Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lukan.ai/llms.txt

Use this file to discover all available pages before exploring further.

Lukan supports OS-level sandboxing using bwrap (bubblewrap) to restrict what the agent’s tools can access on your system.

Setup

lukan sandbox setup              # Install and configure bwrap
lukan sandbox on                 # Enable sandboxing

Commands

lukan sandbox status             # Show current sandbox status
lukan sandbox on                 # Enable sandbox
lukan sandbox off                # Disable sandbox
lukan sandbox setup              # Install and configure bwrap
lukan sandbox uninstall          # Remove sandbox configuration

How It Works

When enabled, tool execution (especially Bash commands) runs inside a bubblewrap sandbox that:
  • Restricts filesystem access to allowed paths
  • Limits network access based on configuration
  • Isolates processes from the host system

When to Use

  • Running untrusted code or commands
  • Working with third-party tools
  • Environments where security isolation is required
  • Multi-tenant or shared machine setups
Sandboxing requires bwrap to be installed on your system. The lukan sandbox setup command handles installation.