fix(sandbox): allow %TEMP% writes for legitimate tempfile usage

tests/conftest.py

@@ -50,6 +50,12 @@ _SANDBOX_ALLOWLIST_PATH_PARTS: tuple[str, ...] = (
  ".ruff_cache",
 )
 
+# Python's tempfile module defaults to %TEMP% on Windows and /tmp on POSIX.
+# Tests legitimately need to write there (NamedTemporaryFile, mkdtemp, etc.).
+# Per spec mitigation: "if a new path is needed, add it." This is the v1
+# compromise; v2 should migrate tests to use dir= pointing under ./tests/.
+_TEMP_DIR_PARTS: tuple[str, ...] = ("AppData", "Local", "Temp", "tmp", "var", "folders")
+
 
 def _is_sandbox_path_allowed(resolved: Path, original: str) -> bool:
  if _SANDBOX_PROJECT_ROOT is None:
@@ -67,6 +73,8 @@ def _is_sandbox_path_allowed(resolved: Path, original: str) -> bool:
   return True
  except ValueError:
   pass
+ if any(temp_part in resolved.parts for temp_part in _TEMP_DIR_PARTS):
+  return True
  return False
 
 
@@ -398,6 +406,8 @@ def isolate_workspace(monkeypatch) -> Generator[None, None, None]:
  monkeypatch.setenv("SLOP_GLOBAL_WORKSPACE_PROFILES", str(test_workspace / "workspace_profiles.toml"))
  monkeypatch.setenv("SLOP_CREDENTIALS", str(test_workspace / "credentials.toml"))
  monkeypatch.setenv("SLOP_MCP_ENV", str(test_workspace / "mcp_env.toml"))
+ monkeypatch.setenv("SLOP_LOGS_DIR", str(test_workspace / "logs"))
+ monkeypatch.setenv("SLOP_SCRIPTS_DIR", str(test_workspace / "scripts"))
 
  yield