message 发送本地文件失败:给插件透传 agent-scoped mediaLocalRoots
问题/场景:沙箱代理用 `message.send + filePath` 发送工作区文件时报“路径不在允许目录”。前置条件:存在 sandbox agent 工作目录,且需发送本地图片/附件。实施步骤:在 `handleSendAction` 计算 `getAgentScopedMediaLocalRoots`→扩展 `ChannelMessageActionContext` 增加 `mediaLocalRoots`→插件层转发到 `sendMessage`。关键点:路径白名单需按 agent 隔离。验证:workspace-agent*/output 文件可发送成功。风险:白名单放太宽会扩大本地文件暴露面。
GITHUBDiscovered 2026-02-19Author odrobnik
Prerequisites
- Sandboxed agent can generate local artifacts in its own workspace path.
- Channel plugin path uses shared dispatch context (Telegram/others).
Steps
- Reproduce failure by sending an agent workspace file via message tool (`action=send`, `filePath=...`).
- Add `mediaLocalRoots?: readonly string[]` to plugin action context type and keep backward compatibility.
- In outbound runner, compute roots with `getAgentScopedMediaLocalRoots(cfg, agentId)` and inject into dispatch context.
- Pass `mediaLocalRoots` through channel send functions so `assertLocalMediaAllowed` validates against agent roots.
- Retest with allowed and disallowed paths to confirm security boundary remains strict.
Commands
openclaw gateway statusnpm run buildopenclaw gateway restartVerify
Files under agent workspace send successfully, while non-allowed paths are still rejected with clear error.
Caveats
- If multiple plugins implement custom media loaders, each path must be audited for consistent root checks(需验证).
- Never include global filesystem roots as workaround in production.
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