What it does today: - Enforces CPU fuel, wall-clock timeout, and memory limits - Enforces file/network policies (path + host/port allowlists, byte/connection budgets) - Emits structured allow/deny events with rule_id, reason_code, and context - Includes sandbox explain, policy lint, and policy templates (strict, balanced, dev) - Includes hardening tests + benchmark harness
Quickest way to try: - ./scripts/usage_run.sh - (or ./scripts/phase5_show_hn_demo.sh for a shorter walkthrough)
Repo includes: - Threat model: docs/threat-model.md - Benchmarks: docs/benchmarks.md
Known limitations: - App-layer sandbox (not kernel isolation) - Capability-mediated host imports right now, not full syscall interception
I’d especially love feedback on: 1) policy schema ergonomics, 2) missing capability operations, 3) abuse cases I should add to the regression suite.