Skip to content

[feat] CLI-01: capability gate defaults to open + STAR_CAPS env#10

Merged
vt128 merged 1 commit into
masterfrom
feat/cli-01-caps-default-open
Jun 21, 2026
Merged

[feat] CLI-01: capability gate defaults to open + STAR_CAPS env#10
vt128 merged 1 commit into
masterfrom
feat/cli-01-caps-default-open

Conversation

@vt128

@vt128 vt128 commented Jun 21, 2026

Copy link
Copy Markdown
Member

Default posture → open (opt-in sandboxing), with a STAR_CAPS env knob

Per maintainer decision, flip the capability model: the CLI is open by
default (every wired module loadable, including cmd) so scripts just work,
and sandboxing is opt-in rather than the default-deny shipped in #8.

What changed

  • New open tier (everything incl. exec) is the default. --caps now
    accepts open | full | network | safe; an empty value resolves to open.
  • STAR_CAPS env var sets the default tier for a whole deployment (an
    explicit --caps still wins). Lock a deployment down with STAR_CAPS=safe.
  • When the grant is fully open, BuildBox installs no policy (plain
    starbox.New) — exactly the permissive pre-gate behaviour, so an unknown
    -m module errors at the loader again (the characterization test for that is
    restored). A restrictive tier/flag still builds NewWithPolicy and gates.
  • An unrecognised --caps value is rejected with a clear error rather than
    silently falling open — a typo'd lockdown (STAR_CAPS=saef) fails loud, not open.

Unchanged

The gate machinery, the union classification (web/s3/sqlite = net|fs),
and the cmd-gated-alone rule all stay — only the default and the env knob
are new.

$ ./starcli -c 'load("http","get")'                    # open: loads
$ ./starcli --caps safe -c 'load("http","get")'        # sandbox: withheld (exit 4)
$ STAR_CAPS=safe ./starcli -c 'load("http","get")'     # deployment default: withheld
$ ./starcli --caps saef -c 'print(1)'                  # typo: errors, never opens

README + flag help updated. Coverage 73.2% (≥ 65); Docker golang:1.22 green.

@vt128
[feat] CLI-01: capability gate defaults to open + STAR_CAPS env (STAR…
3af2b0e 
…-18)

Per maintainer decision, flip the capability posture: the CLI is OPEN by
default (every wired module loadable, including cmd) so scripts just work, and
sandboxing is opt-in rather than the default.

- New 'open' tier (everything incl. exec) is the default; --caps now accepts
  open|full|network|safe and an empty value resolves to open.
- STAR_CAPS env var sets the default tier for a deployment (an explicit --caps
  still wins). A deployment locks down with STAR_CAPS=safe.
- When the grant is fully open, BuildBox installs NO policy (plain starbox.New)
  -- exactly the permissive pre-gate behavior, so an unknown -m module errors at
  the loader again (TestProcess_DirectCode_UnknownModule restored). A
  restrictive tier/flag still builds NewWithPolicy and gates loading.
- An unrecognised --caps value is rejected with a clear error rather than
  silently falling open, so a typo'd lockdown (e.g. STAR_CAPS=saef) fails loud.

The gate machinery, the union classification (web/s3/sqlite = net|fs), and the
cmd-gated-alone rule are unchanged -- only the default and the env knob are new.
README + flag help updated. Coverage 73.2%; Docker golang:1.22 green.
@vt128 vt128 merged commit 89873ad into master Jun 21, 2026
6 checks passed
@vt128 vt128 deleted the feat/cli-01-caps-default-open branch June 21, 2026 08:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vt128