Class SandboxPolicies

Namespace

JD.AI.Sandbox.Policies

Assembly

JD.AI.Sandbox.dll

Common pre-built policy configurations for common isolation scenarios.

public static class SandboxPolicies

Inheritance

object

SandboxPolicies

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Methods

Executor(params string[])

Executor policy: can read/write allowed filesystem paths, cannot make outbound network calls. Ideal for the "acting" phase that modifies data but must not exfiltrate it.

public static SandboxPolicy Executor(params string[] allowedPaths)

Parameters

allowedPaths string[]

Returns

SandboxPolicy

LockedDown()

Fully locked down policy: no network, no filesystem, no process spawn. Useful as a deny-by-default baseline.

public static SandboxPolicy LockedDown()

Returns

SandboxPolicy

Planner(string?)

Planner policy: can make outbound API calls, cannot touch the filesystem or spawn processes. Ideal for the "thinking" phase that decides what to do without seeing real data.

public static SandboxPolicy Planner(string? allowedApiHost = null)

Parameters

allowedApiHost string

Returns

SandboxPolicy

ReadOnly(params string[])

Read-only executor policy: can read allowed filesystem paths, cannot write or make network calls. Ideal for audit/review operations.

public static SandboxPolicy ReadOnly(params string[] allowedPaths)

Parameters

allowedPaths string[]

Returns

SandboxPolicy

WithLimits(SandboxPolicy, int?, long?)

Creates a policy with resource limits (CPU time and memory).

public static SandboxPolicy WithLimits(this SandboxPolicy policy, int? maxCpuTimeMs = null, long? maxMemoryBytes = null)

Parameters

policy SandboxPolicy

maxCpuTimeMs int?

maxMemoryBytes long?

Returns

SandboxPolicy