Hugging Face's logo

context-course
/
images

Model card Files
xet
 Community
images
File size: 3,253 Bytes
16f6f5c
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<svg viewBox="0 0 720 380" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="Layered sandbox: each ring rejects a class of unsafe operations before tools run.">
  <defs>
    <style>
      text { font-family: 'JetBrains Mono', 'Fira Code', 'SF Mono', Consolas, monospace; }
      .title { font-size: 14px; fill: #c9d1d9; font-weight: 700; }
      .layer { font-size: 12px; fill: #c9d1d9; font-weight: 700; }
      .dim { font-size: 10px; fill: #8b949e; }
      .ok { font-size: 11px; fill: #3fb950; font-weight: 700; }
      .deny { font-size: 11px; fill: #f85149; font-weight: 700; }
      .ring1 { fill: #161b22; stroke: #30363d; stroke-width: 1; }
      .ring2 { fill: #1c2128; stroke: #30363d; stroke-width: 1; }
      .ring3 { fill: #21262d; stroke: #30363d; stroke-width: 1; }
      .ring4 { fill: #1f2937; stroke: #58a6ff; stroke-width: 1.5; }
      .denyline { stroke: #f85149; stroke-width: 1.5; fill: none; stroke-dasharray: 4 3; }
      .okline { stroke: #3fb950; stroke-width: 1.5; fill: none; }
    </style>
    <marker id="dx" markerWidth="9" markerHeight="9" refX="7" refY="4" orient="auto">
      <path d="M0,0 L8,4 L0,8 z" fill="#f85149"/>
    </marker>
    <marker id="ok" markerWidth="9" markerHeight="9" refX="7" refY="4" orient="auto">
      <path d="M0,0 L8,4 L0,8 z" fill="#3fb950"/>
    </marker>
  </defs>

  <rect width="720" height="380" fill="#0d1117"/>

  <text x="30" y="32" class="title">Layered sandbox</text>
  <text x="30" y="50" class="dim">Each ring blocks a different class of unsafe call before it ever reaches the OS.</text>

  <!-- nested rings centered around (380, 215) -->
  <rect class="ring1" x="200" y="80" width="360" height="270" rx="10"/>
  <text x="218" y="100" class="layer">Workspace boundary</text>
  <text x="218" y="116" class="dim">safe_path() rejects ../ and absolute paths</text>

  <rect class="ring2" x="240" y="135" width="280" height="200" rx="8"/>
  <text x="258" y="155" class="layer">Command allowlist</text>
  <text x="258" y="170" class="dim">exec_cmd: only ls, cat, rg, …</text>

  <rect class="ring3" x="280" y="190" width="200" height="125" rx="6"/>
  <text x="298" y="210" class="layer">Output cap</text>
  <text x="298" y="225" class="dim">clip(result, MAX_CHARS)</text>

  <rect class="ring4" x="320" y="240" width="120" height="60" rx="6"/>
  <text x="345" y="265" class="layer">Tool runs</text>
  <text x="338" y="282" class="dim">exec(code, …)</text>

  <!-- attack arrows on the left, blocked at outer ring -->
  <text x="30" y="100" class="deny">../../etc/passwd</text>
  <path d="M 30 110 L 196 145" class="denyline" marker-end="url(#dx)"/>

  <text x="30" y="170" class="deny">curl evil.com</text>
  <path d="M 30 175 L 236 200" class="denyline" marker-end="url(#dx)"/>

  <text x="30" y="240" class="deny">read 999999 chars</text>
  <path d="M 30 245 L 276 245" class="denyline" marker-end="url(#dx)"/>

  <!-- legitimate request goes through -->
  <text x="600" y="100" class="ok">read_file("README.md")</text>
  <path d="M 690 110 C 600 130 500 200 442 268" class="okline" marker-end="url(#ok)"/>

  <!-- legend -->
  <text x="30" y="350" class="dim">red = blocked at the first ring it violates · green = passes every ring and reaches the tool</text>
</svg>