Class: Legion::Sandbox::Policy

Inherits:

Object

• Object
• Legion::Sandbox::Policy

Defined in:

lib/legion/sandbox.rb

Constant Summary

CAPABILITIES =

%w[
  network:outbound network:inbound
  filesystem:read filesystem:write
  llm:invoke llm:embed
  data:read data:write
  cache:read cache:write
  transport:publish transport:subscribe
].freeze

Instance Attribute Summary

• #allowed_domains ⇒ Object readonly

  Returns the value of attribute allowed_domains.

• #capabilities ⇒ Object readonly

  Returns the value of attribute capabilities.

• #extension_name ⇒ Object readonly

  Returns the value of attribute extension_name.

Instance Method Summary

• #allowed?(capability) ⇒ Boolean
• #domain_allowed?(agent_domain) ⇒ Boolean
• #initialize(extension_name:, capabilities: [], allowed_domains: nil) ⇒ Policy constructor

  A new instance of Policy.

Constructor Details

#initialize(extension_name:, capabilities: [], allowed_domains: nil) ⇒ Policy

Returns a new instance of Policy.

# File 'lib/legion/sandbox.rb', line 17

def initialize(extension_name:, capabilities: [], allowed_domains: nil)
  @extension_name = extension_name
  @capabilities = capabilities.select { |c| CAPABILITIES.include?(c) }.freeze
  @allowed_domains = allowed_domains&.map(&:to_s)&.freeze
end

Instance Attribute Details

#allowed_domains ⇒ Object (readonly)

Returns the value of attribute allowed_domains.

# File 'lib/legion/sandbox.rb', line 15

def allowed_domains
  @allowed_domains
end

#capabilities ⇒ Object (readonly)

Returns the value of attribute capabilities.

# File 'lib/legion/sandbox.rb', line 15

def capabilities
  @capabilities
end

#extension_name ⇒ Object (readonly)

Returns the value of attribute extension_name.

# File 'lib/legion/sandbox.rb', line 15

def extension_name
  @extension_name
end

Instance Method Details

#allowed?(capability) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/legion/sandbox.rb', line 23

def allowed?(capability)
  capabilities.include?(capability.to_s)
end

#domain_allowed?(agent_domain) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/legion/sandbox.rb', line 27

def domain_allowed?(agent_domain)
  return true if allowed_domains.nil? || allowed_domains.empty?

  allowed_domains.include?(agent_domain.to_s)
end