Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/eugene1g/agent-safehouse/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Agent Safehouse provides two primary customization mechanisms:
  1. Machine-local overrides (.safehouse config files)
  2. --append-profile flag (runtime policy overlays)
Each serves different use cases. This guide explains when to use which approach.

Machine-Local Overrides

Workdir Config Files

Place a .safehouse file in your project root to configure project-specific grants: 
# ~/projects/myapp/.safehouse
SAFEHOUSE_ADD_DIRS_RO="$HOME/reference-repo:$HOME/docs"
SAFEHOUSE_ADD_DIRS="$HOME/scratch"
SAFEHOUSE_ENABLE="docker,kubectl,ssh"
Workdir config files are untrusted by default. You must explicitly opt in:
safehouse --trust-workdir-config -- myagent
Or set globally:
export SAFEHOUSE_TRUST_WORKDIR_CONFIG=1

Shell Environment Variables

Set environment variables in your shell profile (~/.zshrc, ~/.bashrc): 
# ~/.zshrc
export SAFEHOUSE_ADD_DIRS_RO="$HOME/reference-docs:$HOME/design-assets"
export SAFEHOUSE_ADD_DIRS="$HOME/scratch:$HOME/tmp-experiments"
export SAFEHOUSE_ENABLE="docker,ssh,clipboard"
export SAFEHOUSE_TRUST_WORKDIR_CONFIG=1

Precedence Order

When the same variable is set in multiple locations:
1

CLI flags (highest priority)

safehouse --enable=docker --add-dirs=/tmp/scratch -- myagent
2

Environment variables

export SAFEHOUSE_ENABLE="ssh"
safehouse -- myagent
3

Workdir config (lowest priority)

# .safehouse
SAFEHOUSE_ENABLE="kubectl"
Path grants are merged across all sources (CLI + ENV + config). Later sources append to earlier ones.Feature flags (--enable) are replaced (not merged). CLI --enable overrides ENV SAFEHOUSE_ENABLE, which overrides config SAFEHOUSE_ENABLE.

--append-profile Flag

Purpose

Append a custom .sb file to the end of the generated policy. This is the final extension point in the assembly order. 
safehouse --append-profile=~/my-overrides.sb -- myagent

Use Cases

Deny Sensitive Paths

Block access to specific directories even if earlier rules allowed them:
;; ~/deny-aws.sb
(deny file-read* file-write*
    (home-subpath "/.aws")
)

safehouse --append-profile=~/deny-aws.sb -- myagent

Ad-Hoc Grants

Quickly grant access to a new tool or path without editing committed profiles:
;; ~/tmp-grants.sb
(allow file-read* file-write*
    (subpath "/usr/local/mycorp-tool")
)

safehouse --append-profile=~/tmp-grants.sb -- myagent

Testing Policy Changes

Iterate on policy rules before committing them to the repository:
# Test new rule
safehouse --append-profile=./test-rule.sb -- myagent

# Once validated, move to profiles/
mv test-rule.sb profiles/55-integrations-optional/my-feature.sb

Environment-Specific Rules

Apply machine-specific grants without editing source profiles:
# ~/machine-local.sb
(allow file-read*
    (literal "/opt/local-tool/config.json")
)

safehouse --append-profile=~/machine-local.sb -- myagent

Multiple Appended Profiles

Pass --append-profile multiple times. They are concatenated in order: 
safehouse \
  --append-profile=~/base-overrides.sb \
  --append-profile=~/project-specific.sb \
  -- myagent

Last Rule Wins

Because --append-profile rules are emitted last in the policy assembly order, they override earlier rules: 
;; From 60-agents/myagent.sb
(allow file-read* file-write*
    (home-subpath "/.myagent")
)
The deny rule wins because it comes last.

Comparison: When to Use Which

ScenarioRecommended ApproachWhy
Project-specific extra directoriesWorkdir .safehouse configPer-project, version-controlled, no CLI friction
Machine-wide defaultsShell ENV vars (~/.zshrc)Applies to all invocations, no per-project setup
One-off path grant for debuggingCLI --add-dirs=/tmp/fooFastest, no file editing
Block sensitive path (e.g., ~/.ssh)--append-profile with deny ruleDeny rules must come last to override allows
Test new integration before committing--append-profile=./test.sbIterate quickly without editing profiles/
Machine-specific tool access--append-profile=~/machine-local.sbPersistent but not committed to repo
Enable Docker/SSH for all projectsShell ENV SAFEHOUSE_ENABLE=docker,sshMachine-wide, no per-project config
Temporary feature enableCLI --enable=clipboardOne-off, no config file changes

Example Workflows

Workflow 1: Project-Specific Reference Repo

You’re working on ~/projects/myapp and need read-only access to ~/reference/design-system.
1

Create workdir config

# ~/projects/myapp/.safehouse
SAFEHOUSE_ADD_DIRS_RO="$HOME/reference/design-system"
2

Trust the config (once)

cd ~/projects/myapp
safehouse --trust-workdir-config -- myagent
Or enable trust globally:
echo 'export SAFEHOUSE_TRUST_WORKDIR_CONFIG=1' >> ~/.zshrc
source ~/.zshrc
3

Run agent

cd ~/projects/myapp
safehouse -- myagent
The agent now has read-only access to ~/reference/design-system.

