export type SandboxDockerSettings = { /** Docker image to use for sandbox containers. */ image?: string; /** Prefix for sandbox container names. */ containerPrefix?: string; /** Container workdir mount path (default: /workspace). */ workdir?: string; /** Run container rootfs read-only. */ readOnlyRoot?: boolean; /** Extra tmpfs mounts for read-only containers. */ tmpfs?: string[]; /** Container network mode (bridge|none|custom). */ network?: string; /** Container user (uid:gid). */ user?: string; /** Drop Linux capabilities. */ capDrop?: string[]; /** Extra environment variables for sandbox exec. */ env?: Record; /** Optional setup command run once after container creation. */ setupCommand?: string; /** Limit container PIDs (0 = Docker default). */ pidsLimit?: number; /** Limit container memory (e.g. 512m, 2g, or bytes as number). */ memory?: string | number; /** Limit container memory swap (same format as memory). */ memorySwap?: string | number; /** Limit container CPU shares (e.g. 0.5, 1, 2). */ cpus?: number; /** * Set ulimit values by name (e.g. nofile, nproc). * Use "soft:hard" string, a number, or { soft, hard }. */ ulimits?: Record; /** Seccomp profile (path or profile name). */ seccompProfile?: string; /** AppArmor profile name. */ apparmorProfile?: string; /** DNS servers (e.g. ["1.1.1.1", "8.8.8.8"]). */ dns?: string[]; /** Extra host mappings (e.g. ["api.local:10.0.0.2"]). */ extraHosts?: string[]; /** Additional bind mounts (host:container:mode format, e.g. ["/host/path:/container/path:rw"]). */ binds?: string[]; }; export type SandboxBrowserSettings = { enabled?: boolean; image?: string; containerPrefix?: string; cdpPort?: number; vncPort?: number; noVncPort?: number; headless?: boolean; enableNoVnc?: boolean; /** * Allow sandboxed sessions to target the host browser control server. * Default: false. */ allowHostControl?: boolean; /** * When true (default), sandboxed browser control will try to start/reattach to * the sandbox browser container when a tool call needs it. */ autoStart?: boolean; /** Max time to wait for CDP to become reachable after auto-start (ms). */ autoStartTimeoutMs?: number; }; export type SandboxPruneSettings = { /** Prune if idle for more than N hours (0 disables). */ idleHours?: number; /** Prune if older than N days (0 disables). */ maxAgeDays?: number; }; export type SandboxCronVisibility = "agent" | "all"; export type SandboxCronEscape = "off" | "elevated" | "elevated-full"; export type SandboxCronDelivery = "off" | "last-only" | "explicit"; export type SandboxCronSettings = { /** * Cron visibility for sandboxed sessions. * - "agent": only see/manage jobs for this agent * - "all": full cron visibility (admin) */ visibility?: SandboxCronVisibility; /** * Escape hatch for sandboxed cron access. * - "off": never escape * - "elevated": allow escape when session elevated != off * - "elevated-full": allow escape only when elevated=full */ escape?: SandboxCronEscape; /** * Allow main-session cron jobs from sandboxed sessions. * Default: false. */ allowMainSessionJobs?: boolean; /** * Delivery policy for sandboxed cron jobs. * - "off": forbid deliver/to/channel * - "last-only": allow deliver to last route only (no explicit to) * - "explicit": allow explicit delivery targets */ delivery?: SandboxCronDelivery; };