feat: add EXTRA_READ_PATHS for read-only external file access

Allow agents to read files from directories outside the project folder via the EXTRA_READ_PATHS environment variable. Changes: - Add EXTRA_READ_PATHS_VAR constant in client.py - Parse comma-separated paths and add Read/Glob/Grep permissions - Log configured extra read paths on agent startup - Document the feature in .env.example Usage: EXTRA_READ_PATHS=/path/to/docs,/path/to/libs Security: External paths are read-only (no Write/Edit permissions) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 06:12:06 +00:00 · 2026-01-29 11:55:49 +09:00
parent 910ca34eac
commit 3588dc8df7
2 changed files with 26 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -15,6 +15,13 @@
 # - false: Browser opens a visible window (useful for debugging)
 # PLAYWRIGHT_HEADLESS=true

+# Extra Read Paths (Optional)
+# Comma-separated list of absolute paths for read-only access to external directories.
+# The agent can read files from these paths but cannot write to them.
+# Useful for referencing documentation, shared libraries, or other projects.
+# Example: EXTRA_READ_PATHS=/Volumes/Data/dev,/Users/shared/libs
+# EXTRA_READ_PATHS=
+
 # GLM/Alternative API Configuration (Optional)
 # To use Zhipu AI's GLM models instead of Claude, uncomment and set these variables.
 # This only affects AutoCoder - your global Claude Code settings remain unchanged.
--- a/client.py
+++ b/client.py
@@ -42,6 +42,11 @@ API_ENV_VARS = [
    "ANTHROPIC_DEFAULT_HAIKU_MODEL",   # Model override for Haiku
 ]

+# Extra read paths for cross-project file access (read-only)
+# Set EXTRA_READ_PATHS environment variable with comma-separated absolute paths
+# Example: EXTRA_READ_PATHS=/Volumes/Data/dev,/Users/shared/libs
+EXTRA_READ_PATHS_VAR = "EXTRA_READ_PATHS"
+

 def get_playwright_headless() -> bool:
    """
@@ -202,6 +207,18 @@ def create_client(
        # Allow Feature MCP tools for feature management
        *FEATURE_MCP_TOOLS,
    ]
+
+    # Add extra read paths from environment variable (read-only access)
+    extra_read_paths = os.getenv(EXTRA_READ_PATHS_VAR, "")
+    if extra_read_paths:
+        for path in extra_read_paths.split(","):
+            path = path.strip()
+            if path:
+                # Add read-only permissions for each extra path
+                permissions_list.append(f"Read({path}/**)")
+                permissions_list.append(f"Glob({path}/**)")
+                permissions_list.append(f"Grep({path}/**)")
+
    if not yolo_mode:
        # Allow Playwright MCP tools for browser automation (standard mode only)
        permissions_list.extend(PLAYWRIGHT_TOOLS)
@@ -228,6 +245,8 @@ def create_client(
    print(f"Created security settings at {settings_file}")
    print("   - Sandbox enabled (OS-level bash isolation)")
    print(f"   - Filesystem restricted to: {project_dir.resolve()}")
+    if extra_read_paths:
+        print(f"   - Extra read paths: {extra_read_paths}")
    print("   - Bash commands restricted to allowlist (see security.py)")
    if yolo_mode:
        print("   - MCP servers: features (database) - YOLO MODE (no Playwright)")