Skip to content

fix: allow agent to read plans from userspace config dir#748

Merged
edenreich merged 3 commits into
mainfrom
fix/plan-sandbox-userspace-configdir
Jul 4, 2026
Merged

fix: allow agent to read plans from userspace config dir#748
edenreich merged 3 commits into
mainfrom
fix/plan-sandbox-userspace-configdir

Conversation

@edenreich

@edenreich edenreich commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes #746

When the config is loaded from the userspace location (~/.infer), GetConfigDir() returns an absolute home path and plans are written to ~/.infer/plans/. However, the sandbox carve-out in isWithinConfigSubdir only checked the project-relative ConfigDirName (./.infer/plans), so the agent's Read tool rejected the plan path with a sandbox violation — the agent could write the plan but couldn't read it back.

Root Cause

isWithinConfigSubdir was a free function that hardcoded ConfigDirName (.infer) to build the carve-out paths. It did not account for the resolved config dir (GetConfigDir()), which can be the userspace ~/.infer when the config is loaded from there.

Fix

Convert isWithinConfigSubdir from a free function to a method on Config so it can access GetConfigDir(). It now checks both:

  • The project-relative ConfigDirName (./.infer/<name>)
  • The resolved config dir (GetConfigDir()/<name>)

This keeps the rest of .infer/ protected while allowing the operational tmp/plans subdirs to be read regardless of which config dir was resolved. File-level protections (e.g. *.env, .git/) still apply within the carve-out.

Testing

  • Added TestValidatePathInSandbox_ConfigDirUserspace which verifies that ~/.infer/plans/ and ~/.infer/tmp/ paths are allowed when configDir is set to the userspace location, while sensitive files (config.yaml, agents.yaml, *.env) remain denied.
  • All existing sandbox tests continue to pass.
  • Pre-commit hooks (lint, format, etc.) pass.

edenreich added 2 commits July 4, 2026 22:45
GLM 5.2 supports a 1M token context window, but the existing matcher
grouped all glm-4/glm-5 variants under 200k. Add a dedicated glm-5.2
matcher placed before the general glm-4/glm-5 line so the more specific
pattern wins under first-match strings.Contains evaluation.

Fixes #745
When the config is loaded from the userspace location (~/.infer),
GetConfigDir() returns an absolute home path and plans are written
to ~/.infer/plans/. However, the sandbox carve-out in
isWithinConfigSubdir only checked the project-relative ConfigDirName
(./.infer/plans), so the agent's Read tool rejected the plan path
with a sandbox violation.

Convert isWithinConfigSubdir to a method on Config so it can access
GetConfigDir() and check both the project-relative and resolved
userspace config dir locations. This keeps the rest of .infer/
protected while allowing the operational tmp/plans subdirs to be
read regardless of which config dir was resolved.

Fixes #746
@edenreich edenreich added the bug Something isn't working label Jul 4, 2026
@edenreich edenreich requested a review from a team as a code owner July 4, 2026 20:51
@edenreich edenreich merged commit d1c1be7 into main Jul 4, 2026
9 checks passed
@edenreich edenreich deleted the fix/plan-sandbox-userspace-configdir branch July 4, 2026 21:06
inference-gateway-releaser Bot added a commit that referenced this pull request Jul 4, 2026
## [0.132.1](v0.132.0...v0.132.1) (2026-07-04)

### 🐛 Bug Fixes

* allow agent to read plans from userspace config dir ([#748](#748)) ([d1c1be7](d1c1be7)), closes [#746](#746)
* **config:** correct GLM 5.2 context window to 1M tokens ([#747](#747)) ([164ffaf](164ffaf)), closes [#745](#745)
* **claude-code:** make subscription mode a true pass-through ([#749](#749)) ([10117b4](10117b4)), closes [inference-gateway/inference-gateway#412](inference-gateway/inference-gateway#412)

### 👷 CI/CD

* **deps:** update inference workflow to version 0.15.0 ([c8e1522](c8e1522))
@inference-gateway-releaser

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 0.132.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working released

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG] After plan the agent is not able to read it due to sandbox permissions

1 participant