[capabilities.deny]
commands
Section titled “commands”Lists denied command patterns plus the section-default env-var and network denies that apply across every granted command. Universal network denies that also block non-command surfaces (python, web) live under [security] universal_deny_domains.
domains
Section titled “domains”Section-default network deny list. Applies as one Grant::NetworkDenyCommandWide per host — fires unconditionally for every granted command’s egress (no pick_best involvement; denies stack), distinct from [security] universal_deny_domains which also blocks non-command surfaces.
env_vars
Section titled “env_vars”Universal env-var deny list — stripped from every spawn and rejected on every agent-typed NAME=VALUE prefix.
patterns
Section titled “patterns”One entry in [capabilities.deny.commands] patterns.
String form
Section titled “String form”"sw_vers" — block the command unconditionally.
Table form
Section titled “Table form”{ command, domains } — the command may still run (if the allow side grants it) but its network egress is denied to the listed domains in addition to any section-default deny.
command
Section titled “command”domains
Section titled “domains”Combines a default_files list with a paths list to grant the cartesian product. Shorthand paths entries reuse default_files; explicit entries override it.
default_files
Section titled “default_files”File glob shorthand applied to every bare-string paths entry. E.g. ["*.rs", "*.toml"] plus a paths entry "src/**" yields the rules src/**/*.rs and src/**/*.toml.
Path globs. Each entry is one of [RawPathEntry]‘s variants.
One entry in a filesystem capability section’s paths list.
Three shapes, tried in order:
- Shorthand string (
"src/**"): inheritsdefault_files,prompt = false. - Explicit form (
{ path, files, prompt? }): fully specified, independent ofdefault_files.filesis required. - Shorthand-with-flags (
{ path, prompt? }, nofiles): inheritsdefault_files. Only useful withprompt = true; bare{ path = "x" }has no advantage over the string form.
String form
Section titled “String form”"src/**" — uses the section’s default_files.
Table form
Section titled “Table form”{ path, files, prompt? } — explicit, overrides default_files. files MUST be present here; entries without it are tried as the next variant.
prompt
Section titled “prompt”Table form
Section titled “Table form”{ path, prompt? } — inherits default_files like the bare string form but adds the prompt flag.
prompt
Section titled “prompt”Combines a default_files list with a paths list to grant the cartesian product. Shorthand paths entries reuse default_files; explicit entries override it.
default_files
Section titled “default_files”File glob shorthand applied to every bare-string paths entry. E.g. ["*.rs", "*.toml"] plus a paths entry "src/**" yields the rules src/**/*.rs and src/**/*.toml.
Path globs. Each entry is one of [RawPathEntry]‘s variants.
One entry in a filesystem capability section’s paths list.
Three shapes, tried in order:
- Shorthand string (
"src/**"): inheritsdefault_files,prompt = false. - Explicit form (
{ path, files, prompt? }): fully specified, independent ofdefault_files.filesis required. - Shorthand-with-flags (
{ path, prompt? }, nofiles): inheritsdefault_files. Only useful withprompt = true; bare{ path = "x" }has no advantage over the string form.
String form
Section titled “String form”"src/**" — uses the section’s default_files.
Table form
Section titled “Table form”{ path, files, prompt? } — explicit, overrides default_files. files MUST be present here; entries without it are tried as the next variant.
prompt
Section titled “prompt”Table form
Section titled “Table form”{ path, prompt? } — inherits default_files like the bare string form but adds the prompt flag.