Module sandbox_executor 

Container-sandbox executor wrapper. Sandboxed tool executor decorator.

Wraps any ToolExecutor and intercepts calls to known-dangerous tool names (bash / execute_command / code_exec / execute_code), running them inside a brainwires_sandbox::Sandbox instead of on the host. All other tool calls pass through unchanged.

Sandbox errors (timeout, policy violation, docker failures) are always returned as ToolResult::error so the agent loop treats them as ordinary tool results rather than hard errors that abort the run.

Structs

SandboxedToolExecutor

Decorator that routes dangerous tool calls (bash, execute_command, code_exec, execute_code) through a Sandbox and forwards everything else to inner.