### Install and Configure Sandbox Runtime CLI Source: https://github.com/microsoft/vscode-sandbox-runtime/blob/main/README.md Installs the sandbox runtime globally and sets up a configuration file for filesystem and network restrictions. Use this to run commands with specific sandboxing rules from the command line. ```bash npm install -g @vscode/sandbox-runtime cat > ~/.srt-settings.json <<'JSON' { "network": { "allowedDomains": ["example.com"], "deniedDomains": [] }, "filesystem": { "denyRead": ["~/.ssh"], "allowRead": [], "allowWrite": ["."], "denyWrite": [".env"] } } JSON srt "curl https://example.com" ``` -------------------------------- ### Programmatic Sandbox Execution with Node.js/TypeScript Source: https://github.com/microsoft/vscode-sandbox-runtime/blob/main/README.md Demonstrates how to use the SandboxManager API in Node.js or TypeScript to configure and run a command within a sandbox. It initializes the sandbox with a configuration, wraps a command, spawns it as a child process, and resets the sandbox upon exit. ```typescript import { SandboxManager, type SandboxRuntimeConfig } from '@vscode/sandbox-runtime' import { spawn } from 'node:child_process' const config: SandboxRuntimeConfig = { network: { allowedDomains: ['example.com'], deniedDomains: [], }, filesystem: { denyRead: ['~/.ssh'], allowRead: [], allowWrite: ['.'], denyWrite: ['.env'], }, } await SandboxManager.initialize(config) const command = await SandboxManager.wrapWithSandbox('curl https://example.com') const child = spawn(command, { shell: true, stdio: 'inherit' }) child.on('exit', async () => { await SandboxManager.reset() }) ``` -------------------------------- ### Generate Test CA with OpenSSL Source: https://github.com/microsoft/vscode-sandbox-runtime/blob/main/test/fixtures/tls-terminate/README.md Use this command to generate a self-signed CA certificate and private key for testing purposes. The private key is intentionally committed and should never be trusted by production systems. ```sh openssl req -x509 -newkey rsa:2048 -nodes -sha256 \ -keyout ca.key -out ca.crt -days 36500 \ -subj '/CN=srt-test-ca DO NOT TRUST/O=sandbox-runtime test fixture' ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.