Skip to content

Commit 75b5905

Browse files
feloyclaude
andauthored
feat(cli): add --with-policy flag (#101)
policy.yaml is now opt-in: the file is built and copied into the image only when --with-policy is passed. Without the flag no policy file is staged and the COPY instruction is omitted from the Containerfile. Signed-off-by: Philippe Martin <phmartin@redhat.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent a6c800c commit 75b5905

4 files changed

Lines changed: 325 additions & 78 deletions

File tree

README.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ The tool assembles the image in layers — base image, agent installation, agent
1515
- **Inference settings** (`--inference`) — inference provider definition is added to settings files.
1616
- **Endpoint override** (`--endpoint`) — optional custom URL for inference provider is set in inference provider definition.
1717
- **Model** (`--model`) — default model is baked into the agent's settings files.
18-
4. **OpenShell policy**`/etc/openshell/policy.yaml` shipped with every image.
18+
4. **OpenShell policy** (`--with-policy`) `/etc/openshell/policy.yaml` copied into the image only when `--with-policy` is passed.
1919
- **Base policy** — Git operations over HTTPS and the GitHub REST API.
2020
- **Agent network rules** — agent-specific endpoints are added by `--agent`.
2121
- **Inference network rules** — LLM backend endpoints are added by `--inference`.
@@ -332,11 +332,15 @@ When `--model` is also given, the top-level `"model"` field is added (as `"ollam
332332

333333
## Sandbox policy
334334

335-
Every image built by this tool includes `/etc/openshell/policy.yaml`. This file is read by the OpenShell runtime and defines the sandbox security policy for the container:
335+
Pass `--with-policy` to include `/etc/openshell/policy.yaml` in the image. Without this flag, no policy file is written and the image contains no OpenShell policy. The policy file is read by the OpenShell runtime and defines the sandbox security policy for the container:
336336

337337
- **Filesystem policy** — which paths are read-only, read-write, or inaccessible to the `sandbox` user.
338338
- **Network policies** — which binaries are allowed to connect to which hosts and ports.
339339

340+
```sh
341+
openshell-image-builder --agent claude --inference anthropic --with-policy myimage:latest
342+
```
343+
340344
The policy is built in four layers, merged in order:
341345

342346
1. **Base** ([`assets/policy.yaml`](assets/policy.yaml)) — general-purpose tooling: Git operations over HTTPS and the GitHub REST API via `gh`.
@@ -501,6 +505,7 @@ openshell-image-builder [OPTIONS] <TAG>
501505
| `--endpoint <URL>` | Override the inference provider's default endpoint URL (see [Custom endpoint](#custom-endpoint---endpoint)) |
502506
| `--model <MODEL>` | Default model for the agent to use (see [Default model](#default-model---model)) |
503507
| `--with-workspace-config` | Read `.kaiden/workspace.json` and apply its features, skills, and network rules |
508+
| `--with-policy` | Include OpenShell sandbox policy (`/etc/openshell/policy.yaml`) in the image |
504509
| `-v` / `-vv` | Increase log verbosity (info / debug) |
505510

506511
## Examples

0 commit comments

Comments
 (0)