npm - @wxp212/gemini-cli - Versions diffs - 0.28.3-2 - Mend

@wxp212/gemini-cli 0.28.3-2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

package/LICENSE +202 -0
package/README.md +393 -0
package/bundle/builtin/skill-creator/SKILL.md +382 -0
package/bundle/builtin/skill-creator/scripts/init_skill.cjs +235 -0
package/bundle/builtin/skill-creator/scripts/package_skill.cjs +102 -0
package/bundle/builtin/skill-creator/scripts/validate_skill.cjs +127 -0
package/bundle/docs/architecture.md +80 -0
package/bundle/docs/assets/connected_devtools.png +0 -0
package/bundle/docs/assets/gemini-screenshot.png +0 -0
package/bundle/docs/assets/monitoring-dashboard-logs.png +0 -0
package/bundle/docs/assets/monitoring-dashboard-metrics.png +0 -0
package/bundle/docs/assets/monitoring-dashboard-overview.png +0 -0
package/bundle/docs/assets/release_patch.png +0 -0
package/bundle/docs/assets/theme-ansi-light.png +0 -0
package/bundle/docs/assets/theme-ansi.png +0 -0
package/bundle/docs/assets/theme-atom-one.png +0 -0
package/bundle/docs/assets/theme-ayu-light.png +0 -0
package/bundle/docs/assets/theme-ayu.png +0 -0
package/bundle/docs/assets/theme-custom.png +0 -0
package/bundle/docs/assets/theme-default-light.png +0 -0
package/bundle/docs/assets/theme-default.png +0 -0
package/bundle/docs/assets/theme-dracula.png +0 -0
package/bundle/docs/assets/theme-github-light.png +0 -0
package/bundle/docs/assets/theme-github.png +0 -0
package/bundle/docs/assets/theme-google-light.png +0 -0
package/bundle/docs/assets/theme-xcode-light.png +0 -0
package/bundle/docs/changelogs/index.md +743 -0
package/bundle/docs/changelogs/latest.md +338 -0
package/bundle/docs/changelogs/preview.md +437 -0
package/bundle/docs/cli/authentication.md +3 -0
package/bundle/docs/cli/checkpointing.md +94 -0
package/bundle/docs/cli/cli-reference.md +101 -0
package/bundle/docs/cli/commands.md +430 -0
package/bundle/docs/cli/creating-skills.md +80 -0
package/bundle/docs/cli/custom-commands.md +315 -0
package/bundle/docs/cli/enterprise.md +582 -0
package/bundle/docs/cli/gemini-ignore.md +71 -0
package/bundle/docs/cli/gemini-md.md +108 -0
package/bundle/docs/cli/generation-settings.md +210 -0
package/bundle/docs/cli/headless.md +388 -0
package/bundle/docs/cli/index.md +65 -0
package/bundle/docs/cli/keyboard-shortcuts.md +141 -0
package/bundle/docs/cli/model-routing.md +42 -0
package/bundle/docs/cli/model.md +62 -0
package/bundle/docs/cli/rewind.md +51 -0
package/bundle/docs/cli/sandbox.md +171 -0
package/bundle/docs/cli/session-management.md +158 -0
package/bundle/docs/cli/settings.md +141 -0
package/bundle/docs/cli/skills.md +112 -0
package/bundle/docs/cli/system-prompt.md +125 -0
package/bundle/docs/cli/telemetry.md +826 -0
package/bundle/docs/cli/themes.md +235 -0
package/bundle/docs/cli/token-caching.md +20 -0
package/bundle/docs/cli/trusted-folders.md +95 -0
package/bundle/docs/cli/tutorials/skills-getting-started.md +97 -0
package/bundle/docs/cli/tutorials.md +87 -0
