feat: 新增 stardomain 沙箱子项目脚手架(Docker + Rust 过滤层)
提供统一沙箱运行时,支持 local/sandbox 两种模式切换。Rust 层负责命令和代码的策略过滤, Docker 层负责实际的进程隔离。包含三种预设策略:agent_exec / tool_run / untrusted。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,34 @@
|
||||
/*
|
||||
* Copyright 2026 zhaoxi826
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*/
|
||||
|
||||
pub struct SandboxConfig {
|
||||
pub mode: SandboxMode,
|
||||
pub workspace: String,
|
||||
pub timeout_secs: u64,
|
||||
pub memory_limit_mb: u64,
|
||||
pub policy_name: String,
|
||||
}
|
||||
|
||||
pub enum SandboxMode {
|
||||
Local,
|
||||
Sandbox,
|
||||
}
|
||||
|
||||
impl Default for SandboxConfig {
|
||||
fn default() -> Self {
|
||||
SandboxConfig {
|
||||
mode: SandboxMode::Sandbox,
|
||||
workspace: "/tmp/stardomain_ws".to_string(),
|
||||
timeout_secs: 30,
|
||||
memory_limit_mb: 512,
|
||||
policy_name: "agent_exec".to_string(),
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
/*
|
||||
* Copyright 2026 zhaoxi826
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*/
|
||||
|
||||
/// Executor: responsible for running commands either locally or in Docker.
|
||||
/// This is a stub — actual Docker execution will be implemented later.
|
||||
pub struct Executor;
|
||||
|
||||
impl Executor {
|
||||
pub fn run_local(_command: &str) -> (String, String, i32) {
|
||||
("".to_string(), "".to_string(), 0)
|
||||
}
|
||||
|
||||
pub fn run_docker(_command: &str) -> (String, String, i32) {
|
||||
("".to_string(), "[stardomain] Docker execution not yet implemented".to_string(), 1)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,38 @@
|
||||
/*
|
||||
* Copyright 2026 zhaoxi826
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*/
|
||||
|
||||
pub mod config;
|
||||
pub mod executor;
|
||||
|
||||
use pyo3::prelude::*;
|
||||
|
||||
#[pyclass]
|
||||
#[derive(Clone)]
|
||||
pub struct SandboxResult {
|
||||
#[pyo3(get)]
|
||||
pub stdout: String,
|
||||
#[pyo3(get)]
|
||||
pub stderr: String,
|
||||
#[pyo3(get)]
|
||||
pub exit_code: i32,
|
||||
#[pyo3(get)]
|
||||
pub killed_by_timeout: bool,
|
||||
}
|
||||
|
||||
impl SandboxResult {
|
||||
pub fn stub(input: &str) -> Self {
|
||||
SandboxResult {
|
||||
stdout: format!("[stardomain stub] would execute: {}", input),
|
||||
stderr: String::new(),
|
||||
exit_code: 0,
|
||||
killed_by_timeout: false,
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user