Skip to content

feat: wire engine-level per-category sandbox backend selection from config #265

Closed
#534
Closed
feat: wire engine-level per-category sandbox backend selection from config#265
#534
Labels
prio:mediumShould do, but not blockingscope:medium1-3 days of workspec:architectureDESIGN_SPEC Section 15 - Technical Architecturespec:securityDESIGN_SPEC Section 12 - Security & Approval Systemspec:toolsDESIGN_SPEC Section 11 - Tool & Capability Systemtype:featureNew feature implementation
@Aureliolo

Description

@Aureliolo
Aureliolo
opened on Mar 10, 2026

Summary

`SandboxingConfig` exists with `default_backend` and per-category `overrides` (e.g. file_system → subprocess, code_execution → docker), and the `get_backend_for_category()` method resolves the correct backend name. However, the engine does not read this config to actually route tool invocations through the correct sandbox backend.

Design Spec Reference

  • §11.1.2 Tool Sandboxing — Default Layered Configuration
  • §15.5 Engineering Conventions — "Tool sandboxing" row ("Config-driven per-category backend selection planned for engine wiring")

Scope

  • Engine reads `SandboxingConfig` at startup
  • Creates appropriate `SandboxBackend` instances (subprocess, docker) per category
  • `ToolInvoker` or `AgentEngine` injects the correct sandbox backend into each tool based on its `ToolCategory`
  • Fallback to `default_backend` when no override is configured

Metadata

Metadata

Assignees

No one assigned

    Labels

    prio:mediumShould do, but not blockingscope:medium1-3 days of workspec:architectureDESIGN_SPEC Section 15 - Technical Architecturespec:securityDESIGN_SPEC Section 12 - Security & Approval Systemspec:toolsDESIGN_SPEC Section 11 - Tool & Capability Systemtype:featureNew feature implementation

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions