Inspect AI extension for policy-enforced sandbox environments
Project description
Inspect Policy Sandbox Extension
A standalone extension for Inspect AI that provides a policy-enforced sandbox environment.
Overview
The inspect-policy-sandbox extension allows you to wrap any existing Inspect sandbox environment (e.g., local, docker) and enforce strict policies on:
- Execution: Allow or deny specific commands.
- Read Access: Allow or deny reading specific files.
- Write Access: Allow or deny writing to specific files.
When a policy violation occurs, the extension:
- Raises a
SandboxPolicyViolationError(subclass ofPermissionError). - Logs a
SandboxEventwithresult=1andreason="policy".
Installation
This extension is designed to be installed in a Python virtual environment where inspect-ai is also installed.
# Install from source
pip install -e .
Usage
Enable the extension in your Inspect task by specifying the sandbox type as policy-sandbox.
You can configure the policy via task metadata or configuration.
Example Task
from inspect_ai import Task, eval
from inspect_ai.dataset import FieldSpec
from inspect_ai.solver import system_message
# Define task using the policy sandbox
task = Task(
dataset=[],
solver=[system_message("Run a command")],
sandbox="policy-sandbox",
sandbox_config={
# Configuration for the inner sandbox (if needed)
}
)
# Pass policy configuration in metadata at runtime or task definition
# Note: Currently policy configuration is extracted from sample metadata or task metadata
# depending on how you pass it. The extension looks for a 'policy' dictionary in metadata.
Policy Configuration
The policy is defined by a dictionary with the following keys:
deny_exec: List of glob patterns for commands to deny (e.g.,["rm", "sudo"]).allow_exec: List of glob patterns for commands to allow (whitelist).deny_read: List of glob patterns for files to deny reading.allow_read: List of glob patterns for files to allow reading.deny_write: List of glob patterns for files to deny writing.allow_write: List of glob patterns for files to allow writing.
Example Metadata:
{
"policy": {
"deny_exec": ["rm", "curl"],
"deny_write": ["/etc/*"]
},
"inner_sandbox": "local"
}
Development
- Create a virtual environment:
python3 -m venv .venv source .venv/bin/activate
- Install dependencies:
pip install -e .[dev]
- Run tests:
pytest tests/
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file inspect_policy_sandbox-0.1.1.tar.gz.
File metadata
- Download URL: inspect_policy_sandbox-0.1.1.tar.gz
- Upload date:
- Size: 6.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8ba3a611e3a65314f45db88b667d89969049f5bc3bcc09356d06fcbfd5762ef3
|
|
| MD5 |
450e5a934dd5fad45b9298347d8df63f
|
|
| BLAKE2b-256 |
161c641042851cc19e32189fd6e693dbce011f26455ce3b7a2ed4e27895d60f2
|
File details
Details for the file inspect_policy_sandbox-0.1.1-py3-none-any.whl.
File metadata
- Download URL: inspect_policy_sandbox-0.1.1-py3-none-any.whl
- Upload date:
- Size: 6.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ae5fab72d67b6b17074fdc75b66da6f12383efd36fa27b3b8c16d4bdb9f65b47
|
|
| MD5 |
bec241e9ad4d094530d422c8cf197358
|
|
| BLAKE2b-256 |
5d102279ad24b22e43662aaca5d8734182a4c0416eca8c2ecc7a9a40ced78627
|
