refactor(security): lift restrictToWorkspace to tools level

2026-02-06 09:28:08 +00:00
parent b1782814fa
commit 943579b96a
6 changed files with 24 additions and 6 deletions
--- a/nanobot/config/schema.py
+++ b/nanobot/config/schema.py
@@ -100,13 +100,13 @@ class WebToolsConfig(BaseModel):
 class ExecToolConfig(BaseModel):
    """Shell exec tool configuration."""
    timeout: int = 60
-    restrict_to_workspace: bool = False  # If true, block commands accessing paths outside workspace


 class ToolsConfig(BaseModel):
    """Tools configuration."""
    web: WebToolsConfig = Field(default_factory=WebToolsConfig)
    exec: ExecToolConfig = Field(default_factory=ExecToolConfig)
+    restrict_to_workspace: bool = False  # If true, restrict all tool access to workspace directory


 class Config(BaseSettings):