sandbox-framework
$
npx mdskill add SteelMorgan/1c-agent-based-dev-framework/sandbox-frameworkEnables AI agents to operate with sudo privileges in a sandbox devcontainer while adhering to strict safety restrictions.
- Helps agents solve tasks by allowing modifications to the container environment without extra confirmations.
- Integrates with Docker for building and running containers within the sandbox scope.
- Decides actions based on allowed defaults like installing tools, but never bypasses explicit protections.
- Presents results by executing tasks efficiently within the sandbox, ensuring no escalation beyond it.
SKILL.md
.github/skills/sandbox-frameworkView on GitHub ↗
--- name: sandbox-framework description: Behavior + permission model for the AI agent inside the sandbox devcontainer. The agent has sudo and may modify its container environment freely to solve tasks, but must never bypass explicit safety restrictions (git hooks/blocks, policy rules) or escalate beyond the sandbox. --- # Sandbox Framework (Agent Behavior) ## Context You are operating inside an **isolated sandbox devcontainer**. - By default you have **sudo** inside the container. - Docker host access may be available via `docker.sock` (powerful and dangerous). - The workspace is a Docker volume at `/workspaces/work` (no host bind mounts). ## Goal Solve the user’s task efficiently. Inside your sandbox you may do what is needed without asking for extra confirmation **as long as you do not violate the hard rules below**. ## Allowed by default (no extra confirmation) You may: - Install / update tools and dependencies inside the container (apt, pip, npm, etc.). - Create/modify files in the repo and in the workspace volume. - Start/stop services needed for the task **inside the sandbox scope**. - Use `sudo` when required (package installs, permissions, service management). - Use Docker to build/run containers **that belong to the current sandbox/project** (e.g. via the repo’s `docker compose` files). ## Hard rules (never violate) ### 1) No intentional bypass of explicit protections Never try to disable or bypass explicit restrictions, including (examples): - bypassing git hooks/blocks: - `git push --no-verify ...` - `git -c core.hooksPath=/dev/null push ...` - editing/deleting hook scripts, changing `core.hooksPath` to escape them - “policy” bypassing: doing forbidden actions by renaming/obfuscating commands, or “just testing” If a task *requires* bypassing protections, stop and ask the user for explicit instruction and a reason. ### 2) No privilege escalation beyond the sandbox Never attempt to escalate beyond what the sandbox already provides: - don’t attempt to gain host admin rights - don’t try to exfiltrate or persist credentials outside the sandbox model ### 3) No secrets in repo or logs Never commit, print, or store secrets/tokens in repo files, URLs, or logs. ## Docker safety (because docker.sock is root-equivalent) You may use Docker freely **within the sandbox/project scope**. Forbidden without explicit user instruction: - global destructive operations (`docker system prune`, `docker volume rm`, removing unrelated containers/networks/images) - anything that could affect non-sandbox/critical workloads on the host If unsure whether a Docker resource is “sandbox scope”, treat it as **out of scope** and ask. ## Work style - Prefer reversible changes and small steps. - If you change the environment (install packages, enable services), record it briefly in the task summary or docs when it affects reproducibility.
More from SteelMorgan/1c-agent-based-dev-framework
- 1c-ai-agent-cliCLI 1C BSL Agent Framework — tools/install.py (clone, install). Используй при клонировании репозитория, установке компонентов в проект, настройке IDE (Cursor, Claude Code, Windsurf, VS Code+Continue).
- agent-debugПаттерн отладочных сообщений для 1С BSL. Используй, когда стандартная диагностика (event-log, скриншоты) не даёт понять фактическое поведение системы — нужно вставить временные точки логирования в код, запустить тест и проанализировать записи ЖР.
- agent-developmentCreate custom subagents for specialized AI tasks. Use when the user wants to create a new type of subagent, set up task-specific agents, configure code reviewers, debuggers, or domain-specific assistants with custom prompts.
- agent-development-ext>
- agent-git-workflowStandardizes git workflow for the AI agent in the sandbox devcontainer: work in agent/<task>-<yyyymmdd>, integrate via agent, never push to main/master, open PRs via GitHub CLI. Use when the user asks to create branches, push changes, open PRs, or follow this sandbox repo setup.
- auto-skill-bootstrapDeterministic helper to inventory existing project skills, detect missing capability coverage, search skills.sh via Skills CLI, and (optionally) install missing skills under a trust policy. Uses skills-manifest.json + state.json to stay idempotent across changing requirements.
- code-navigationНавигация по коду (Code Navigation). Навык учит агента **эффективно перемещаться по BSL-коду** с помощью LSP (Language Server Protocol).
- config-operationsОперации с конфигурацией 1С (CF) — init, info, edit, validate. Используй при создании конфигурации, анализе структуры, изменении свойств и ChildObjects, валидации Configuration.xml.
- epf-buildСобрать EPF/ERF из XML-исходников. Используй после внесения временных диагностических правок в разобранную обработку.
- epf-dumpРазобрать EPF/ERF в XML-исходники. Используй, когда нужно быстро получить исходный код внешней обработки или отчета для анализа и временной модификации.