import os # Resolve the geoscaper module root directory SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) # agents/modules/geoscaper/lib GEOSCAPER_DIR = os.path.abspath(os.path.join(SCRIPT_DIR, "..")) # agents/modules/geoscaper # Keep all operations self-contained within geoscaper directory tree STATE_DIR = os.path.join(GEOSCAPER_DIR, "state") PROJECTS_DIR = os.path.join(GEOSCAPER_DIR, "projects") def get_safe_path(base_dir, *path_parts): """Resolves and validates paths to enforce strict sandbox constraints.""" real_base = os.path.realpath(base_dir) real_target = os.path.realpath(os.path.join(real_base, *path_parts)) if not real_target.startswith(real_base + os.path.sep) and real_target != real_base: raise PermissionError(f"Security Fault: Path '{real_target}' escaped '{real_base}'") return real_target