github/AutoGPT
1
1
Fork 0
mirror of https://github.com/Significant-Gravitas/AutoGPT.git synced 2026-04-30 03:00:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(backend): update test_read_builtin_blocked for workspace-scoped Read

Browse Source 
Read is now workspace-scoped (allowed within sdk_cwd, denied outside).
Split the old test into two: test_read_within_workspace_allowed and
test_read_outside_workspace_blocked.
This commit is contained in:
majdyz
2026-04-12 10:06:38 +00:00
parent d7d9b5ea91
commit ff32fa2772
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
autogpt_platform/backend/backend/copilot/sdk/security_hooks_test.py
View File

@@ -56,11 +56,19 @@ def test_unknown_tool_allowed():
# -- Workspace-scoped tools --------------------------------------------------
def test_read_builtin_blocked():
"""SDK built-in Read is blocked — all reads go through MCP read_file tool."""
def test_read_within_workspace_allowed():
"""Read is workspace-scoped — allowed within sdk_cwd for tool-results."""
result = _validate_tool_access(
"Read", {"file_path": f"{SDK_CWD}/file.txt"}, sdk_cwd=SDK_CWD
)
assert result == {}
def test_read_outside_workspace_blocked():
"""Read outside the workspace is denied."""
result = _validate_tool_access(
"Read", {"file_path": "/etc/passwd"}, sdk_cwd=SDK_CWD
)
assert _is_denied(result)