Skip to main content

Crate ai_sandbox

Crate ai_sandbox 

Source
Expand description

AI Sandbox - Cross-platform AI tool sandbox security

A comprehensive sandbox library supporting multiple platforms:

  • Linux: Bubblewrap + Seccomp + Landlock
  • macOS: Seatbelt (sandbox-exec)
  • Windows: Restricted Token
  • FreeBSD: Capsicum
  • OpenBSD: pledge

§Unified API

This crate provides a unified API that works across all supported platforms. Users do not need to write platform-specific code.

§Quick Start

use ai_sandbox::{SandboxManager, SandboxPolicy, SandboxCommand};
use std::collections::HashMap;
use std::ffi::OsString;
use std::path::PathBuf;

// Create sandbox manager - automatically detects platform
let manager = SandboxManager::new();

// Define your command
let command = SandboxCommand {
    program: OsString::from("ls"),
    args: vec!["-la".to_string()],
    cwd: PathBuf::from("/tmp"),
    env: HashMap::new(),
};

// Define sandbox policy
let policy = SandboxPolicy::default();

// Create sandboxed execution request
let request = manager.create_exec_request(command, policy).unwrap();

Re-exports§

pub use sandboxing::SandboxPolicyExt;
pub use sandboxing::get_platform_sandbox;
pub use sandboxing::FileSystemSandboxPolicy;
pub use sandboxing::NetworkSandboxPolicy;
pub use sandboxing::SandboxCommand;
pub use sandboxing::SandboxExecRequest;
pub use sandboxing::SandboxManager;
pub use sandboxing::SandboxPolicy;
pub use sandboxing::SandboxTransformError;
pub use sandboxing::SandboxType;
pub use sandboxing::SandboxablePreference;
pub use process_hardening::pre_main_hardening;
pub use execpolicy::parse_policy;
pub use execpolicy::Decision;
pub use execpolicy::NetworkRule;
pub use execpolicy::Policy;
pub use execpolicy::PrefixRule;
pub use execpolicy::RuleMatch;
pub use execpolicy::RuleType;
pub use linux_sandbox::create_linux_sandbox_command_args_for_policies;
pub use linux_sandbox::create_pledge_promises_from_policy;
pub use linux_sandbox::execute_with_capsicum;
pub use linux_sandbox::execute_with_pledge;
pub use linux_sandbox::find_system_bwrap_in_path;
pub use linux_sandbox::get_landlock_version;
pub use linux_sandbox::is_landlock_available;
pub use linux_sandbox::system_bwrap_warning;
pub use linux_sandbox::CapsicumLevel;
pub use linux_sandbox::PledgePromises;
pub use windows_sandbox::create_windows_sandbox_args;
pub use windows_sandbox::is_windows_sandbox_available;
pub use windows_sandbox::WindowsSandboxLevel;

Modules§

execpolicy
Execution Policy Engine
linux_sandbox
Linux Sandbox Implementation
process_hardening
Process Hardening Module
sandboxing
Sandbox Manager - Cross-platform sandbox abstraction
windows_sandbox
Windows Sandbox Implementation