{ "meta": { "version": 3, "schema_version": "3.0" }, "never_grant": [ "/etc/shadow", "/etc/sudoers", "/etc/passwd", "/etc/master.passwd", "/etc/security", "/private/etc/shadow", "/private/etc/sudoers", "/private/etc/master.passwd", "/var/db/dslocal", "/boot", "/boot/grub", "/System/Library/LaunchDaemons", "/System/Library/LaunchAgents", "/Library/LaunchDaemons", "/Library/LaunchAgents", "~/.ssh/authorized_keys", "~/.ssh/id_rsa", "~/.ssh/id_ed25519", "~/.ssh/id_ecdsa", "~/.ssh/id_dsa", "~/.gnupg", "/proc/kcore", "/proc/kmem" ], "base_groups": [ "deny_credentials", "deny_keychains_macos", "deny_keychains_linux", "deny_browser_data_macos", "deny_browser_data_linux", "deny_macos_private", "deny_shell_history", "deny_shell_configs", "system_read_macos", "system_read_linux", "system_write_macos", "system_write_linux", "user_tools", "homebrew", "dangerous_commands", "dangerous_commands_macos", "dangerous_commands_linux" ], "groups": { "deny_credentials": { "description": "Block access to cryptographic keys, tokens, and cloud credentials", "required": true, "deny": { "access": [ "~/.ssh", "~/.gnupg", "~/.aws", "~/.azure", "~/.config/gcloud", "~/.gcloud", "~/.kube", "~/.docker", "~/.git-credentials", "~/.netrc", "~/.npmrc", "~/.vault-token", "~/.credentials", "~/.secrets", "~/.keys", "~/.pki", "~/.terraform.d" ] } }, "deny_keychains_macos": { "description": "Block access to macOS keychains and password stores", "required": true, "platform": "macos", "deny": { "access": [ "~/Library/Keychains", "/Library/Keychains", "~/.password-store", "~/.1password" ] } }, "deny_keychains_linux": { "description": "Block access to Linux keyrings and password stores", "required": true, "platform": "linux", "deny": { "access": [ "~/.password-store", "~/.1password", "~/.local/share/keyrings" ] } }, "deny_browser_data_macos": { "description": "Block access to macOS browser stored data (cookies, saved passwords, sessions)", "required": true, "platform": "macos", "deny": { "access": [ "~/Library/Application Support/Google/Chrome", "~/Library/Application Support/Firefox", "~/Library/Application Support/Microsoft Edge", "~/Library/Application Support/Arc", "~/Library/Application Support/Brave Browser", "~/Library/Safari" ] } }, "deny_browser_data_linux": { "description": "Block access to Linux browser stored data (cookies, saved passwords, sessions)", "required": true, "platform": "linux", "deny": { "access": [ "~/.config/google-chrome", "~/.config/chromium", "~/.mozilla/firefox", "~/.config/microsoft-edge", "~/.config/BraveSoftware" ] } }, "deny_macos_private": { "description": "Block access to macOS private data (messages, mail, cookies)", "required": true, "platform": "macos", "deny": { "access": [ "~/Library/Messages", "~/Library/Mail", "~/Library/Cookies", "~/Library/Containers/com.apple.Safari", "~/Library/Application Support/MobileSync" ] } }, "deny_shell_history": { "description": "Block access to shell command history files", "required": true, "deny": { "access": [ "~/.bash_history", "~/.zsh_history", "~/.history", "~/.python_history" ] } }, "deny_shell_configs": { "description": "Block access to shell configuration files that may embed secrets", "required": true, "deny": { "access": [ "~/.zshrc", "~/.zprofile", "~/.zshenv", "~/.zlogin", "~/.zlogout", "~/.bashrc", "~/.bash_profile", "~/.bash_login", "~/.bash_logout", "~/.profile", "~/.config/fish", "~/.env", "~/.envrc" ] } }, "system_read_macos": { "description": "macOS system paths required for executables to function", "platform": "macos", "allow": { "read": [ "/bin", "/sbin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/lib", "/usr/local/lib", "/usr/share", "/System/Library", "/Library", "/Library/Frameworks", "/dev", "/private/var/db/dyld", "/var/db/dyld", "/var/db", "/private/etc/ssl", "/etc/ssl", "/etc", "/private/etc", "/usr/share/zoneinfo", "/usr/share/locale", "/var/db/timezone", "/usr/share/terminfo", "/var", "/private/var", "/private", "/tmp", "/System/Volumes", "/System/Cryptexes", "/Applications", "/cores", "/opt", "/Volumes" ] }, "symlink_pairs": { "/etc": "/private/etc", "/var": "/private/var", "/tmp": "/private/tmp" } }, "system_read_linux": { "description": "Linux system paths required for executables to function", "platform": "linux", "allow": { "read": [ "/bin", "/sbin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/lib", "/lib64", "/lib/x86_64-linux-gnu", "/lib/aarch64-linux-gnu", "/usr/lib", "/usr/lib64", "/usr/lib/x86_64-linux-gnu", "/usr/lib/aarch64-linux-gnu", "/usr/local/lib", "/usr/local/lib64", "/etc", "/usr/share", "/usr/share/locale", "/usr/share/locale-langpack", "/usr/share/zoneinfo", "/usr/share/terminfo", "/usr/share/ca-certificates", "/lib/terminfo", "/etc/terminfo", "/dev/null", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/full", "/dev/tty", "/dev/console", "/dev/stdin", "/dev/stdout", "/dev/stderr", "/dev/fd", "/dev/pts", "/proc", "/sys", "/run", "/var/run", "/tmp", "/nix" ] } }, "system_write_macos": { "description": "macOS paths requiring write for temp files and devices", "platform": "macos", "allow": { "write": [ "/private/tmp", "/tmp", "/private/var/folders", "/var/folders", "/dev", "$TMPDIR" ] } }, "system_write_linux": { "description": "Linux paths requiring write for temp files and devices", "platform": "linux", "allow": { "write": [ "/tmp", "/dev/null", "/dev/zero", "/dev/full", "/dev/tty", "/dev/pts", "$TMPDIR" ] } }, "user_caches_macos": { "description": "User cache, log, and preference directories for macOS programs", "platform": "macos", "allow": { "readwrite": [ "~/Library/Caches", "~/Library/Logs" ], "read": [ "~/Library/Preferences" ] } }, "user_tools": { "description": "User-local executables, .desktop files, man pages, and shell completions", "allow": { "read": [ "~/.local/bin", "~/.local/share/applications", "~/.local/share/man", "~/.local/share/bash-completion", "~/.local/share/zsh" ], "readwrite": [ "~/.local/state" ] } }, "node_runtime": { "description": "Node.js runtime and package manager paths", "allow": { "read": [ "~/.nvm", "~/.fnm", "~/.npm", "~/.node", "~/.local/share/fnm", "/usr/local/lib/node_modules" ] } }, "python_runtime": { "description": "Python runtime paths", "allow": { "read": [ "~/.pyenv", "~/.local/lib", "~/.conda" ] } }, "rust_runtime": { "description": "Rust toolchain paths", "allow": { "read": [ "~/.cargo", "~/.rustup" ] } }, "go_runtime": { "description": "Go toolchain paths", "allow": { "read": [ "~/go", "/usr/local/go" ] } }, "homebrew": { "description": "Homebrew installation paths", "platform": "macos", "allow": { "read": [ "/opt/homebrew", "/usr/local/Cellar", "/usr/local/opt" ] } }, "vscode": { "description": "Visual Studio Code configuration and extension directories", "platform": "macos", "allow": { "write": [ "$HOME/.vscode", "$HOME/Library/Application Support/Code" ] } }, "unlink_protection": { "description": "Block file deletion globally, override for user-writable paths", "deny": { "unlink": true, "unlink_override_for_user_writable": true } }, "dangerous_commands": { "description": "Cross-platform commands blocked by default to prevent destructive actions", "deny": { "commands": [ "rm", "rmdir", "dd", "chmod", "chown", "chgrp", "mv", "cp", "truncate", "scp", "rsync", "sftp", "ftp", "xargs", "sudo", "su", "doas", "pip", "shutdown", "reboot", "halt", "poweroff" ] } }, "dangerous_commands_macos": { "description": "macOS-specific commands blocked