-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdoc.go
More file actions
33 lines (33 loc) · 1.3 KB
/
doc.go
File metadata and controls
33 lines (33 loc) · 1.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
// Package agentbox provides process-level sandbox isolation for AI Agents.
//
// It enables secure command execution by wrapping processes with
// platform-specific sandboxing mechanisms (macOS Seatbelt/SBPL,
// Linux Namespaces + Landlock, Windows Restricted Token + Job Object +
// Low Integrity Level) while providing a unified API.
//
// Key features:
// - Filesystem isolation with configurable writable roots
// - Network filtering with domain-level allow/deny lists
// - Command classification with 44 built-in rules (allow, sandbox, escalate, forbid)
// - Custom classification rules with glob patterns
// - Rule override by name with type-safe constants
// - Protected path detection for sensitive directories
// - Approval caching for user decisions
// - Resource limits (processes, memory, file descriptors, CPU)
// - JSON-serializable configuration and results
// - Minimal external dependencies, no CGo
//
// Classification follows a fixed precedence: custom rules → protected paths →
// rule overrides → built-in rules. The first non-Sandboxed result wins.
//
// Basic usage:
//
// cfg := agentbox.DefaultConfig()
// mgr, err := agentbox.NewManager(cfg)
// if err != nil {
// log.Fatal(err)
// }
// defer mgr.Close()
//
// result, err := mgr.Exec(ctx, "ls -la /tmp")
package agentbox