fix: agent session needs cwd sandboxing, system prompt, and tool restrictions #64

New Issue

Open

opened 2026-03-13 01:48:53 +00:00 by jason.woltje · 0 comments

jason.woltje commented 2026-03-13 01:48:53 +00:00

Owner

Copy Link

Problem

Pi SDK agent sessions inherit the gateway process cwd (apps/gateway) and have full filesystem access via built-in tools (read, bash, edit, write). The agent identifies as 'Claude Code' with no Mosaic-specific system prompt.

Observed behavior

> who are you?
I'm Claude Code... working in /home/jwoltje/src/mosaic-mono-v1/apps/gateway

Required changes

1. Working directory: createAgentSession should use a configurable/sandboxed cwd (not the gateway's own directory)
2. System prompt: Define a Mosaic-specific system prompt so the agent identifies as the Mosaic assistant, not Claude Code
3. Tool restrictions: Restrict or configure the tool set — the default Pi tools give full shell/filesystem access which is inappropriate for a chat assistant
4. Workspace isolation: Each conversation may need its own workspace directory

References

• apps/gateway/src/agent/agent.service.ts — createAgentSession({ tools: [] }) currently passes empty tools array but Pi SDK adds defaults
• Pi SDK AgentOptions supports tools, systemPrompt, and working directory config

Found by

End-to-end testing of communication spine

## Problem Pi SDK agent sessions inherit the gateway process cwd (`apps/gateway`) and have full filesystem access via built-in tools (read, bash, edit, write). The agent identifies as 'Claude Code' with no Mosaic-specific system prompt. ## Observed behavior ``` > who are you? I'm Claude Code... working in /home/jwoltje/src/mosaic-mono-v1/apps/gateway ``` ## Required changes 1. **Working directory**: `createAgentSession` should use a configurable/sandboxed cwd (not the gateway's own directory) 2. **System prompt**: Define a Mosaic-specific system prompt so the agent identifies as the Mosaic assistant, not Claude Code 3. **Tool restrictions**: Restrict or configure the tool set — the default Pi tools give full shell/filesystem access which is inappropriate for a chat assistant 4. **Workspace isolation**: Each conversation may need its own workspace directory ## References - `apps/gateway/src/agent/agent.service.ts` — `createAgentSession({ tools: [] })` currently passes empty tools array but Pi SDK adds defaults - Pi SDK `AgentOptions` supports `tools`, `systemPrompt`, and working directory config ## Found by End-to-end testing of communication spine

jason.woltje referenced this issue from a commit 2026-03-13 01:49:08 +00:00

docs: add FIX-03 agent session sandboxing task (#64)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/mosaic-v0.0.29

fix/installer-idempotent-creds

feat/framework-superpowers-enforcement

feat/install-ux-intent

feat/install-ux-polish

docs/iuv-m01-complete

fix/build-vitest-allowdefault

fix/bootstrap-hotfix

docs/install-ux-v2-scaffold

release/mosaic-v0.0.25

docs/iuh-mission-complete

feat/unified-first-run

docs/iuh-m02-complete

feat/wizard-remediation

feat/mosaic-macp-cli

fix/gateway-token-recovery-review

feat/mosaic-auth-cli

feat/mosaic-forge-cli-v2

feat/mosaic-storage-cli

feat/mosaic-memory-cli

feat/gateway-token-recovery

feat/mosaic-forge-cli

feat/mosaic-config-command

feat/mosaic-queue-cli

feat/mosaic-brain-cli

feat/mosaic-help-alphabetize

docs/gateway-token-recovery-plan

chore/bump-mosaic-0.0.21

fix/populate-known-packages-list

fix/publish-loud-errors

fix/gitea-org-rename

fix/gateway-install-ux

fix/rename-mosaic-scope-391

fix/db-memory-queue-publish-drift

fix/updater-wrapper-gitea-387

fix/config-package-version-drift

fix/updater-mosaic-package-382

fix/merge-cli-into-mosaic

fix/metapackage-cli-dep

chore/bump-cli-mosaic-0.0.16

fix/gateway-deprecation-warnings

fix/gateway-install-prefix-eacces

chore/gateway-default-port-14242

fix/gateway-scoped-registry

fix/gateway-install-registry

chore/bump-0.0.11

feat/gateway-local-tier

feat/task-1775219952-fix-add-build-tools-to-ci-install-step-for-better-sqlite3

fix/pnpm-build-scripts

fix/storage-sqlite-ci

feat/storage-abstraction

fix/idempotent-init

mosaic-v0.0.29

mosaic-v0.0.28

mosaic-v0.0.27

mosaic-v0.0.26

mosaic-v0.0.25

mosaic-v0.0.24

v0.2.0

v0.1.0

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaicstack/stack#64