Landlock-Sharp

Home

Build, query, and extend the graph + search + AI platform.

Roll out Curiosity to Docker, Kubernetes, or your cloud of choice.

Ship domain-specific AI apps with custom UIs, endpoints, and connectors.

Model your data as typed nodes and edges with stable keys.

Query with text, vector, and hybrid retrieval — permission-aware.

Ground LLMs, embeddings, and agents in your own graph.

Compose UIs in C# with our front-end component library.

Transpile C# to JavaScript and run it in the browser.

Run NLP pipelines on your own text with our open-source library.

.NET bindings for Facebook's RocksDB key-value store.

C# wrapper for the Linux Landlock kernel sandboxing feature.

Test, ingest, sync, and promote workspaces from any shell.

Browse every open-source project Curiosity maintains.

Support

Guides

End-to-end recipes for the patterns you'll reach for most often when sandboxing a .NET process with Landlock.

AddPathBeneathRule, allowed actions, multiple paths, read-only vs read-write trees.

AddPortRule for TCP BIND and CONNECT. Requires Landlock ABI 4 (kernel 6.7+).

Block abstract Unix sockets and inbound signals. Requires Landlock ABI 6 (kernel 6.12+).

Thread vs process scope, child inheritance, layering, and the "no widening" rule.

Control how the kernel audits denied accesses. Requires Landlock ABI 7 (kernel 6.13+).

For the kernel-side reference, the landlock(7) man page and the Linux kernel Landlock docs are the canonical source of truth. These guides explain how the C# binding maps onto them.