harivansh-afk/sandbox-agent
1
0
Fork 0
mirror of https://github.com/harivansh-afk/sandbox-agent.git synced 2026-04-19 13:01:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

wip

Browse source
This commit is contained in:
Nathan Flurry 2026-03-14 20:28:41 -07:00
parent 3263d4f5e1
commit 0fbea6ce61
166 changed files with 6675 additions and 7105 deletions
Download patch file Download diff file Expand all files Collapse all files

1923
foundry/packages/desktop/src-tauri/gen/schemas/acl-manifests.json
View file

File diff suppressed because one or more lines are too long

90
foundry/packages/desktop/src-tauri/gen/schemas/desktop-schema.json
View file

@ -21,9 +21,7 @@
{
"description": "A list of capabilities.",
"type": "object",
"required": [
"capabilities"
],
"required": ["capabilities"],
"properties": {
"capabilities": {
"description": "The list of capabilities.",
@ -39,10 +37,7 @@
"Capability": {
"description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\nIt controls application windows' and webviews' fine grained access to the Tauri core, application, or plugin commands. If a webview or its window is not matching any capability then it has no access to the IPC layer at all.\n\nThis can be done to create groups of windows, based on their required system access, which can reduce impact of frontend vulnerabilities in less privileged windows. Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`. A Window can have none, one, or multiple associated capabilities.\n\n## Example\n\n```json { \"identifier\": \"main-user-files-write\", \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programmatic access to files selected by the user.\", \"windows\": [ \"main\" ], \"permissions\": [ \"core:default\", \"dialog:open\", { \"identifier\": \"fs:allow-write-text-file\", \"allow\": [{ \"path\": \"$HOME/test.txt\" }] }, ], \"platforms\": [\"macOS\",\"windows\"] } ```",
"type": "object",
"required": [
"identifier",
"permissions"
],
"required": ["identifier", "permissions"],
"properties": {
"identifier": {
"description": "Identifier of the capability.\n\n## Example\n\n`main-user-files-write`",
@ -93,10 +88,7 @@
},
"platforms": {
"description": "Limit which target platforms this capability applies to.\n\nBy default all platforms are targeted.\n\n## Example\n\n`[\"macOS\",\"windows\"]`",
"type": [
"array",
"null"
],
"type": ["array", "null"],
"items": {
"$ref": "#/definitions/Target"
}
@ -106,9 +98,7 @@
"CapabilityRemote": {
"description": "Configuration for remote URLs that are associated with the capability.",
"type": "object",
"required": [
"urls"
],
"required": ["urls"],
"properties": {
"urls": {
"description": "Remote domains this capability refers to using the [URLPattern standard](https://urlpattern.spec.whatwg.org/).\n\n## Examples\n\n- \"https://*.mydomain.dev\": allows subdomains of mydomain.dev - \"https://mydomain.dev/api/*\": allows any subpath of mydomain.dev/api",
@ -218,10 +208,7 @@
"anyOf": [
{
"type": "object",
"required": [
"cmd",
"name"
],
"required": ["cmd", "name"],
"properties": {
"args": {
"description": "The allowed arguments for the command execution.",
@ -244,10 +231,7 @@
},
{
"type": "object",
"required": [
"name",
"sidecar"
],
"required": ["name", "sidecar"],
"properties": {
"args": {
"description": "The allowed arguments for the command execution.",
@ -278,10 +262,7 @@
"anyOf": [
{
"type": "object",
"required": [
