Skip to content

fix: keep builder file operations under project root#5790

Open
maxts0gt wants to merge 1 commit into
google:mainfrom
maxts0gt:codex/adk-target4-audit
Open

fix: keep builder file operations under project root#5790
maxts0gt wants to merge 1 commit into
google:mainfrom
maxts0gt:codex/adk-target4-audit

Conversation

@maxts0gt
Copy link
Copy Markdown

@maxts0gt maxts0gt commented May 21, 2026

Summary

  • resolve Agent Builder file paths against the session project root
  • reject absolute, parent-directory, and symlink paths that escape that root
  • add regression coverage for read/write/delete file tools refusing outside paths

Tests

  • uv run --with pytest --with pytest-asyncio pytest tests/unittests/cli/built_in_agents/test_builder_file_paths.py
  • uv run --with pyink pyink --check src/google/adk/cli/built_in_agents/utils/resolve_root_directory.py tests/unittests/cli/built_in_agents/test_builder_file_paths.py

@adk-bot adk-bot added the tools [Component] This issue is related to tools label May 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

tools [Component] This issue is related to tools

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maxts0gt @adk-bot