# `Agentic.Sandbox.PathValidator`

Validates that tool-requested paths stay within an explicit allowlist of roots.

Prevents:
- Absolute path injection
- `..` directory traversal
- Symlink escapes (via expansion against known roots)
- Access outside the workspace or agent-private directories

# `validate`

```elixir
@spec validate(String.t(), [String.t()]) :: {:ok, String.t()} | {:error, String.t()}
```

Non-raising version. Returns `{:ok, expanded_path}` or `{:error, reason}`.

# `validate!`

```elixir
@spec validate!(String.t(), [String.t()]) :: String.t()
```

Validates a relative path against a list of allowed root directories.

Returns the expanded absolute path on success.
Raises `ArgumentError` if the path is absolute, escapes all roots, or is empty.

---

*Consult [api-reference.md](api-reference.md) for complete listing*