Security & Permissions

Permissions Configuration

How to configure and reason about ship.json permissions

Permissions Configuration

ship.json.permissions defines the operational boundary for an agent.

Minimal example

{
  "permissions": {
    "read_repo": true,
    "write_repo": {
      "requiresApproval": false
    },
    "exec_command": {
      "deny": ["rm"],
      "requiresApproval": false,
      "denyRequiresApproval": true,
      "maxOutputChars": 12000,
      "maxOutputLines": 200
    }
  }
}

Field semantics

read_repo: allow repository reads.
write_repo.requiresApproval: require approval before repository writes.
exec_command.deny: blocked command prefix list.
exec_command.requiresApproval: require approval for general commands.
exec_command.denyRequiresApproval: whether denied commands can be manually approved.
exec_command.maxOutputChars/maxOutputLines: command output limits.

Recommended policy

Keep baseline deny list for production and add risk-specific rules.
On CI/shared hosts, enable requiresApproval.
If output is truncated, narrow command scope first instead of unlimited output.

Security and Permissions Overview

User-facing security model for isolation, permissions, and secret protection

Data Security and Keys

Model storage, encryption behavior, and key management guidance