Workflow 2: Block Cloud Credentials

You want to ensure agents never access ~/.aws or ~/.config/gcloud, even if cloud-credentials integration is enabled.
1

Create deny profile

;; ~/deny-cloud.sb
(deny file-read* file-write*
    (home-subpath "/.aws")
    (home-subpath "/.config/gcloud")
    (home-subpath "/.azure")
)
2

Run with appended profile

safehouse --append-profile=~/deny-cloud.sb -- myagent
3

Make it persistent (optional)

Add to shell ENV:
# ~/.zshrc
export SAFEHOUSE_APPEND_PROFILE="$HOME/deny-cloud.sb"
Now all safehouse invocations include the deny rules.
--append-profile paths are not automatically resolved in ENV vars. Use absolute paths or $HOME:
# ✅ Correct
export SAFEHOUSE_APPEND_PROFILE="$HOME/deny-cloud.sb"

# ❌ Incorrect (won't expand ~)
export SAFEHOUSE_APPEND_PROFILE="~/deny-cloud.sb"

Workflow 3: Machine-Wide Docker + SSH

You want Docker and SSH enabled for all agent invocations on your machine.
1

Set ENV var

# ~/.zshrc
export SAFEHOUSE_ENABLE="docker,ssh"
2

Reload shell

source ~/.zshrc
3

Verify

safehouse --explain --stdout 2>&1 | grep "optional integrations explicitly enabled"
Output:
optional integrations explicitly enabled: docker ssh

Debugging Overrides

Inspect Effective Config

Use --explain to see which config sources were loaded: 
safehouse --explain --stdout

safehouse explain:
  effective workdir: /Users/alice/projects/myapp (source: PWD)
  workdir config trust: enabled (source: CLI flag)
  workdir config: loaded from /Users/alice/projects/myapp/.safehouse
  add-dirs-ro (normalized): /Users/alice/reference-docs /Users/alice/design-assets
  add-dirs (normalized): /Users/alice/scratch
  optional integrations explicitly enabled: docker ssh clipboard
  ...

Check Policy for Appended Rules

Generate policy and search for your appended profile: 
safehouse --append-profile=~/my-overrides.sb --stdout > /tmp/policy.sb
grep -A 5 "#safehouse-test-id:append-profile#" /tmp/policy.sb

;; #safehouse-test-id:append-profile# Appended profile from --append-profile: /Users/alice/my-overrides.sb

(deny file-read* file-write*
    (home-subpath "/.aws")
)

Best Practices

Use Workdir Config for Projects

Commit .safehouse to your repo for team-shared project grants. Keep machine-specific overrides in ENV or --append-profile.

Use ENV for Machine Defaults

Set SAFEHOUSE_ENABLE, SAFEHOUSE_ADD_DIRS_RO in ~/.zshrc for your personal workflow defaults.

Use --append-profile for Denies

Deny rules must come last to override allows. --append-profile is the only way to guarantee last-rule-wins.

Test Before Committing

Use --append-profile=./test.sb to iterate on new rules before moving them to profiles/.

Environment Variable Reference

VariableTypeDescriptionExample
SAFEHOUSE_ENABLEString (CSV)Comma-separated optional integration featuresdocker,ssh,clipboard
SAFEHOUSE_ADD_DIRS_ROString (colon-separated)Read-only directory grants$HOME/docs:$HOME/reference
SAFEHOUSE_ADD_DIRSString (colon-separated)Read/write directory grants$HOME/scratch:/tmp/work
SAFEHOUSE_APPEND_PROFILEString (colon-separated)Paths to .sb files to append$HOME/overrides.sb:$HOME/deny.sb
SAFEHOUSE_WORKDIRString (path)Override working directory/Users/alice/projects/myapp
SAFEHOUSE_TRUST_WORKDIR_CONFIG1 or 0Enable workdir config trust1
All path variables (SAFEHOUSE_ADD_DIRS_RO, SAFEHOUSE_ADD_DIRS, SAFEHOUSE_APPEND_PROFILE) support colon-separated lists:
export SAFEHOUSE_ADD_DIRS_RO="$HOME/docs:$HOME/reference:$HOME/assets"

Next Steps

Write Custom Profiles

Learn how to write your own .sb files with matchers and real examples.

Policy Architecture

Understand assembly order, profile layers, and dependency system.