Skip to content

[FEATURE] Foreman tools: accept workspace-internal absolute paths instead of rejecting them #945

Description

@Defilan

Feature Description

Path-bounded coder tools (str_replace, read_file, write_file, grep) reject absolute paths outright, even when the path is inside the workspace: resolveInside returns path escapes workspace: "<path>" is absolute. Accept workspace-prefixed absolute paths by stripping the workspace root and continuing with the existing containment checks.

Problem Statement

Local coder models constantly see absolute paths in their own bash output (find, ls, git status run against $WORKSPACE_ROOT) and then paste those paths into edit tools. The rejection costs a full turn each time, which is fatal under aggressive stuck-loop forcing (3 restricted turns).

Observed live twice in one day, both on the same fleet:

  • run-20260702-110319-code-478, turn 5: str_replace with the absolute workspace path of the target file, rejected, one of only 3 restricted turns burned.
  • revise-478-r1-code-478, turn 5: identical pattern (str_replace: path escapes workspace: "/Users/defilan/foreman-workspaces/default/revise-478-r1-code-478/docs/site/guides/metrics-driven-autoscaling.md" is absolute); the task died two turns later.

As a coder-harness operator, I want workspace-internal absolute paths accepted so that a model quoting its own bash output does not lose a turn to a rejection that carries no safety value.

Proposed Solution

In resolveInside (pkg/foreman/agent/tools/workspace.go): when the incoming path is absolute AND has the workspace root as a prefix (after cleaning/symlink-normalizing both sides), strip the prefix and proceed exactly as for a relative path. Absolute paths OUTSIDE the workspace stay rejected with the current error. The containment guarantee is unchanged; this only widens the accepted spelling of paths that already resolve inside.

Also worth updating the rejection message for genuinely-external absolute paths to state the rule ("paths must be workspace-relative"), since the current wording tells the model what is wrong but not what to do.

Alternatives Considered

  • Prompt-only mitigation (tell models to use relative paths): already implicit in the tool schema; empirically insufficient for 35B-class models quoting bash output.
  • Rejecting but echoing the workspace-relative form in the error ("did you mean docs/site/guides/x.md?"): helpful, but still burns the turn; accepting is strictly better and no less safe.

Additional Context

Follow-up from the #942 edit-fidelity work (PR #943); both reproductions came from its live fleet validation. Related: #944 (no-anchor feedback).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions