From bb0975f93be1b1cb05d150f70c1b654756fe1fb4 Mon Sep 17 00:00:00 2001 From: Ed_ Date: Thu, 18 Jun 2026 14:38:26 -0400 Subject: [PATCH] fix(tier2): run_tier2_sandboxed.ps1 - remove AppData dir references Removed: - The \ and \ variables - The 'app-data dir' phrase in the .DESCRIPTION docstring - The 'app-data dir' phrase in step 2's comment The Tier 2 clone is the only allowed directory; AppData is enforced off-limits by the agent's *AppData\\\\* bash deny rule (no OS-level ACL needed since the agent's bash commands are denied at the OpenCode permission layer). Per the user's 2026-06-18 'NEVER USE APPDATA' directive. Refs: conductor/tracks/tier2_no_appdata_20260618 --- scripts/tier2/run_tier2_sandboxed.ps1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/tier2/run_tier2_sandboxed.ps1 b/scripts/tier2/run_tier2_sandboxed.ps1 index 494759e0..c8da7f40 100644 --- a/scripts/tier2/run_tier2_sandboxed.ps1 +++ b/scripts/tier2/run_tier2_sandboxed.ps1 @@ -4,9 +4,11 @@ Launch OpenCode in the Tier 2 sandboxed mode. .DESCRIPTION Acquires a Windows restricted token (drops dangerous privileges), - sets explicit ACLs on the Tier 2 clone + app-data dir, wraps the - process tree in a Job Object, and launches OpenCode + the MCP server - under the restricted token. + wraps the process tree in a Job Object, and launches OpenCode + the + MCP server under the restricted token. The Tier 2 clone at + C:\projects\manual_slop_tier2\ is the only directory the OpenCode + session can read/write; AppData is OFF-LIMITS (enforced by the + agent's *AppData\\* bash deny rule). #> [CmdletBinding()] param( @@ -17,8 +19,6 @@ param( $ErrorActionPreference = "Stop" $Tier2ClonePath = (Resolve-Path $Tier2ClonePath).Path -$AppDataDir = "$env:LOCALAPPDATA\manual_slop\tier2" -$AppDataFailuresDir = "$env:LOCALAPPDATA\manual_slop\tier2_failures" $McpServerPath = "$MainRepoPath\scripts\mcp_server.py" Write-Host "[tier2-launcher] starting sandboxed OpenCode" @@ -74,7 +74,7 @@ public class RestrictedToken { $restrictedToken = [RestrictedToken]::GetCurrentTokenRestricted() Write-Host "[tier2-launcher] acquired restricted token" -# 2. Set explicit ACLs on the Tier 2 clone + app-data dir +# 2. Set explicit ACLs on the Tier 2 clone # (For v1, we rely on the existing user ACLs. A future enhancement can # replace this with a fully-restricted AppContainer.)