agent-sandbox/src/lib.rs

mod agents;
mod blacklist;
mod errors;
mod preflight;
mod sandbox;

pub use errors::SandboxError;

use std::env;
use std::ffi::OsString;
use std::os::unix::process::CommandExt;
use std::path::PathBuf;

pub enum SandboxMode {
    Blacklist,
    Whitelist,
}

pub struct SandboxConfig {
    pub mode: SandboxMode,
    pub hardened: bool,
    pub no_net: bool,
    pub extra_rw: Vec<PathBuf>,
    pub extra_ro: Vec<PathBuf>,
    pub command: PathBuf,
    pub command_args: Vec<OsString>,
    pub chdir: PathBuf,
    pub dry_run: bool,
}

pub fn require_home() -> Result<String, SandboxError> {
    env::var("HOME")
        .ok()
        .filter(|h| !h.is_empty())
        .ok_or(SandboxError::HomeNotSet)
}

pub fn run(config: SandboxConfig) -> Result<(), SandboxError> {
    preflight::check(&config)?;

    let mut cmd = sandbox::build_command(&config)?;

    if config.dry_run {
        println!("{:?}", cmd);
        return Ok(());
    }

    Err(SandboxError::Io(cmd.exec()))
}