clawdesk-sandbox
The sandbox crate provides a secure execution environment for running untrusted code, scripts, and tools.
What It Does (Plain English)
When an AI agent wants to run code (like executing a Python script), you don't want it to accidentally delete files or access sensitive data. The sandbox creates an isolated environment — like a safe room — where code can run without affecting the rest of your computer.
Key Features
- Isolated execution — Code runs in a restricted environment
- Resource limits — CPU time, memory, and disk space caps
- Network control — Block or allow network access per sandbox
- File system isolation — Only approved directories are accessible
- Timeout enforcement — Kill long-running processes automatically
Architecture Role
| Layer | Position |
|---|---|
| Security | Execution isolation |
Dependencies
clawdesk-types— Execution result typesclawdesk-security— Permission checking