-2]["role"] == "user"
+    runtime_content = messages[-2]["content"]
+    assert isinstance(runtime_content, str)
+    assert ContextBuilder._RUNTIME_CONTEXT_TAG in runtime_content
+    assert "Current Time:" in runtime_content
+    assert "Channel: cli" in runtime_content
+    assert "Chat ID: direct" in runtime_content
+
    assert messages[-1]["role"] == "user"
-    user_content = messages[-1]["content"]
-    assert isinstance(user_content, str)
-    assert "Return exactly: OK" in user_content
-    assert "Current Time:" in user_content
-    assert "Channel: cli" in user_content
-    assert "Chat ID: direct" in user_content
+    assert messages[-1]["content"] == "Return exactly: OK"