Add ability to block commands
This commit is contained in:
JY Tan
1
docs/templates/README.md
vendored
1
docs/templates/README.md
vendored
@@ -10,6 +10,7 @@ This directory contains Fence config templates. They are small and meant to be c
|
||||
- `pip-install.json`: allow PyPI; allow writes to workspace/tmp
|
||||
- `local-dev-server.json`: allow binding and localhost outbound; allow writes to workspace/tmp
|
||||
- `agent-api-only.json`: allow common LLM API domains; allow writes to workspace
|
||||
- `git-readonly.json`: blocks destructive commands like `git push`, `rm -rf`, etc.
|
||||
|
||||
## Using a template
|
||||
|
||||
|
||||
19
docs/templates/git-readonly.json
vendored
Normal file
19
docs/templates/git-readonly.json
vendored
Normal file
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"network": {
|
||||
"allowedDomains": []
|
||||
},
|
||||
"filesystem": {
|
||||
"allowWrite": ["."],
|
||||
"denyWrite": [".git"]
|
||||
},
|
||||
"command": {
|
||||
"deny": [
|
||||
"git push",
|
||||
"git reset",
|
||||
"git clean",
|
||||
"git checkout --",
|
||||
"git rebase",
|
||||
"git merge"
|
||||
]
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user