بنقرة واحدة
meridian-privilege-escalation
Use when a spawn fails due to sandbox or permission restrictions.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Use when a spawn fails due to sandbox or permission restrictions.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Produce a transition brief and launch command for the user's next interactive primary.
Load when building a static HTML artifact: single page or multi-page site to make structured information explorable through layout and navigation.
Use when deciding where knowledge goes or reading/writing durable docs: AGENTS.md, .context/, KB, docs/, and work directories.
Use when writing or maintaining AGENTS.md, .context/CONTEXT.md, or CLAUDE.md mirrors: keep intent docs minimal and load-bearing.
Anchor work in a work item: artifacts on disk, not in context.
Use when grilling should be grounded primarily in project artifacts. Loads `/grill`, checks project vocabulary and prior decisions first, and spawns bounded explorers when the answer should come from docs.
| name | meridian-privilege-escalation |
| type | reference |
| description | Use when a spawn fails due to sandbox or permission restrictions. |
Meridian agents run with constrained permissions by default: sandboxed filesystems, restricted tools, harness-specific limitations. When a spawn can't complete its task because of these constraints, you can escalate permissions per-spawn without changing the agent profile.
Prefer the least-privilege escalation that unblocks the task. Try targeted fixes first (--approval auto) before broad overrides (--approval yolo, --sandbox danger-full-access). Broad overrides disable safety checks entirely: if you're reaching for yolo or danger-full-access, surface the situation to the user first and let them approve the escalation. An autonomous agent silently granting itself maximum permissions defeats the purpose of having tiers.
The --sandbox flag controls Codex's process sandboxing: filesystem, network, and process isolation. Other harnesses have different escalation paths: Claude supports approval escalation (--approval) but not sandbox tier changes. OpenCode permissions vary by configuration. See Approval Modes and Model/Harness Switching below.
Tiers from most to least restrictive:
| Tier | What it allows |
|---|---|
read-only | Read files only. No writes, no process execution. |
workspace-write | Read/write within the workspace. No network listeners, no access outside project. |
danger-full-access | Full filesystem and process access with reduced safety checks. |
Override per-spawn:
meridian spawn -a coder --sandbox danger-full-access --prompt-file integration-tests.md --bg
Agent profiles set a default tier (e.g. sandbox: workspace-write). The --sandbox flag overrides it for that specific spawn only. The tier passes through directly to Codex's --sandbox flag.
The --approval flag controls how the harness handles tool-call approvals:
| Mode | Behavior |
|---|---|
default | Harness decides (each harness has its own default policy). |
confirm | User approves each tool call. |
auto | Auto-approve safe operations, prompt for dangerous ones. |
yolo | Approve everything. No prompts. |
Override per-spawn:
meridian spawn -a coder --approval auto --prompt-file task.md --bg
meridian spawn -a coder --approval yolo --prompt-file task.md --bg # use yolo sparingly
Different models route to different harnesses, and each harness has different capability profiles. Switching the model can bypass harness-level restrictions entirely:
# Choose an alias from `meridian mars models list`; use `--live` when you need
# to confirm the needed harness is runnable on this machine.
# Some harnesses have sandboxes that restrict network binding;
# switching to a harness without sandbox restrictions sidesteps the issue.
meridian spawn -a coder -m MODEL_ALIAS --prompt-file task.md --bg
Run meridian mars models list to see catalog aliases and static routing hints.
Run meridian mars models list --live before switching models specifically to
escape a local harness restriction.
"Can't bind to a port / start a server"
On Codex: sandbox restricts network listeners → --sandbox danger-full-access.
On Claude: not sandbox-restricted → check if the tool is in the allowedTools list, or use --approval auto.
"Can't write files outside workspace"
On Codex: sandbox restricts filesystem scope → --sandbox danger-full-access for that spawn.
On Claude: escalate to the user: they can approve --approval yolo for that spawn.
"Can't access the network / fetch URLs" On Codex: sandbox or tool restriction → ensure WebFetch/WebSearch are in the agent's tools list, or escalate sandbox. On Claude: ensure the agent profile includes WebFetch/WebSearch tools.
"Permission denied on tool call": approval mode is blocking.
→ --approval auto first. If that's not enough, surface to the user before using --approval yolo.
"Context too small for the task": model limitation.
→ Switch to a model with a larger context window via -m.