[capabilities.deny]
commands
Section titled “commands”Lists denied command patterns plus the section-default env-var and network denies that apply across every granted command. Universal network denies that also block non-command surfaces (python, web) live under [security] universal_deny_domains.
domains
Section titled “domains”Section-default network deny list. Applies as one Grant::NetworkDenyCommandWide per host — fires unconditionally for every granted command’s egress (no pick_best involvement; denies stack), distinct from [security] universal_deny_domains which also blocks non-command surfaces.
env_vars
Section titled “env_vars”Universal env-var deny list — stripped from every spawn and rejected on every agent-typed NAME=VALUE prefix.
patterns
Section titled “patterns”Command patterns to block, or per-command network destinations to deny.
Array itemsOne entry in [capabilities.deny.commands] patterns.
String form
Section titled “String form”"sw_vers" — block the command unconditionally.
Table form
Section titled “Table form”{ command, domains } — the command may still run (if the allow side grants it) but its network egress is denied to the listed domains in addition to any section-default deny.
command
Section titled “command”Command pattern to attach network denies to.
domains
Section titled “domains”Network domains blocked for this command pattern.
Combines a default_files list with a paths list to grant the cartesian product. Shorthand paths entries reuse default_files; explicit entries override it.
default_files
Section titled “default_files”File glob shorthand applied to every bare-string paths entry. E.g. ["*.rs", "*.toml"] plus a paths entry "src/**" yields the rules src/**/*.rs and src/**/*.toml.
A bare "*" entry is the catch-all: it matches any file in the path, not just one extension. ["*"] plus paths = ["**"] yields **/* — every file under that root. Use it when the path should cover all file types; use specific extension globs (["*.rs"]) to scope by type.
Path entries to grant or deny. Bare strings inherit default_files; table entries can specify their own files list.
One entry in a filesystem capability section’s paths list.
Three shapes, tried in order:
- Shorthand string (
"src/**"): inheritsdefault_files,prompt = false. - Explicit form (
{ path, files, prompt? }): fully specified, independent ofdefault_files.filesis required. - Shorthand-with-flags (
{ path, prompt? }, nofiles): inheritsdefault_files. Deny entries do not support prompting, sopromptmust be omitted orfalse.
String form
Section titled “String form”"src/**" — uses the section’s default_files.
Table form
Section titled “Table form”{ path, files, prompt? } — explicit, overrides default_files. files MUST be present here; entries without it are tried as the next variant.
File globs under path that this entry grants or denies.
Path glob this entry applies to, such as src/** or ..
prompt
Section titled “prompt”Deny entries do not support prompting; omit this field or leave it false.
Table form
Section titled “Table form”{ path, prompt? } — inherits default_files like the bare string form. Deny entries do not support prompting, so prompt must be omitted or false.
Path glob this entry applies to, such as src/** or ..
prompt
Section titled “prompt”Deny entries do not support prompting; omit this field or leave it false.
Combines a default_files list with a paths list to grant the cartesian product. Shorthand paths entries reuse default_files; explicit entries override it.
default_files
Section titled “default_files”File glob shorthand applied to every bare-string paths entry. E.g. ["*.rs", "*.toml"] plus a paths entry "src/**" yields the rules src/**/*.rs and src/**/*.toml.
A bare "*" entry is the catch-all: it matches any file in the path, not just one extension. ["*"] plus paths = ["**"] yields **/* — every file under that root. Use it when the path should cover all file types; use specific extension globs (["*.rs"]) to scope by type.
Path entries to grant or deny. Bare strings inherit default_files; table entries can specify their own files list.
One entry in a filesystem capability section’s paths list.
Three shapes, tried in order:
- Shorthand string (
"src/**"): inheritsdefault_files,prompt = false. - Explicit form (
{ path, files, prompt? }): fully specified, independent ofdefault_files.filesis required. - Shorthand-with-flags (
{ path, prompt? }, nofiles): inheritsdefault_files. Deny entries do not support prompting, sopromptmust be omitted orfalse.
String form
Section titled “String form”"src/**" — uses the section’s default_files.
Table form
Section titled “Table form”{ path, files, prompt? } — explicit, overrides default_files. files MUST be present here; entries without it are tried as the next variant.
File globs under path that this entry grants or denies.
Path glob this entry applies to, such as src/** or ..
prompt
Section titled “prompt”Deny entries do not support prompting; omit this field or leave it false.
Table form
Section titled “Table form”{ path, prompt? } — inherits default_files like the bare string form. Deny entries do not support prompting, so prompt must be omitted or false.
Path glob this entry applies to, such as src/** or ..
prompt
Section titled “prompt”Deny entries do not support prompting; omit this field or leave it false.