From 6da099a9d7b740e2d3b9b4a56e872e5baaa28d06 Mon Sep 17 00:00:00 2001
From: Richard Feldman <oss@rtfeldman.com>
Date: Mon, 10 Mar 2025 11:04:37 -0400
Subject: [PATCH] Unsandbox Lua scripts (#26365)

Per a conversation with @nathansobo, have the Lua scripts run
unsandboxed for now (while this feature is behind the staff feature
flag).

Release Notes:

- N/A
---
 crates/assistant_scripting/src/sandbox_preamble.lua | 13 +++++++++++--
 crates/assistant_scripting/src/session.rs           |  8 ++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/crates/assistant_scripting/src/sandbox_preamble.lua b/crates/assistant_scripting/src/sandbox_preamble.lua
index 22cde87bad..fe4445ed6a 100644
--- a/crates/assistant_scripting/src/sandbox_preamble.lua
+++ b/crates/assistant_scripting/src/sandbox_preamble.lua
@@ -3,6 +3,16 @@
 -- Create a sandbox environment
 local sandbox = {}
 
+-- For now, add all globals to `sandbox` (so there effectively is no sandbox).
+-- We still need the logic below so that we can do things like overriding print() to write
+-- to our in-memory log rather than to stdout, we will delete this loop (and re-enable
+-- the I/O module being sandboxed below) to have things be sandboxed again.
+for k, v in pairs(_G) do
+  if sandbox[k] == nil then
+    sandbox[k] = v
+  end
+end
+
 -- Allow access to standard libraries (safe subset)
 sandbox.string = string
 sandbox.table = table
@@ -25,8 +35,7 @@ local io = {}
 io.open = sb_io_open
 
 -- Add the sandboxed io library to the sandbox environment
-sandbox.io = io
-
+-- sandbox.io = io -- Uncomment this line to re-enable sandboxed file I/O.
 
 -- Load the script with the sandbox environment
 local user_script_fn, err = load(user_script, nil, "t", sandbox)
diff --git a/crates/assistant_scripting/src/session.rs b/crates/assistant_scripting/src/session.rs
index 08ed3f805a..1e26bb5beb 100644
--- a/crates/assistant_scripting/src/session.rs
+++ b/crates/assistant_scripting/src/session.rs
@@ -119,6 +119,14 @@ impl ScriptSession {
                 let lua = Lua::new();
                 lua.set_memory_limit(2 * 1024 * 1024 * 1024)?; // 2 GB
                 let globals = lua.globals();
+
+                // Use the project root dir as the script's current working dir.
+                if let Some(root_dir) = &root_dir {
+                    if let Some(root_dir) = root_dir.to_str() {
+                        globals.set("cwd", root_dir)?;
+                    }
+                }
+
                 globals.set(
                     "sb_print",
                     lua.create_function({