Extra global bindings to inject into the sandbox context alongside the hardened defaults. Use this when a higher-level wrapper (such as SandboxedToolForge) needs to expose allowlisted APIs (fetch, fs, crypto) without forking a second sandbox implementation.

Security-critical keys are silently dropped from this map at merge time so callers cannot accidentally undo the sandbox's hardenings:

Host-state escape: process, global, globalThis, require
Code-generation reflection: eval, Function
Realm-reflection / introspection: Reflect, Proxy
Memory side-channels (Spectre family): SharedArrayBuffer, Atomics
Native compilation surface: WebAssembly

maxCpuTimeMs?

optional maxCpuTimeMs: number

Defined in: packages/agentos/src/sandbox/executor/ICodeSandbox.ts:52

Maximum CPU time in milliseconds

maxMemoryBytes?

optional maxMemoryBytes: number

Defined in: packages/agentos/src/sandbox/executor/ICodeSandbox.ts:36

Maximum memory in bytes

maxOutputBytes?

optional maxOutputBytes: number

Defined in: packages/agentos/src/sandbox/executor/ICodeSandbox.ts:38

Maximum output size in bytes

timeoutMs?

optional timeoutMs: number

Defined in: packages/agentos/src/sandbox/executor/ICodeSandbox.ts:34

Maximum execution time in milliseconds

workingDir?

optional workingDir: string

Defined in: packages/agentos/src/sandbox/executor/ICodeSandbox.ts:42

Working directory for execution

Properties​

allowedPaths?​

allowFilesystem?​

allowNetwork?​

blockedModules?​

envVars?​

extraGlobals?​

maxCpuTimeMs?​

maxMemoryBytes?​

maxOutputBytes?​

timeoutMs?​

workingDir?​

Properties

allowedPaths?

allowFilesystem?

allowNetwork?

blockedModules?

envVars?

extraGlobals?

maxCpuTimeMs?

maxMemoryBytes?

maxOutputBytes?

timeoutMs?

workingDir?