dirigent/crates/dirigent_tools/examples/config_example.toml

# Example configuration for dirigent_tools (Phase 03 features)
# This shows all available configuration options with typical values.

# =============================================================================
# Sandbox Configuration
# =============================================================================
[sandbox]
# Absolute paths where file operations are allowed
allowed_roots = ["C:/work/project", "C:/work/shared"]

# Patterns for paths that are blocked even within allowed roots
blocked_paths = ["**/.env", "**/secrets/**", "**/*.key"]

# Whether to allow symlinks to point outside allowed roots (dangerous!)
allow_symlink_escape = false

# Whether to follow symlinks within allowed roots
follow_symlinks_within_roots = true

# Enable read/write operations
read_enabled = true
write_enabled = true

# Maximum bytes per operation
max_read_bytes = 1_048_576   # 1 MB
max_write_bytes = 1_048_576  # 1 MB

# Line ending policy: "preserve" | "lf" | "crlf"
eol_policy = "preserve"

# Text encoding (only "utf-8" supported in Phase 03)
encoding = "utf-8"

# =============================================================================
# Permission Configuration
# =============================================================================
[permissions]
# Permission mode: "ask" | "whitelist" | "yolo"
# - ask: Prompt for every sensitive operation
# - whitelist: Auto-approve whitelisted operations, prompt for others
# - yolo: Auto-approve all (with audit logging)
mode = "whitelist"

# Whether to remember permission decisions
remember_decisions = true

# TTL for cached decisions (seconds)
remember_ttl_secs = 86400  # 24 hours

# Decision scope: "per_connector" | "per_session"
scope = "per_connector"

# Whitelist configuration (for whitelist mode)
[permissions.whitelist]
# Paths that are safe for write operations
write_paths = ["C:/work/project/**"]

# Commands that are safe to execute
execute_commands = ["cargo", "npm", "git", "python"]

# =============================================================================
# Terminal Configuration
# =============================================================================
[terminal]
# Enable terminal operations
enabled = true

# Default working directory (must be within allowed roots)
default_cwd = "C:/work/project"

# Environment variables that are allowed in spawned processes
env_allowlist = ["RUST_LOG", "NODE_ENV", "PATH"]

# Commands that are blocked (best-effort)
command_blocklist = ["rm", "rd", "format", "mkfs*", "del /f /q *"]

# Maximum bytes to capture from output (ring buffer)
output_byte_limit = 200_000

# Maximum runtime before killing command (seconds)
max_runtime_secs = 3_600  # 1 hour

# =============================================================================
# Search Configuration
# =============================================================================
[search]
# Maximum number of search results
max_results = 5_000

# Maximum total bytes in search results
max_bytes = 1_000_000  # 1 MB

# Default include patterns (empty = include all)
default_include_globs = []

# Default exclude patterns
default_exclude_globs = [
    "**/target/**",
    "**/.git/**",
    "**/node_modules/**",
    "**/__pycache__/**",
    "**/.venv/**"
]

# =============================================================================
# Embedding Configuration
# =============================================================================
[embedding]
# Maximum bytes to embed per file as resource (vs resource_link)
max_embed_bytes = 256_000

# Whether to allow resource_link for large files
allow_resource_link = true

# Regex patterns for redacting secrets in embedded content
redact_patterns = [
    "(?i)(api[_-]?key|password|secret|token)[:\\s]*['\"]?([a-zA-Z0-9_\\-\\.]+)['\"]?"
]

# Snippet strategy: "head_tail" | "head_only" | "tail_only"
snippet_strategy = "head_tail"

# Maximum files to embed in a single prompt
max_files_per_prompt = 10