Skip to content

Commit d2df2d5

Browse files
yanurag-devyanurag-dev
committed
ci: setup github actions and update readme badges
1 parent 3baf301 commit d2df2d5

2 files changed

Lines changed: 87 additions & 7 deletions

File tree

LICENSE

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2024 yanurag-dev
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

README.md

Lines changed: 66 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,69 @@
1-
# sandforge
1+
# Sandforge 🛠️
22

3-
Portable sandbox architecture for running coding agents securely.
3+
[![Go Version](https://img.shields.io/github/go-mod/go-version/yanurag-dev/sandforge)](https://github.com/yanurag-dev/sandforge/blob/main/go.mod)
4+
[![CI](https://github.com/yanurag-dev/sandforge/actions/workflows/ci.yml/badge.svg)](https://github.com/yanurag-dev/sandforge/actions/workflows/ci.yml)
5+
[![License](https://img.shields.io/github/license/yanurag-dev/sandforge)](https://github.com/yanurag-dev/sandforge/blob/main/LICENSE)
6+
[![Issues](https://img.shields.io/github/issues/yanurag-dev/sandforge)](https://github.com/yanurag-dev/sandforge/issues)
7+
[![Pull Requests](https://img.shields.io/github/issues-pr/yanurag-dev/sandforge)](https://github.com/yanurag-dev/sandforge/pulls)
8+
[![Roadmap](https://img.shields.io/badge/Roadmap-Phase%201%20Complete-success)](ROADMAP.md)
49

5-
## Features
6-
- Strong isolation via VM boundaries (macOS/Linux).
7-
- Deny-by-default security policy.
8-
- Agent-agnostic tool contract.
10+
**Sandforge** is a portable, secure sandbox architecture designed to run AI coding agents (like Codex, Claude Code, and others) in a restricted environment. It protects the host machine from generated commands, third-party tools, and untrusted repository code by enforcing a "Control Plane Outside, Execution Inside" principle.
911

10-
See [ARCHITECTURE.md](ARCHITECTURE.md) and [GEMINI.md](GEMINI.md) for details.
12+
## 🌟 Key Features
13+
14+
- **Host Isolation**: Uses Apple Virtualization Framework (macOS) and KVM (Linux) to create a strong VM boundary.
15+
- **Task Isolation**: Per-task rootless containers inside the Linux worker guest.
16+
- **Security First**: "Deny-by-Default" policy for filesystem, network, and resource access.
17+
- **Agent Agnostic**: Provides a common tool contract for any LLM-based agent.
18+
- **Performance**: Optimized for fast boot times and minimal resource overhead.
19+
20+
## 🏗️ Architecture
21+
22+
```mermaid
23+
flowchart LR
24+
U[User / CLI] --> A[Agent Adapter]
25+
A --> CP[Control Plane]
26+
CP --> PE[Policy Engine]
27+
CP --> SS[Sandbox Supervisor]
28+
SS --> BD[Backend Driver]
29+
BD --> WK[Isolated Linux Worker]
30+
WK --> TR[Task Runtime]
31+
```
32+
33+
See [ARCHITECTURE.md](ARCHITECTURE.md) for the full technical design.
34+
35+
## 🗺️ Roadmap Status
36+
37+
We are currently at the end of **Phase 1**.
38+
39+
- [x] **Phase 1: Foundation & Policy** — Core security logic and "Deny-by-Default" engine.
40+
- [ ] **Phase 2: Orchestration & Mocking** — Lifecycle management and state machine.
41+
- [ ] **Phase 3: macOS Execution Plane (macos-vz)** — Real VM booting on Apple Silicon.
42+
- [ ] **Phase 4: Linux Execution Plane (linux-kvm)** — Native Linux isolation.
43+
- [ ] **Phase 5: Task Runtime** — Containerization inside the worker.
44+
45+
Full details in [ROADMAP.md](ROADMAP.md).
46+
47+
## 🛠️ Getting Started
48+
49+
### Prerequisites
50+
- Go 1.25+
51+
- macOS (Apple Silicon recommended) or Linux (KVM support)
52+
53+
### Development Commands
54+
```bash
55+
# Initialize dependencies
56+
go mod tidy
57+
58+
# Run tests (Policy Engine)
59+
go test -v ./internal/policy/...
60+
61+
# Build the CLI
62+
go build -o sandforge ./cmd/sandforge
63+
```
64+
65+
## 🤝 Contributing
66+
Contributions are welcome! Please check the [ROADMAP.md](ROADMAP.md) for tasks in progress. Since we are in early development, please open an issue before starting major architectural changes.
67+
68+
## 📄 License
69+
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details (TODO: Add LICENSE file).

0 commit comments

Comments
 (0)