package/bundle/docs/cli/uninstall.md +65 -0
package/bundle/docs/core/index.md +107 -0
package/bundle/docs/core/memport.md +246 -0
package/bundle/docs/core/policy-engine.md +305 -0
package/bundle/docs/core/remote-agents.md +84 -0
package/bundle/docs/core/subagents.md +191 -0
package/bundle/docs/core/tools-api.md +131 -0
package/bundle/docs/examples/proxy-script.md +83 -0
package/bundle/docs/extensions/best-practices.md +139 -0
package/bundle/docs/extensions/index.md +45 -0
package/bundle/docs/extensions/reference.md +336 -0
package/bundle/docs/extensions/releasing.md +183 -0
package/bundle/docs/extensions/writing-extensions.md +281 -0
package/bundle/docs/faq.md +154 -0
package/bundle/docs/get-started/authentication.md +321 -0
package/bundle/docs/get-started/configuration-v1.md +880 -0
package/bundle/docs/get-started/configuration.md +1602 -0
package/bundle/docs/get-started/examples.md +219 -0
package/bundle/docs/get-started/gemini-3.md +101 -0
package/bundle/docs/get-started/index.md +71 -0
package/bundle/docs/get-started/installation.md +141 -0
package/bundle/docs/hooks/best-practices.md +677 -0
package/bundle/docs/hooks/index.md +164 -0
package/bundle/docs/hooks/reference.md +322 -0
package/bundle/docs/hooks/writing-hooks.md +450 -0
package/bundle/docs/ide-integration/ide-companion-spec.md +267 -0
package/bundle/docs/ide-integration/index.md +202 -0
package/bundle/docs/index.md +123 -0
package/bundle/docs/integration-tests.md +211 -0
package/bundle/docs/issue-and-pr-automation.md +134 -0
package/bundle/docs/local-development.md +128 -0
package/bundle/docs/mermaid/context.mmd +103 -0
package/bundle/docs/mermaid/render-path.mmd +64 -0
package/bundle/docs/npm.md +62 -0
package/bundle/docs/quota-and-pricing.md +158 -0
package/bundle/docs/release-confidence.md +164 -0
package/bundle/docs/releases.md +540 -0
package/bundle/docs/sidebar.json +152 -0
package/bundle/docs/tools/file-system.md +216 -0
package/bundle/docs/tools/index.md +98 -0
package/bundle/docs/tools/mcp-server.md +1068 -0
package/bundle/docs/tools/memory.md +54 -0
package/bundle/docs/tools/shell.md +260 -0
package/bundle/docs/tools/todos.md +57 -0
package/bundle/docs/tools/web-fetch.md +59 -0
package/bundle/docs/tools/web-search.md +42 -0
package/bundle/docs/tos-privacy.md +96 -0
package/bundle/docs/troubleshooting.md +173 -0
package/bundle/gemini.js +538280 -0
package/bundle/policies/discovered.toml +8 -0
package/bundle/policies/plan.toml +86 -0
package/bundle/policies/read-only.toml +51 -0
package/bundle/policies/write.toml +78 -0
package/bundle/policies/yolo.toml +32 -0
package/bundle/sandbox-macos-permissive-closed.sb +32 -0
package/bundle/sandbox-macos-permissive-open.sb +27 -0
package/bundle/sandbox-macos-permissive-proxied.sb +37 -0
package/bundle/sandbox-macos-restrictive-closed.sb +93 -0
package/bundle/sandbox-macos-restrictive-open.sb +96 -0
package/bundle/sandbox-macos-restrictive-proxied.sb +98 -0
package/package.json +154 -0

