菜单
Use when creating, reviewing, or debugging `wendy.json` entitlements for Wendy apps, especially device access, networking, persistence, GPU, audio, camera, Bluetooth, USB, I2C, GPIO, SPI, or input devices.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | wendy-entitlements |
| description | Use when creating, reviewing, or debugging `wendy.json` entitlements for Wendy apps, especially device access, networking, persistence, GPU, audio, camera, Bluetooth, USB, I2C, GPIO, SPI, or input devices. |
Use this for any task involving wendy.json capabilities. Base recommendations on the runtime behavior in wendy-agent/go/internal/agent/oci/entitlements.go and validation in wendy-agent/go/internal/shared/appconfig/appconfig.go.
Ask what the app actually touches, then choose the smallest entitlement set:
network.gpu.audio.camera.persist.bluetooth.usb.i2c.gpio.spi.input.Prefer no entitlement when the app does not need the host resource.
Use this table as the starting point, then verify against the local repo when changing runtime behavior:
| Type | Required keys | Common optional keys | Runtime effect |
|---|---|---|---|
network | none | mode as host or none | Defaults to host networking when mode is empty; host removes the network namespace and mounts host DNS config. |
gpu | none | none | Adds NVIDIA device nodes, NVIDIA env vars, and relies on CDI for full Jetson/NVIDIA library/device wiring. |
audio | none | none | Adds audio group, mounts /dev/snd, allows sound devices, and mounts PipeWire/Pulse sockets when present. |
camera | none | mode, allowlist | Canonical V4L2/camera entitlement; allows major 81 and bind-mounts host /dev for live camera hotplug. |
video | none | mode, allowlist | Deprecated compatibility alias for camera; prefer camera in new configs. |
persist | name, path | none | Creates/binds /var/lib/wendy/volumes/<name> to the container path; volume names are shared across apps. |
bluetooth | none | mode | Uses a filtered xdg-dbus-proxy socket for BlueZ. Do not assume unrestricted host D-Bus access. |
usb | none | none | Mounts /dev/bus/usb and allows USB character devices. |
i2c | device | none | Binds /dev/<device> such as /dev/i2c-1 and allows I2C devices. |
gpio | none | pins | Mounts existing /dev/gpiochip0 through /dev/gpiochip7; pins are documentation/validation, access is chip-level. |
spi | none | none | Mounts existing /dev/spidev* nodes and adds the host spi group when present. |
input | none | none | Adds input group, mounts /dev/input, and allows input event devices. |
network.ports is accepted by config validation, but the runtime path in entitlements.go currently acts on mode. Do not claim port mapping behavior without tracing the caller that consumes ports.
Web server:
{
"appId": "api-server",
"platform": "wendyos",
"entitlements": [
{ "type": "network", "mode": "host" }
],
"readiness": {
"tcpSocket": { "port": 8000 },
"timeoutSeconds": 30
}
}
Camera + audio app:
{
"appId": "camera-assistant",
"platform": "wendyos",
"entitlements": [
{ "type": "network", "mode": "host" },
{ "type": "camera" },
{ "type": "audio" }
]
}
Jetson GPU app with persistent model cache:
{
"appId": "vision-inference",
"platform": "wendyos",
"entitlements": [
{ "type": "network", "mode": "host" },
{ "type": "gpu" },
{ "type": "camera" },
{ "type": "persist", "name": "vision-models", "path": "/models" }
]
}
I2C sensor app:
{
"appId": "sensor-reader",
"platform": "wendyos",
"entitlements": [
{ "type": "i2c", "device": "i2c-1" },
{ "type": "persist", "name": "sensor-data", "path": "/data" }
]
}
appId is present.camera over video.persist entries include both name and an absolute container path.i2c entries include a device name without a leading /dev/.wendy.json.Use when creating, validating, or repairing a Wendy project scaffold, adapting Wendy templates, `wendy.json`, JSON schema setup, or project entitlements with `wendy init`, `wendy json`, or `wendy project entitlements`.
Use when creating a Wendy app from an existing Wendy template or sample, especially when the user names an app archetype such as realsense-camera, camera-feed, camera-feed-yolo, voice-assistant, audio, fullstack, simple-api, or asks to create a Wendy app in a new directory.
Use when a developer needs to install, verify, or repair the Wendy CLI before using `wendy run`, `wendy discover`, or device workflows.
Use when a developer or coding agent needs Wendy CLI-native device operations: discover devices, set defaults, inspect device version/system/hardware/WiFi state, update the agent, or gather evidence before SSH/debugging.
Use when configuring, verifying, or explaining the Wendy CLI MCP server for AI assistants with `wendy mcp setup` or `wendy mcp serve`, especially Claude Code, Claude Desktop, Codex, or device-tool access.
Use when debugging WendyOS, Jetson, Raspberry Pi, USB-C host mode, containerd, GPU/audio/video entitlements, or a `wendy run` issue that only appears on a live device.