by default", "platform": "macos", "deny": { "commands": [ "srm", "brew", "launchctl" ] } }, "dangerous_commands_linux": { "description": "Linux-specific commands blocked by default", "platform": "linux", "deny": { "commands": [ "shred", "mkfs", "mkfs.ext4", "mkfs.xfs", "mkfs.btrfs", "mkswap", "fdisk", "parted", "gdisk", "wipefs", "chattr", "init", "systemctl", "apt", "apt-get", "dpkg", "yum", "dnf", "pacman", "pkexec" ] } } }, "profiles": { "claude-code": { "meta": { "name": "claude-code", "version": "1.0.0", "description": "Anthropic Claude Code CLI agent", "author": "nono-project" }, "security": { "groups": ["user_caches_macos", "node_runtime", "rust_runtime", "python_runtime", "vscode", "unlink_protection"] }, "trust_groups": [], "filesystem": { "allow": ["$HOME/.claude"], "read": ["$HOME/.local/share/claude"], "allow_file": ["$HOME/.claude.json"], "read_file": ["$HOME/Library/Keychains/login.keychain-db", "$HOME/.gitconfig", "$HOME/.gitignore_global", "$HOME/.config/git/ignore"] }, "network": { "block": false }, "workdir": { "access": "readwrite" }, "hooks": { "claude-code": { "event": "PostToolUseFailure", "matcher": "Read|Write|Edit|Bash", "script": "nono-hook.sh" } }, "undo": { "exclude_patterns": ["node_modules", ".next", "__pycache__", "target"], "exclude_globs": ["*.tmp.[0-9]*.[0-9]*"] }, "interactive": true }, "openclaw": { "meta": { "name": "openclaw", "version": "1.0.0", "description": "OpenClaw messaging gateway", "author": "nono-project" }, "security": { "groups": ["node_runtime"] }, "trust_groups": [], "filesystem": { "allow": [ "$HOME/.openclaw", "$HOME/.config/openclaw", "$HOME/.local", "$TMPDIR/openclaw-$UID" ] }, "network": { "block": false }, "workdir": { "access": "read" }, "undo": { "exclude_patterns": ["node_modules", ".next"] }, "interactive": false }, "opencode": { "meta": { "name": "opencode", "version": "1.0.0", "description": "OpenCode AI coding assistant", "author": "nono-project" }, "security": { "groups": ["user_caches_macos", "node_runtime", "unlink_protection"] }, "trust_groups": [], "filesystem": { "allow": [ "$HOME/.config/opencode", "$HOME/.cache/opencode", "$HOME/.local/share/opencode" ] }, "network": { "block": false }, "workdir": { "access": "readwrite" }, "undo": { "exclude_patterns": ["node_modules", ".next"] }, "interactive": true }, "python-dev": { "meta": { "name": "python-dev", "version": "1.0.0", "description": "Python SDK development profile with pyenv, conda, and pip support", "author": "nono-project" }, "security": { "groups": ["python_runtime"] }, "trust_groups": [], "filesystem": {}, "network": { "block": false }, "workdir": { "access": "readwrite" }, "interactive": false }, "node-dev": { "meta": { "name": "node-dev", "version": "1.0.0", "description": "Node.js SDK development profile with nvm, fnm, and npm support", "author": "nono-project" }, "security": { "groups": ["node_runtime"] }, "trust_groups": [], "filesystem": {}, "network": { "block": false }, "workdir": { "access": "readwrite" }, "interactive": false }, "go-dev": { "meta": { "name": "go-dev", "version": "1.0.0", "description": "Go SDK development profile with GOPATH and module support", "author": "nono-project" }, "security": { "groups": ["go_runtime"] }, "trust_groups": [], "filesystem": {}, "network": { "block": false }, "workdir": { "access": "readwrite" }, "interactive": false }, "rust-dev": { "meta": { "name": "rust-dev", "version": "1.0.0", "description": "Rust SDK development profile with cargo and rustup support", "author": "nono-project" }, "security": { "groups": ["rust_runtime"] }, "trust_groups": [], "filesystem": {}, "network": { "block": false }, "workdir": { "access": "readwrite" }, "interactive": false } } }