Private
Public Access
0
0

fix(tier2): run_tier2_sandboxed.ps1 - remove AppData dir references

Removed:
- The \ and \ variables
- The 'app-data dir' phrase in the .DESCRIPTION docstring
- The 'app-data dir' phrase in step 2's comment

The Tier 2 clone is the only allowed directory; AppData is enforced
off-limits by the agent's *AppData\\\\* bash deny rule (no OS-level
ACL needed since the agent's bash commands are denied at the OpenCode
permission layer).

Per the user's 2026-06-18 'NEVER USE APPDATA' directive.

Refs: conductor/tracks/tier2_no_appdata_20260618
This commit is contained in:
2026-06-18 14:38:26 -04:00
parent 9ee6d4eeb8
commit bb0975f93b
+6 -6
View File
@@ -4,9 +4,11 @@
Launch OpenCode in the Tier 2 sandboxed mode.
.DESCRIPTION
Acquires a Windows restricted token (drops dangerous privileges),
sets explicit ACLs on the Tier 2 clone + app-data dir, wraps the
process tree in a Job Object, and launches OpenCode + the MCP server
under the restricted token.
wraps the process tree in a Job Object, and launches OpenCode + the
MCP server under the restricted token. The Tier 2 clone at
C:\projects\manual_slop_tier2\ is the only directory the OpenCode
session can read/write; AppData is OFF-LIMITS (enforced by the
agent's *AppData\\* bash deny rule).
#>
[CmdletBinding()]
param(
@@ -17,8 +19,6 @@ param(
$ErrorActionPreference = "Stop"
$Tier2ClonePath = (Resolve-Path $Tier2ClonePath).Path
$AppDataDir = "$env:LOCALAPPDATA\manual_slop\tier2"
$AppDataFailuresDir = "$env:LOCALAPPDATA\manual_slop\tier2_failures"
$McpServerPath = "$MainRepoPath\scripts\mcp_server.py"
Write-Host "[tier2-launcher] starting sandboxed OpenCode"
@@ -74,7 +74,7 @@ public class RestrictedToken {
$restrictedToken = [RestrictedToken]::GetCurrentTokenRestricted()
Write-Host "[tier2-launcher] acquired restricted token"
# 2. Set explicit ACLs on the Tier 2 clone + app-data dir
# 2. Set explicit ACLs on the Tier 2 clone
# (For v1, we rely on the existing user ACLs. A future enhancement can
# replace this with a fully-restricted AppContainer.)