Initial commit

2026-03-20 18:40:08 +01:00
commit bf53d92d49
10 changed files with 1502 additions and 0 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -0,0 +1,41 @@
+mod agents;
+mod blacklist;
+mod errors;
+mod preflight;
+mod sandbox;
+
+pub use errors::SandboxError;
+
+use std::ffi::OsString;
+use std::os::unix::process::CommandExt;
+use std::path::PathBuf;
+
+pub enum SandboxMode {
+    Blacklist,
+    Whitelist,
+}
+
+pub struct SandboxConfig {
+    pub mode: SandboxMode,
+    pub hardened: bool,
+    pub no_net: bool,
+    pub extra_rw: Vec<PathBuf>,
+    pub extra_ro: Vec<PathBuf>,
+    pub command: PathBuf,
+    pub command_args: Vec<OsString>,
+    pub chdir: PathBuf,
+    pub dry_run: bool,
+}
+
+pub fn run(config: SandboxConfig) -> Result<(), SandboxError> {
+    preflight::check(&config)?;
+
+    let mut cmd = sandbox::build_command(&config)?;
+
+    if config.dry_run {
+        println!("{:?}", cmd);
+        return Ok(());
+    }
+
+    Err(SandboxError::Io(cmd.exec()))
+}