getcompanion-ai/co-mono
1
0
Fork 0
mirror of https://github.com/getcompanion-ai/co-mono.git synced 2026-04-16 04:01:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(extensions): add sandbox extension for OS-level bash sandboxing (#673)

Browse source 
Uses @anthropic-ai/sandbox-runtime to enforce filesystem and network
restrictions on bash commands (sandbox-exec on macOS, bubblewrap on Linux).

Features:
- Per-project config via .pi/sandbox.json
- Global config via ~/.pi/agent/sandbox.json
- Enabled by default with sensible defaults
- --no-sandbox flag to disable
- /sandbox command to view current config
This commit is contained in:
Danila Poyarkov 2026-01-13 01:25:31 +03:00 committed by GitHub
parent 7b79e8ec51
commit 4751ebddbd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 431 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
packages/coding-agent/examples/extensions/README.md
View file

@ -22,6 +22,7 @@ cp permission-gate.ts ~/.pi/agent/extensions/
| `protected-paths.ts` | Blocks writes to protected paths (.env, .git/, node_modules/) |
| `confirm-destructive.ts` | Confirms before destructive session actions (clear, switch, fork) |
| `dirty-repo-guard.ts` | Prevents session changes with uncommitted git changes |
| `sandbox/` | OS-level sandboxing using `@anthropic-ai/sandbox-runtime` with per-project config |
### Custom Tools