Skip to content
~$ seal

[capabilities.allow]

additional_directories

Section titled “additional_directories”
Typearray<string>Default[]

Additional directories outside the project root that seal.toml can reference in read / write / delete / command paths, and that unscoped allow.commands grants also accept as a valid cwd — a bare "cargo build:*" matches when run inside any entry here, just as it matches inside project root. Does not grant any access on its own — individual grants still need to name a path inside one of these (or, for unscoped commands, be invoked with a cwd inside one). Each entry may be relative (joined to project root), absolute, or ~/…. Not checked for existence at load time so users can point at yet-to-be-created temp dirs etc.

commands

Section titled “commands”
Typeobject

Lists granted command patterns plus the section-default env-var and network allowlists that bare-string entries (and table entries without their own override) inherit.

default_domains

Section titled “default_domains”
Typearray<string>Default[]

Section-default network domain allowlist. Applied to every bare-string patterns entry; full-form entries union with it unless they set inherit_default_domains = false.

default_env_vars

Section titled “default_env_vars”
Typearray<string>Default[]

Section-default env-var allowlist. Applied to every bare-string patterns entry and every full-form entry that omits its own env_vars.

patterns

Section titled “patterns”
Typearray<string | object>
Array items

What one entry in [capabilities.allow.commands] patterns looks like in TOML. Two shapes:

  • Bare string ("cargo test:*"): allow anywhere, no prompt, inherits default_env_vars AND default_domains from the section.
  • Table ({ command, prompt?, paths?, env_vars?, domains?, inherit_default_domains? }): full form. env_vars here are the per-grant override list — they replace default_env_vars for this command, they don’t add to it. domains UNIONS with default_domains unless inherit_default_domains = false, in which case domains is the entire list (or empty, meaning no network for this command).

String form

Section titled “String form”
Typestring

"cargo test:*" — allow anywhere, no prompt, inherits section defaults.

Table form

Section titled “Table form”
Typeobject

{ command, prompt?, paths?, env_vars?, domains?, prompt_on_network?, inherit_default_domains? } — full form.

command
Section titled “command”
Typestringrequired
domains
Section titled “domains”
Typearray | nullDefaultnull

Per-grant network domain allowlist. Unions with the section’s default_domains unless inherit_default_domains = false is also set, in which case this is the entire effective list (or empty = no network for this command).

None means “field omitted” — equivalent to an empty explicit list under default inherit_default_domains = true: the effective list is default_domains.

env_vars
Section titled “env_vars”
Typearray<string>Default[]

Per-grant env-var allowlist. Listed names are allowed as NAME=VALUE prefixes on invocations of this command pattern. Replaces the section’s default_env_vars for matches against this grant. Empty = inherits default_env_vars.

inherit_default_domains
Section titled “inherit_default_domains”
TypebooleanDefaulttrue

When false, this entry’s effective domains list is strictly its own domains (no section-default union). Default true — bare-string entries and table entries that don’t set this both inherit default_domains.

paths
Section titled “paths”
Typearray<string>Default[]
prompt
Section titled “prompt”
TypebooleanDefaultfalse
prompt_on_network
Section titled “prompt_on_network”
TypebooleanDefaultfalse

When true, every NETWORK connection this command attempts triggers a permission prompt. Distinct from prompt (which gates the exec spawn itself). Only meaningful with explicit per-entry domains — a connection-prompt that can only ever match section- default domains is dead config and produces a load error. Bare-string entries can’t set this knob.

read

Section titled “read”
Typeobject

Combines a default_files list with a paths list to grant the cartesian product. Shorthand paths entries reuse default_files; explicit entries override it.

default_files

Section titled “default_files”
Typearray<string>Default[]

File glob shorthand applied to every bare-string paths entry. E.g. ["*.rs", "*.toml"] plus a paths entry "src/**" yields the rules src/**/*.rs and src/**/*.toml.

paths

Section titled “paths”
Typearray<string | object>

Path globs. Each entry is one of [RawPathEntry]‘s variants.

Array items

One entry in a filesystem capability section’s paths list.

Three shapes, tried in order:

  • Shorthand string ("src/**"): inherits default_files, prompt = false.
  • Explicit form ({ path, files, prompt? }): fully specified, independent of default_files. files is required.
  • Shorthand-with-flags ({ path, prompt? }, no files): inherits default_files. Only useful with prompt = true; bare { path = "x" } has no advantage over the string form.

String form

Section titled “String form”
Typestring

"src/**" — uses the section’s default_files.

Table form

Section titled “Table form”
Typeobject

{ path, files, prompt? } — explicit, overrides default_files. files MUST be present here; entries without it are tried as the next variant.

files
Section titled “files”
Typearray<string>required
path
Section titled “path”
Typestringrequired
prompt
Section titled “prompt”
TypebooleanDefaultfalse

Table form

Section titled “Table form”
Typeobject

{ path, prompt? } — inherits default_files like the bare string form but adds the prompt flag.

path
Section titled “path”
Typestringrequired
prompt
Section titled “prompt”
TypebooleanDefaultfalse

write

Section titled “write”
Typeobject

Combines a default_files list with a paths list to grant the cartesian product. Shorthand paths entries reuse default_files; explicit entries override it.

default_files

Section titled “default_files”
Typearray<string>Default[]

File glob shorthand applied to every bare-string paths entry. E.g. ["*.rs", "*.toml"] plus a paths entry "src/**" yields the rules src/**/*.rs and src/**/*.toml.

paths

Section titled “paths”
Typearray<string | object>

Path globs. Each entry is one of [RawPathEntry]‘s variants.

Array items

One entry in a filesystem capability section’s paths list.

Three shapes, tried in order:

  • Shorthand string ("src/**"): inherits default_files, prompt = false.
  • Explicit form ({ path, files, prompt? }): fully specified, independent of default_files. files is required.
  • Shorthand-with-flags ({ path, prompt? }, no files): inherits default_files. Only useful with prompt = true; bare { path = "x" } has no advantage over the string form.

String form

Section titled “String form”
Typestring

"src/**" — uses the section’s default_files.

Table form

Section titled “Table form”
Typeobject

{ path, files, prompt? } — explicit, overrides default_files. files MUST be present here; entries without it are tried as the next variant.

files
Section titled “files”
Typearray<string>required
path
Section titled “path”
Typestringrequired
prompt
Section titled “prompt”
TypebooleanDefaultfalse

Table form

Section titled “Table form”
Typeobject

{ path, prompt? } — inherits default_files like the bare string form but adds the prompt flag.

path
Section titled “path”
Typestringrequired
prompt
Section titled “prompt”
TypebooleanDefaultfalse