Skip to main content

BoxConfig

a3s_box_core::config

Struct BoxConfig 

Source 
pub struct BoxConfig {
Show 24 fields
    pub image: String,
    pub workspace: PathBuf,
    pub resources: ResourceConfig,
    pub log_level: LogLevel,
    pub debug_grpc: bool,
    pub tee: TeeConfig,
    pub cmd: Vec<String>,
    pub entrypoint_override: Option<Vec<String>>,
    pub volumes: Vec<String>,
    pub extra_env: Vec<(String, String)>,
    pub cache: CacheConfig,
    pub pool: PoolConfig,
    pub port_map: Vec<String>,
    pub dns: Vec<String>,
    pub network: NetworkMode,
    pub tmpfs: Vec<String>,
    pub resource_limits: ResourceLimits,
    pub cap_add: Vec<String>,
    pub cap_drop: Vec<String>,
    pub security_opt: Vec<String>,
    pub privileged: bool,
    pub read_only: bool,
    pub sidecar: Option<SidecarConfig>,
    pub persistent: bool,

}
Expand description

Box configuration

Fields§

§image: String

OCI image reference (e.g., “nginx:alpine”, “ghcr.io/org/app:latest”)

§workspace: PathBuf

Workspace directory (mounted to /workspace inside the VM)

§resources: ResourceConfig

Resource limits

§log_level: LogLevel

Log level

§debug_grpc: bool

Enable gRPC debug logging

§tee: TeeConfig

TEE (Trusted Execution Environment) configuration

§cmd: Vec<String>

Command override (replaces OCI CMD when set)

§entrypoint_override: Option<Vec<String>>

Entrypoint override (replaces OCI ENTRYPOINT when set)

§volumes: Vec<String>

Extra volume mounts (host_path:guest_path or host_path:guest_path:ro)

§extra_env: Vec<(String, String)>

Extra environment variables for the entrypoint

§cache: CacheConfig

Cache configuration for cold start optimization

§pool: PoolConfig

Warm pool configuration for pre-booted VMs

§port_map: Vec<String>

Port mappings: “host_port:guest_port” (e.g., “8080:80”) Maps host ports to guest ports via TSI (Transparent Socket Impersonation).

§dns: Vec<String>

Custom DNS servers (e.g., “1.1.1.1”). If empty, reads from host /etc/resolv.conf, falling back to 8.8.8.8.

§network: NetworkMode

Network mode: TSI (default), bridge (passt-based), or none.

§tmpfs: Vec<String>

tmpfs mounts (ephemeral in-guest filesystems). Format: “/path” or “/path:size=100m”

§resource_limits: ResourceLimits

Resource limits (PID limits, CPU pinning, ulimits, cgroup controls).

§cap_add: Vec<String>

Linux capabilities to add (e.g., “NET_ADMIN”, “SYS_PTRACE”)

§cap_drop: Vec<String>

Linux capabilities to drop (e.g., “ALL”, “NET_RAW”)

§security_opt: Vec<String>

Security options (e.g., “seccomp=unconfined”, “no-new-privileges”)

§privileged: bool

Run in privileged mode (disables all security restrictions)

§read_only: bool

Mount the container rootfs as read-only.

Volume mounts (-v host:guest) remain writable by default. Requires guest init to be present in the rootfs image.

§sidecar: Option<SidecarConfig>

Optional sidecar process to run alongside the main container inside the VM.

The sidecar is launched before the main container entrypoint and runs as a co-process inside the same MicroVM. Intended for security proxies such as SafeClaw that intercept and classify agent traffic.

§persistent: bool

Preserve the box filesystem across stop/start cycles.

When true, the overlay upper layer (or copy rootfs) is kept on disk after the box stops and reused on the next start. Changes made inside the box persist between restarts, similar to a traditional VM.

When false (default), the writable layer is wiped on every stop, giving a clean slate on each start.

Trait Implementations§

Source§

impl Clone for BoxConfig

Source§

fn clone(&self) -> BoxConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for BoxConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for BoxConfig

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for BoxConfig

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for BoxConfig

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,