Toolchain Profiles

Toolchain profiles (30-toolchains/*.sb) grant agents access to language-specific package managers, caches, configuration files, and version managers. Each profile is carefully scoped to its ecosystem to maintain least-privilege access.

Available Toolchains

Node.js

npm, yarn, pnpm, corepack, nvm, fnm

Python

pip, uv, poetry, pdm, pyenv, conda

Rust

cargo, rustup, sccache

Go

go modules, GOPATH, golangci-lint

Java

Maven, Gradle, SBT, Coursier, sdkman

Ruby

gem, bundler, rbenv, rvm

Bun

Bun runtime and package manager

Deno

Deno runtime and cache

PHP

Composer and PHP tooling

Perl

CPAN and Perl modules

Runtime Managers

mise, asdf, rtx

Toolchain profiles are opt-in via --enable flags. For example: --enable=node --enable=python --enable=rust

Node.js

The Node.js profile supports npm, yarn, pnpm, corepack, and version managers like nvm and fnm.

Scope

Version Managers: ~/.nvm, ~/.fnm
npm: Config, cache, and global packages
yarn: Classic and modern (Berry) variants
pnpm: Store, state, and global packages
corepack: Package manager shimming
Build Tools: node-gyp, Turborepo, Playwright, Cypress

;; Node version managers
(allow file-read* file-write*
    (home-subpath "/.nvm")
    (home-subpath "/.fnm")

    ;; npm
    (home-subpath "/.npm")
    (home-subpath "/.config/npm")
    (home-subpath "/.cache/npm")
    (home-literal "/.npmrc")

    ;; pnpm
    (home-subpath "/.config/pnpm")
    (home-subpath "/.pnpm-state")
    (home-subpath "/.pnpm-store")
    (home-subpath "/.local/share/pnpm")
    (home-subpath "/Library/pnpm")

    ;; yarn
    (home-subpath "/.yarn")
    (home-literal "/.yarnrc")
    (home-literal "/.yarnrc.yml")
    (home-subpath "/.cache/yarn")

    ;; corepack
    (home-subpath "/.cache/node/corepack")

    ;; Browser automation
    (home-subpath "/Library/Caches/ms-playwright")
    (home-subpath "/Library/Caches/Cypress")
)

The Node profile grants write access to package manager caches and global directories. Agents can install global packages and modify npm/yarn/pnpm configurations.

Python

The Python profile supports pip, uv, poetry, pdm, pyenv, conda, and various Python tooling.

Scope

Package Managers: pip, uv, poetry, pdm, pipx, conda
Version Managers: pyenv, conda/miniconda/miniforge
Tools: pre-commit, mypy, ruff, IPython, Jupyter
Configuration: .pypirc, .python_history

(allow file-read* file-write*
    ;; uv (modern Python package manager)
    (home-literal "/.local/bin/uv")
    (home-literal "/.local/bin/uvx")
    (home-subpath "/.local/share/uv")
    (home-subpath "/.cache/uv")
    (home-subpath "/.config/uv")

    ;; pip
    (home-subpath "/.cache/pip")
    (home-subpath "/.config/pip")
    (home-literal "/.pypirc")

    ;; poetry
    (home-subpath "/.cache/pypoetry")
    (home-subpath "/.config/pypoetry")
    (home-subpath "/.local/share/pypoetry")

    ;; pyenv
    (home-subpath "/.pyenv")

    ;; conda
    (home-subpath "/.conda")
    (home-subpath "/miniconda3")
    (home-literal "/.condarc")

    ;; Tools
    (home-subpath "/.cache/pre-commit")
    (home-subpath "/.cache/mypy")
    (home-subpath "/.cache/ruff")
)

The Python profile includes uv, the modern Python package manager. Agents can use both traditional pip and modern uv workflows.

Rust

The Rust profile supports rustup, cargo, and optional sccache for build caching.

Scope

Toolchain: ~/.rustup for Rust toolchain management
Packages: ~/.cargo for crates and binaries
Cache: ~/.cache/cargo and ~/Library/Caches/cargo
Build Cache: sccache for distributed compilation

(allow file-read* file-write*
    (home-subpath "/.cargo")
    (home-subpath "/.config/cargo")
    (home-subpath "/.rustup")
    (home-subpath "/.cache/cargo")
    (home-subpath "/Library/Caches/cargo")
    (home-subpath "/.cache/sccache")
    (home-subpath "/Library/Caches/sccache")
    (home-subpath "/Library/Application Support/Mozilla.sccache")
)

Go

The Go profile supports Go modules, GOPATH, and Go tooling.

Scope

GOPATH: ~/go for Go workspace and packages
Build Cache: ~/.cache/go-build and ~/Library/Caches/go-build
Modules: GOMODCACHE within GOPATH
Tools: golangci-lint, gopls
Version Manager: goenv

(allow file-read* file-write*
    (home-subpath "/go")
    (home-subpath "/.cache/go-build")
    (home-subpath "/Library/Caches/go-build")
    (home-subpath "/.config/go")
    (home-subpath "/.cache/golangci-lint")
    (home-subpath "/.config/golangci-lint")
    (home-subpath "/.goenv")
    (home-subpath "/.cache/gopls")
)

Customize GOPATH location

If your GOPATH is not ~/go, you’ll need to add a custom path grant:

./bin/safehouse.sh --enable=go --add-dirs="/custom/gopath" -- go build

Java

The Java profile supports Maven, Gradle, SBT, Coursier, and Java version managers.

