From 3588dc8df77db4cd999b099f1d327aa17da882db Mon Sep 17 00:00:00 2001
From: nogataka <nogataka@gmail.com>
Date: Thu, 29 Jan 2026 11:55:49 +0900
Subject: [PATCH] feat: add EXTRA_READ_PATHS for read-only external file access

Allow agents to read files from directories outside the project folder
via the EXTRA_READ_PATHS environment variable.

Changes:
- Add EXTRA_READ_PATHS_VAR constant in client.py
- Parse comma-separated paths and add Read/Glob/Grep permissions
- Log configured extra read paths on agent startup
- Document the feature in .env.example

Usage:
  EXTRA_READ_PATHS=/path/to/docs,/path/to/libs

Security: External paths are read-only (no Write/Edit permissions)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .env.example |  7 +++++++
 client.py    | 19 +++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/.env.example b/.env.example
index 1718f6d..dc87d27 100644
--- a/.env.example
+++ b/.env.example
@@ -15,6 +15,13 @@
 # - false: Browser opens a visible window (useful for debugging)
 # PLAYWRIGHT_HEADLESS=true
 
+# Extra Read Paths (Optional)
+# Comma-separated list of absolute paths for read-only access to external directories.
+# The agent can read files from these paths but cannot write to them.
+# Useful for referencing documentation, shared libraries, or other projects.
+# Example: EXTRA_READ_PATHS=/Volumes/Data/dev,/Users/shared/libs
+# EXTRA_READ_PATHS=
+
 # GLM/Alternative API Configuration (Optional)
 # To use Zhipu AI's GLM models instead of Claude, uncomment and set these variables.
 # This only affects AutoCoder - your global Claude Code settings remain unchanged.
diff --git a/client.py b/client.py
index 7ea04a5..f743620 100644
--- a/client.py
+++ b/client.py
@@ -42,6 +42,11 @@ API_ENV_VARS = [
     "ANTHROPIC_DEFAULT_HAIKU_MODEL",   # Model override for Haiku
 ]
 
+# Extra read paths for cross-project file access (read-only)
+# Set EXTRA_READ_PATHS environment variable with comma-separated absolute paths
+# Example: EXTRA_READ_PATHS=/Volumes/Data/dev,/Users/shared/libs
+EXTRA_READ_PATHS_VAR = "EXTRA_READ_PATHS"
+
 
 def get_playwright_headless() -> bool:
     """
@@ -202,6 +207,18 @@ def create_client(
         # Allow Feature MCP tools for feature management
         *FEATURE_MCP_TOOLS,
     ]
+
+    # Add extra read paths from environment variable (read-only access)
+    extra_read_paths = os.getenv(EXTRA_READ_PATHS_VAR, "")
+    if extra_read_paths:
+        for path in extra_read_paths.split(","):
+            path = path.strip()
+            if path:
+                # Add read-only permissions for each extra path
+                permissions_list.append(f"Read({path}/**)")
+                permissions_list.append(f"Glob({path}/**)")
+                permissions_list.append(f"Grep({path}/**)")
+
     if not yolo_mode:
         # Allow Playwright MCP tools for browser automation (standard mode only)
         permissions_list.extend(PLAYWRIGHT_TOOLS)
@@ -228,6 +245,8 @@ def create_client(
     print(f"Created security settings at {settings_file}")
     print("   - Sandbox enabled (OS-level bash isolation)")
     print(f"   - Filesystem restricted to: {project_dir.resolve()}")
+    if extra_read_paths:
+        print(f"   - Extra read paths: {extra_read_paths}")
     print("   - Bash commands restricted to allowlist (see security.py)")
     if yolo_mode:
         print("   - MCP servers: features (database) - YOLO MODE (no Playwright)")