Beaver/beaver_project
6
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
ba2417c7f25463d4ffeb4cef8353df7ba4fe18f8
beaver_project/app-instance/backend/docs/security/user-filesystem-tooling.md
Codex ffa1249403 feat: integrate MinIO-backed user filesystem
2026-06-03 12:06:34 +08:00

766 B
Raw Blame History

User File System Tooling Boundary

The personal-user-filesystem change adds user_files_* tools for files that users can upload, inspect, and receive from agents. These tools enforce the same virtual roots as the web API:

  • uploads/
  • outputs/
  • shared/
  • tasks/

The existing local workspace filesystem tools remain registered for internal runtime and development workflows. They are workspace-scoped, but they are not the user-visible file boundary. Agents should use user_files_* tools when reading user-provided files or writing user-facing outputs.

Follow-up for stronger isolation: add a runtime policy switch that disables or narrows local workspace filesystem tools for ordinary personal-agent tasks, while keeping user_files_* available.