package/bundle/policies/discovered.toml ADDED Viewed

@@ -0,0 +1,8 @@
+# Default policy for tools discovered via toolDiscoveryCommand.
+# These tools are potentially dangerous as they are arbitrary scripts.
+# We default them to ASK_USER for safety.
+[[rule]]
+toolName = "discovered_tool_*"
+decision = "ask_user"
+priority = 10

package/bundle/policies/plan.toml ADDED Viewed

@@ -0,0 +1,86 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+#
+# This ensures Admin > User > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 2.x):
+#   2.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   2.9:  MCP servers excluded list (security: persistent server blocks)
+#   2.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   2.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   2.2:  MCP servers with trust=true (persistent trusted servers)
+#   2.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   20: Plan mode catch-all DENY override (becomes 1.020 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   999: YOLO mode allow-all (becomes 1.999 in default tier)
+# Catch-All: Deny everything by default in Plan mode.
+[[rule]]
+decision = "deny"
+priority = 20
+modes = ["plan"]
+deny_message = "You are in Plan Mode - adjust your prompt to only use read and search tools."
+# Explicitly Allow Read-Only Tools in Plan mode.
+[[rule]]
+toolName = "glob"
+decision = "allow"
+priority = 50
+modes = ["plan"]
+[[rule]]
+toolName = "grep_search"
+decision = "allow"
+priority = 50
+modes = ["plan"]
+[[rule]]
+toolName = "list_directory"
+decision = "allow"
+priority = 50
+modes = ["plan"]
+[[rule]]
+toolName = "read_file"
+decision = "allow"
+priority = 50
+modes = ["plan"]
+[[rule]]
+toolName = "google_web_search"
+decision = "allow"
+priority = 50
+modes = ["plan"]
+[[rule]]
+toolName = "ask_user"
+decision = "ask_user"
+priority = 50
+modes = ["plan"]
+[[rule]]
+toolName = "exit_plan_mode"
+decision = "ask_user"
+priority = 50
+modes = ["plan"]
+# Allow write_file for .md files in plans directory
+[[rule]]
+toolName = "write_file"
+decision = "allow"
+priority = 50
+modes = ["plan"]
+argsPattern = "\"file_path\":\"[^\"]+/\\.gemini/tmp/[a-f0-9]{64}/plans/[a-zA-Z0-9_-]+\\.md\""

package/bundle/policies/read-only.toml ADDED Viewed

@@ -0,0 +1,51 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+#
+# This ensures Admin > User > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 2.x):
+#   2.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   2.9:  MCP servers excluded list (security: persistent server blocks)
+#   2.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   2.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   2.2:  MCP servers with trust=true (persistent trusted servers)
+#   2.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   15: Auto-edit tool override (becomes 1.015 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   999: YOLO mode allow-all (becomes 1.999 in default tier)
+[[rule]]
+toolName = "glob"
+decision = "allow"
+priority = 50
+[[rule]]
+toolName = "grep_search"
+decision = "allow"
+priority = 50
+[[rule]]
+toolName = "list_directory"
+decision = "allow"
+priority = 50
+[[rule]]
+toolName = "read_file"
+decision = "allow"
+priority = 50
+[[rule]]
+toolName = "google_web_search"
+decision = "allow"
+priority = 50

package/bundle/policies/write.toml ADDED Viewed

@@ -0,0 +1,78 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+#
+# This ensures Admin > User > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 2.x):
+#   2.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   2.9:  MCP servers excluded list (security: persistent server blocks)
+#   2.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   2.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   2.2:  MCP servers with trust=true (persistent trusted servers)
+#   2.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   15: Auto-edit tool override (becomes 1.015 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   999: YOLO mode allow-all (becomes 1.999 in default tier)
+[[rule]]
+toolName = "replace"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "replace"
+decision = "allow"
+priority = 15
+modes = ["autoEdit"]
+[rule.safety_checker]
+type = "in-process"
+name = "allowed-path"
+required_context = ["environment"]
+[[rule]]
+toolName = "save_memory"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "run_shell_command"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "write_file"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "activate_skill"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "write_file"
+decision = "allow"
+priority = 15
+modes = ["autoEdit"]
+[rule.safety_checker]
+type = "in-process"
+name = "allowed-path"
+required_context = ["environment"]
+[[rule]]
+toolName = "web_fetch"
+decision = "ask_user"
+priority = 10

package/bundle/policies/yolo.toml ADDED Viewed

@@ -0,0 +1,32 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+#
+# This ensures Admin > User > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 2.x):
+#   2.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   2.9:  MCP servers excluded list (security: persistent server blocks)
+#   2.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   2.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   2.2:  MCP servers with trust=true (persistent trusted servers)
+#   2.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   15: Auto-edit tool override (becomes 1.015 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   999: YOLO mode allow-all (becomes 1.999 in default tier)
+[[rule]]
+decision = "allow"
+priority = 999
+modes = ["yolo"]
+allow_redirection = true

