DRAFT GUIDANCE - NO PUBLIC ADAPTER YET

Operating System Operations

OS-adjacent adapters should treat safety boundaries as first-class protocol concerns, especially for write and execute flows.

This page describes a design pattern. A public operating-system adapter is not published yet.

Security Model Reference Adapter Docs Gatekeeper Spec

On this page

Jump to a section

Use the outline to move through longer pages without losing your place.

These sources carry the policy and execution-safety detail behind this pattern.

Compare the safety posture here with the surrounding cloud, server, app, and web patterns.

The adapter exposes local files, processes, or other system-level capabilities.
You need explicit distinctions between read-only queries, state-changing actions, and true execution flows.
Permissions, confirmations, and auditability are part of the product requirement, not optional add-ons.

Destructive or execute-capable operations that are too easy to trigger accidentally.
Insufficient scoping on file-system or process queries that can cause runaway work.
Security models that rely on labels instead of machine-readable policy signals.

{
  "operation": "list_files",
  "params": {
    "path": "/workspace",
    "limit": 100
  }
}

Keep high-risk operations (delete, execute) policy-gated and auditable by default.

See where validation, request building, auth, and response mapping belong before you expose local operations.

Use plugins to keep policy, transport, and transformation concerns isolated around sensitive system operations.

Cover destructive-path validation and routing constraints before enabling write or execute behavior.