Skip to content

riverlytech/srt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
cmd/srt
cmd/srt
 
 
e2e
e2e
 
 
opt
opt
 
 
pkg
pkg
 
 
scripts
scripts
 
 
.env
.env
 
 
AGENTS.md
AGENTS.md
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

srt (Go Sandbox Runtime for Linux)

Overview

srt is a Go port of the original Anthropic sandbox-runtime project. It preserves the secure-by-default sandboxing goals—network and filesystem controls enforced around arbitrary commands—while targeting Linux only via bubblewrap, with optional seccomp filtering backed by bundled BPF assets.

Lineage & Credits

  • Based on Anthropic's Sandbox Runtime; design patterns (proxy-enforced network allow/deny lists, filesystem policy, seccomp helpers) are adapted here in Go.
  • Maintained by Sanchit Kudari. See LICENSE for Apache 2.0 terms and attribution.

Platform & Requirements

  • Linux only; dependencies: bwrap (bubblewrap), socat, and rg (ripgrep) on $PATH.
  • Go toolchain: Go 1.25 (per go.mod).
  • Seccomp assets: prebuilt under opt/seccomp; rebuild on Linux with scripts/build-seccomp-binaries.sh if toolchains or architectures change.

Project Layout

  • cmd/srt: Cobra-based CLI entrypoint; loads JSON config and wraps commands in the sandbox.
  • pkg/sandbox: Sandbox orchestration (bubblewrap args, network proxy sockets, filesystem rules, seccomp wiring) plus tests.
  • pkg/logger: Zap logger initialization.
  • opt/seccomp, opt/seccomp-src: Prebuilt seccomp filters and their C sources.
  • scripts: Utility scripts (seccomp asset build).

Build & Test

go build ./cmd/srt            # build the CLI binary
go test ./...                 # run unit/integration tests (Linux only; skips if deps missing)

# E2E sanity check (filesystem write denial)
go run ./cmd/srt run -- python3 e2e/fs_write_denied.py

Usage

# Show CLI help
go run ./cmd/srt --help

# Run a command in the sandbox with explicit config
CONFIG=./config.json
go run ./cmd/srt run --network --seccomp --config "$CONFIG" -- bash -lc "curl https://example.com"

If --config is omitted, an empty allowlist is used: the network namespace is unshared and filesystem writes are denied unless explicitly allowed.

Configuration

Configuration is JSON; key fields mirror the structs in pkg/sandbox/config*.go:

  • network.allowedDomains, network.deniedDomains, network.allowAllUnixSockets (disables seccomp when true).
  • filesystem.denyRead, filesystem.allowWrite, filesystem.denyWrite.

Minimal example (config.json):

{
  "network": {
    "allowedDomains": ["example.com", "*.example.org"],
    "deniedDomains": ["bad.example.org"],
    "allowAllUnixSockets": false
  },
  "filesystem": {
    "denyRead": ["~/.ssh"],
    "allowWrite": [".", "/tmp"],
    "denyWrite": [".env"]
  }
}

Empty allowedDomains fully blocks network access; empty allowWrite forbids all writes.

License

Apache License 2.0. Copyright Sanchit Kudari. Portions derived from the Anthropic sandbox-runtime project; see LICENSE for full terms.

About

Sandbox Runtime

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages