Crate hanzo_sandbox 

OS-level sandbox for subprocesses spawned on behalf of LLMs.

Linux uses env scrub, namespaces, Landlock, rlimits, seccomp, and optional cgroup v2 limits. macOS uses env scrub and Seatbelt.

use hanzo_sandbox::{detect, SandboxPolicy};
let sandbox = detect();
let policy = SandboxPolicy::default();
sandbox.harden(&mut cmd, &policy)?;

Structs

EffectiveProtection

What a Sandbox can enforce for a given policy after OS feature detection.

NullSandbox

SandboxPolicy

Policy applied to a sandboxed process.

Enums

NetworkMode

Network access permitted to sandboxed processes.

SandboxError

Constants

DEFAULT_MAX_CPU_SECS

DEFAULT_MAX_FILE_SZ_MB

DEFAULT_MAX_MEMORY_MB

DEFAULT_MAX_OPEN_FDS

DEFAULT_MAX_PROCS

SANDBOX_ENV_VAR

Environment variable that overrides the configured sandbox mode at runtime. Accepted values: auto, on, off. Case-insensitive.

Traits

Sandbox

Applied to a tokio::process::Command before spawn and to the resulting PID after spawn. Implementations are platform-specific.

Functions

detect

Return the best sandbox implementation for the current platform.

null

Explicit no-op sandbox.