Module package_isolation

Expand description

Public package isolation namespace. Use it for the documented package isolation API surface; prefer crate-root re-exports for common imports. Module items must preserve the core ownership and side-effect boundaries described in this file. Runtime-package records and builders. Use these items to describe the immutable per-run package that freezes provider route, capabilities, policies, sidecars, catalogs, and fingerprints. Builders are data-only and must not perform discovery or execution side effects. This file contains the isolation portion of that contract.

Structs§

ChildArtifactId: Typed isolation/package identifier for ChildArtifactId. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
CleanupPlanRef: Typed isolation/package identifier for CleanupPlanRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
DetachPolicy: Describes the detach policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
EnvironmentSpec: Describes the environment spec portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ExecutionEnvironment: Describes the execution environment portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ExecutionEnvironmentBuilder: Describes the execution environment builder portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ExecutionEnvironmentId: Typed isolation/package identifier for ExecutionEnvironmentId. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
FilesystemIsolationPolicy: Describes the filesystem isolation policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ImageRef: Typed isolation/package identifier for ImageRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
ImageRequest: Describes the image request portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
IsolatedProcessId: Typed isolation/package identifier for IsolatedProcessId. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
IsolatedProcessRef: Typed isolation/package identifier for IsolatedProcessRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
IsolatedProcessSpec: Describes the isolated process spec portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
IsolatedProcessSpecBuilder: Describes the isolated process spec builder portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
IsolationAdapterRequirement: Describes the isolation adapter requirement portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
IsolationAdapterSessionRef: Typed isolation/package identifier for IsolationAdapterSessionRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
IsolationCapabilityReportRef: Typed isolation/package identifier for IsolationCapabilityReportRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
IsolationCapabilitySet: Describes the isolation capability set portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
IsolationFingerprintFields: Describes the isolation fingerprint fields portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
IsolationRequirement: Describes the isolation requirement portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
IsolationRequirementRef: Typed isolation/package identifier for IsolationRequirementRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
IsolationRequirementSnapshot: Describes the isolation requirement snapshot portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
IsolationRuntimeRef: Typed isolation/package identifier for IsolationRuntimeRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
IsolationSessionId: Typed isolation/package identifier for IsolationSessionId. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
IsolationSessionRef: Typed isolation/package identifier for IsolationSessionRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
IsolationTrustRequirement: Describes the isolation trust requirement portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
MountExpansionAudit: Describes the mount expansion audit portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
MountPolicy: Describes the mount policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
MountRef: Typed isolation/package identifier for MountRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
NetworkNamespaceRef: Typed isolation/package identifier for NetworkNamespaceRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
PolicyDecisionRef: Typed isolation/package identifier for PolicyDecisionRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
PreparedEnvironmentRef: Typed isolation/package identifier for PreparedEnvironmentRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
ProcessIoCapturePolicy: Describes the process io capture policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ProcessIoPolicy: Describes the process io policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ProcessIoStreamRef: Typed isolation/package identifier for ProcessIoStreamRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
ProcessOwnershipPolicy: Describes the process ownership policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ProcessStatsPolicy: Describes the process stats policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ProcessStatsSnapshotRef: Typed isolation/package identifier for ProcessStatsSnapshotRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
ReclaimPolicy: Describes the reclaim policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ReclaimTicketRef: Typed isolation/package identifier for ReclaimTicketRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
RedactedEnvVar: Describes the redacted env var portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
ResourceLimits: Describes the resource limits portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
RootfsRef: Typed isolation/package identifier for RootfsRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
RootfsRequest: Describes the rootfs request portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
RunChildLifecyclePolicyRef: Typed isolation/package identifier for RunChildLifecyclePolicyRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
RuntimePackageSidecarId: Typed isolation/package identifier for RuntimePackageSidecarId. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
SecretEnvPolicy: Describes the secret env policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
SecretExposurePolicy: Describes the secret exposure policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
SecretMountPolicy: Describes the secret mount policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.
SecretMountRef: Typed isolation/package identifier for SecretMountRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
SecretRef: Typed isolation/package identifier for SecretRef. Use it to refer to isolation resources without granting ambient runtime power; constructing it is data-only and performs no side effects.
WorkspaceMountPolicy: Describes the workspace mount policy portion of a runtime package snapshot. Use it when package authors or tests need explicit package configuration; validation and activation happen in package/runtime coordinators.

