Fork: 0
yangyangxie / cortex-hub
Transfer to URL with SHA Find file
Newer
Older
cortex-hub / poc-grpc-agent / agent_node / core / sandbox.py
@Antigravity AI Antigravity AI 13 hours ago 1 KB refactor(poc-grpc): restructure project into modular 12-factor architecture with dedicated orchestrator and agent_node packages
Raw Blame History 
from protos import agent_pb2

class SandboxEngine:
    """Core Security Engine for Local Command Verification."""
    def __init__(self):
        self.policy = None

    def sync(self, p):
        """Syncs the latest policy from the Orchestrator."""
        self.policy = {
            "MODE": "STRICT" if p.mode == agent_pb2.SandboxPolicy.STRICT else "PERMISSIVE",
            "ALLOWED": list(p.allowed_commands), 
            "DENIED": list(p.denied_commands), 
            "SENSITIVE": list(p.sensitive_commands)
        }

    def verify(self, command_str):
        """Verifies if a command string is allowed under the current policy."""
        if not self.policy: return False, "No Policy"
        
        parts = (command_str or "").strip().split()
        if not parts: return False, "Empty"
        
        base_cmd = parts[0]
        if base_cmd in self.policy["DENIED"]: 
            return False, f"Forbidden command: {base_cmd}"
            
        if self.policy["MODE"] == "STRICT" and base_cmd not in self.policy["ALLOWED"]:
             return False, f"Command '{base_cmd}' not whitelisted"
             
        return True, "OK"