sandbox

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package sandbox defines the plugin interface for isolating managed CLI processes.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Instance 

type Instance interface {
	// ID identifies this instance (provider-defined).
	ID() string

	// Exec returns an exec.Cmd that, when run OUTSIDE the sandbox by the agent,
	// launches cmd/args inside the isolated environment.
	Exec(cmd string, args []string, env map[string]string) (*exec.Cmd, error)

	// Teardown releases resources associated with this instance.
	Teardown(ctx context.Context) error
}

Instance is a prepared sandbox that can execute exactly one CLI invocation.

type Provider 

type Provider interface {
	// Name identifies the provider; must be unique at the Manager level.
	Name() string

	// Prepare creates a new isolated environment and returns an Instance.
	// The Instance is owned by the caller, which must call Teardown after use.
	Prepare(ctx context.Context, spec cwtypes.SandboxSpec, scripts []Script) (Instance, error)
}

Provider prepares isolated environments in which child CLI processes can run. Implementations MUST be safe for concurrent use.

type Script 

type Script struct {
	InnerPath string      // path relative to the sandbox root
	Mode      os.FileMode // file mode
	Contents  []byte      // literal bytes
}

Script is a file that a Provider copies into the sandbox before execution.

func NewEntrypointScript 

func NewEntrypointScript(cmd string, args []string, env map[string]string) Script

NewEntrypointScript builds a POSIX-sh script that exports env vars and execs cmd with args.

func (Script) WriteInto 

func (s Script) WriteInto(root string) error

WriteInto writes the script into root, creating parent directories as needed. InnerPath is interpreted relative to root; a leading slash is ignored.

Source Files

View all Source files

Directories

Path Synopsis
providers
noop
Package noop provides a pass-through sandbox provider.
 Package noop provides a pass-through sandbox provider.
scriptdir
Package scriptdir is a reference sandbox provider that writes scripts into a temp directory and runs them via /bin/sh.
 Package scriptdir is a reference sandbox provider that writes scripts into a temp directory and runs them via /bin/sh.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.