Enums§

AmbientSecretPolicy: Enumerates the finite ambient secret policy cases. Serialized names are part of the SDK contract; update fixtures when variants change.
AuditabilityRequirement: Enumerates the finite auditability requirement cases. Serialized names are part of the SDK contract; update fixtures when variants change.
ChildShutdownBehavior: Enumerates the finite child shutdown behavior cases. Serialized names are part of the SDK contract; update fixtures when variants change.
CleanupGuaranteeRequirement: Enumerates the finite cleanup guarantee requirement cases. Serialized names are part of the SDK contract; update fixtures when variants change.
CleanupMode: Enumerates the finite cleanup mode cases. Serialized names are part of the SDK contract; update fixtures when variants change.
ContentRefMode: Enumerates the finite content ref mode cases. Serialized names are part of the SDK contract; update fixtures when variants change.
DataResidencyRequirement: Enumerates the finite data residency requirement cases. Serialized names are part of the SDK contract; update fixtures when variants change.
EnvironmentLifecyclePolicy: Enumerates the finite environment lifecycle policy cases. Serialized names are part of the SDK contract; update fixtures when variants change.
ExecutionEnvironmentKind: Enumerates the finite execution environment kind cases. Serialized names are part of the SDK contract; update fixtures when variants change.
IsolationCapability: Enumerates the finite isolation capability cases. Serialized names are part of the SDK contract; update fixtures when variants change.
IsolationClass: Enumerates the finite isolation class cases. Serialized names are part of the SDK contract; update fixtures when variants change.
IsolationFallback: Enumerates the finite isolation fallback cases. Serialized names are part of the SDK contract; update fixtures when variants change.
IsolationTrustField: Enumerates the finite isolation trust field cases. Serialized names are part of the SDK contract; update fixtures when variants change.
LocalityRequirement: Enumerates the finite locality requirement cases. Serialized names are part of the SDK contract; update fixtures when variants change.
MountMode: Enumerates the finite mount mode cases. Serialized names are part of the SDK contract; update fixtures when variants change.
NetworkIsolationPolicy: Enumerates the finite network isolation policy cases. Serialized names are part of the SDK contract; update fixtures when variants change.
ProcessContentCaptureMode: Enumerates the finite process content capture mode cases. Serialized names are part of the SDK contract; update fixtures when variants change.
ProcessOwnershipClass: Enumerates the finite process ownership class cases. Serialized names are part of the SDK contract; update fixtures when variants change.
RootFilesystemMode: Enumerates the finite root filesystem mode cases. Serialized names are part of the SDK contract; update fixtures when variants change.
SecretIsolationRequirement: Enumerates the finite secret isolation requirement cases. Serialized names are part of the SDK contract; update fixtures when variants change.
SingleFileMountExpansionPolicy: Enumerates the finite single file mount expansion policy cases. Serialized names are part of the SDK contract; update fixtures when variants change.
StdinPolicy: Enumerates the finite stdin policy cases. Serialized names are part of the SDK contract; update fixtures when variants change.
SymlinkPolicy: Enumerates the finite symlink policy cases. Serialized names are part of the SDK contract; update fixtures when variants change.
TenantBoundaryRequirement: Enumerates the finite tenant boundary requirement cases. Serialized names are part of the SDK contract; update fixtures when variants change.
TerminalMode: Enumerates the finite terminal mode cases. Serialized names are part of the SDK contract; update fixtures when variants change.
TruncationPolicy: Enumerates the finite truncation policy cases. Serialized names are part of the SDK contract; update fixtures when variants change.
WorkspaceMountMode: Enumerates the finite workspace mount mode cases. Serialized names are part of the SDK contract; update fixtures when variants change.

Constants§

ISOLATION_REQUIREMENT_SCHEMA_VERSION: Constant value for the package::isolation contract. Use it to keep SDK records and tests aligned on the same stable value.