Class SandboxPolicy

Namespace

JD.AI.Sandbox.Abstractions

Assembly

JD.AI.Sandbox.dll

Defines the capability profile for a sandboxed process. Each policy describes what resources and operations are allowed or denied.

public sealed class SandboxPolicy

Inheritance

object

SandboxPolicy

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.ReferenceEquals(object, object)

object.ToString()

Extension Methods

SandboxPolicies.WithLimits(SandboxPolicy, int?, long?)

Properties

AllowNetwork

Whether the sandboxed process can make outbound network connections.

public bool AllowNetwork { get; init; }

Property Value

bool

AllowProcessSpawn

Whether the sandboxed process can spawn child processes.

public bool AllowProcessSpawn { get; init; }

Property Value

bool

AllowRead

Whether the sandboxed process can read from the filesystem.

public bool AllowRead { get; init; }

Property Value

bool

AllowWrite

Whether the sandboxed process can write to the filesystem.

public bool AllowWrite { get; init; }

Property Value

bool

AllowedPaths

Explicitly allowed filesystem paths (if non-empty, all other paths are denied for read/write). Supports glob patterns. Only meaningful when AllowRead or AllowWrite is true.

public IReadOnlyList<string> AllowedPaths { get; init; }

Property Value

IReadOnlyList<string>

DeniedPaths

Explicitly denied filesystem paths. Takes precedence over AllowedPaths. Supports glob patterns.

public IReadOnlyList<string> DeniedPaths { get; init; }

Property Value

IReadOnlyList<string>

EnvironmentVariables

Environment variables that will be passed to the sandboxed process. Empty = inherit all from parent.

public IReadOnlyDictionary<string, string?> EnvironmentVariables { get; init; }

Property Value

IReadOnlyDictionary<string, string>

MaxCpuTimeMs

Maximum CPU time allowed (in milliseconds) per execution. null = unlimited.

public int? MaxCpuTimeMs { get; init; }

Property Value

int?

MaxMemoryBytes

Maximum memory allowed (in bytes) per execution. null = unlimited.

public long? MaxMemoryBytes { get; init; }

Property Value

long?

Name

Human-readable name for this policy (e.g., "PlannerPolicy", "ExecutorPolicy").

public string Name { get; init; }

Property Value

string

WorkingDirectory

Working directory for the sandboxed process. null = inherit from parent.

public string? WorkingDirectory { get; init; }

Property Value

string