"cmd",
"name"
],
"required": ["cmd", "name"],
"properties": {
"args": {
"description": "The allowed arguments for the command execution.",
@ -304,10 +285,7 @@
},
{
"type": "object",
"required": [
"name",
"sidecar"
],
"required": ["name", "sidecar"],
"properties": {
"args": {
"description": "The allowed arguments for the command execution.",
@ -356,20 +334,14 @@
},
"allow": {
"description": "Data that defines what is allowed by the scope.",
"type": [
"array",
"null"
],
"type": ["array", "null"],
"items": {
"$ref": "#/definitions/Value"
}
},
"deny": {
"description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.",
"type": [
"array",
"null"
],
"type": ["array", "null"],
"items": {
"$ref": "#/definitions/Value"
}
@ -377,9 +349,7 @@
}
}
],
"required": [
"identifier"
]
"required": ["identifier"]
}
]
},
@ -1845,10 +1815,10 @@
"markdownDescription": "Enables the set_title_bar_style command without any pre-configured scope."
},
{
"description": "Enables the set_visible_on_all_workspaces command without any pre-configured scope.",
"description": "Enables the set_visible_on_all_organizations command without any pre-configured scope.",
"type": "string",
"const": "core:window:allow-set-visible-on-all-workspaces",
"markdownDescription": "Enables the set_visible_on_all_workspaces command without any pre-configured scope."
"const": "core:window:allow-set-visible-on-all-organizations",
"markdownDescription": "Enables the set_visible_on_all_organizations command without any pre-configured scope."
},
{
"description": "Enables the show command without any pre-configured scope.",
@ -2301,10 +2271,10 @@
"markdownDescription": "Denies the set_title_bar_style command without any pre-configured scope."
},
{
"description": "Denies the set_visible_on_all_workspaces command without any pre-configured scope.",
"description": "Denies the set_visible_on_all_organizations command without any pre-configured scope.",
"type": "string",
"const": "core:window:deny-set-visible-on-all-workspaces",
"markdownDescription": "Denies the set_visible_on_all_workspaces command without any pre-configured scope."
"const": "core:window:deny-set-visible-on-all-organizations",
"markdownDescription": "Denies the set_visible_on_all_organizations command without any pre-configured scope."
},
{
"description": "Denies the show command without any pre-configured scope.",
@ -2482,37 +2452,27 @@
{
"description": "MacOS.",
"type": "string",
"enum": [
"macOS"
]
"enum": ["macOS"]
},
{
"description": "Windows.",
"type": "string",
"enum": [
"windows"
]
"enum": ["windows"]
},
{
"description": "Linux.",
"type": "string",
"enum": [
"linux"
]
"enum": ["linux"]
},
{
"description": "Android.",
"type": "string",
"enum": [
"android"
]
"enum": ["android"]
},
{
"description": "iOS.",
"type": "string",
"enum": [
"iOS"
]
"enum": ["iOS"]
}
]
},
@ -2526,9 +2486,7 @@
{
"description": "A variable that is set while calling the command from the webview API.",
"type": "object",
"required": [
"validator"
],
"required": ["validator"],
"properties": {
"raw": {
"description": "Marks the validator as a raw regex, meaning the plugin should not make any modification at runtime.\n\nThis means the regex will not match on the entire string by default, which might be exploited if your regex allow unexpected input to be considered valid. When using this option, make sure your regex is correct.",
@ -2561,4 +2519,4 @@
]
}
}
}
}

