iii / worker
$worker

shell

v0.3.5

Unix shell + filesystem worker — exec with allowlist/denylist/timeout/output caps and background jobs; fs::ls|stat|mkdir|rm|chmod|mv|grep|sed|read|write with host jail, denylist, size caps, and sandbox-target forwarding

  • macOS: arm64 · x64
  • Linux: arm64 · armv7 · x64

skill doc

skills/write.md

Streaming bytes into a file

When to use

  • Persisting a generated artefact to disk inside the jail.
  • Streaming a remote download or generated stream straight into a file without an intermediate buffer.
  • Bootstrapping files into a sandbox by retargeting with target: { kind: "sandbox", sandbox_id }.

Notes

  • The wire payload does not accept raw content: string or content_b64. The caller opens a channel via the SDK, passes the ContentRef here, then writes bytes into the channel and closes it.
  • When cfg.fs.max_write_bytes > 0 and the streamed total exceeds the cap, the write is aborted mid-stream with S218. The default of 0 means no cap.
  • Per-chunk idle timeout is 30s. A caller that opens a write but never sends data and never closes the channel is aborted with S216 channel idle for 30s, aborting write so a parked writer cannot leak the temp file.
  • The worker writes through a temp file and renames atomically. On crash mid-stream, the temp file is unlinked by TempGuard.
  • Approval policy is not hardcoded into this function. Whether a turn requires approval before a write lands is set per-run by the orchestrator's approval_required array.