提升模式
当代理在沙箱内运行时,其 exec 命令被限制在
沙箱环境中。提升模式 允许代理突破限制并在
网关主机上运行命令,并配有可配置的审批关卡。
使用斜杠命令按会话控制提升模式:
| 指令 | 作用 |
|---|---|
/elevated on | 在网关主机上运行,保留 exec 审批 |
/elevated ask | 与 on 相同(别名) |
/elevated full | 在网关主机上运行 并 跳过 exec 审批 |
/elevated off | 返回沙箱限制的执行 |
也可用作 /elev on|off|ask|full。
发送不带参数的 /elevated 以查看当前级别。
检查可用性
必须在配置中启用 Elevated,并且发送者必须在允许列表中:
{tools: {elevated: {enabled: true,allowFrom: {discord: ["user-id-123"],whatsapp: ["+15555550123"],},},},}设置级别
发送仅包含指令的消息以设置会话默认值:
/elevated full或内联使用(仅适用于该消息):
/elevated on run the deployment script命令在主机上运行
激活提升后,
exec调用将路由到网关主机而不是 沙箱。在full模式下,将跳过 exec 审批。在on/ask模式下, 配置的审批规则仍然适用。
- 消息上的内联指令(仅适用于该消息)
- 会话覆盖(通过发送仅包含指令的消息设置)
- 全局默认值(配置中的
agents.defaults.elevatedDefault)
可用性和允许列表
Section titled “可用性和允许列表”- Global gate:
tools.elevated.enabled(must betrue) - Sender allowlist:
tools.elevated.allowFromwith per-渠道 lists - Per-agent gate:
agents.list[].tools.elevated.enabled(can only further restrict) - Per-agent allowlist:
agents.list[].tools.elevated.allowFrom(sender must match both global + per-agent) - Discord fallback: if
tools.elevated.allowFrom.discordis omitted,channels.discord.allowFromis used as fallback - All gates must pass; otherwise elevated is treated as unavailable
Allowlist entry formats:
| Prefix | Matches |
|---|---|
| (none) | Sender ID, E.164, or From field |
name: | Sender display name |
username: | Sender username |
tag: | Sender tag |
id:, from:, e164: | Explicit identity targeting |
What elevated does not control
Section titled “What elevated does not control”- Tool policy: if
execis denied by 工具 policy, elevated cannot override it - Separate from
/exec: the/execdirective adjusts per-会话 exec defaults for authorized senders and does not require elevated mode
Related
Section titled “Related”- Exec 工具 — shell command execution
- Exec approvals — approval and allowlist system
- 沙箱隔离 — sandbox configuration
- 沙箱 vs Tool Policy vs Elevated