refactor: unify workspace restriction for file tools, remove redundant checks, fix SECURITY.md

2026-02-06 09:16:20 +00:00
parent 8a23d541e2
commit c5191eed1a
8 changed files with 49 additions and 97 deletions
--- a/nanobot/agent/subagent.py
+++ b/nanobot/agent/subagent.py
@@ -96,9 +96,10 @@ class SubagentManager:
        try:
            # Build subagent tools (no message tool, no spawn tool)
            tools = ToolRegistry()
-            tools.register(ReadFileTool())
-            tools.register(WriteFileTool())
-            tools.register(ListDirTool())
+            allowed_dir = self.workspace if self.exec_config.restrict_to_workspace else None
+            tools.register(ReadFileTool(allowed_dir=allowed_dir))
+            tools.register(WriteFileTool(allowed_dir=allowed_dir))
+            tools.register(ListDirTool(allowed_dir=allowed_dir))
            tools.register(ExecTool(
                working_dir=str(self.workspace),
                timeout=self.exec_config.timeout,