AI sandbox runtime — caging autonomous agents at ring-0
securityrustsandboxai
- r a11y: cli accessibility — coloured logs respect NO_COLORrich · 29 Sept
db53784View →
- r docs: README — architecture diagramrich · 26 Sept
416aa92View →
- r syscall: route execve through policy decisionrich · 23 Sept
d0f1635View →
- r fix: TOCTOU in path resolutionrich · 20 Sept
9b1ad9fView →
- r feat: snapshot rollback on policy violationrich · 19 Sept
f897e3fView →
- r chore: prune dependency graph — drop 7 cratesrich · 18 Sept
35b5b96View →
- r tests: kernel-mode unit tests via kunitrich · 16 Sept
a6565f4View →
- r perf: cache policy decisions per-PIDrich · 12 Sept
4d4158fView →
- r docs: contributing guide for kernel hackersrich · 9 Sept
ee37fe5View →
- r syscall: deny io_uring outright for nowrich · 5 Sept
9c362eaView →
- r feat: agent-id propagation through fork+execrich · 2 Sept
9ebe36aView →
- r fix: signed/unsigned mix in capability checkrich · 30 Aug
914ff3aView →
- r audit: fuzz CageSpec deserialiserrich · 26 Aug
45cac49View →
- r refactor: hoist policy traits into shared craterich · 23 Aug
33e8814View →
- r docs: ABI compat policy v1rich · 20 Aug
3cec01eView →
- r feat: structured-output mode for policy logsrich · 17 Aug
4131f45View →
- r fix: leak of pinned page on policy reloadrich · 16 Aug
9465618View →
- r perf: SLAB cache for SyscallContextrich · 14 Aug
361ba93View →
- r chore: licensing — switch to AGPL-3.0rich · 12 Aug
c3913c8View →
- r docs: roadmap for ring-0 telemetryrich · 9 Aug
15c3955View →