bubblewrap/examples/custom-config.ts at claude/add-code-sandboxing-018YT8W7GWG2yyi4JKSvpQAS · gojiplus/bubblewrap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
/**
 * Example with custom sandbox configuration
 */

import { SandboxManager, PermissionType } from '../src/index.js';

async function main() {
  // Create sandbox with custom configuration
  const sandbox = new SandboxManager(process.cwd(), {
    // Custom allowed domains
    allowedDomains: [
      'github.com',
      '*.githubusercontent.com',
      'npmjs.com',
      'pypi.org',
      'api.openai.com',
      'api.anthropic.com',
    ],

    // Blocked domains
    blockedDomains: [
      'suspicious-site.com',
      'malware-domain.net',
    ],

    // Don't require approval for known domains
    requireApprovalForNewDomains: true,

    // Additional allowed read paths
    allowedReadPaths: [
      '/usr',
      '/lib',
      '/lib64',
      '/etc/ssl',
      '/home/user/shared-data', // Custom shared path
    ],

    // Additional denied paths
    deniedPaths: [
      '/home/user/.ssh',
      '/home/user/.aws',
      '/home/user/.config/gcloud',
      '/home/user/sensitive-project', // Custom denied path
    ],
  });

  // Enable auto-approval for filesystem reads
  // This reduces permission prompts significantly
  sandbox.setAutoApprove([
    PermissionType.FILESYSTEM_READ,
  ]);

  // Set up event listeners
  sandbox.on('permission-required', (data) => {
    console.log(`🔐 Permission required: ${data.type} for ${data.resource}`);
    // You would show a UI prompt here
    data.approve();
  });

  sandbox.on('network-approval-required', (data) => {
    console.log(`🌐 Network access requested: ${data.domain}`);
    // You would show a UI prompt here
    data.approve();
  });

  sandbox.on('command-executed', (data) => {
    console.log(`⚡ Executed: ${data.command.join(' ')}`);
    console.log(`   Exit code: ${data.result.exitCode}`);
    console.log(`   Duration: ${data.result.duration}ms`);
  });

  try {
    console.log('🔒 Initializing sandbox with custom config...');
    await sandbox.initialize();
    console.log('✓ Sandbox initialized\n');

    // Test file read permission
    console.log('Testing filesystem access...');
    const canReadPackage = sandbox.canRead('package.json');
    const canReadSsh = sandbox.canRead('/home/user/.ssh/id_rsa');

    console.log(`Can read package.json: ${canReadPackage ? '✓' : '✗'}`);
    console.log(`Can read SSH key: ${canReadSsh ? '✗ (good!)' : '✓'}`);

    // Execute a safe command
    console.log('\nExecuting command in sandbox...');
    const result = await sandbox.executeCommand(['echo', 'Hello from sandbox!']);
    console.log(`Output: ${result.stdout.trim()}`);

    // Try to access a denied path (should fail)
    console.log('\nTrying to access denied path...');
    const deniedResult = await sandbox.executeCommand([
      'cat',
      '/home/user/.ssh/id_rsa',
    ]);

    if (deniedResult.exitCode !== 0) {
      console.log('✓ Access correctly denied to .ssh/id_rsa');
    }

  } catch (error) {
    console.error('Error:', (error as Error).message);
  } finally {
    await sandbox.shutdown();
    console.log('\n🔒 Sandbox shut down');
  }
}

main();