بنقرة واحدة
jj-protected-workspaces
Use when working on a project within /home/user/workspace/code or code-agent.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Use when working on a project within /home/user/workspace/code or code-agent.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Propose or modify Rego sandbox command policies for mcp-run (PROPOSAL_DIR ~/proposed-sandbox-commands; runtime POLICY_DIR /opt/config/nw_sandbox). Use when asked to draft new .rego files, update existing policy logic, or review command allowlists with safe argument constraints and network/data-exfiltration safeguards.
Manage npm package dependencies in this environment. Use when adding or updating npm packages, editing package.json/package-lock.json, or when network access must be constrained to `run-in-nw-sandbox -- npm install --no-scripts [--save | --save-dev] -- package-spec ...` followed by `npm rebuild` outside the sandbox.
How to use run-in-nw-sandbox to run commands with network access from inside the agent
How to use uv, pip and Python to download and install dependencies in this environment. If there's an error installing python dependencies, you need this!
| name | jj-protected-workspaces |
| description | Use when working on a project within /home/user/workspace/code or code-agent. |
This environment separates canonical project repositories from agent working copies:
/home/user/workspace/code/<repo> contains canonical project repositories.
Treat these as read-only source-of-truth projects./home/user/workspace/code-agent/<workspace> contains writable agent workspaces.
Make file edits and run normal development commands from here.When a task names a repository, prefer the matching workspace under
code-agent/. If you are in code/, do not edit files there directly; create
or switch to the corresponding code-agent/ workspace.
Only a narrow set of jj mutations is currently allowed. Use these exact
argument forms; the allowlist is strict about argument order and shape.
From /home/user/workspace/code/<repo>:
jj workspace add ../../code-agent/<workspace> --name agent-<workspace>
From /home/user/workspace/code-agent/<workspace>:
jj workspace update-stale
jj commit -m "message" [<fileset>...]
jj desc [<revset>] -m "description"
jj describe [<revset>] -m "description"
jj new [<revset>]
jj squash [--from <revset>] [--to <revset>] [<fileset>...]
jj edit <revset>
jj abandon [<revset>...]
Do not use other mutating jj commands.
The immutable-heads configuration is the protection boundary. An agent cannot
rewrite ancestry of default@, bookmarked changes, or remote-bookmarked
changes, but non-immutable unbookmarked revisions are considered mutable
working area and may be changed by allowed revset-based commands.
Read-only inspection commands are permitted and should be used as needed:
jj status
jj log
jj show
jj diff
Use these commands to inspect history, review diffs, and verify the working copy before committing.