{
  "schema": "https://agent-atoms.com/schemas/atom-v1.json",
  "type": "isolation-constraint",
  "id": "network-namespaced",
  "version": "1.0.0",
  "name": "Network namespaced",
  "description": "Own network namespace with explicit allowlist. Filesystem and process boundaries delegated to the host.",
  "isolation": {
    "process": "subprocess",
    "network": "allowlist",
    "filesystem": "scoped",
    "scoped_paths": ["${WORKSPACE_ROOT}"]
  }
}