Fixes intermittent 'sh not found' errors in nix2container-based sandbox
images. The OCI runtime PATH resolution can fail sporadically when using
bare 'sh' command. Using absolute path /bin/sh bypasses PATH lookup.
Also adds allowedReadPaths config option for bind mount access:
- Add allowedReadPaths?: string[] to SandboxDockerConfig
- Merge allowedReadPaths arrays from global + agent config (like binds)
- Update resolveSandboxPath/assertSandboxPath to validate paths against
root OR any allowedPath entry
Example config:
{
"sandbox": {
"docker": {
"binds": ["/host/skills:/workspace/.skills/tameson:ro"],
"allowedReadPaths": ["/workspace/.skills"]
}
}
}