package/bundle/sandbox-macos-permissive-closed.sb ADDED Viewed

@@ -0,0 +1,32 @@
+(version 1)
+;; allow everything by default
+(allow default)
+;; deny all writes EXCEPT under specific paths
+(deny file-write*)
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; deny all inbound network traffic EXCEPT on debugger port
+(deny network-inbound)
+(allow network-inbound (local ip "localhost:9229"))
+;; deny all outbound network traffic
+(deny network-outbound)

package/bundle/sandbox-macos-permissive-open.sb ADDED Viewed

@@ -0,0 +1,27 @@
+(version 1)
+;; allow everything by default
+(allow default)
+;; deny all writes EXCEPT under specific paths
+(deny file-write*)
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+    (literal "/dev/ptmx")
+    (regex #"^/dev/ttys[0-9]*$")
+)

package/bundle/sandbox-macos-permissive-proxied.sb ADDED Viewed

@@ -0,0 +1,37 @@
+(version 1)
+;; allow everything by default
+(allow default)
+;; deny all writes EXCEPT under specific paths
+(deny file-write*)
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; deny all inbound network traffic EXCEPT on debugger port
+(deny network-inbound)
+(allow network-inbound (local ip "localhost:9229"))
+;; deny all outbound network traffic EXCEPT through proxy on localhost:8877
+;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox
+;; proxy must listen on :::8877 (see docs/examples/proxy-script.md)
+(deny network-outbound)
+(allow network-outbound (remote tcp "localhost:8877"))
+(allow network-bind (local ip "*:*"))

package/bundle/sandbox-macos-restrictive-closed.sb ADDED Viewed

@@ -0,0 +1,93 @@
+(version 1)
+;; deny everything by default
+(deny default)
+;; allow reading files from anywhere on host
+(allow file-read*)
+;; allow exec/fork (children inherit policy)
+(allow process-exec)
+(allow process-fork)
+;; allow signals to self, e.g. SIGPIPE on write to closed pipe
+(allow signal (target self))
+;; allow read access to specific information about system
+;; from https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
+(allow sysctl-read
+  (sysctl-name "hw.activecpu")
+  (sysctl-name "hw.busfrequency_compat")
+  (sysctl-name "hw.byteorder")
+  (sysctl-name "hw.cacheconfig")
+  (sysctl-name "hw.cachelinesize_compat")
+  (sysctl-name "hw.cpufamily")
+  (sysctl-name "hw.cpufrequency_compat")
+  (sysctl-name "hw.cputype")
+  (sysctl-name "hw.l1dcachesize_compat")
+  (sysctl-name "hw.l1icachesize_compat")
+  (sysctl-name "hw.l2cachesize_compat")
+  (sysctl-name "hw.l3cachesize_compat")
+  (sysctl-name "hw.logicalcpu_max")
+  (sysctl-name "hw.machine")
+  (sysctl-name "hw.ncpu")
+  (sysctl-name "hw.nperflevels")
+  (sysctl-name "hw.optional.arm.FEAT_BF16")
+  (sysctl-name "hw.optional.arm.FEAT_DotProd")
+  (sysctl-name "hw.optional.arm.FEAT_FCMA")
+  (sysctl-name "hw.optional.arm.FEAT_FHM")
+  (sysctl-name "hw.optional.arm.FEAT_FP16")
+  (sysctl-name "hw.optional.arm.FEAT_I8MM")
+  (sysctl-name "hw.optional.arm.FEAT_JSCVT")
+  (sysctl-name "hw.optional.arm.FEAT_LSE")
+  (sysctl-name "hw.optional.arm.FEAT_RDM")
+  (sysctl-name "hw.optional.arm.FEAT_SHA512")
+  (sysctl-name "hw.optional.armv8_2_sha512")
+  (sysctl-name "hw.packages")
+  (sysctl-name "hw.pagesize_compat")
+  (sysctl-name "hw.physicalcpu_max")
+  (sysctl-name "hw.tbfrequency_compat")
+  (sysctl-name "hw.vectorunit")
+  (sysctl-name "kern.hostname")
+  (sysctl-name "kern.maxfilesperproc")
+  (sysctl-name "kern.osproductversion")
+  (sysctl-name "kern.osrelease")
+  (sysctl-name "kern.ostype")
+  (sysctl-name "kern.osvariant_status")
+  (sysctl-name "kern.osversion")
+  (sysctl-name "kern.secure_kernel")
+  (sysctl-name "kern.usrstack64")
+  (sysctl-name "kern.version")
+  (sysctl-name "sysctl.proc_cputype")
+  (sysctl-name-prefix "hw.perflevel")
+)
+;; allow writes to specific paths
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; allow communication with sysmond for process listing (e.g. for pgrep)
+(allow mach-lookup (global-name "com.apple.sysmond"))
+;; enable terminal access required by ink
+;; fixes setRawMode EPERM failure (at node:tty:81:24)
+(allow file-ioctl (regex #"^/dev/tty.*"))
+;; allow inbound network traffic on debugger port
+(allow network-inbound (local ip "localhost:9229"))

