From b9fcb916a697ecf02a5651a87c41c5359afde1c9 Mon Sep 17 00:00:00 2001 From: webdevcody Date: Wed, 7 Jan 2026 15:13:52 -0500 Subject: [PATCH] fix: add missing checkSandboxCompatibility function to sdk-options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The codex-provider.ts imports this function but it was missing from sdk-options.ts. This adds the implementation that checks if sandbox mode is compatible with the working directory (disables sandbox for cloud storage paths). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- apps/server/src/lib/sdk-options.ts | 55 ++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/apps/server/src/lib/sdk-options.ts b/apps/server/src/lib/sdk-options.ts index 944b4092..e0edcb91 100644 --- a/apps/server/src/lib/sdk-options.ts +++ b/apps/server/src/lib/sdk-options.ts @@ -30,6 +30,61 @@ import { } from '@automaker/types'; import { isPathAllowed, PathNotAllowedError, getAllowedRootDirectory } from '@automaker/platform'; +/** + * Result of sandbox compatibility check + */ +export interface SandboxCompatibilityResult { + /** Whether sandbox mode can be enabled for this path */ + enabled: boolean; + /** Optional message explaining why sandbox is disabled */ + message?: string; +} + +/** + * Check if a working directory is compatible with sandbox mode. + * Some paths (like cloud storage mounts) may not work with sandboxed execution. + * + * @param cwd - The working directory to check + * @param sandboxRequested - Whether sandbox mode was requested by settings + * @returns Object indicating if sandbox can be enabled and why not if disabled + */ +export function checkSandboxCompatibility( + cwd: string, + sandboxRequested: boolean +): SandboxCompatibilityResult { + if (!sandboxRequested) { + return { enabled: false }; + } + + const resolvedCwd = path.resolve(cwd); + + // Check for cloud storage paths that may not be compatible with sandbox + const cloudStoragePatterns = [ + /^\/Volumes\/GoogleDrive/i, + /^\/Volumes\/Dropbox/i, + /^\/Volumes\/OneDrive/i, + /^\/Volumes\/iCloud/i, + /^\/Users\/[^/]+\/Google Drive/i, + /^\/Users\/[^/]+\/Dropbox/i, + /^\/Users\/[^/]+\/OneDrive/i, + /^\/Users\/[^/]+\/Library\/Mobile Documents/i, // iCloud + /^C:\\Users\\[^\\]+\\Google Drive/i, + /^C:\\Users\\[^\\]+\\Dropbox/i, + /^C:\\Users\\[^\\]+\\OneDrive/i, + ]; + + for (const pattern of cloudStoragePatterns) { + if (pattern.test(resolvedCwd)) { + return { + enabled: false, + message: `Sandbox disabled: Cloud storage path detected (${resolvedCwd}). Sandbox mode may not work correctly with cloud-synced directories.`, + }; + } + } + + return { enabled: true }; +} + /** * Validate that a working directory is allowed by ALLOWED_ROOT_DIRECTORY. * This is the centralized security check for ALL AI model invocations.