Agentic.Sandbox.Platform (agentic v0.2.2)

Copy Markdown

OS-level sandbox capability detection.

Decisions are based on the operating system (:os.type/0), not on the presence of specific binaries in $PATH. This prevents silent failures where a sandbox tool is installed but does not provide meaningful isolation on the host platform (e.g. bwrap on macOS).

Summary

Types

backend()

Functions

backend()

Returns the effective sandbox backend for the current operating system.

backend_name()

Returns a human-readable description of the current sandbox backend.

log_status()

Logs the platform backend at application startup.

strong_isolation?()

Returns true if the current platform provides strong filesystem isolation. Windows without WSL2 is considered weak and will return false.

warning()

Returns a warning string if the current platform has weak sandboxing. Returns nil when isolation is strong.

Types

backend()

@type backend() :: :bubblewrap | :macos_sandbox | :wsl2_bwrap | :windows_restricted

Functions

backend()

@spec backend() :: backend()

Returns the effective sandbox backend for the current operating system.

backend_name()

@spec backend_name() :: String.t()

Returns a human-readable description of the current sandbox backend.

log_status()

@spec log_status() :: :ok

Logs the platform backend at application startup.

strong_isolation?()

@spec strong_isolation?() :: boolean()

Returns true if the current platform provides strong filesystem isolation. Windows without WSL2 is considered weak and will return false.

warning()

@spec warning() :: String.t() | nil

Returns a warning string if the current platform has weak sandboxing. Returns nil when isolation is strong.