x07-os-run
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinesex07-os-run
x07-os-run
Prefer / for normal execution. is an internal component behind the facade; its CLI is not part of the supported end-user surface.
x07 run --profile osx07 run --profile sandboxx07-os-runnerx07Use this skill when you need real OS I/O (fs/net/process/time) via or policy-enforced execution via .
run-osrun-os-sandboxed推荐使用或进行常规执行。是外观层背后的内部组件;其CLI不属于受支持的终端用户使用界面。
x07 run --profile osx07 run --profile sandboxx07-os-runnerx07当你需要通过实现真实OS I/O(文件系统/网络/进程/时间),或通过实现策略强制的执行时,请使用此技能。
run-osrun-os-sandboxedCanonical commands (recommended: x07 run
)
x07 run标准命令(推荐:x07 run
)
x07 run-
Run the current project (unsandboxed):
x07 runx07 run --profile os
-
Run a project explicitly (unsandboxed):
x07 run --project x07.json --profile os
-
Run sandboxed (requires an explicit policy):
x07 run --project x07.json --profile sandbox --policy run-os-policy.json
-
If your program expects CLI args via, pass them after
argv_v1and--will encode them into input bytes:x07 runx07 run --profile os -- tool --help
-
Generate a schema-valid base policy:
x07 policy init --template clix07 policy init --template http-clientx07 policy init --template web-servicex07 policy init --template fs-toolx07 policy init --template sqlite-appx07 policy init --template postgres-clientx07 policy init --template workerx07 policy init --template worker-parallel
-
Materialize a derived policy with explicit destinations (only in run-os-sandboxed):
x07 run --profile sandbox --policy .x07/policies/base/http-client.sandbox.base.policy.json --allow-host example.com:443x07 run --profile sandbox --policy .x07/policies/base/http-client.sandbox.base.policy.json --deny-host example.com:*
-
Run a single program (when not using a project manifest):
x07 run --program src/main.x07.json --module-root src
-
运行当前项目(非沙箱模式):
x07 runx07 run --profile os
-
显式运行某个项目(非沙箱模式):
x07 run --project x07.json --profile os
-
沙箱模式运行(需要显式策略):
x07 run --project x07.json --profile sandbox --policy run-os-policy.json
-
如果你的程序期望通过接收CLI参数,请在
argv_v1后传入,--会将它们编码为输入字节:x07 runx07 run --profile os -- tool --help
-
生成符合Schema的基础策略:
x07 policy init --template clix07 policy init --template http-clientx07 policy init --template web-servicex07 policy init --template fs-toolx07 policy init --template sqlite-appx07 policy init --template postgres-clientx07 policy init --template workerx07 policy init --template worker-parallel
-
生成带有显式目标的派生策略(仅适用于run-os-sandboxed):
x07 run --profile sandbox --policy .x07/policies/base/http-client.sandbox.base.policy.json --allow-host example.com:443x07 run --profile sandbox --policy .x07/policies/base/http-client.sandbox.base.policy.json --deny-host example.com:*
-
运行单个程序(不使用项目清单时):
x07 run --program src/main.x07.json --module-root src
Expert backend (x07-os-runner
)
x07-os-runner专业后端组件(x07-os-runner
)
x07-os-runnerx07-os-runnerx07 runx07 bundlex07x07-os-runnerx07 runx07 bundlex07Policy
策略说明
Policies are a starting point. Generate one from a template, then extend it deliberately for your app (roots, env, subprocess allowlists, limits).
For net-enabled templates, keep empty in the base policy and use to materialize auditable derived policies for specific destinations.
net.allow_hostsx07 run --allow-host策略是配置的起点。从模板生成策略,然后根据你的应用需求(根目录、环境变量、子进程白名单、限制条件)进行针对性扩展。
对于支持网络的模板,请在基础策略中保持为空,使用为特定目标生成可审计的派生策略。
net.allow_hostsx07 run --allow-hostOutput contract
输出约定
- in
x07 runworlds prints anrun-os*JSON report to stdout (pass-through).x07-os-runner.report@... - The underlying OS runner emits the same report shape.
In both cases:
- Use the process exit code for pass/fail.
- Parse the JSON for ,
schema_version,mode, and base64-encoded output bytes.world
- 在环境中执行
run-os*时,会将x07 run格式的JSON报告输出到标准输出(透传)。x07-os-runner.report@... - 底层的OS执行器会输出相同格式的报告。
在两种情况下:
- 使用进程退出码判断执行成功/失败。
- 解析JSON以获取、
schema_version、mode以及base64编码的输出字节。world