Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Sandbox

The sandbox bounds what tool and shell commands may read, write, and reach on the host. When Veyyon is unsure whether an action is safe, it asks the user instead of assuming.

Responsibility

  • Map approval mode and sandbox policy to concrete restrictions for bash, edit, write, and related tools.
  • Enforce workspace roots and network policy per session settings.
  • Surface permission prompts in the TUI before mutating or risky commands run.

Public boundary

Settings keys such as approvalMode, sandbox-related enums in config.yml, and CLI flags on launch (--approval-mode and sandbox overrides) resolve into concrete restrictions applied to the bash, edit, and write tools, with plan-mode guards on top.

There is no standalone exec-server process in the shipped product; commands run in-process after policy resolution.

Key concepts

ConceptMeaning
Approval modeWhen to prompt before tool execution (on-request, never, …)
Sandbox policyFilesystem/network posture for command tools
Plan modeRestricts mutating tools until plan is approved (/plan)

User-facing guide: Sandbox and approvals.