Documentation
¶
Overview ¶
Package sandbox provides OS-level process sandboxing for bash subprocesses spawned by Errata's agentic tool loop.
Each call to BuildCmd creates a new, isolated subprocess — models do not share a sandbox process. Subagents inherit the parent model's sandbox settings via Go context propagation.
Platform support:
- macOS: sandbox-exec with SBPL profiles (built-in, zero install)
- Linux: bwrap (bubblewrap) if on PATH; application-level fallback otherwise
- Windows/other: application-level only (cwd confinement + warning)
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Available bool
Available reports whether OS-level process sandboxing can be applied on this platform. Set at package init in the platform-specific files.
Functions ¶
func BuildCmd ¶
BuildCmd creates an *exec.Cmd that executes name+args under the sandbox described by cfg. On macOS this wraps with sandbox-exec; on Linux with bwrap. On unsupported platforms or when the OS tool is unavailable, the subprocess runs with cmd.Dir = cfg.ProjectRoot only (application-level confinement).
The implementation lives in sandbox_darwin.go and sandbox_other.go.
Types ¶
type Config ¶
type Config struct {
// Filesystem controls write access:
// "" or "unrestricted" — no restrictions
// "project_only" — writes restricted to ProjectRoot (and /tmp)
// "read_only" — no writes except to /tmp
Filesystem string
// Network controls outbound access:
// "" or "full" — no restrictions
// "none" — all network calls blocked at OS level
Network string
// ProjectRoot is the absolute path models may write to in project_only mode.
// "" means use os.Getwd() at exec time.
ProjectRoot string
}
Config describes the OS-level sandbox applied to each bash subprocess. Zero-value Config (all empty strings) means unrestricted — BuildCmd returns a plain exec.Cmd.
func ConfigFromContext ¶
ConfigFromContext retrieves the Config stored by WithConfig. ok is false if no config was stored.
Source Files