polymech/zeroclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c54286fec0
zeroclaw/src/security
History
Aleksandr Prilipko c54286fec0 feat(security): add allowed_roots for file access beyond workspace 
Add `autonomy.allowed_roots` config option that lets the agent
read/write files under additional directory roots outside the
workspace (e.g. shared skills directories, project repos).
Resolved (canonical) paths under any allowed root pass
`is_resolved_path_allowed` alongside the workspace itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 14:57:16 +08:00
..
audit.rs chore: Remove blocking read strings 2026-02-19 14:52:29 +08:00
bubblewrap.rs readd tests, remove markdown files 2026-02-18 14:42:39 +08:00
detect.rs fix(channels): execute tool calls in channel runtime (#302) 2026-02-16 05:07:01 -05:00
docker.rs readd tests, remove markdown files 2026-02-18 14:42:39 +08:00
firejail.rs readd tests, remove markdown files 2026-02-18 14:42:39 +08:00
landlock.rs readd tests, remove markdown files 2026-02-18 14:42:39 +08:00
mod.rs docs(code): add module-level doc blocks to providers, channels, tools, and security 2026-02-19 13:19:46 -08:00
pairing.rs fix: resolve clippy warnings and rustfmt across codebase 2026-02-21 12:39:34 +08:00
policy.rs feat(security): add allowed_roots for file access beyond workspace 2026-02-21 14:57:16 +08:00
secrets.rs chore: Remove blocking read strings 2026-02-19 14:52:29 +08:00
traits.rs docs(code): expand doc comments on security, observability, runtime, and peripheral traits 2026-02-19 13:19:46 -08:00