localgpt 0.1.3

A local device focused AI assistant with persistent markdown memory, autonomous heartbeat tasks, and semantic search. Single binary, no runtime dependencies.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

//! Shell sandbox module — kernel-enforced execution isolation for LLM-generated commands.
//!
//! Uses the argv[0] re-exec pattern: when spawning a sandboxed command, the binary
//! re-executes itself with argv[0]="localgpt-sandbox", triggering sandbox setup in
//! a clean, single-threaded child process before exec'ing bash.
//!
//! Platform enforcement:
//! - Linux: Landlock LSM (filesystem) + seccomp-bpf (network syscall deny)
//! - macOS: Seatbelt SBPL profiles via sandbox-exec

#[cfg(unix)]
pub mod child;
pub mod detect;
pub mod executor;
#[cfg(target_os = "linux")]
pub mod linux;
#[cfg(target_os = "macos")]
pub mod macos;
pub mod policy;

#[cfg(unix)]
pub use child::sandbox_child_main;
pub use detect::{SandboxCapabilities, detect_capabilities};
pub use executor::run_sandboxed;
pub use policy::{NetworkPolicy, SandboxLevel, SandboxMode, SandboxPolicy, build_policy};