What the AI agent is permitted to do inside this sandbox.
Commands
Command filter
{% if profile_data.commands.mode == 'whitelist' %}Allowed list only{% elif profile_data.commands.mode == 'blacklist' %}Blocked list{% else %}{{ profile_data.commands.mode }}{% endif %}
Shell operators (|, &&, >)
{% if profile_data.commands.allow_shell_operators %}
Allowed
{% else %}
Blocked
{% endif %}
Max execution time
{{ profile_data.commands.max_execution_seconds }}s
{% if profile_data.commands.mode == 'whitelist' %}
Allowed commands ({{ profile_data.commands.whitelist | length }}) — only these can run
{% for cmd in profile_data.commands.whitelist | sort %}
{{ cmd }}
{% endfor %}
{% endif %}
{% if profile_data.guardrails.rules %}
Safety Rules
{% if profile_data.guardrails.enforce %}
These rules are actively enforced — violations are blocked.
{% else %}
These rules are in observe-only mode — violations are logged but not blocked.
{% endif %}
| Rule |
Description |
Severity |
Status |
{% for rule in profile_data.guardrails.rules %}
| {{ rule.id }} |
{{ rule.description }} |
{{ rule.severity }}
|
{% if rule.enabled %}
Active
{% else %}
Off
{% endif %}
|
{% endfor %}
{% endif %}
Filesystem
Working directory
{{ profile_data.filesystem.working_dir }}
Disk limit
{{ profile_data.filesystem.max_disk_mb }}MB
Temp directory size
{{ profile_data.filesystem.temp_dir_mb }}MB
Read-only paths ({{ profile_data.filesystem.read_only_paths | length }})
{% for path in profile_data.filesystem.read_only_paths %}
- {{ path }}
{% endfor %}
Network
Internet access
{% if profile_data.network.mode == 'none' %}
Offline (fully isolated)
{% elif profile_data.network.mode == 'restricted' %}
Limited (specific domains only)
{% else %}
Unrestricted
{% endif %}
{% if profile_data.network.allowed_domains %}
Allowed domains ({{ profile_data.network.allowed_domains | length }})
{% for domain in profile_data.network.allowed_domains %}
- {{ domain }}
{% endfor %}
{% endif %}
Limits on what the sandbox can consume or access. These prevent runaway processes and protect your system.
Resource Limits
Memory
{{ profile_data.resources.max_memory_mb }}MB
CPU
{{ profile_data.resources.max_cpu_percent }}%
Max processes
{{ profile_data.resources.max_pids }}
Open files
{{ profile_data.resources.max_open_files }}
Max file size
{{ profile_data.resources.max_file_size_mb }}MB
{% if profile_data.commands.blocked_args %}
Blocked Argument Patterns
Even for allowed commands, these specific flags and arguments are never permitted.
{% for cmd, patterns in profile_data.commands.blocked_args.items() %}
{{ cmd }}:
{% for pattern in patterns %}
{{ pattern }}
{% endfor %}
{% endfor %}
{% endif %}
Hidden Paths
These filesystem paths are invisible to the sandbox. The AI cannot read or discover them.
{% if profile_data.filesystem.hidden_paths %}
{% for path in profile_data.filesystem.hidden_paths %}
- {{ path }}
{% endfor %}
{% else %}
No hidden paths configured.
{% endif %}
{% if profile_data.network.blocked_cidrs %}
Blocked Network Ranges
{% for cidr in profile_data.network.blocked_cidrs %}
- {{ cidr }}
{% endfor %}
{% endif %}
Every action inside the sandbox is recorded so you can review what the AI did. These settings control how detailed that recording is.
Activity recording
{% if profile_data.audit.enabled %}
Enabled
{% else %}
Disabled
{% endif %}
Log format
{{ profile_data.audit.log_format }}
Tamper-proof signatures
{% if profile_data.audit.sign_entries %}
Enabled — entries are cryptographically signed to detect tampering
{% else %}
Disabled
{% endif %}
Record command output
{{ "Yes — full output of each command is saved" if profile_data.audit.include_command_output else "No — only the command itself is logged" }}
Record file changes
{{ "Yes — diffs of changed files are saved" if profile_data.audit.include_file_diffs else "No" }}
Max log size
{{ profile_data.audit.max_log_size_mb }}MB