Introduce built-in templates for enhanced configuration options, support JSONC format

2025-12-28 22:16:50 -08:00
parent 8317bb96bc
commit d8e55d9515
22 changed files with 655 additions and 83 deletions
--- a/internal/templates/code.json
+++ b/internal/templates/code.json
@@ -0,0 +1,157 @@
+{
+  "allowPty": true,
+  "network": {
+    "allowLocalBinding": true,
+    "allowLocalOutbound": true,
+    "allowedDomains": [
+      // LLM API providers
+      "api.openai.com",
+      "*.anthropic.com",
+      "api.githubcopilot.com",
+      "generativelanguage.googleapis.com",
+      "api.mistral.ai",
+      "api.cohere.ai",
+      "api.together.xyz",
+      "openrouter.ai",
+
+      // Git hosting
+      "github.com",
+      "api.github.com",
+      "raw.githubusercontent.com",
+      "codeload.github.com",
+      "objects.githubusercontent.com",
+      "gitlab.com",
+
+      // Package registries
+      "registry.npmjs.org",
+      "*.npmjs.org",
+      "registry.yarnpkg.com",
+      "pypi.org",
+      "files.pythonhosted.org",
+      "crates.io",
+      "static.crates.io",
+      "index.crates.io",
+      "proxy.golang.org",
+      "sum.golang.org",
+
+      // Model registry
+      "models.dev"
+    ],
+
+    "deniedDomains": [
+      // Cloud metadata APIs (prevent credential theft)
+      "169.254.169.254",
+      "metadata.google.internal",
+      "instance-data.ec2.internal",
+
+      // Telemetry (optional, can be removed if needed)
+      "statsig.anthropic.com",
+      "*.sentry.io"
+    ]
+  },
+
+  "filesystem": {
+    "allowWrite": [
+      ".",
+      // Temp files
+      "/tmp",
+
+      // Claude Code state/config
+      "~/.claude*",
+      "~/.claude/**",
+
+      // Codex state/config
+      "~/.codex/**",
+
+      // Package manager caches
+      "~/.npm/_cacache",
+      "~/.cache",
+      "~/.bun/**",
+
+      // Cargo cache (Rust, used by Codex)
+      "~/.cargo/registry/**",
+      "~/.cargo/git/**",
+      "~/.cargo/.package-cache",
+
+      // Shell completion cache
+      "~/.zcompdump*",
+
+      // XDG directories for app configs/data
+      "~/.local/share/**",
+      "~/.config/**",
+
+      // OpenCode state
+      "~/.opencode/**"
+    ],
+
+    "denyWrite": [
+      // Protect environment files with secrets
+      ".env",
+      ".env.*",
+      "**/.env",
+      "**/.env.*",
+
+      // Protect key/certificate files
+      "*.key",
+      "*.pem",
+      "*.p12",
+      "*.pfx",
+      "**/*.key",
+      "**/*.pem",
+      "**/*.p12",
+      "**/*.pfx"
+    ],
+
+    "denyRead": [
+      // SSH private keys and config
+      "~/.ssh/id_*",
+      "~/.ssh/config",
+      "~/.ssh/*.pem",
+
+      // GPG keys
+      "~/.gnupg/**",
+
+      // Cloud provider credentials
+      "~/.aws/**",
+      "~/.config/gcloud/**",
+      "~/.kube/**",
+
+      // Docker config (may contain registry auth)
+      "~/.docker/**",
+
+      // GitHub CLI auth
+      "~/.config/gh/**",
+
+      // Package manager auth tokens
+      "~/.pypirc",
+      "~/.netrc",
+      "~/.git-credentials",
+      "~/.cargo/credentials",
+      "~/.cargo/credentials.toml"
+    ]
+  },
+
+  "command": {
+    "useDefaults": true,
+    "deny": [
+      // Git commands that modify remote state
+      "git push",
+      "git reset",
+      "git clean",
+      "git checkout --",
+      "git rebase",
+      "git merge",
+
+      // Package publishing commands
+      "npm publish",
+      "pnpm publish",
+      "yarn publish",
+      "cargo publish",
+      "twine upload",
+      "gem push",
+
+      // Privilege escalation
+      "sudo"
+    ]
+  }
+}