sync from monorepo @ 2452e92e

crates/dirigent_tools/examples/config_example.json

@@ -0,0 +1,53 @@
+{
+  "sandbox": {
+    "allowed_roots": ["C:/work/project", "C:/work/shared"],
+    "blocked_paths": ["**/.env", "**/secrets/**", "**/*.key"],
+    "allow_symlink_escape": false,
+    "follow_symlinks_within_roots": true,
+    "read_enabled": true,
+    "write_enabled": true,
+    "max_read_bytes": 1048576,
+    "max_write_bytes": 1048576,
+    "eol_policy": "preserve",
+    "encoding": "utf-8"
+  },
+  "permissions": {
+    "mode": "whitelist",
+    "remember_decisions": true,
+    "remember_ttl_secs": 86400,
+    "scope": "per_connector",
+    "whitelist": {
+      "write_paths": ["C:/work/project/**"],
+      "execute_commands": ["cargo", "npm", "git", "python"]
+    }
+  },
+  "terminal": {
+    "enabled": true,
+    "default_cwd": "C:/work/project",
+    "env_allowlist": ["RUST_LOG", "NODE_ENV", "PATH"],
+    "command_blocklist": ["rm", "rd", "format", "mkfs*", "del /f /q *"],
+    "output_byte_limit": 200000,
+    "max_runtime_secs": 3600
+  },
+  "search": {
+    "max_results": 5000,
+    "max_bytes": 1000000,
+    "default_include_globs": [],
+    "default_exclude_globs": [
+      "**/target/**",
+      "**/.git/**",
+      "**/node_modules/**",
+      "**/__pycache__/**",
+      "**/.venv/**"
+    ]
+  },
+  "embedding": {
+    "max_embed_bytes": 256000,
+    "allow_resource_link": true,
+    "redact_patterns": [
+      "(?i)(api[_-]?key|password|secret|token)[:\\s]*['\"]?([a-zA-Z0-9_\\-\\.]+)['\"]?"
+    ],
+    "snippet_strategy": "head_tail",
+    "max_files_per_prompt": 10
+  }
+}

crates/dirigent_tools/examples/config_example.toml

@@ -0,0 +1,124 @@
+# Example configuration for dirigent_tools (Phase 03 features)
+# This shows all available configuration options with typical values.
+
+# =============================================================================
+# Sandbox Configuration
+# =============================================================================
+[sandbox]
+# Absolute paths where file operations are allowed
+allowed_roots = ["C:/work/project", "C:/work/shared"]
+
+# Patterns for paths that are blocked even within allowed roots
+blocked_paths = ["**/.env", "**/secrets/**", "**/*.key"]
+
+# Whether to allow symlinks to point outside allowed roots (dangerous!)
+allow_symlink_escape = false
+
+# Whether to follow symlinks within allowed roots
+follow_symlinks_within_roots = true
+
+# Enable read/write operations
+read_enabled = true
+write_enabled = true
+
+# Maximum bytes per operation
+max_read_bytes = 1_048_576   # 1 MB
+max_write_bytes = 1_048_576  # 1 MB
+
+# Line ending policy: "preserve" | "lf" | "crlf"
+eol_policy = "preserve"
+
+# Text encoding (only "utf-8" supported in Phase 03)
+encoding = "utf-8"
+
+# =============================================================================
+# Permission Configuration
+# =============================================================================
+[permissions]
+# Permission mode: "ask" | "whitelist" | "yolo"
+# - ask: Prompt for every sensitive operation
+# - whitelist: Auto-approve whitelisted operations, prompt for others
+# - yolo: Auto-approve all (with audit logging)
+mode = "whitelist"
+
+# Whether to remember permission decisions
+remember_decisions = true
+
+# TTL for cached decisions (seconds)
+remember_ttl_secs = 86400  # 24 hours
+
+# Decision scope: "per_connector" | "per_session"
+scope = "per_connector"
+
+# Whitelist configuration (for whitelist mode)
+[permissions.whitelist]
+# Paths that are safe for write operations
+write_paths = ["C:/work/project/**"]
+
+# Commands that are safe to execute
+execute_commands = ["cargo", "npm", "git", "python"]
+
+# =============================================================================
+# Terminal Configuration
+# =============================================================================
+[terminal]
+# Enable terminal operations
+enabled = true
+
+# Default working directory (must be within allowed roots)
+default_cwd = "C:/work/project"
+
+# Environment variables that are allowed in spawned processes
+env_allowlist = ["RUST_LOG", "NODE_ENV", "PATH"]
+
+# Commands that are blocked (best-effort)
+command_blocklist = ["rm", "rd", "format", "mkfs*", "del /f /q *"]
+
+# Maximum bytes to capture from output (ring buffer)
+output_byte_limit = 200_000
+
+# Maximum runtime before killing command (seconds)
+max_runtime_secs = 3_600  # 1 hour
+
+# =============================================================================
+# Search Configuration
+# =============================================================================
+[search]
+# Maximum number of search results
+max_results = 5_000
+
+# Maximum total bytes in search results
+max_bytes = 1_000_000  # 1 MB
+
+# Default include patterns (empty = include all)
+default_include_globs = []
+
+# Default exclude patterns
+default_exclude_globs = [
+    "**/target/**",
+    "**/.git/**",
+    "**/node_modules/**",
+    "**/__pycache__/**",
+    "**/.venv/**"
+]
+
+# =============================================================================
+# Embedding Configuration
+# =============================================================================
+[embedding]
+# Maximum bytes to embed per file as resource (vs resource_link)
+max_embed_bytes = 256_000
+
+# Whether to allow resource_link for large files
+allow_resource_link = true
+
+# Regex patterns for redacting secrets in embedded content
+redact_patterns = [
+    "(?i)(api[_-]?key|password|secret|token)[:\\s]*['\"]?([a-zA-Z0-9_\\-\\.]+)['\"]?"
+]
+
+# Snippet strategy: "head_tail" | "head_only" | "tail_only"
+snippet_strategy = "head_tail"
+
+# Maximum files to embed in a single prompt
+max_files_per_prompt = 10