will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): harden tool provenance and skill isolation

Browse Source
This commit is contained in:
William Valentin
2026-02-15 10:16:55 -08:00
parent 3451df41b9
commit 67058c8719
6 changed files with 102 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cli/setup/security.ts
+7 -7
View File
@@ -2,16 +2,16 @@ import type { Prompter } from './prompts.js';
import type { ConfigBuilder } from './config.js';
const TOOL_PROFILES = [
{ label: 'full (unrestricted)', value: 'full' },
{ label: 'coding (fs + runtime + sessions + memory)', value: 'coding' },
{ label: 'messaging (send only)', value: 'messaging' },
{ label: 'messaging (recommended)', value: 'messaging' },
{ label: 'minimal (status only)', value: 'minimal' },
{ label: 'coding (fs + runtime)', value: 'coding' },
{ label: 'full (unrestricted)', value: 'full' },
];
export async function setupSecurity(p: Prompter, builder: ConfigBuilder): Promise<void> {
p.println(' Docker sandboxing runs tool commands in isolated containers.');
p.println(' Requires Docker installed and running.');
const sandbox = await p.confirm('Enable Docker sandboxing?', false);
const sandbox = await p.confirm('Enable Docker sandboxing?', true);
if (sandbox) {
builder.setSandboxEnabled(true);
p.println('✓ Docker sandboxing enabled');
@@ -20,7 +20,7 @@ export async function setupSecurity(p: Prompter, builder: ConfigBuilder): Promis
p.println();
p.println(' DM pairing requires unknown senders to enter a code before chatting.');
p.println(' Generate codes via the gateway or TUI /pair command.');
const pairing = await p.confirm('Enable DM pairing for unknown senders?', false);
const pairing = await p.confirm('Enable DM pairing for unknown senders?', true);
if (pairing) {
builder.setPairingEnabled(true);
p.println('✓ DM pairing enabled');
@@ -29,8 +29,8 @@ export async function setupSecurity(p: Prompter, builder: ConfigBuilder): Promis
p.println();
p.println(' Tool profiles control which tools the agent can use:');
p.println(' full — all tools available (file, shell, web, memory, messaging)');
p.println(' coding — file system + shell + sessions + memory (no messaging/web)');
p.println(' messaging — send messages only (no file/shell access)');
p.println(' coding — file system + shell + sessions + memory');
p.println(' messaging — read-only + web/memory + connected services (no file writes/shell)');
p.println(' minimal — status checks only (read-only, safest)');
const profile = await p.choose('Tool policy profile:', TOOL_PROFILES);
builder.setToolProfile(profile);