Merge 49a5b3ff692f784d4655afa35cb71ecd9faa93a4 into 598f1826d8b2bc969aace2c6459824737667218c

src/agents/sandbox/fs-bridge-mutation-helper.ts

@@ -87,12 +87,21 @@ export const SANDBOX_PINNED_MUTATION_PYTHON = [
   "    temp_name = None",
   "    try:",
   "        temp_name, temp_fd = create_temp_file(parent_fd, basename)",
+  "        total_written = 0",
   "        while True:",
   "            chunk = stdin_buffer.read(65536)",
   "            if not chunk:",
   "                break",
-  "            os.write(temp_fd, chunk)",
+  "            written = os.write(temp_fd, chunk)",
+  "            if written != len(chunk):",
+  "                raise OSError(errno.EIO, 'short write to sandbox temp file: wrote ' + str(written) + ' of ' + str(len(chunk)) + ' bytes (fakeowner or network fs may be dropping writes)', basename)",
+  "            total_written += written",
   "        os.fsync(temp_fd)",
+  "        # Verify the kernel flushed the correct number of bytes.",
+  "        # On fakeowner/network mounts, os.write can return success but discard data.",
+  "        stat_result = os.fstat(temp_fd)",
+  "        if stat_result.st_size != total_written:",
+  "            raise OSError(errno.EIO, 'sandbox temp file size mismatch after write: expected ' + str(total_written) + ' bytes but got ' + str(stat_result.st_size) + ' (fakeowner or network fs may be silently dropping writes)', basename)",
   "        os.close(temp_fd)",
   "        temp_fd = None",
   "        os.replace(temp_name, basename, src_dir_fd=parent_fd, dst_dir_fd=parent_fd)",
@@ -137,6 +146,14 @@ export const SANDBOX_PINNED_MUTATION_PYTHON = [
   "        try:",
   "            for child in os.listdir(src_dir_fd):",
   "                move_entry(src_dir_fd, child, temp_dir_fd, child)",
+  "        except Exception:",
+  "            # Rollback: move children from temp_dir back to source to preserve original tree.",
+  "            # Without this, a size-check failure on a later child leaves earlier children stranded",
+  "            # in the hidden temp dir and the source partially deleted.",
+  "            for child in os.listdir(temp_dir_fd):",
+  "                move_entry(temp_dir_fd, child, src_dir_fd, child)",
+  "            remove_tree(dst_parent_fd, temp_dir_name)",
+  "            raise",
   "        finally:",
   "            os.close(src_dir_fd)",
   "            os.close(temp_dir_fd)",
@@ -161,16 +178,24 @@ export const SANDBOX_PINNED_MUTATION_PYTHON = [
   "    temp_name = None",
   "    try:",
   "        temp_name, temp_fd = create_temp_file(dst_parent_fd, dst_basename)",
+  "        total_written = 0",
   "        while True:",
   "            chunk = os.read(src_fd, 65536)",
   "            if not chunk:",
   "                break",
-  "            os.write(temp_fd, chunk)",
+  "            written = os.write(temp_fd, chunk)",
+  "            if written != len(chunk):",
+  "                raise OSError(errno.EIO, 'short write to sandbox temp file: wrote ' + str(written) + ' of ' + str(len(chunk)) + ' bytes (fakeowner or network fs may be dropping writes)', dst_basename)",
+  "            total_written += written",
   "        try:",
   "            os.fchmod(temp_fd, stat.S_IMODE(src_stat.st_mode))",
   "        except AttributeError:",
   "            pass",
   "        os.fsync(temp_fd)",
+  "        # Verify bytes were actually persisted — fakeowner/network mounts can silently drop writes.",
+  "        stat_result = os.fstat(temp_fd)",
+  "        if stat_result.st_size != total_written:",
+  "            raise OSError(errno.EIO, 'sandbox temp file size mismatch after write: expected ' + str(total_written) + ' bytes but got ' + str(stat_result.st_size) + ' (fakeowner or network fs may be silently dropping writes)', dst_basename)",
   "        os.close(temp_fd)",
   "        temp_fd = None",
   "        os.replace(temp_name, dst_basename, src_dir_fd=dst_parent_fd, dst_dir_fd=dst_parent_fd)",