Canonical execution front door for X07 programs (run-os / run-os-sandboxed), producing runner reports.
Use this skill for normal program execution via x07 run.
x07 run runs the canonical auto-repair loop by default (format → lint → quickfix, repeatable). Control it with:
--repair=off--repair=memory--repair=write (default)--repair-max-iters N (default: 3)Run the current project (auto-discovers x07.json):
x07 runRun a specific project profile:
x07 run --profile osx07 run --profile sandboxCheck platform prerequisites for OS worlds (C compiler + common native deps):
x07 doctorGenerate a base sandbox policy:
x07 policy init --template clix07 policy init --template http-clientx07 policy init --template web-servicex07 policy init --template fs-toolx07 policy init --template sqlite-appx07 policy init --template postgres-clientx07 policy init --template workerx07 policy init --template worker-parallelPolicies are starting points: review and extend them for your app (roots, env keys, subprocess allowlists, limits).
For net-enabled templates, keep net.allow_hosts: [] in the base policy and use --allow-host / --deny-host to materialize derived policies for specific destinations.
Run policy-enforced OS world (requires a policy file):
x07 run --profile sandboxMaterialize a derived policy with explicit network destinations (deny-by-default):
x07 run --profile sandbox --policy .x07/policies/base/http-client.sandbox.base.policy.json --allow-host example.com:443x07 run --profile sandbox --policy .x07/policies/base/http-client.sandbox.base.policy.json --allow-host example.com:80,443 --deny-host example.com:80Default is empty input bytes. Provide input via:
x07 run --input input.bincat input.bin | x07 run --stdinx07 run --input-b64 <BASE64>For CLI-style programs that expect argv_v1, pass process args after -- and x07 run will encode them into input bytes:
x07 run -- tool --helpx07 run --profile sandbox -- tool --url https://example.com --depth 2 --out out/results.txtschema_version).Optional wrapper (debuggable resolution envelope):
x07 run --report wrapped[email protected] (field report contains the raw runner report object).
repair summary object.To produce a normal CLI executable (standard argc/argv, raw stdout) that runs without the X07 toolchain installed at runtime, use:
x07 bundle --profile os --out dist/appx07 bundle --profile sandbox --out dist/app (policy enforced)