Expand description
L1 policy-based sandbox wrapper for tools.
Validates tool inputs against configurable filesystem and shell command policies before execution. No OS-level isolation; violations are blocked at the Rust layer.
§Design
This corresponds to fake-cc’s @anthropic-ai/sandbox-runtime L1
functionality. It is composable: a PolicyConfig can be attached to
a [ToolRegistry] via [PolicyToolSetProvider] without modifying any
individual tool implementation.
Structs§
- FsPolicy
- Filesystem access policy.
- Policy
Config - Combined L1 policy configuration.
- Shell
Policy - Shell command execution policy.