Skip to main content

SandboxExecutor

agent_code_lib::sandbox

Struct SandboxExecutor

pub struct SandboxExecutor { /* private fields */ }

Expand description

Owns the active strategy and resolved policy for a session.

Construct one at session start via SandboxExecutor::from_config and thread it into crate::tools::ToolContext::sandbox. Tools call SandboxExecutor::wrap before spawning.

Implementations§

impl SandboxExecutor

pub fn from_config(config: &SandboxConfig, project_dir: &Path) -> Self

Build an executor from config and the session’s project directory.

If config.enabled is false, the returned executor’s [wrap] is a no-op. If the selected strategy is unavailable on the current platform (e.g. seatbelt on Linux), falls back to NoopStrategy and logs a warning — the caller should still treat this as enabled for /sandbox reporting so the degradation is visible.

pub fn from_config_with_bypass( config: &SandboxConfig, project_dir: &Path, allow_bypass: bool, ) -> Self

Build an executor, explicitly setting whether per-call bypass is allowed.

Call sites with access to the full crate::config::Config should prefer SandboxExecutor::from_session_config, which reads the bypass flag from security.disable_bypass_permissions.

pub fn from_session_config(config: &Config, project_dir: &Path) -> Self

Build an executor from the top-level crate::config::Config, honoring the enterprise security.disable_bypass_permissions flag.

pub fn strategy_name(&self) -> &'static str

Strategy name for diagnostics (e.g. /sandbox command output).

pub fn is_active(&self) -> bool

Whether sandboxing is active (config enabled and a real strategy is selected).

pub fn policy(&self) -> &SandboxPolicy

Access the resolved policy for diagnostics.

pub fn allow_bypass(&self) -> bool

Whether a tool call may request per-call bypass (e.g. the Bash tool’s dangerouslyDisableSandbox parameter).

Returns false when security.disable_bypass_permissions = true.

pub fn wrap(&self, cmd: Command) -> Command

Wrap cmd with the active strategy, reapplying piped stdio.

If the executor is disabled or the strategy is a no-op, returns cmd unchanged. Callers should use this before .spawn().

pub fn disabled() -> Self

A “disabled” executor for tests and default construction.

Auto Trait Implementations§

impl Freeze for SandboxExecutor

impl !RefUnwindSafe for SandboxExecutor

impl Send for SandboxExecutor

impl Sync for SandboxExecutor

impl Unpin for SandboxExecutor

impl UnsafeUnpin for SandboxExecutor

impl !UnwindSafe for SandboxExecutor

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more