- Add default deny_read_paths/deny_read_regexes to host_sandbox_policy.json - Generate deny rules for ~/.ssh, ~/.aws, ~/.kube, keychains, .env, etc. - Readonly sandbox: global read + deny sensitive + write only /dev/null - Workspace-write sandbox: global read + deny sensitive + writable paths - Keep workspace files readable by re-allowing workspace subpath after deny - Backend API validates path authorization against deny list - Path auth dialog hint explains readable paths behavior
29 lines
527 B
Plaintext
29 lines
527 B
Plaintext
{
|
|
"macos_writable_paths": [],
|
|
"macos_readable_extra_paths": [],
|
|
"macos_deny_read_paths": [
|
|
"~/.ssh",
|
|
"~/.aws",
|
|
"~/.azure",
|
|
"~/.gcp",
|
|
"~/.google",
|
|
"~/.kube",
|
|
"~/.docker",
|
|
"~/.gnupg",
|
|
"~/.npmrc",
|
|
"~/.netrc",
|
|
"~/.pypirc",
|
|
"~/.git-credentials",
|
|
"~/.bash_history",
|
|
"~/.zsh_history",
|
|
"~/.psql_history",
|
|
"~/.mysql_history",
|
|
"~/.pgpass",
|
|
"/Library/Keychains",
|
|
"~/Library/Keychains"
|
|
],
|
|
"macos_deny_read_regexes": [
|
|
"^/.*\\.env(\\.[^/]*)?$"
|
|
]
|
|
}
|