feat: add JD.AI.Sandbox project with process isolation layer (#405)

[JerrettDavis]

Summary

Implements a standalone sandbox execution layer for JD.AI — process isolation with no third-party dependencies.

What's in this PR

New project: src/JD.AI.Sandbox with the following architecture:

Abstractions

• ISandbox — sandbox process execution contract (StartAsync, RunAsync)
• SandboxPolicy — capability profile (network, filesystem, process spawn, CPU/memory limits, env vars, working directory)
• SandboxedProcess — async wrapper around System.Diagnostics.Process with IAsyncDisposable + stdin/stdout/stderr
• SandboxExecutionResult — structured result with elapsed time

Platform runtimes

• LinuxSandbox — prctl(PR_SET_NO_NEW_PRIVS) for privilege restriction, syscall filter intent
• WindowsSandbox — Job Objects with CPU time + memory limits via AssignProcessToJobObject
• NoneSandbox — cross-platform no-op for testing/fallback

Pipeline operator

• SandboxPipeline.Plan(plannerPolicy, executorPolicy, plannerExe, executorExe) — creates stages
• SandboxPipeline.RunAsync(stages) — sequential execution with stdout→stdin piping (planner completes before executor starts)
• SandboxPipeline.PlannerPolicy() — factory: network+, no filesystem
• SandboxPipeline.ExecutorPolicy(allowedPaths) — factory: filesystem+, no network

Pre-built policies (SandboxPolicies)

• Planner() — has API access, no filesystem
• Executor(paths) — has filesystem/tools, no network
• ReadOnly(paths) — filesystem read-only, no network
• LockedDown() — all denied
• WithLimits(cpuMs, memoryBytes) — resource constraints extension

Tests: ests/JD.AI.Sandbox.Tests — 13 unit tests covering policy model, pipeline stages, NoneSandbox execution

Deferred (depends on #402)

• Integration with WorkflowFramework for sandboxed step execution (tracked in [P0] WorkflowFramework bridge: adapt JD.AI workflow definitions to WorkflowFramework engine #402)
• Linux: full Landlock ruleset enforcement via prctl + seccomp-bpf BPF program installation
• Windows: Restricted Token application for SID-based capability stripping

Testing

• All 13 sandbox tests pass locally
• Full solution builds with 0 errors (1 minor analyzer warning in test project)
• CI will run full test suite

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 9f267fd.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

tests/JD.AI.Sandbox.Tests/JD.AI.Sandbox.Tests.csproj

Package	Version	License	Issue Type
Microsoft.NET.Test.Sdk	>= 0	Null	Unknown License
coverlet.collector	>= 0	Null	Unknown License
xunit	>= 0	Null	Unknown License
xunit.runner.visualstudio	>= 0	Null	Unknown License

Denied Licenses:

GPL-2.0, GPL-3.0, AGPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
nuget/Microsoft.NET.Test.Sdk	>= 0	Unknown	Unknown
nuget/coverlet.collector	>= 0	Unknown	Unknown
nuget/xunit	>= 0	Unknown	Unknown
nuget/xunit.runner.visualstudio	>= 0	Unknown	Unknown

Scanned Files

• tests/JD.AI.Sandbox.Tests/JD.AI.Sandbox.Tests.csproj

[github-actions]

Test Results

6 539 tests   6 520 ✅  2m 54s ⏱️
    6 suites     19 💤
    6 files        0 ❌

Results for commit 9f267fd.

♻️ This comment has been updated with latest results.

[github-actions]

Code Coverage

Summary
  Generated on: 03/30/2026 - 04:01:05
  Coverage date: 03/30/2026 - 03:58:54 - 03/30/2026 - 04:00:57
  Parser: MultiReport (6x Cobertura)
  Assemblies: 22
  Classes: 990
  Files: 543
  Line coverage: 70.1%
  Covered lines: 31510
  Uncovered lines: 13402
  Coverable lines: 44912
  Total lines: 88179
  Branch coverage: 59% (12153 of 20598)
  Covered branches: 12153
  Total branches: 20598
  Method coverage: 82.3% (5431 of 6595)
  Full method coverage: 70.4% (4643 of 6595)
  Covered methods: 5431
  Fully covered methods: 4643
  Total methods: 6595