{ "$schema": "http://json-schema.org/draft-07/schema#", "definitions": { "AbsolutePathBuf": { "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.", "type": "string" }, "NetworkAccess": { "description": "Represents whether outbound network access is available to the agent.", "enum": [ "restricted", "enabled" ], "type": "string" }, "ReadOnlyAccess": { "description": "Determines how read-only file access is granted inside a restricted sandbox.", "oneOf": [ { "description": "Restrict reads to an explicit set of roots.\n\nWhen `include_platform_defaults` is `true`, platform defaults required for basic execution are included in addition to `readable_roots`.", "properties": { "include_platform_defaults": { "default": true, "description": "Include built-in platform read roots required for basic process execution.", "type": "boolean" }, "readable_roots": { "description": "Additional absolute roots that should be readable.", "items": { "$ref": "#/definitions/AbsolutePathBuf" }, "type": "array" }, "type": { "enum": [ "restricted" ], "title": "RestrictedReadOnlyAccessType", "type": "string" } }, "required": [ "type" ], "title": "RestrictedReadOnlyAccess", "type": "object" }, { "description": "Allow unrestricted file reads.", "properties": { "type": { "enum": [ "full-access" ], "title": "FullAccessReadOnlyAccessType", "type": "string" } }, "required": [ "type" ], "title": "FullAccessReadOnlyAccess", "type": "object" } ] }, "SandboxPolicy": { "description": "Determines execution restrictions for model shell commands.", "oneOf": [ { "description": "No restrictions whatsoever. Use with caution.", "properties": { "type": { "enum": [ "danger-full-access" ], "title": "DangerFullAccessSandboxPolicyType", "type": "string" } }, "required": [ "type" ], "title": "DangerFullAccessSandboxPolicy", "type": "object" }, { "description": "Read-only access configuration.", "properties": { "access": { "allOf": [ { "$ref": "#/definitions/ReadOnlyAccess" } ], "description": "Read access granted while running under this policy." }, "type": { "enum": [ "read-only" ], "title": "ReadOnlySandboxPolicyType", "type": "string" } }, "required": [ "type" ], "title": "ReadOnlySandboxPolicy", "type": "object" }, { "description": "Indicates the process is already in an external sandbox. Allows full disk access while honoring the provided network setting.", "properties": { "network_access": { "allOf": [ { "$ref": "#/definitions/NetworkAccess" } ], "default": "restricted", "description": "Whether the external sandbox permits outbound network traffic." }, "type": { "enum": [ "external-sandbox" ], "title": "ExternalSandboxSandboxPolicyType", "type": "string" } }, "required": [ "type" ], "title": "ExternalSandboxSandboxPolicy", "type": "object" }, { "description": "Same as `ReadOnly` but additionally grants write access to the current working directory (\"workspace\").", "properties": { "exclude_slash_tmp": { "default": false, "description": "When set to `true`, will NOT include the `/tmp` among the default writable roots on UNIX. Defaults to `false`.", "type": "boolean" }, "exclude_tmpdir_env_var": { "default": false, "description": "When set to `true`, will NOT include the per-user `TMPDIR` environment variable among the default writable roots. Defaults to `false`.", "type": "boolean" }, "network_access": { "default": false, "description": "When set to `true`, outbound network access is allowed. `false` by default.", "type": "boolean" }, "read_only_access": { "allOf": [ { "$ref": "#/definitions/ReadOnlyAccess" } ], "description": "Read access granted while running under this policy." }, "type": { "enum": [ "workspace-write" ], "title": "WorkspaceWriteSandboxPolicyType", "type": "string" }, "writable_roots": { "description": "Additional folders (beyond cwd and possibly TMPDIR) that should be writable from within the sandbox.", "items": { "$ref": "#/definitions/AbsolutePathBuf" }, "type": "array" } }, "required": [ "type" ], "title": "WorkspaceWriteSandboxPolicy", "type": "object" } ] } }, "properties": { "command": { "items": { "type": "string" }, "type": "array" }, "cwd": { "type": [ "string", "null" ] }, "sandboxPolicy": { "anyOf": [ { "$ref": "#/definitions/SandboxPolicy" }, { "type": "null" } ] }, "timeoutMs": { "format": "uint64", "minimum": 0.0, "type": [ "integer", "null" ] } }, "required": [ "command" ], "title": "ExecOneOffCommandParams", "type": "object" }