langgenius · BeautyyuYanli · Jun 4, 2026 · Jun 4, 2026
diff --git a/internal/static/config.go b/internal/static/config.go
@@ -87,7 +87,18 @@ func InitConfig(path string) error {
 	}
 	difySandboxGlobalConfigurations.PythonPath = resolvedPythonPath
 
-	difySandboxGlobalConfigurations.PythonLibPaths, err = discoverPythonLibPaths(difySandboxGlobalConfigurations.PythonPath)
+	systemPaths := defaultSystemLibRequirements()
+	if envSystemPaths := os.Getenv("SYSTEM_LIB_REQUIREMENTS"); envSystemPaths != "" {
+		parts := strings.Split(envSystemPaths, ",")
+		systemPaths = make([]string, 0, len(parts))
+		for _, p := range parts {
+			trimmed := strings.TrimSpace(p)
+			if trimmed != "" {
+				systemPaths = append(systemPaths, trimmed)
+			}
+		}
+	}
+	difySandboxGlobalConfigurations.PythonLibPaths, err = discoverPythonLibPaths(difySandboxGlobalConfigurations.PythonPath, systemPaths)
 	if err != nil {
 		return fmt.Errorf("discover python library paths from %q: %w", difySandboxGlobalConfigurations.PythonPath, err)
 	}

diff --git a/internal/static/config_default_amd64.go b/internal/static/config_default_amd64.go
@@ -2,15 +2,17 @@
 
 package static
 
-var DEFAULT_SYSTEM_LIB_REQUIREMENTS = []string{
-	"/usr/lib/x86_64-linux-gnu",
-	"/etc/ssl/certs/ca-certificates.crt",
-	"/etc/nsswitch.conf",
-	"/etc/hosts",
-	"/etc/resolv.conf",
-	"/run/systemd/resolve/stub-resolv.conf",
-	"/run/resolvconf/resolv.conf",
-	"/etc/localtime",
-	"/usr/share/zoneinfo",
-	"/etc/timezone",
+func defaultSystemLibRequirements() []string {
+	return []string{
+		"/usr/lib/x86_64-linux-gnu",
+		"/etc/ssl/certs/ca-certificates.crt",
+		"/etc/nsswitch.conf",
+		"/etc/hosts",
+		"/etc/resolv.conf",
+		"/run/systemd/resolve/stub-resolv.conf",
+		"/run/resolvconf/resolv.conf",
+		"/etc/localtime",
+		"/usr/share/zoneinfo",
+		"/etc/timezone",
+	}
 }
diff --git a/internal/static/config_default_arm64.go b/internal/static/config_default_arm64.go
@@ -2,15 +2,17 @@
 
 package static
 
-var DEFAULT_SYSTEM_LIB_REQUIREMENTS = []string{
-	"/usr/lib/aarch64-linux-gnu",
-	"/etc/ssl/certs/ca-certificates.crt",
-	"/etc/nsswitch.conf",
-	"/etc/hosts",
-	"/etc/resolv.conf",
-	"/run/systemd/resolve/stub-resolv.conf",
-	"/run/resolvconf/resolv.conf",
-	"/etc/localtime",
-	"/usr/share/zoneinfo",
-	"/etc/timezone",
+func defaultSystemLibRequirements() []string {
+	return []string{
+		"/usr/lib/aarch64-linux-gnu",
+		"/etc/ssl/certs/ca-certificates.crt",
+		"/etc/nsswitch.conf",
+		"/etc/hosts",
+		"/etc/resolv.conf",
+		"/run/systemd/resolve/stub-resolv.conf",
+		"/run/resolvconf/resolv.conf",
+		"/etc/localtime",
+		"/usr/share/zoneinfo",
+		"/etc/timezone",
+	}
 }
diff --git a/internal/static/config_test.go b/internal/static/config_test.go
@@ -11,7 +11,7 @@ import (
 func TestDiscoverPythonLibPathsFindsStdlibAndJSON(t *testing.T) {
 	pythonPath := mustFindTestPython(t)
 
-	paths, err := discoverPythonLibPaths(pythonPath)
+	paths, err := discoverPythonLibPaths(pythonPath, defaultSystemLibRequirements())
 	if err != nil {
 		t.Fatalf("discoverPythonLibPaths returned error: %v", err)
 	}
@@ -63,7 +63,7 @@ func TestDiscoverPythonLibPathsIgnoresCurrentWorkingDirectoryShadowing(t *testin
 		t.Fatalf("chdir temp dir: %v", err)
 	}
 
-	paths, err := discoverPythonLibPaths(pythonPath)
+	paths, err := discoverPythonLibPaths(pythonPath, defaultSystemLibRequirements())
 	if err != nil {
 		t.Fatalf("discoverPythonLibPaths returned error with cwd shadowing: %v", err)
 	}

diff --git a/internal/static/python_lib_discovery.go b/internal/static/python_lib_discovery.go
@@ -170,7 +170,7 @@ func resolvePythonPath(pythonPath string) (string, error) {
 //   - Python-discovered paths keep their logical names because the interpreter's
 //     sys.path keeps those names after chroot; the copy script follows directory
 //     symlinks when materializing those logical paths inside the sandbox.
-func discoverPythonLibPaths(pythonPath string) ([]string, error) {
+func discoverPythonLibPaths(pythonPath string, systemPaths []string) ([]string, error) {
 	command := exec.Command(pythonPath, "-P", "-c", pythonLibDiscoveryScript)
 	command.Env = pythonDiscoveryEnv()
 	output, err := command.CombinedOutput()
@@ -187,7 +187,10 @@ func discoverPythonLibPaths(pythonPath string) ([]string, error) {
 		return nil, fmt.Errorf("parse python discovery output: %w", err)
 	}
 
-	return buildPythonLibPaths(result, DEFAULT_SYSTEM_LIB_REQUIREMENTS)
+	if systemPaths == nil {
+		systemPaths = defaultSystemLibRequirements()
+	}
+	return buildPythonLibPaths(result, systemPaths)
 }
 
 // buildPythonLibPaths validates interpreter-reported paths and appends fixed