fix(tier2): run_tier2_sandboxed.ps1 - remove AppData dir references
Removed: - The \ and \ variables - The 'app-data dir' phrase in the .DESCRIPTION docstring - The 'app-data dir' phrase in step 2's comment The Tier 2 clone is the only allowed directory; AppData is enforced off-limits by the agent's *AppData\\\\* bash deny rule (no OS-level ACL needed since the agent's bash commands are denied at the OpenCode permission layer). Per the user's 2026-06-18 'NEVER USE APPDATA' directive. Refs: conductor/tracks/tier2_no_appdata_20260618
This commit is contained in:
@@ -4,9 +4,11 @@
|
||||
Launch OpenCode in the Tier 2 sandboxed mode.
|
||||
.DESCRIPTION
|
||||
Acquires a Windows restricted token (drops dangerous privileges),
|
||||
sets explicit ACLs on the Tier 2 clone + app-data dir, wraps the
|
||||
process tree in a Job Object, and launches OpenCode + the MCP server
|
||||
under the restricted token.
|
||||
wraps the process tree in a Job Object, and launches OpenCode + the
|
||||
MCP server under the restricted token. The Tier 2 clone at
|
||||
C:\projects\manual_slop_tier2\ is the only directory the OpenCode
|
||||
session can read/write; AppData is OFF-LIMITS (enforced by the
|
||||
agent's *AppData\\* bash deny rule).
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
@@ -17,8 +19,6 @@ param(
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
$Tier2ClonePath = (Resolve-Path $Tier2ClonePath).Path
|
||||
$AppDataDir = "$env:LOCALAPPDATA\manual_slop\tier2"
|
||||
$AppDataFailuresDir = "$env:LOCALAPPDATA\manual_slop\tier2_failures"
|
||||
$McpServerPath = "$MainRepoPath\scripts\mcp_server.py"
|
||||
|
||||
Write-Host "[tier2-launcher] starting sandboxed OpenCode"
|
||||
@@ -74,7 +74,7 @@ public class RestrictedToken {
|
||||
$restrictedToken = [RestrictedToken]::GetCurrentTokenRestricted()
|
||||
Write-Host "[tier2-launcher] acquired restricted token"
|
||||
|
||||
# 2. Set explicit ACLs on the Tier 2 clone + app-data dir
|
||||
# 2. Set explicit ACLs on the Tier 2 clone
|
||||
# (For v1, we rely on the existing user ACLs. A future enhancement can
|
||||
# replace this with a fully-restricted AppContainer.)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user