Summary
apply_patch currently rejects absolute paths, parent-traversal paths, and symlinked paths that resolve outside the current working directory. In the tool result this often surfaces as the generic recovery instruction to read the file before retrying, even when the file has already been read.
Why this is surprising
The README says absolute or parent-escaping paths are accepted and resolved with Node path semantics. It also matters because this extension replaces write and edit for OpenAI GPT-family models, so there is no fallback editing tool for legitimate files outside the current cwd.
Expected behavior
Patch paths should resolve like Codex-style apply_patch paths: path.resolve(cwd, filePath), including absolute paths and ../... paths.
Actual behavior
The path is rejected by the workspace containment guard before patch application.
Proposed fix
Remove the cwd containment guard and rely on Node path resolution. I have a PR ready with tests for absolute paths, parent traversal, and symlinked paths outside cwd.
Summary
apply_patchcurrently rejects absolute paths, parent-traversal paths, and symlinked paths that resolve outside the current working directory. In the tool result this often surfaces as the generic recovery instruction to read the file before retrying, even when the file has already been read.Why this is surprising
The README says absolute or parent-escaping paths are accepted and resolved with Node path semantics. It also matters because this extension replaces
writeandeditfor OpenAI GPT-family models, so there is no fallback editing tool for legitimate files outside the current cwd.Expected behavior
Patch paths should resolve like Codex-style
apply_patchpaths:path.resolve(cwd, filePath), including absolute paths and../...paths.Actual behavior
The path is rejected by the workspace containment guard before patch application.
Proposed fix
Remove the cwd containment guard and rely on Node path resolution. I have a PR ready with tests for absolute paths, parent traversal, and symlinked paths outside cwd.