{
  "permissions": {
    "allow": [
      "Read",
      "Edit",
      "Write",
      "Bash(*)",
      "Read(//tmp/**)",
      "WebSearch",
      "WebFetch(domain:github.com)",
      "WebFetch(domain:raw.githubusercontent.com)",
      "WebFetch(domain:api.github.com)",
      "WebFetch(domain:docs.docker.com)",
      "WebFetch(domain:pypi.org)",
      "WebFetch(domain:docs.cypress.io)",
      "WebFetch(domain:flask.palletsprojects.com)",
      "Skill(update-config)",
      "Skill(update-config:*)"
    ],
    "deny": [
      "Bash(git push --force*)",
      "Bash(git reset --hard*)",
      "Bash(rm -rf*)",
      "Bash(sudo*)"
    ],
    "ask": [
      "Bash(git push*)",
      "Bash(docker run*)",
      "Bash(curl*)"
    ],
    "additionalDirectories": [
      "/tmp"
    ]
  },
  "sandbox": {
    "enabled": true,
    "autoAllowBashIfSandboxed": true,
    "filesystem": {
      "allowWrite": [
        ".",
        "/tmp"
      ],
      "denyRead": [
        "~/.ssh",
        "~/.gnupg",
        "~/.kube",
        "~/.aws",
        "~/.config/gcloud"
      ]
    }
  }
}