Skip to main content

SandboxPolicyBuilder

adk_rust::sandbox

Struct SandboxPolicyBuilder

pub struct SandboxPolicyBuilder { /* private fields */ }

Available on crate feature sandbox only.

Expand description

Builder for constructing SandboxPolicy values incrementally.

Defaults to deny-all: no allowed paths, no network, no process spawning, and no environment variables.

§Example

use adk_sandbox::sandbox::SandboxPolicyBuilder;

let policy = SandboxPolicyBuilder::new()
    .allow_read("/usr/lib")
    .allow_read_write("/tmp/work")
    .allow_network()
    .allow_process_spawn()
    .env("HOME", "/home/user")
    .build();

assert_eq!(policy.allowed_paths.len(), 2);
assert!(policy.allow_network);
assert!(policy.allow_process_spawn);
assert_eq!(policy.env.get("HOME").unwrap(), "/home/user");

Implementations§

impl SandboxPolicyBuilder

pub fn new() -> SandboxPolicyBuilder

Creates a new builder with deny-all defaults.

pub fn allow_read(self, path: impl Into<PathBuf>) -> SandboxPolicyBuilder

Adds a read-only allowed path.

pub fn allow_read_write(self, path: impl Into<PathBuf>) -> SandboxPolicyBuilder

Adds a read-write allowed path.

pub fn allow_network(self) -> SandboxPolicyBuilder

Enables full network access (all domains, all ports).

This overrides any domain-specific rules added via allow_domain.

pub fn allow_domain( self, domain: impl Into<String>, ports: &[u16], ) -> SandboxPolicyBuilder

Allows network access to a specific domain and ports.

When allow_network is false (the default), only domains added via this method are accessible. Pass an empty slice for ports to allow all ports on the domain.

Platform support: Only enforced on macOS (Seatbelt). On Linux and Windows, domain-level filtering is not available — if any rules are present but allow_network is false, all network is blocked.

§Example

use adk_sandbox::sandbox::SandboxPolicyBuilder;

let policy = SandboxPolicyBuilder::new()
    .allow_domain("api.openai.com", &[443])
    .allow_domain("huggingface.co", &[443, 80])
    .build();

pub fn allow_process_spawn(self) -> SandboxPolicyBuilder

Enables child process spawning.

pub fn env( self, key: impl Into<String>, value: impl Into<String>, ) -> SandboxPolicyBuilder

Adds an environment variable key-value pair.

pub fn build(self) -> SandboxPolicy

Consumes the builder and returns the constructed SandboxPolicy.

Trait Implementations§

impl Default for SandboxPolicyBuilder

fn default() -> SandboxPolicyBuilder

Returns the “default value” for a type. Read more

Auto Trait Implementations§

impl Freeze for SandboxPolicyBuilder

impl RefUnwindSafe for SandboxPolicyBuilder

impl Send for SandboxPolicyBuilder

impl Sync for SandboxPolicyBuilder

impl Unpin for SandboxPolicyBuilder

impl UnsafeUnpin for SandboxPolicyBuilder

impl UnwindSafe for SandboxPolicyBuilder

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self> ⓘ

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self> ⓘ

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> ⓘ
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self> ⓘ

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more