POC - Configurable ReadAcess in WorkspaceWrite SandboxPolicy

This commit is contained in:
Leo Shimonaka
2026-02-11 10:47:26 -08:00
parent d74fa8edd1
commit 04df7970fc
49 changed files with 1654 additions and 17 deletions

View File

@@ -571,6 +571,9 @@
"default": false,
"type": "boolean"
},
"readAccess": {
"$ref": "#/definitions/WorkspaceReadAccess"
},
"type": {
"enum": [
"workspaceWrite"
@@ -1538,6 +1541,49 @@
"type": "object"
}
]
},
"WorkspaceReadAccess": {
"oneOf": [
{
"properties": {
"type": {
"enum": [
"fullReadAccess"
],
"title": "FullReadAccessWorkspaceReadAccessType",
"type": "string"
}
},
"required": [
"type"
],
"title": "FullReadAccessWorkspaceReadAccess",
"type": "object"
},
{
"properties": {
"readableRoots": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"restrictedReadAccess"
],
"title": "RestrictedReadAccessWorkspaceReadAccessType",
"type": "string"
}
},
"required": [
"type"
],
"title": "RestrictedReadAccessWorkspaceReadAccess",
"type": "object"
}
]
}
},
"properties": {