Description
openshell policy set replaces the entire sandbox policy. Adding a single new endpoint requires manually merging 200+ lines of existing policy YAML.
Steps to Reproduce
- Sandbox has 9 network policies (claude, nvidia, github, clawhub, openclaw, npm, telegram, discord, etc.)
- Need to add Slack endpoints
- Must create a complete YAML with all 10 policies and apply it
- Accidentally omitting any existing policy silently blocks that network access
Proposal
# Add a network policy group incrementally
openshell policy add my-assistant --group slack --endpoints slack.com,api.slack.com --binaries /usr/local/bin/node
# Or from a preset file
openshell policy add my-assistant --from-file presets/slack.yaml
# Remove a policy group
openshell policy remove my-assistant --group telegram
# List active policy groups
openshell policy list my-assistant --groups
Workaround
Manually merge YAML files. This is error-prone — we accidentally lost Discord access once by forgetting to include it in the merged file.
Description
openshell policy setreplaces the entire sandbox policy. Adding a single new endpoint requires manually merging 200+ lines of existing policy YAML.Steps to Reproduce
Proposal
Workaround
Manually merge YAML files. This is error-prone — we accidentally lost Discord access once by forgetting to include it in the merged file.