Read-only sandbox

isolation-constraint · v1.0.0

Subprocess with read-only filesystem mount, no network, scoped to the workspace root. Used by reviewer / analyst agents.

Isolation

Process: subprocess
Network: none
Filesystem: read-only
Scoped paths: ${WORKSPACE_ROOT}

Raw atom

/atoms/isolation-constraint/read-only-sandbox.json · schema