You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs(sandboxes): document file.parser and deniedDomains in kits spec (#25030)
## Summary
- Adds a `#### file.parser` subsection under the Credentials spec
reference, covering supported forms (`json:<dot.path>` and plain text),
JSON path rules and limitations, priority/fallback behaviour for missing
files, worked examples, and common error messages. Behaviour verified
against `sandboxd/pkg/secrets/store.go`.
- Adds `deniedDomains` to the Network spec reference table, which was
missing despite being a supported field. Deny rules take precedence over
allow rules including those from composed kits.
## Test plan
- [ ] `docker buildx bake lint vale` — passes clean for this file
- [ ] Spot-check rendered output on staging
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
| `allowedDomains` | Domains the sandbox can reach. Wildcards supported. |
600
+
| `deniedDomains` | Domains the sandbox is blocked from reaching. Deny rules take precedence over allow rules, including those from other composed kits. |
601
+
| `serviceDomains` | Map of domain to service identifier from `credentials.sources`. |
602
+
| `serviceAuth.headerName` | HTTP header the proxy sets (for example, `Authorization`). |
603
+
| `serviceAuth.valueFormat` | Format string for the header value (for example, `"Bearer %s"`). |
0 commit comments