90
foundry/packages/desktop/src-tauri/gen/schemas/macOS-schema.json
View file

@ -21,9 +21,7 @@
{
"description": "A list of capabilities.",
"type": "object",
"required": [
"capabilities"
],
"required": ["capabilities"],
"properties": {
"capabilities": {
"description": "The list of capabilities.",
@ -39,10 +37,7 @@
"Capability": {
"description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\nIt controls application windows' and webviews' fine grained access to the Tauri core, application, or plugin commands. If a webview or its window is not matching any capability then it has no access to the IPC layer at all.\n\nThis can be done to create groups of windows, based on their required system access, which can reduce impact of frontend vulnerabilities in less privileged windows. Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`. A Window can have none, one, or multiple associated capabilities.\n\n## Example\n\n```json { \"identifier\": \"main-user-files-write\", \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programmatic access to files selected by the user.\", \"windows\": [ \"main\" ], \"permissions\": [ \"core:default\", \"dialog:open\", { \"identifier\": \"fs:allow-write-text-file\", \"allow\": [{ \"path\": \"$HOME/test.txt\" }] }, ], \"platforms\": [\"macOS\",\"windows\"] } ```",
"type": "object",
"required": [
"identifier",
"permissions"
],
"required": ["identifier", "permissions"],
"properties": {
"identifier": {
"description": "Identifier of the capability.\n\n## Example\n\n`main-user-files-write`",
@ -93,10 +88,7 @@
},
"platforms": {
"description": "Limit which target platforms this capability applies to.\n\nBy default all platforms are targeted.\n\n## Example\n\n`[\"macOS\",\"windows\"]`",
"type": [
"array",
"null"
],
"type": ["array", "null"],
"items": {
"$ref": "#/definitions/Target"
}
@ -106,9 +98,7 @@
"CapabilityRemote": {
"description": "Configuration for remote URLs that are associated with the capability.",
"type": "object",
"required": [
"urls"
],
"required": ["urls"],
"properties": {
"urls": {
"description": "Remote domains this capability refers to using the [URLPattern standard](https://urlpattern.spec.whatwg.org/).\n\n## Examples\n\n- \"https://*.mydomain.dev\": allows subdomains of mydomain.dev - \"https://mydomain.dev/api/*\": allows any subpath of mydomain.dev/api",
@ -218,10 +208,7 @@
"anyOf": [
{
"type": "object",
"required": [
"cmd",
"name"
],
"required": ["cmd", "name"],
"properties": {
"args": {
"description": "The allowed arguments for the command execution.",
@ -244,10 +231,7 @@
},
{
"type": "object",
"required": [
"name",
"sidecar"
],
"required": ["name", "sidecar"],
"properties": {
"args": {
"description": "The allowed arguments for the command execution.",
@ -278,10 +262,7 @@
"anyOf": [
{
"type": "object",
"required": [
"cmd",
"name"
],
"required": ["cmd", "name"],
"properties": {
"args": {
"description": "The allowed arguments for the command execution.",
@ -304,10 +285,7 @@
},
{
"type": "object",
"required": [
"name",
"sidecar"
],
"required": ["name", "sidecar"],
"properties": {
"args": {
"description": "The allowed arguments for the command execution.",
@ -356,20 +334,14 @@
},
"allow": {
"description": "Data that defines what is allowed by the scope.",
"type": [
"array",
"null"
],
"type": ["array", "null"],
"items": {
"$ref": "#/definitions/Value"
}
},
"deny": {
"description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.",
"type": [
"array",
"null"
],
"type": ["array", "null"],
"items": {
"$ref": "#/definitions/Value"
}
@ -377,9 +349,7 @@
}
}
],
"required": [
"identifier"
]
"required": ["identifier"]
}
]
},
@ -1845,10 +1815,10 @@
"markdownDescription": "Enables the set_title_bar_style command without any pre-configured scope."
},
{
"description": "Enables the set_visible_on_all_workspaces command without any pre-configured scope.",
"description": "Enables the set_visible_on_all_organizations command without any pre-configured scope.",
"type": "string",
"const": "core:window:allow-set-visible-on-all-workspaces",
"markdownDescription": "Enables the set_visible_on_all_workspaces command without any pre-configured scope."
"const": "core:window:allow-set-visible-on-all-organizations",
"markdownDescription": "Enables the set_visible_on_all_organizations command without any pre-configured scope."
},
{
"description": "Enables the show command without any pre-configured scope.",
@ -2301,10 +2271,10 @@
"markdownDescription": "Denies the set_title_bar_style command without any pre-configured scope."
},
{
"description": "Denies the set_visible_on_all_workspaces command without any pre-configured scope.",
"description": "Denies the set_visible_on_all_organizations command without any pre-configured scope.",
"type": "string",
"const": "core:window:deny-set-visible-on-all-workspaces",
"markdownDescription": "Denies the set_visible_on_all_workspaces command without any pre-configured scope."
"const": "core:window:deny-set-visible-on-all-organizations",
"markdownDescription": "Denies the set_visible_on_all_organizations command without any pre-configured scope."
},
{
"description": "Denies the show command without any pre-configured scope.",
@ -2482,37 +2452,27 @@
{
"description": "MacOS.",
"type": "string",
"enum": [
"macOS"
]
"enum": ["macOS"]
},
{
"description": "Windows.",
"type": "string",
"enum": [
"windows"
]
"enum": ["windows"]
},
{
"description": "Linux.",
"type": "string",
"enum": [
"linux"
]
"enum": ["linux"]
},
{
"description": "Android.",
"type": "string",
"enum": [
"android"
]
"enum": ["android"]
},
{
"description": "iOS.",
"type": "string",
"enum": [
"iOS"
]
"enum": ["iOS"]
}
]
},
@ -2526,9 +2486,7 @@
{
"description": "A variable that is set while calling the command from the webview API.",
"type": "object",
"required": [
"validator"
],
"required": ["validator"],
"properties": {
"raw": {
"description": "Marks the validator as a raw regex, meaning the plugin should not make any modification at runtime.\n\nThis means the regex will not match on the entire string by default, which might be exploited if your regex allow unexpected input to be considered valid. When using this option, make sure your regex is correct.",
@ -2561,4 +2519,4 @@
]
}
}
}
}