Class: RubyLLM::Toolbox::Safety::PathJail

Inherits:

Object

Object
RubyLLM::Toolbox::Safety::PathJail

show all

Defined in:: lib/ruby_llm/toolbox/safety/path_jail.rb

Overview

Confines a user-supplied path to a root directory. Resolves symlinks so a link inside the root can’t point outside it, and tolerates not-yet-existing files (for write/edit tools) by resolving the parent directory instead.

Defined Under Namespace

Classes: Jailbreak

Instance Attribute Summary collapse

#root ⇒ Object readonly

Returns the value of attribute root.

Instance Method Summary collapse

#initialize(root, enforce: true) ⇒ PathJail constructor

A new instance of PathJail.
#resolve(path) ⇒ Object

Returns the absolute, symlink-resolved path if it lies within root; raises Jailbreak otherwise.

Constructor Details

#initialize(root, enforce: true) ⇒ `PathJail`

Returns a new instance of PathJail.

# File 'lib/ruby_llm/toolbox/safety/path_jail.rb', line 13

def initialize(root, enforce: true)
  @root = File.realpath(File.expand_path(root.to_s))
  @enforce = enforce
rescue Errno::ENOENT
  raise Jailbreak, "fs_root does not exist: #{root}"
end

Instance Attribute Details

#root ⇒ `Object` (readonly)

Returns the value of attribute root.



20
21
22

# File 'lib/ruby_llm/toolbox/safety/path_jail.rb', line 20

def root
  @root
end

Instance Method Details

#resolve(path) ⇒ `Object`

Returns the absolute, symlink-resolved path if it lies within root; raises Jailbreak otherwise. When enforce is false (an operator-granted unsafe override), the path is resolved anywhere on the host.

Raises:

(Jailbreak)

# File 'lib/ruby_llm/toolbox/safety/path_jail.rb', line 25

def resolve(path)
  raise Jailbreak, "path must be provided" if path.nil? || path.to_s.empty?

  candidate = File.expand_path(path.to_s, @root)
  real = existing_realpath(candidate)
  return real unless @enforce

  unless real == @root || real.start_with?(@root + File::SEPARATOR)
    raise Jailbreak, "path escapes fs_root: #{path}"
  end

  real
end