Metadata-Version: 2.4
Name: sandd
Version: 0.0.0
Requires-Dist: pytest>=7.0 ; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.21 ; extra == 'dev'
Requires-Dist: black>=23.0 ; extra == 'dev'
Requires-Dist: mypy>=1.0 ; extra == 'dev'
Provides-Extra: dev
License-File: LICENSE
Summary: A lightweight sandbox daemon for secure agent execution in isolated environments.
Keywords: agent,daemon,sandbox
Home-Page: https://github.com/InftyAI/SandD
Author-email: InftyAI <contact@inftyai.com>
License: MIT
Requires-Python: >=3.8
Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
Project-URL: Homepage, https://github.com/InftyAI/SandD
Project-URL: Repository, https://github.com/InftyAI/SandD

<div align="center">

# SandD

**Sandbox Daemon for Agent Command Execution**

[![Rust](https://img.shields.io/badge/rust-1.70+-orange.svg)](https://www.rust-lang.org/)
[![Python](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

Rust-powered WebSocket server with Python API for remote command execution and interactive sessions.

</div>

---

## Features

- **Command Execution** - Run shell commands on remote machines with timeout control
- **Interactive Sessions** - Full PTY sessions with bash for manual work
- **File Transfer** - Upload/download files between controller and workers
- **High Performance** - Rust async runtime handles high-concurrency workloads
- **Auto Reconnection** - Workers reconnect automatically on network failures
- **Cross-Platform** - Linux, macOS, Windows support

## Architecture

```
┌──────────────────────────────────────────┐
│  Python Agent Application                │
│  ┌────────────────────────────────────┐  │
│  │  from sandd import Server          │  │
│  │                                    │  │
│  │  server = Server("0.0.0.0", 8765)  │  │
│  │  result = server.exec(             │  │
│  │      "daemon-1", "ls -la"          │  │
│  │  )                                 │  │
│  └────────────────────────────────────┘  │
│          ▲                               │
│          │ Python bindings (PyO3)        │
│          ▼                               │
│  ┌────────────────────────────────────┐  │
│  │  Rust WebSocket Server (tokio)     │  │
│  │  • Command routing                 │  │
│  │  • Session management              │  │
│  └────────────────────────────────────┘  │
└──────────────────────────────────────────┘
                     ▲
                     │ WebSocket (WSS)
                     │ (Daemon initiates connection)
                     │
           ┌─────────┼─────────┐
           │         │         │
       ┌───▼───┐ ┌───▼───┐ ┌───▼───┐
       │Daemon │ │Daemon │ │Daemon │
       │  #1   │ │  #2   │ │  #n   │
       └───────┘ └───────┘ └───────┘
```

**Key Design**: Daemons connect **TO** the agent (not the other way around), so no ports need to be exposed on the execution plane.

## Quick Start

```bash
# Build
make install          # Python package
make daemon-release   # Worker binary
```

**Start controller:**

```python
from sandd import Server

server = Server("0.0.0.0", 8765)
server.wait_for_daemon("worker-1", timeout=30)

result = server.exec("worker-1", "hostname")
print(result.stdout)
```

**Start worker:**

```bash
./target/release/sandd \
    --server-url ws://controller:8765/ws \
    --daemon-id worker-1
```

## Documentation

- [Quick Start Guide](./docs/QUICKSTART.md)
- [Architecture Details](./docs/ARCHITECTURE.md)
- [Protocol Specification](./docs/PROTOCOL.md)
- [Development Guide](./docs/DEVELOP.md)
- [Examples](./examples)

## Security

⚠️ **Add security layers for production use:**

- Use `wss://` (TLS) instead of plain `ws://`
- Add authentication (tokens, mTLS)
- Run workers in containers
- Validate commands before execution
- Audit log all commands

## Roadmap

- [ ] **Authentication** - Token-based auth for daemon connections
- [ ] **TLS Support** - Built-in WSS with certificate management
- [ ] **Audit Logging** - Track all commands, sessions, and file transfers
- [ ] **Metrics** - Prometheus-compatible metrics for monitoring
- [ ] **Resource Limits** - CPU/memory/timeout controls per daemon
- [ ] **Multi-tenancy** - Isolated workspaces with access control
- [ ] **Rate Limiting** - Prevent abuse and resource exhaustion
- [ ] **Command Allowlist** - Restrict allowed commands per daemon

## Contributing

We welcome any kind of contributions, feedback, and suggestions! See [DEVELOP.md](./docs/DEVELOP.md) for development setup and guidelines.

## License

MIT

