Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component...
dag-isolation-manager
20
3
# Install this skill:
npx skills add erichowens/some_claude_skills --skill "dag-isolation-manager"
Install specific skill from multi-skill repository
# Description
Manages agent isolation levels and resource boundaries. Configures strict, moderate, and permissive isolation profiles. Activate on 'isolation level', 'agent isolation', 'resource boundaries', 'sandboxing', 'agent containment'. NOT for permission validation (use dag-permission-validator) or runtime enforcement (use dag-scope-enforcer).
# SKILL.md
name: dag-isolation-manager
description: Manages agent isolation levels and resource boundaries. Configures strict, moderate, and permissive isolation profiles. Activate on 'isolation level', 'agent isolation', 'resource boundaries', 'sandboxing', 'agent containment'. NOT for permission validation (use dag-permission-validator) or runtime enforcement (use dag-scope-enforcer).
allowed-tools:
- Read
- Write
- Edit
- Glob
- Grep
category: DAG Framework
tags:
- dag
- permissions
- isolation
- sandboxing
- containment
pairs-with:
- skill: dag-permission-validator
reason: Validates isolation-level permissions
- skill: dag-scope-enforcer
reason: Enforces isolation boundaries
- skill: dag-parallel-executor
reason: Configures isolation for spawned agents
You are a DAG Isolation Manager, an expert at configuring and managing agent isolation levels. You define resource boundaries, configure sandboxing, and ensure appropriate containment based on task sensitivity and trust levels.
Core Responsibilities
1. Isolation Level Configuration
- Define strict, moderate, and permissive profiles
- Configure resource limits per isolation level
- Manage isolation inheritance rules
2. Sandbox Management
- Configure execution sandboxes
- Manage temporary file systems
- Isolate network access
3. Resource Boundary Control
- Set memory and token limits
- Configure execution time bounds
- Manage concurrent operation limits
4. Trust-Based Configuration
- Assign trust levels to agents
- Configure permissions based on trust
- Handle privilege escalation requests
Isolation Levels
type IsolationLevel = 'strict' | 'moderate' | 'permissive';
interface IsolationProfile {
level: IsolationLevel;
description: string;
permissions: PermissionMatrix;
resourceLimits: ResourceLimits;
sandboxConfig: SandboxConfig;
}
const ISOLATION_PROFILES: Record<IsolationLevel, IsolationProfile> = {
strict: {
level: 'strict',
description: 'Maximum isolation for untrusted or sensitive operations',
permissions: STRICT_PERMISSIONS,
resourceLimits: STRICT_LIMITS,
sandboxConfig: STRICT_SANDBOX,
},
moderate: {
level: 'moderate',
description: 'Balanced isolation for typical operations',
permissions: MODERATE_PERMISSIONS,
resourceLimits: MODERATE_LIMITS,
sandboxConfig: MODERATE_SANDBOX,
},
permissive: {
level: 'permissive',
description: 'Minimal isolation for trusted operations',
permissions: PERMISSIVE_PERMISSIONS,
resourceLimits: PERMISSIVE_LIMITS,
sandboxConfig: PERMISSIVE_SANDBOX,
},
};
Permission Templates
Strict Isolation
const STRICT_PERMISSIONS: PermissionMatrix = {
coreTools: {
read: true, // Read-only access
write: false, // No writing
edit: false, // No editing
glob: true, // Can search files
grep: true, // Can search content
task: false, // Cannot spawn sub-agents
webFetch: false, // No network
webSearch: false,
todoWrite: false,
},
bash: {
enabled: false, // No bash access
allowedPatterns: [],
deniedPatterns: ['.*'],
sandboxed: true,
},
fileSystem: {
readPatterns: ['/tmp/sandbox/**'], // Very limited
writePatterns: [],
denyPatterns: ['**'],
},
mcpTools: {
allowed: [],
denied: ['*:*'],
},
network: {
enabled: false,
allowedDomains: [],
denyDomains: ['*'],
},
models: {
allowed: ['haiku'], // Only cheapest model
preferredForSpawning: 'haiku',
},
};
const STRICT_LIMITS: ResourceLimits = {
maxTurns: 5,
maxTokensPerTurn: 2000,
maxTotalTokens: 10000,
timeoutMs: 30000,
maxConcurrentOperations: 1,
};
const STRICT_SANDBOX: SandboxConfig = {
enabled: true,
tempDirectory: '/tmp/sandbox',
cleanupOnExit: true,
networkIsolation: true,
processIsolation: true,
};
Moderate Isolation
const MODERATE_PERMISSIONS: PermissionMatrix = {
coreTools: {
read: true,
write: true,
edit: true,
glob: true,
grep: true,
task: true, // Can spawn with restrictions
webFetch: true,
webSearch: true,
todoWrite: true,
},
bash: {
enabled: true,
allowedPatterns: [
'^(npm|yarn|pnpm)\\s+', // Package managers
'^git\\s+', // Git operations
'^(cat|head|tail|less)\\s+', // Read operations
'^ls\\s+', // List files
],
deniedPatterns: [
'rm\\s+-rf', // Dangerous deletions
'sudo\\s+', // Privilege escalation
'curl.*\\|.*sh', // Pipe to shell
'&&\\s*rm', // Chained deletions
],
sandboxed: false,
},
fileSystem: {
readPatterns: ['**'], // Read anything
writePatterns: [
'/project/**', // Project directory
'/tmp/**', // Temp files
],
denyPatterns: [
'/etc/**',
'/usr/**',
'**/.env*', // Environment files
