fix: address review feedback — correct file_read/file_edit path resolution, data_dir exclusion, macOS SBPL deny rules

Author: EZotoff

src/sandbox.rs

@@ -297,18 +297,25 @@ impl Sandbox {
             .workspace
             .canonicalize()
             .unwrap_or_else(|_| self.workspace.clone());
-        if canonical.starts_with(&workspace_canonical) {
-            return true;
-        }
-
         let data_dir_canonical = self
             .data_dir
             .canonicalize()
             .unwrap_or_else(|_| self.data_dir.clone());
 
+        if canonical.starts_with(&data_dir_canonical) {
+            return false;
+        }
+
+        if canonical.starts_with(&workspace_canonical) {
+            return true;
+        }
+
         let config = self.config.load();
         for path in config.all_writable_paths() {
             let allowed = path.canonicalize().unwrap_or_else(|_| path.clone());
+            if allowed.starts_with(&data_dir_canonical) {
+                continue;
+            }
             if canonical.starts_with(&allowed) {
                 return true;
             }
@@ -319,14 +326,9 @@ impl Sandbox {
                 continue;
             }
             if canonical.starts_with(&allowed) {
-                return true;
+                return !canonical.starts_with(&data_dir_canonical);
             }
         }
-
-        if canonical.starts_with(&data_dir_canonical) {
-            return false;
-        }
-
         false
     }
 

src/tools/file.rs

@@ -333,7 +333,7 @@ impl Tool for FileWriteTool {
     }
 
     async fn call(&self, args: Self::Args) -> Result<Self::Output, Self::Error> {
-        let path = self.context.resolve_path(&args.path)?;
+        let path = self.context.resolve_writable_path(&args.path)?;
 
         // Ensure parent directory exists if requested
         if args.create_dirs