Local process backend
What you'll find here
The LocalProcessRequest boundary that represents execution through
the host process environment — and what it intentionally does not
provide.
Decision boundary, not ambient shell authority.
The helper returns an allowed or denied decision that can be recorded in receipts before the caller dispatches through a governed execution path.
Required controls
Sandbox backend
Kind local_process · isolation process.
Declared shell.execute capability
With run operation.
Policy envelope id
Capability grant id
Receipt id
Redaction controls
For persisted metadata.
Requests missing any of those controls are denied before execution.
Limitations
No container, VM, or remote isolation.
The local process backend can only describe and authorize a command reference for a caller that already has local execution capability. Don't use it for untrusted commands, unreviewed input, or workloads that require filesystem, network, or process isolation.
Inline shell strings are denied.
This avoids granting broad shell authority by smuggling flags, pipes, command substitution, or chained commands into a command reference field.