feat: 新增 stardomain 沙箱子项目脚手架(Docker + Rust 过滤层)
提供统一沙箱运行时,支持 local/sandbox 两种模式切换。Rust 层负责命令和代码的策略过滤, Docker 层负责实际的进程隔离。包含三种预设策略:agent_exec / tool_run / untrusted。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,51 @@
|
||||
/*
|
||||
* Copyright 2026 zhaoxi826
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*/
|
||||
|
||||
use clap::{Parser, Subcommand};
|
||||
|
||||
#[derive(Parser)]
|
||||
#[command(name = "stardomain", version, about = "KiloStar sandbox runtime")]
|
||||
struct Cli {
|
||||
#[command(subcommand)]
|
||||
command: Commands,
|
||||
}
|
||||
|
||||
#[derive(Subcommand)]
|
||||
enum Commands {
|
||||
/// Run a command inside the sandbox
|
||||
Run {
|
||||
/// Execution policy: agent_exec, tool_run, untrusted
|
||||
#[arg(short, long, default_value = "agent_exec")]
|
||||
policy: String,
|
||||
|
||||
/// Working directory inside sandbox
|
||||
#[arg(short, long, default_value = "/tmp/stardomain_ws")]
|
||||
workspace: String,
|
||||
|
||||
/// Timeout in seconds
|
||||
#[arg(short, long, default_value_t = 30)]
|
||||
timeout: u64,
|
||||
|
||||
/// The command to execute
|
||||
#[arg(trailing_var_arg = true)]
|
||||
cmd: Vec<String>,
|
||||
},
|
||||
}
|
||||
|
||||
fn main() {
|
||||
let cli = Cli::parse();
|
||||
match cli.command {
|
||||
Commands::Run { policy, workspace, timeout, cmd } => {
|
||||
println!("[stardomain] policy={policy}, workspace={workspace}, timeout={timeout}s");
|
||||
println!("[stardomain] cmd: {:?}", cmd);
|
||||
println!("[stardomain] (stub: execution not yet implemented)");
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user