fix(ai): repair Windows fs sandbox path gate; run read-side fs ops off the GUI thread

alex-spataru · claude · alex-spataru · commit 4afbc374afec · 2026-06-08T09:46:45.000-04:00
The sandbox membership check compared Qt canonical paths (always '/') against
a prefix built with QDir::separator() ('\' on Windows), so every non-root path
was rejected as outside_sandbox: all writes failed and listing any named
subfolder failed, while root-anchored list/search worked because they bypass
the gate. Compare against '/' instead.

fs.list/fs.read/fs.search walked the workspace and opened files synchronously
on the Conversation's main thread, freezing the GUI on large or cloud-backed
(OneDrive) workspaces. Run those read-side ops on a worker thread while the
caller pumps a nested event loop, and guard the dropped-path list with a mutex
since it is now read off-thread.

Co-Authored-By: Claude Opus 4.8 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/app/rcc/ai/search_index.json b/app/rcc/ai/search_index.json
diff --git a/app/src/AI/FileSandbox.cpp b/app/src/AI/FileSandbox.cpp
@@ -65,7 +65,7 @@ static QString displayPath(const QString& absolute, const QString& root)
   if (absolute == root)
     return QStringLiteral(".");
 
-  const auto prefix = root + QDir::separator();
+  const auto prefix = root + QLatin1Char('/');
   if (absolute.startsWith(prefix))
     return absolute.mid(prefix.size());
 
@@ -103,6 +103,7 @@ QString AI::FileSandbox::writeRoot() const
  */
 QStringList AI::FileSandbox::droppedPaths() const
 {
+  const QMutexLocker locker(&m_dropMutex);
   return m_droppedPaths;
 }
 
@@ -116,6 +117,7 @@ QStringList AI::FileSandbox::readRoots() const
   if (!ws.isEmpty())
     roots.append(ws);
 
+  const QMutexLocker locker(&m_dropMutex);
   for (const auto& dropped : m_droppedPaths)
     if (!dropped.isEmpty() && !roots.contains(dropped))
       roots.append(dropped);
@@ -170,7 +172,7 @@ bool AI::FileSandbox::isWithinRoot(const QString& canonical, const QString& root
   if (canonical == root)
     return true;
 
-  return canonical.startsWith(root + QDir::separator());
+  return canonical.startsWith(root + QLatin1Char('/'));
 }
 
 /**
@@ -275,6 +277,7 @@ QString AI::FileSandbox::registerDroppedPath(const QString& localPath)
   if (canonical.isEmpty())
     return {};
 
+  const QMutexLocker locker(&m_dropMutex);
   if (!m_droppedPaths.contains(canonical)) {
     m_droppedPaths.append(canonical);
     qCDebug(serialStudioAI) << "Sandbox: registered dropped path" << canonical;
@@ -288,6 +291,7 @@ QString AI::FileSandbox::registerDroppedPath(const QString& localPath)
  */
 void AI::FileSandbox::clearDroppedPaths()
 {
+  const QMutexLocker locker(&m_dropMutex);
   m_droppedPaths.clear();
 }
 
diff --git a/app/src/AI/FileSandbox.h b/app/src/AI/FileSandbox.h
@@ -12,6 +12,7 @@
 #pragma once
 
 #include <QJsonObject>
+#include <QMutex>
 #include <QString>
 #include <QStringList>
 
@@ -70,6 +71,7 @@ class FileSandbox {
   [[nodiscard]] static bool isWithinRoot(const QString& canonical, const QString& root);
 
   QStringList m_droppedPaths;
+  mutable QMutex m_dropMutex;
 };
 
 }  // namespace AI
diff --git a/app/src/AI/ToolDispatcher.cpp b/app/src/AI/ToolDispatcher.cpp
@@ -8,9 +8,13 @@
 
 #include "AI/ToolDispatcher.h"
 
+#include <functional>
+#include <QCoreApplication>
+#include <QEventLoop>
 #include <QFile>
 #include <QHash>
 #include <QStringList>
+#include <QThread>
 #include <QUuid>
 #include <QVector>
 
@@ -572,20 +576,39 @@ static QJsonObject fsToolDescription(const QString& name)
   return {};
 }
 
+/**
+ * @brief Runs blocking work on a worker thread, pumping the caller's event loop until it returns.
+ */
+static QJsonObject runOffMainThread(const std::function<QJsonObject()>& work)
+{
+  if (QThread::currentThread() != QCoreApplication::instance()->thread())
+    return work();
+
+  QJsonObject result;
+  QEventLoop loop;
+  QThread* worker = QThread::create([&]() { result = work(); });
+  QObject::connect(worker, &QThread::finished, &loop, &QEventLoop::quit);
+  worker->start();
+  loop.exec();
+  worker->wait();
+  delete worker;
+  return result;
+}
+
 /**
  * @brief Routes an fs.* tool call to the FileSandbox primitive.
  */
 static QJsonObject executeFsTool(const QString& name, const QJsonObject& args)
 {
   auto& sandbox = AI::FileSandbox::instance();
   if (name == QStringLiteral("fs.list"))
-    return sandbox.list(args);
+    return runOffMainThread([&]() { return sandbox.list(args); });
 
   if (name == QStringLiteral("fs.read"))
-    return sandbox.read(args);
+    return runOffMainThread([&]() { return sandbox.read(args); });
 
   if (name == QStringLiteral("fs.search"))
-    return sandbox.search(args);
+    return runOffMainThread([&]() { return sandbox.search(args); });
 
   if (name == QStringLiteral("fs.write"))
     return sandbox.write(args);
