Module session_workspace 

Session workspace management for sandboxed file operations

This module provides utilities for creating and managing session-specific workspace directories. All file operations, shell commands, and tool calls are scoped to the session’s workspace directory for security and isolation.

Security Features

• Path Traversal Prevention: All paths are validated to ensure they resolve within the workspace
• Symlink Validation: Symlinks are checked to ensure their targets are within the workspace
• Dangerous Path Blocking: Paths containing null bytes, control characters, or suspicious patterns are rejected
• Depth Limiting: Maximum path component depth is enforced to prevent abuse
• Race Condition Mitigation: Time-of-check-time-of-use (TOCTOU) considerations are documented

Structs

SessionWorkspace

Session workspace configuration

Enums

WorkspaceError

Errors that can occur during workspace operations

Functions

cleanup_old_sessions

Clean up old session workspaces that are older than the specified duration

get_sessions_base_dir

Get the base directory for session workspaces

is_shell_command_allowed

Blocked shell command patterns for additional security

Type Aliases

WorkspaceResult

Result type for workspace operations