The --sandbox flag enables secure command execution with validation and restrictions.
Quick Start
praisonai "Run echo hello" --sandbox basic
Sandbox Modes
| Mode | Description |
|---|
off | No sandboxing (default) |
basic | Basic isolation with command validation |
strict | Strict isolation with filesystem restrictions |
Usage
Basic Mode
praisonai "Execute ls -la" --sandbox basic
🔒 Sandbox Mode: BASIC
Commands will be validated before execution
╭─────────────── 🔒 Tool Approval Required ───────────────╮
│ Function: execute_command │
│ Risk Level: CRITICAL │
│ Arguments: │
│ command: ls -la │
╰─────────────────────────────────────────────────────────╯
Execute this critical risk tool? [y/n]:
Strict Mode
praisonai "Run python script.py" --sandbox strict
- Filesystem access limited to current directory
- Network access may be restricted
- Resource limits applied
Combine with Other Features
# With auto-approve for low-risk commands
praisonai "List files" --sandbox basic --approve-level low
# With verbose output
praisonai "Run tests" --sandbox strict --verbose
Security Features
- Command Validation: All commands are validated before execution
- Risk Assessment: Commands are assigned risk levels (low, medium, high, critical)
- User Approval: Critical commands require explicit user approval
- Audit Trail: All executed commands are logged
Sandbox mode provides an additional layer of security but should not be considered a complete security solution. Always review commands before approving execution.
