{"id":51191222,"url":"https://github.com/lensapp/lens-sandbox-core","last_synced_at":"2026-06-27T15:02:37.464Z","repository":{"id":360866438,"uuid":"1251007028","full_name":"lensapp/lens-sandbox-core","owner":"lensapp","description":"Core Rust library for Lens sandbox policy enforcement, networking, DNS, proxying, and boundary credential exchange.","archived":false,"fork":false,"pushed_at":"2026-06-24T11:24:40.000Z","size":514,"stargazers_count":8,"open_issues_count":6,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-24T13:14:03.529Z","etag":null,"topics":["agent-sandbox","agent-security","ai-agent-security","ai-agents","ai-security","credential-management","dns","llm-sandbox","llm-security","mcp","microvm","network-security","nftables","policy-enforcement","proxy","runtime-security","rust","sandbox","zero-trust"],"latest_commit_sha":null,"homepage":"https://lns.run","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lensapp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-27T06:50:33.000Z","updated_at":"2026-06-24T11:24:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/lensapp/lens-sandbox-core","commit_stats":null,"previous_names":["lensapp/lens-sandbox-core"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/lensapp/lens-sandbox-core","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lensapp%2Flens-sandbox-core","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lensapp%2Flens-sandbox-core/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lensapp%2Flens-sandbox-core/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lensapp%2Flens-sandbox-core/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lensapp","download_url":"https://codeload.github.com/lensapp/lens-sandbox-core/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lensapp%2Flens-sandbox-core/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34857505,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-27T02:00:06.362Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-sandbox","agent-security","ai-agent-security","ai-agents","ai-security","credential-management","dns","llm-sandbox","llm-security","mcp","microvm","network-security","nftables","policy-enforcement","proxy","runtime-security","rust","sandbox","zero-trust"],"created_at":"2026-06-27T15:02:37.225Z","updated_at":"2026-06-27T15:02:37.459Z","avatar_url":"https://github.com/lensapp.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lens-sandbox-core\n\n[![CI](https://github.com/lensapp/lens-sandbox-core/actions/workflows/ci.yml/badge.svg)](https://github.com/lensapp/lens-sandbox-core/actions/workflows/ci.yml)\n[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](LICENSE)\n[![Rust 1.85+](https://img.shields.io/badge/rust-1.85%2B-orange.svg)](crates/lens-sandbox-core/Cargo.toml)\n\n`lens-sandbox-core` is the Rust library used by Lens Sandbox and Lens Agents to enforce governed network, DNS, proxy, credential, and policy behavior inside sandboxed execution environments.\n\nIt is core runtime plumbing, not an end-user product. Applications embed it to give sandboxed workloads controlled access to external systems: DNS requests, outbound network traffic, HTTP CONNECT proxying, TLS interception paths, boundary credential exchange, policy lifecycle, and activity reporting.\n\n## What This Crate Provides\n\n- Policy-controlled outbound network access\n- DNS filtering and allowlist behavior\n- HTTP CONNECT proxy support\n- Transparent proxy routing support\n- TLS interception support for governed traffic\n- Boundary credential exchange and request signing\n- nftables-based network lockdown helpers\n- WebSocket-driven policy lifecycle integration\n- Activity and audit event primitives\n\n## What This Crate Is Not\n\n`lens-sandbox-core` is not a complete sandbox product by itself. It does not create the desktop app, enterprise platform, UI, packaging, distribution, or microVM lifecycle.\n\nThe effective security boundary depends on the caller's deployment model: container, microVM, Linux capabilities, filesystem mounts, process model, and policy source.\n\n## Relationship to Lens Sandbox and Lens Agents\n\nLens Sandbox uses this crate as the local enforcement core for sandboxed workloads on a developer machine.\n\nLens Agents uses the same core enforcement model in organizational deployments where central IT manages policies, credentials, connections, and audit across many agents.\n\nThe shared crate keeps low-level runtime behavior consistent across both products.\n\n## Open Source\n\nThis project is licensed under Apache 2.0. See:\n\n- [CONTRIBUTING.md](CONTRIBUTING.md) for development workflow and contribution guidance.\n- [SECURITY.md](SECURITY.md) for vulnerability reporting and security scope.\n- [CHANGELOG.md](CHANGELOG.md) for release notes.\n- [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for community expectations.\n\n## Local Setup\n\n```bash\ngit config core.hooksPath .githooks\n```\n\n## Building\n\n```bash\ncargo build -p lens-sandbox-core\ncargo test -p lens-sandbox-core\n```\n\nIntegration tests requiring Linux + nftables + `CAP_NET_ADMIN` are `#[ignore]`-gated. Run them with:\n\n```bash\ncargo test -p lens-sandbox-core -- --ignored\n```\n\n## Policy Schema\n\nThe canonical policy schema lives in `schemas/policy.schema.json`. Regenerate it with:\n\n```bash\ncargo run --bin generate-policy-schema \u003e schemas/policy.schema.json\n```\n\n## License\n\nApache 2.0 — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flensapp%2Flens-sandbox-core","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flensapp%2Flens-sandbox-core","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flensapp%2Flens-sandbox-core/lists"}