From ff32fa27720ceb9b4ff55821fa1d856cb23c40b2 Mon Sep 17 00:00:00 2001
From: majdyz <zamil.majdy@agpt.co>
Date: Sun, 12 Apr 2026 10:06:38 +0000
Subject: [PATCH] fix(backend): update test_read_builtin_blocked for
 workspace-scoped Read

Read is now workspace-scoped (allowed within sdk_cwd, denied outside).
Split the old test into two: test_read_within_workspace_allowed and
test_read_outside_workspace_blocked.
---
 .../backend/copilot/sdk/security_hooks_test.py       | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/autogpt_platform/backend/backend/copilot/sdk/security_hooks_test.py b/autogpt_platform/backend/backend/copilot/sdk/security_hooks_test.py
index a0d89d339b..7a81d02f73 100644
--- a/autogpt_platform/backend/backend/copilot/sdk/security_hooks_test.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/security_hooks_test.py
@@ -56,11 +56,19 @@ def test_unknown_tool_allowed():
 # -- Workspace-scoped tools --------------------------------------------------
 
 
-def test_read_builtin_blocked():
-    """SDK built-in Read is blocked — all reads go through MCP read_file tool."""
+def test_read_within_workspace_allowed():
+    """Read is workspace-scoped — allowed within sdk_cwd for tool-results."""
     result = _validate_tool_access(
         "Read", {"file_path": f"{SDK_CWD}/file.txt"}, sdk_cwd=SDK_CWD
     )
+    assert result == {}
+
+
+def test_read_outside_workspace_blocked():
+    """Read outside the workspace is denied."""
+    result = _validate_tool_access(
+        "Read", {"file_path": "/etc/passwd"}, sdk_cwd=SDK_CWD
+    )
     assert _is_denied(result)