package/bundle/sandbox-macos-restrictive-open.sb ADDED Viewed

@@ -0,0 +1,96 @@
+(version 1)
+;; deny everything by default
+(deny default)
+;; allow reading files from anywhere on host
+(allow file-read*)
+;; allow exec/fork (children inherit policy)
+(allow process-exec)
+(allow process-fork)
+;; allow signals to self, e.g. SIGPIPE on write to closed pipe
+(allow signal (target self))
+;; allow read access to specific information about system
+;; from https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
+(allow sysctl-read
+  (sysctl-name "hw.activecpu")
+  (sysctl-name "hw.busfrequency_compat")
+  (sysctl-name "hw.byteorder")
+  (sysctl-name "hw.cacheconfig")
+  (sysctl-name "hw.cachelinesize_compat")
+  (sysctl-name "hw.cpufamily")
+  (sysctl-name "hw.cpufrequency_compat")
+  (sysctl-name "hw.cputype")
+  (sysctl-name "hw.l1dcachesize_compat")
+  (sysctl-name "hw.l1icachesize_compat")
+  (sysctl-name "hw.l2cachesize_compat")
+  (sysctl-name "hw.l3cachesize_compat")
+  (sysctl-name "hw.logicalcpu_max")
+  (sysctl-name "hw.machine")
+  (sysctl-name "hw.ncpu")
+  (sysctl-name "hw.nperflevels")
+  (sysctl-name "hw.optional.arm.FEAT_BF16")
+  (sysctl-name "hw.optional.arm.FEAT_DotProd")
+  (sysctl-name "hw.optional.arm.FEAT_FCMA")
+  (sysctl-name "hw.optional.arm.FEAT_FHM")
+  (sysctl-name "hw.optional.arm.FEAT_FP16")
+  (sysctl-name "hw.optional.arm.FEAT_I8MM")
+  (sysctl-name "hw.optional.arm.FEAT_JSCVT")
+  (sysctl-name "hw.optional.arm.FEAT_LSE")
+  (sysctl-name "hw.optional.arm.FEAT_RDM")
+  (sysctl-name "hw.optional.arm.FEAT_SHA512")
+  (sysctl-name "hw.optional.armv8_2_sha512")
+  (sysctl-name "hw.packages")
+  (sysctl-name "hw.pagesize_compat")
+  (sysctl-name "hw.physicalcpu_max")
+  (sysctl-name "hw.tbfrequency_compat")
+  (sysctl-name "hw.vectorunit")
+  (sysctl-name "kern.hostname")
+  (sysctl-name "kern.maxfilesperproc")
+  (sysctl-name "kern.osproductversion")
+  (sysctl-name "kern.osrelease")
+  (sysctl-name "kern.ostype")
+  (sysctl-name "kern.osvariant_status")
+  (sysctl-name "kern.osversion")
+  (sysctl-name "kern.secure_kernel")
+  (sysctl-name "kern.usrstack64")
+  (sysctl-name "kern.version")
+  (sysctl-name "sysctl.proc_cputype")
+  (sysctl-name-prefix "hw.perflevel")
+)
+;; allow writes to specific paths
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; allow communication with sysmond for process listing (e.g. for pgrep)
+(allow mach-lookup (global-name "com.apple.sysmond"))
+;; enable terminal access required by ink
+;; fixes setRawMode EPERM failure (at node:tty:81:24)
+(allow file-ioctl (regex #"^/dev/tty.*"))
+;; allow inbound network traffic on debugger port
+(allow network-inbound (local ip "localhost:9229"))
+;; allow all outbound network traffic
+(allow network-outbound)

