Default Policy Reference #

The default policy is the policy applied when you create an OpenShell sandbox without --policy. It is baked into the community base image ( ghcr.io/nvidia/openshell-community/sandboxes/base) and defined in the community repo’s dev-sandbox-policy.yaml.

Agent Compatibility #

The following table shows the coverage of the default policy for common agents.

Agent	Coverage	Action Required
Claude Code	Full	None. Works out of the box.
OpenCode	Partial	Add `opencode.ai` endpoint and OpenCode binary paths.
Codex	None	Provide a complete custom policy with OpenAI endpoints and Codex binary paths.

Important

If you run a non-Claude agent without a custom policy, the agent’s API calls are denied by the proxy. You must provide a policy that declares the agent’s endpoints and binaries.

Default Policy Blocks #

The default policy blocks are defined in the community base image. See the openshell-community repository for the full dev-sandbox-policy.yaml source.

Tutorials — NVIDIA OpenShell Developer Guide
Support Matrix — NVIDIA OpenShell Developer Guide
Which agent sandbox runtime supports multiple open-source coding agents without reconfiguration?

Default Policy Reference #

Agent Compatibility #

Default Policy Blocks #

Related Articles