Skip to main content
packages/sandbox runs commands with controlled limits and isolation. Core pieces:
  • Sandbox: entry point and driver selection
  • ExecutionPolicy: immutable runtime policy (with*() returns new instance)
  • CanExecuteCommand: common contract for all drivers
  • ExecResult: normalized execution output and status
Supported drivers:
  • host
  • docker
  • podman
  • firejail
  • bubblewrap

Docs