package/bundle/sandbox-macos-restrictive-proxied.sb ADDED Viewed

@@ -0,0 +1,98 @@
+(version 1)
+;; deny everything by default
+(deny default)
+;; allow reading files from anywhere on host
+(allow file-read*)
+;; allow exec/fork (children inherit policy)
+(allow process-exec)
+(allow process-fork)
+;; allow signals to self, e.g. SIGPIPE on write to closed pipe
+(allow signal (target self))
+;; allow read access to specific information about system
+;; from https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
+(allow sysctl-read
+  (sysctl-name "hw.activecpu")
+  (sysctl-name "hw.busfrequency_compat")
+  (sysctl-name "hw.byteorder")
+  (sysctl-name "hw.cacheconfig")
+  (sysctl-name "hw.cachelinesize_compat")
+  (sysctl-name "hw.cpufamily")
+  (sysctl-name "hw.cpufrequency_compat")
+  (sysctl-name "hw.cputype")
+  (sysctl-name "hw.l1dcachesize_compat")
+  (sysctl-name "hw.l1icachesize_compat")
+  (sysctl-name "hw.l2cachesize_compat")
+  (sysctl-name "hw.l3cachesize_compat")
+  (sysctl-name "hw.logicalcpu_max")
+  (sysctl-name "hw.machine")
+  (sysctl-name "hw.ncpu")
+  (sysctl-name "hw.nperflevels")
+  (sysctl-name "hw.optional.arm.FEAT_BF16")
+  (sysctl-name "hw.optional.arm.FEAT_DotProd")
+  (sysctl-name "hw.optional.arm.FEAT_FCMA")
+  (sysctl-name "hw.optional.arm.FEAT_FHM")
+  (sysctl-name "hw.optional.arm.FEAT_FP16")
+  (sysctl-name "hw.optional.arm.FEAT_I8MM")
+  (sysctl-name "hw.optional.arm.FEAT_JSCVT")
+  (sysctl-name "hw.optional.arm.FEAT_LSE")
+  (sysctl-name "hw.optional.arm.FEAT_RDM")
+  (sysctl-name "hw.optional.arm.FEAT_SHA512")
+  (sysctl-name "hw.optional.armv8_2_sha512")
+  (sysctl-name "hw.packages")
+  (sysctl-name "hw.pagesize_compat")
+  (sysctl-name "hw.physicalcpu_max")
+  (sysctl-name "hw.tbfrequency_compat")
+  (sysctl-name "hw.vectorunit")
+  (sysctl-name "kern.hostname")
+  (sysctl-name "kern.maxfilesperproc")
+  (sysctl-name "kern.osproductversion")
+  (sysctl-name "kern.osrelease")
+  (sysctl-name "kern.ostype")
+  (sysctl-name "kern.osvariant_status")
+  (sysctl-name "kern.osversion")
+  (sysctl-name "kern.secure_kernel")
+  (sysctl-name "kern.usrstack64")
+  (sysctl-name "kern.version")
+  (sysctl-name "sysctl.proc_cputype")
+  (sysctl-name-prefix "hw.perflevel")
+)
+;; allow writes to specific paths
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; allow communication with sysmond for process listing (e.g. for pgrep)
+(allow mach-lookup (global-name "com.apple.sysmond"))
+;; enable terminal access required by ink
+;; fixes setRawMode EPERM failure (at node:tty:81:24)
+(allow file-ioctl (regex #"^/dev/tty.*"))
+;; allow inbound network traffic on debugger port
+(allow network-inbound (local ip "localhost:9229"))
+;; allow outbound network traffic through proxy on localhost:8877
+;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox
+;; proxy must listen on :::8877 (see docs/examples/proxy-script.md)
+(allow network-outbound (remote tcp "localhost:8877"))