sandbox

package

v0.1.0-beta Latest Latest Go to latest Published: Feb 18, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ankittk/agentary

Links

Open Source Insights

Documentation ¶

Index ¶

func BlockedGitCommand(args []string) bool
func BlockedShellCommand(cmdLine string) bool
func WrapCommand(ctx context.Context, home, teamDir, binary string, args []string) *exec.Cmd
type WriteGuard
- func (g *WriteGuard) AllowWrite(path string) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BlockedGitCommand ¶

func BlockedGitCommand(args []string) bool

BlockedGitCommand returns true if the given git arguments (e.g. after "git" in argv) represent a disallowed git command. Pass the full args slice; the first element is typically the subcommand (e.g. "rebase"). Used to prevent agents from running topology-changing or dangerous git ops.

func BlockedShellCommand ¶

func BlockedShellCommand(cmdLine string) bool

BlockedShellCommand returns true if the command line (typically a single shell command or script snippet) contains any denied substring. Matching is case-insensitive. Call this before executing shell commands from agent output.

func WrapCommand ¶

func WrapCommand(ctx context.Context, home, teamDir, binary string, args []string) *exec.Cmd

WrapCommand returns an *exec.Cmd that runs binary with args. If home is non-empty and bubblewrap (bwrap) is available on Linux, the command runs inside a minimal bubblewrap sandbox. If teamDir is non-empty, only teamDir is writable and home is read-only (so protected/ under home cannot be written). Otherwise the whole home is writable. Use teamDir when running an agent so it can only write under the team directory.

Types ¶

type WriteGuard ¶

type WriteGuard struct {
	Role         string // "manager" or "engineer"
	AgentName    string
	TeamDir      string   // e.g. ~/.agentary/teams/<team>/
	WorktreeDirs []string // task worktree paths (engineer only)
}

WriteGuard enforces write-path isolation per role. Each tool call that writes to the filesystem should be checked with AllowWrite(path) before execution. Manager can write anywhere under the team directory; engineer can only write to their agent dir, task worktrees, and team shared/.

func (*WriteGuard) AllowWrite ¶

func (g *WriteGuard) AllowWrite(path string) bool

AllowWrite returns true if the guard allows writing to the given path. Paths are normalized (cleaned and absolutized when possible). Manager may write anywhere under TeamDir. Engineer may write only to:

TeamDir/agents/<AgentName>/ (own agent dir)
Any path under an entry in WorktreeDirs (task worktrees)
TeamDir/shared/ (team shared folder)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL