security

Security controls for agent execution: sandboxed code execution (process, gVisor, nsjail), input sanitization, output filtering (PII redaction, credential scanning), and network policy enforcement.

Used by cmd/worker.

Usage

import "cruvero/internal/security"

Key Types / Interfaces

Type	Source	Description
`SandboxRunner`	`sandbox.go`	Interface: Run and HealthCheck for isolated code execution
`SandboxConfig`	`sandbox.go`	Execution config: command, env, timeout, output limits, network access
`SandboxResult`	`sandbox.go`	Execution result: stdout, stderr, exit code
`ProcessSandbox`	`process_sandbox.go`	Process-based sandbox (default mode)

Testing

go test -tags security ./internal/security/...
CRUVERO_RUN_HOST_SANDBOX_TESTS=true go test -tags 'security integration' ./internal/security -run Host

Configuration: CRUVERO_SANDBOX_*, CRUVERO_INPUT_*, CRUVERO_OUTPUT_*, CRUVERO_NETWORK_*

Usage​

Key Types / Interfaces​

Testing​

Related Docs​

Usage

Key Types / Interfaces

Testing

Related Docs