Mandatory sandbox
Wrap any tool with allow/deny lists and validators so agents can't execute commands you haven't explicitly permitted.
Without explicit constraints, a tool-calling agent can run arbitrary shell commands. createMandatorySandbox wraps any tool with a policy layer β calls that don't match the allow list, match the deny list, or fail a validator are rejected before execution.
import { createMandatorySandbox } from '@agentskit/tools'
import { shell } from '@agentskit/tools'
const guarded = createMandatorySandbox(shell(), {
allow: ['ls', 'cat', 'grep'],
deny: ['rm', 'sudo', 'curl', 'wget'],
requireSandbox: true,
validators: [
(args) => args.cmd.length < 256 || 'command too long',
],
})#Modes
| Rule | Effect |
|---|---|
allow: string[] | only listed cmds pass |
deny: string[] | listed cmds rejected |
requireSandbox: true | execute via @agentskit/sandbox |
validators: Fn[] | return string to reject with message |
#Sandbox backends
E2B (default) Β· WebContainer Β· Deno worker β see sandbox package.
#Related
Explore nearby
- PeerSecurity
Six primitives for production agents: PII redaction, injection detection, rate limiting, audit log, sandbox enforcement, and HITL approvals.
- PeerPII redaction
Strip emails, phones, SSNs, and API keys from messages before they reach the model or get written to logs.
- PeerPrompt injection
Detect instruction-hijacking patterns in user input, tool results, and RAG chunks before they reach the model.