fix(acp): run filesystem backend in virtual mode#557
Open
Johannes du Plessis (johannes117) wants to merge 2 commits into
Open
fix(acp): run filesystem backend in virtual mode#557Johannes du Plessis (johannes117) wants to merge 2 commits into
Johannes du Plessis (johannes117) wants to merge 2 commits into
Conversation
The ACP filesystem backend ran in non-virtual mode, so a path-less grep (default path '/') resolved to the literal filesystem root and scanned the whole disk. This is wasteful and crashes when an unreadable directory is encountered (e.g. macOS '/Library/Trial' from a process without Full Disk Access). Construct the backend with virtualMode: true, matching the Python deepagents-acp server (FilesystemBackend(root_dir=cwd, virtual_mode=True)). Tool paths are now virtual paths rooted at the workspace, '..'/'~' traversal is blocked, and searches stay within the workspace. - FilesystemBackend.resolvePath is now protected so the ACP subclass can reuse the virtual-aware resolution for its read/write proxying. - extractToolCallLocations resolves virtual paths under workspaceRoot so ACP clients still receive real filesystem paths for follow-along.
🦋 Changeset detectedLatest commit: 4a99bca The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
- Resolve virtual location paths with path.posix.join instead of regex stripping (clears CodeQL polynomial-regex finding) - Add changeset; apply formatter
deepagents-acp
deepagents
@langchain/sandbox-standard-tests
@langchain/daytona
@langchain/deno
@langchain/modal
@langchain/node-vfs
@langchain/quickjs
commit: |
langsmith-fleet
Bot
added
triage: high-impact
bug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The ACP filesystem backend runs non-virtual, so a path-less
grep(defaultpath = "/") resolves to the real filesystem root and scans the whole disk — wasteful, and crashes on unreadable dirs (e.g. macOS/Library/Trialwithout Full Disk Access) assession/prompt -> Internal error.Fix
virtualMode: trueon the backend, matching Python (FilesystemBackend(root_dir=cwd, virtual_mode=True)indeepagents_acp/server.py). Paths become virtual, rooted at the workspace;../~blocked.FilesystemBackend.resolvePath→protectedso the ACP subclass reuses it for read/write proxying.extractToolCallLocationsresolves virtual paths underworkspaceRootso clients still get real paths.Test
ACP unit suite (157) and deepagents filesystem (20) pass.
server.tstypecheck errors are pre-existing (unchanged onmain).Complements #556 (scope fix here; #556 hardens unreadable dirs within a valid workspace).