Expand description
File manager — file_manager:download / file_manager:upload virtual
tools. Registered automatically with no TOML manifest so sandboxed agents
can move binary bytes through the proxy (network egress is otherwise
confined to the proxy host).
In proxy mode the proxy performs the fetch/upload; bytes travel over the
/call JSON wire as base64. The sandbox-side CLI materializes them to
disk (--out) or ships them (--path). Local mode does the work inline.
Structs§
- Download
Args - Parsed download arguments.
- Download
Result - Result of a successful download — the bytes plus discovered metadata.
Intentionally NOT
Clone—bytescan be up toDEFAULT_MAX_BYTES. - Upload
Args - Parsed upload arguments — what the caller needs to send to the proxy.
Intentionally NOT
Clone—bytescan be up toMAX_UPLOAD_BYTESand cloning it would be a costly footgun. Each sink consumesargsby value. - Upload
Result - Outcome of a successful upload — what the proxy returns to the CLI.
Enums§
- File
Manager Error - Upload
Destination - One typed sink the operator’s manifest declares as a permitted upload
destination. The agent can pick from these keys via
--destination <key>; anything else is refused with a typed error.
Constants§
- DEFAULT_
MAX_ BYTES - Default ceiling on download/upload size (500 MB).
- DEFAULT_
TIMEOUT_ SECS - Default timeout for the upstream HTTP fetch.
- MAX_
UPLOAD_ BYTES - Hard ceiling on upload payload accepted by the proxy (1 GB).
Functions§
- build_
download_ response - Build the JSON response payload that the proxy / local-mode core returns
to the CLI. Always carries
content_base64so the CLI can write to--outor print inline depending on caller intent. - build_
upload_ response - enforce_
download_ allowlist - Reject the URL if
ATI_DOWNLOAD_ALLOWLISTis set and the host doesn’t match. When the env var is unset or empty, downloads to any (non-private) host are allowed — local-mode operators who want a wide-open dev experience can leave the allowlist off; production proxies should always set it. - fetch_
bytes - Perform the actual HTTP fetch. Streams the body and aborts if it exceeds
max_bytes. - guess_
content_ type - Best-effort MIME type from a path’s extension. Shared across
file_manager:*tools and CLI output capture. Falls back to octet-stream. - resolve_
destination - Resolve a caller-supplied (or omitted) destination key against the operator manifest’s allowlist. Refuses any key not in the map with a typed error.
- upload_
to_ destination - Dispatch an upload to one of the operator-allowlisted destinations. Resolves the requested key (or default) against the manifest’s destinations map, then routes to the typed sink. Refuses any key not in the map.