II.
Page overview
Reference · livepage:docs-harness-features-backlog-gaps-security-gap-sec-004
GAP-SEC-004: Sandbox Toggle overview
Inspect the raw attributes, linked wiki pages, and inbound or outbound graph edges for page:docs-harness-features-backlog-gaps-security-gap-sec-004.
Attributes
nodeKind
Page
sourcePath
docs/harness-features-backlog/gaps/security/GAP-SEC-004.md
sourceKind
repo-docs
title
GAP-SEC-004: Sandbox Toggle
displayName
GAP-SEC-004: Sandbox Toggle
slug
docs/harness-features-backlog/gaps/security/gap-sec-004
articlePath
wiki/docs/harness-features-backlog/gaps/security/GAP-SEC-004.md
article
# GAP-SEC-004: Sandbox Toggle
| Field | Value |
|-------|-------|
| Category | security |
| Priority | Medium |
| Effort | M |
| Status | Partial |
## Description
Runtime sandbox control for general harness execution, extending beyond the current Pi-specific secure sandbox to all harness adapters.
## Current State
piSecureSandbox provides Docker-based isolation for Pi bash execution. No general sandbox toggle for other harness adapters. No runtime control to enable/disable sandboxing.
## Target State
General sandbox capability across harness adapters. Runtime toggle to enable/disable sandboxing per run or per effect. Sandbox enforcement in governance policy.
## Dependencies
- [GAP-SEC-001](../security/GAP-SEC-001.md) -- governance policy for sandbox enforcement
## Key Files
| Component | Path |
|-----------|------|
| Pi secure sandbox | `packages/sdk/src/harness/piSecureSandbox.ts` |
| Harness adapters | `packages/sdk/src/harness/` |
## Recommendation
Phase 3 implementation. Generalize piSecureSandbox pattern. Add sandbox config to run metadata. Enforce via governance policy.
documents
[]
Outgoing edges
None.
Incoming edges
contains_page1
- page:docs-harness-features-backlog·PageHarness Features Backlog: Gap Analysis (Restructured)