32bdbe77ff
提供统一沙箱运行时,支持 local/sandbox 两种模式切换。Rust 层负责命令和代码的策略过滤, Docker 层负责实际的进程隔离。包含三种预设策略:agent_exec / tool_run / untrusted。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
52 lines
1.4 KiB
Rust
52 lines
1.4 KiB
Rust
/*
|
|
* Copyright 2026 zhaoxi826
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*/
|
|
|
|
use clap::{Parser, Subcommand};
|
|
|
|
#[derive(Parser)]
|
|
#[command(name = "stardomain", version, about = "KiloStar sandbox runtime")]
|
|
struct Cli {
|
|
#[command(subcommand)]
|
|
command: Commands,
|
|
}
|
|
|
|
#[derive(Subcommand)]
|
|
enum Commands {
|
|
/// Run a command inside the sandbox
|
|
Run {
|
|
/// Execution policy: agent_exec, tool_run, untrusted
|
|
#[arg(short, long, default_value = "agent_exec")]
|
|
policy: String,
|
|
|
|
/// Working directory inside sandbox
|
|
#[arg(short, long, default_value = "/tmp/stardomain_ws")]
|
|
workspace: String,
|
|
|
|
/// Timeout in seconds
|
|
#[arg(short, long, default_value_t = 30)]
|
|
timeout: u64,
|
|
|
|
/// The command to execute
|
|
#[arg(trailing_var_arg = true)]
|
|
cmd: Vec<String>,
|
|
},
|
|
}
|
|
|
|
fn main() {
|
|
let cli = Cli::parse();
|
|
match cli.command {
|
|
Commands::Run { policy, workspace, timeout, cmd } => {
|
|
println!("[stardomain] policy={policy}, workspace={workspace}, timeout={timeout}s");
|
|
println!("[stardomain] cmd: {:?}", cmd);
|
|
println!("[stardomain] (stub: execution not yet implemented)");
|
|
}
|
|
}
|
|
}
|