Skip to main content

ProcessBackend

adk_rust::sandbox

Struct ProcessBackend 

Source 
pub struct ProcessBackend { /* private fields */ }
Available on crate feature sandbox only.
Expand description

Subprocess-based sandbox backend.

Executes code by spawning child processes with tokio::process::Command. Enforces timeout via tokio::time::timeout and environment isolation via env_clear(). Optionally enforces filesystem and network isolation when a SandboxEnforcer is configured via with_sandbox().

§Example

use adk_sandbox::{ProcessBackend, SandboxBackend};

let backend = ProcessBackend::default();
assert_eq!(backend.name(), "process");

§With OS-level sandbox

use adk_sandbox::{ProcessBackend, ProcessConfig, SandboxPolicyBuilder, get_enforcer};

let enforcer = get_enforcer()?;
let policy = SandboxPolicyBuilder::new()
    .allow_read("/usr/lib")
    .allow_read_write("/tmp/work")
    .build();

let backend = ProcessBackend::with_sandbox(
    ProcessConfig::default(),
    enforcer,
    policy,
);
assert!(backend.capabilities().enforced_limits.filesystem_isolation);

Implementations§

Source§

impl ProcessBackend

Source

pub fn new(config: ProcessConfig) -> ProcessBackend

Available on crate feature process only.

Creates a new ProcessBackend with the given configuration.

Source

pub fn with_sandbox( config: ProcessConfig, enforcer: Box<dyn SandboxEnforcer>, policy: SandboxPolicy, ) -> ProcessBackend

Available on crate feature process only.

Creates a new ProcessBackend with OS-level sandbox enforcement.

All executions through this backend will be sandboxed with the given policy. The enforcer wraps commands with platform-specific restrictions (Seatbelt on macOS, bubblewrap on Linux, AppContainer on Windows).

If different tools need different policies, create multiple ProcessBackend instances.

Trait Implementations§

Source§

impl Debug for ProcessBackend

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Default for ProcessBackend

Source§

fn default() -> ProcessBackend

Returns the “default value” for a type. Read more
Source§

impl SandboxBackend for ProcessBackend

Source§

fn name(&self) -> &str

Returns the backend name (e.g., "process", "wasm").
Source§

fn capabilities(&self) -> BackendCapabilities

Returns the capabilities and enforced limits of this backend.
Source§

fn execute<'life0, 'async_trait>( &'life0 self, request: ExecRequest, ) -> Pin<Box<dyn Future<Output = Result<ExecResult, SandboxError>> + Send + 'async_trait>>
where 'life0: 'async_trait, ProcessBackend: 'async_trait,

Executes code in isolation according to the request parameters. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more