Scope

Maven: ~/.m2 for Maven repository and settings
Gradle: ~/.gradle for Gradle cache and daemon
SBT: ~/.sbt and ~/.ivy2 for Scala build tool
Coursier: Scala dependency cache
Version Managers: jenv, sdkman

(allow file-read* file-write*
    (home-subpath "/.m2")
    (home-subpath "/.gradle")
    (home-subpath "/.ivy2")
    (home-subpath "/.sbt")
    (home-subpath "/.jenv")
    (home-subpath "/.sdkman")
    (home-subpath "/.cache/coursier")
    (home-subpath "/.coursier")
    (home-subpath "/Library/Application Support/Coursier")
    (home-literal "/.mavenrc")
)

Ruby

The Ruby profile supports gem, bundler, and Ruby version managers.

Scope

Version Managers: rbenv, rvm, ruby-build
Gems: ~/.gem for gem installations
Bundler: ~/.bundle and bundler cache
REPL: IRB and Pry history

(allow file-read* file-write*
    (home-subpath "/.rbenv")
    (home-subpath "/.rvm")
    (home-subpath "/.rubies")
    (home-subpath "/.bundle")
    (home-subpath "/.gem")
    (home-subpath "/.cache/bundler")
    (home-subpath "/.cache/rubygems")
    (home-literal "/.gemrc")
    (home-literal "/.irbrc")
    (home-literal "/.irb_history")
    (home-literal "/.pryrc")
)

Other Toolchains

Bun

Fast JavaScript runtime and package manager:

(allow file-read* file-write*
    (home-subpath "/.bun")
    (home-subpath "/.cache/bun")
    (home-literal "/.bunfig.toml")
)

Enable with: --enable=bun

Deno

Secure TypeScript/JavaScript runtime:

(allow file-read* file-write*
    (home-subpath "/.deno")
    (home-subpath "/.cache/deno")
)

Enable with: --enable=deno

PHP

PHP runtime and Composer:Enable with: --enable=php

Perl

Perl runtime and CPAN:Enable with: --enable=perl

Runtime Managers (mise/asdf/rtx)

Multi-language version managers:Enable with: --enable=runtime-managers

Multiple Toolchains

You can enable multiple toolchains simultaneously:

./bin/safehouse.sh \
  --enable=node \
  --enable=python \
  --enable=rust \
  --enable=go \
  -- ./my-polyglot-build.sh

Best Practices

Enable only what you need

Only enable toolchains your project actually uses. This minimizes the attack surface and maintains least-privilege access.

Use version managers

Toolchain profiles support common version managers (nvm, pyenv, rbenv, etc.). Use them to manage multiple language versions.

Cache locations matter

Profiles grant access to both XDG-style (~/.cache) and macOS-style (~/Library/Caches) locations for compatibility.

Custom paths require grants

If you use non-standard installation paths, add them via --add-dirs or --add-dirs-ro.

Authoring Custom Toolchain Profiles

If you need a toolchain not included in Agent Safehouse:

Create a new profile: profiles/30-toolchains/my-toolchain.sb

Add standard header:

;; ---------------------------------------------------------------------------
;; Toolchain: My Toolchain
;; Brief description of what this toolchain includes.
;; Source: 30-toolchains/my-toolchain.sb
;; ---------------------------------------------------------------------------

Grant minimal permissions:

(allow file-read* file-write*
    (home-subpath "/.my-toolchain")
    (home-subpath "/.cache/my-toolchain")
)

Regenerate dist artifacts: ./scripts/generate-dist.sh
Add tests: Create tests/sections/toolchain-my-toolchain.sh

Custom toolchain profiles should follow the principle of least privilege. Only grant access to paths your toolchain actually needs.

System Runtime

Foundation for process execution that toolchains depend on

Integrations

Git, Docker, and other development tool integrations

CLI Reference

Policy Profiles

Resources

Available Toolchains

Node.js

Python

Rust

Go

Java

Ruby

Bun

Deno

PHP

Perl

Runtime Managers

Node.js

Scope

Python

Scope

Rust

Scope

Go

Scope

Java

Scope

Ruby

Scope

Other Toolchains

Multiple Toolchains

Best Practices

Enable only what you need

Use version managers

Cache locations matter

Custom paths require grants

Authoring Custom Toolchain Profiles

System Runtime

Integrations

Build docs developers (and LLMs) love

CLI Reference

Policy Profiles

Resources

​Available Toolchains

Node.js

Python

Rust

Go

Java

Ruby

Bun

Deno

PHP

Perl

Runtime Managers

​Node.js

​Scope

​Python

​Scope

​Rust

​Scope

​Go

​Scope

​Java

​Scope

​Ruby

​Scope

​Other Toolchains

​Multiple Toolchains

​Best Practices

Enable only what you need

Use version managers

Cache locations matter

Custom paths require grants

​Authoring Custom Toolchain Profiles

​Related Profiles

System Runtime

Integrations

Build docs developers (and LLMs) love

Available Toolchains

Node.js

Scope

Python

Scope

Rust

Scope

Go

Scope

Java

Scope

Ruby

Scope

Other Toolchains

Multiple Toolchains

Best Practices

Authoring Custom Toolchain Profiles

Related Profiles