# Example configuration for dirigent_tools (Phase 03 features) # This shows all available configuration options with typical values. # ============================================================================= # Sandbox Configuration # ============================================================================= [sandbox] # Absolute paths where file operations are allowed allowed_roots = ["C:/work/project", "C:/work/shared"] # Patterns for paths that are blocked even within allowed roots blocked_paths = ["**/.env", "**/secrets/**", "**/*.key"] # Whether to allow symlinks to point outside allowed roots (dangerous!) allow_symlink_escape = false # Whether to follow symlinks within allowed roots follow_symlinks_within_roots = true # Enable read/write operations read_enabled = true write_enabled = true # Maximum bytes per operation max_read_bytes = 1_048_576 # 1 MB max_write_bytes = 1_048_576 # 1 MB # Line ending policy: "preserve" | "lf" | "crlf" eol_policy = "preserve" # Text encoding (only "utf-8" supported in Phase 03) encoding = "utf-8" # ============================================================================= # Permission Configuration # ============================================================================= [permissions] # Permission mode: "ask" | "whitelist" | "yolo" # - ask: Prompt for every sensitive operation # - whitelist: Auto-approve whitelisted operations, prompt for others # - yolo: Auto-approve all (with audit logging) mode = "whitelist" # Whether to remember permission decisions remember_decisions = true # TTL for cached decisions (seconds) remember_ttl_secs = 86400 # 24 hours # Decision scope: "per_connector" | "per_session" scope = "per_connector" # Whitelist configuration (for whitelist mode) [permissions.whitelist] # Paths that are safe for write operations write_paths = ["C:/work/project/**"] # Commands that are safe to execute execute_commands = ["cargo", "npm", "git", "python"] # ============================================================================= # Terminal Configuration # ============================================================================= [terminal] # Enable terminal operations enabled = true # Default working directory (must be within allowed roots) default_cwd = "C:/work/project" # Environment variables that are allowed in spawned processes env_allowlist = ["RUST_LOG", "NODE_ENV", "PATH"] # Commands that are blocked (best-effort) command_blocklist = ["rm", "rd", "format", "mkfs*", "del /f /q *"] # Maximum bytes to capture from output (ring buffer) output_byte_limit = 200_000 # Maximum runtime before killing command (seconds) max_runtime_secs = 3_600 # 1 hour # ============================================================================= # Search Configuration # ============================================================================= [search] # Maximum number of search results max_results = 5_000 # Maximum total bytes in search results max_bytes = 1_000_000 # 1 MB # Default include patterns (empty = include all) default_include_globs = [] # Default exclude patterns default_exclude_globs = [ "**/target/**", "**/.git/**", "**/node_modules/**", "**/__pycache__/**", "**/.venv/**" ] # ============================================================================= # Embedding Configuration # ============================================================================= [embedding] # Maximum bytes to embed per file as resource (vs resource_link) max_embed_bytes = 256_000 # Whether to allow resource_link for large files allow_resource_link = true # Regex patterns for redacting secrets in embedded content redact_patterns = [ "(?i)(api[_-]?key|password|secret|token)[:\\s]*['\"]?([a-zA-Z0-9_\\-\\.]+)['\"]?" ] # Snippet strategy: "head_tail" | "head_only" | "tail_only" snippet_strategy = "head_tail" # Maximum files to embed in a single prompt max_files_per_prompt = 10