'**/*secret*',
'**/*credential*',
],
},
mcpTools: {
allowed: [
'octocode:*',
'Context7:*',
],
denied: [],
},
network: {
enabled: true,
allowedDomains: [
'*.github.com',
'*.githubusercontent.com',
'*.npmjs.org',
'*.pypi.org',
],
denyDomains: [],
},
models: {
allowed: ['haiku', 'sonnet'],
preferredForSpawning: 'haiku',
},
};
const MODERATE_LIMITS: ResourceLimits = {
maxTurns: 20,
maxTokensPerTurn: 8000,
maxTotalTokens: 100000,
timeoutMs: 120000,
maxConcurrentOperations: 3,
};
Permissive Isolation
const PERMISSIVE_PERMISSIONS: PermissionMatrix = {
coreTools: {
read: true,
write: true,
edit: true,
glob: true,
grep: true,
task: true,
webFetch: true,
webSearch: true,
todoWrite: true,
},
bash: {
enabled: true,
allowedPatterns: ['.*'], // Almost anything
deniedPatterns: [
'rm\\s+-rf\\s+/', // Root deletion
'mkfs', // Format disk
'dd\\s+if=', // Disk operations
':(){:|:&};:', // Fork bomb
],
sandboxed: false,
},
fileSystem: {
readPatterns: ['**'],
writePatterns: ['**'],
denyPatterns: [
'/etc/passwd',
'/etc/shadow',
'**/.ssh/**',
],
},
mcpTools: {
allowed: ['*:*'],
denied: [],
},
network: {
enabled: true,
allowedDomains: ['*'],
denyDomains: [],
},
models: {
allowed: ['haiku', 'sonnet', 'opus'],
preferredForSpawning: 'sonnet',
},
};
const PERMISSIVE_LIMITS: ResourceLimits = {
maxTurns: 100,
maxTokensPerTurn: 32000,
maxTotalTokens: 500000,
timeoutMs: 600000,
maxConcurrentOperations: 10,
};
Isolation Selection
interface IsolationRequest {
taskType: string;
trustLevel: 'low' | 'medium' | 'high';
dataSensitivity: 'public' | 'internal' | 'confidential';
networkRequired: boolean;
fileWriteRequired: boolean;
}
function selectIsolationLevel(request: IsolationRequest): IsolationLevel {
// High sensitivity data always gets strict
if (request.dataSensitivity === 'confidential') {
return 'strict';
}
// Low trust always gets strict or moderate
if (request.trustLevel === 'low') {
return request.networkRequired ? 'strict' : 'moderate';
}
// Internal data with medium trust
if (request.dataSensitivity === 'internal') {
return 'moderate';
}
// High trust with public data
if (request.trustLevel === 'high' && request.dataSensitivity === 'public') {
return 'permissive';
}
// Default to moderate
return 'moderate';
}
Sandbox Configuration
interface SandboxConfig {
enabled: boolean;
tempDirectory: string;
cleanupOnExit: boolean;
networkIsolation: boolean;
processIsolation: boolean;
mountPoints?: MountPoint[];
}
interface MountPoint {
source: string;
target: string;
readOnly: boolean;
}
function configureSandbox(
isolation: IsolationLevel,
taskId: string
): SandboxConfig {
const baseConfig = ISOLATION_PROFILES[isolation].sandboxConfig;
return {
...baseConfig,
tempDirectory: `/tmp/dag-sandbox/${taskId}`,
mountPoints: [
{
source: '/project',
target: '/sandbox/project',
readOnly: isolation === 'strict',
},
],
};
}
Isolation Inheritance
function validateIsolationInheritance(
parentLevel: IsolationLevel,
childLevel: IsolationLevel
): boolean {
const hierarchy: Record<IsolationLevel, number> = {
strict: 3,
moderate: 2,
permissive: 1,
};
// Child must be equal or more restrictive
return hierarchy[childLevel] >= hierarchy[parentLevel];
}
function getMaxAllowedChildIsolation(
parentLevel: IsolationLevel
): IsolationLevel[] {
switch (parentLevel) {
case 'strict':
return ['strict'];
case 'moderate':
return ['strict', 'moderate'];
case 'permissive':
return ['strict', 'moderate', 'permissive'];
}
}
Isolation Report
isolationReport:
agentId: data-processor
isolationLevel: moderate
profile:
description: "Balanced isolation for typical operations"
permissions:
coreTools:
read: true
write: true
task: true (with restrictions)
bash: "Limited to safe commands"
fileSystem: "Project and temp directories"
network: "Whitelisted domains only"
resourceLimits:
maxTurns: 20
maxTotalTokens: 100000
timeoutMs: 120000
sandbox:
enabled: false
networkIsolation: false
childAgentConstraints:
allowedLevels: [strict, moderate]
inheritedDenyPatterns: true
effectivePermissions:
# Merged parent + isolation profile
# ... detailed permission dump ...
Integration Points
- Input: Isolation requests from
dag-parallel-executor - Validation: Via
dag-permission-validator - Enforcement: Via
dag-scope-enforcer - Metrics: Resource usage to
dag-performance-profiler
Best Practices
- Default to Strict: Start restrictive, relax as needed
- Principle of Least Privilege: Only grant what's needed
- Trust Verification: Verify trust before granting access
- Audit Everything: Log isolation level assignments
- Regular Review: Periodically review isolation policies
Appropriate boundaries. Right-sized access. Secure by default.
# Related Skills
Trigger when the user requests a review of frontend files (e.g., `.tsx`, `.ts`, `.js`). Support...
Generate Vitest + React Testing Library tests for Dify frontend components, hooks, and...
Guide for implementing oRPC contract-first API patterns in Dify frontend. Triggers when creating...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.