-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdoc.go
More file actions
25 lines (25 loc) · 907 Bytes
/
doc.go
File metadata and controls
25 lines (25 loc) · 907 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
// Package agentbox provides process-level sandbox isolation for AI Agents.
//
// It enables secure command execution by wrapping processes with
// platform-specific sandboxing mechanisms (macOS Seatbelt/SBPL,
// Linux Namespaces + Landlock, Windows Restricted Token + Job Object +
// Low Integrity Level) while providing a unified API.
//
// Key features:
// - Filesystem isolation with configurable writable roots
// - Network filtering with domain-level allow/deny lists
// - Command classification (allow, sandbox, escalate, forbid)
// - Resource limits (processes, memory, file descriptors, CPU)
// - Minimal external dependencies, no CGo
//
// Basic usage:
//
// cfg := agentbox.DefaultConfig()
// mgr, err := agentbox.NewManager(cfg)
// if err != nil {
// log.Fatal(err)
// }
// defer mgr.Cleanup(context.Background())
//
// result, err := mgr.Exec(ctx, "ls -la /tmp")
package agentbox