pub trait IsolationRuntime: Send + Sync {
Show 16 methods
// Required methods
fn runtime_ref(&self) -> &IsolationRuntimeRef;
fn capability_report(&self) -> Result<IsolationCapabilityReport, AgentError>;
fn prepare_session(
&self,
request: SessionPrepareRequest,
) -> Result<IsolationSessionRef, AgentError>;
fn resolve_image(
&self,
request: ImageResolveRequest,
) -> Result<ImageResolution, AgentError>;
fn prepare_rootfs(
&self,
request: RootfsPrepareRequest,
) -> Result<RootfsRef, AgentError>;
fn resolve_mounts(
&self,
request: MountResolveRequest,
) -> Result<MountPlan, AgentError>;
fn configure_network(
&self,
request: NetworkPrepareRequest,
) -> Result<NetworkNamespaceRef, AgentError>;
fn prepare_secrets(
&self,
request: SecretPrepareRequest,
) -> Result<SecretMaterializationPlan, AgentError>;
fn prepare_environment(
&self,
request: EnvironmentPrepareRequest,
) -> Result<PreparedEnvironmentRef, AgentError>;
fn start_process(
&self,
request: ProcessStartRequest,
) -> Result<ProcessStartResult, AgentError>;
fn stream_io(
&self,
request: ProcessIoRequest,
) -> Result<ProcessIoFrame, AgentError>;
fn signal_process(
&self,
request: ProcessSignalRequest,
) -> Result<ProcessSignalResult, AgentError>;
fn collect_stats(
&self,
request: ProcessStatsRequest,
) -> Result<ProcessStatsSnapshot, AgentError>;
fn cleanup(
&self,
request: CleanupRequest,
) -> Result<CleanupResult, AgentError>;
fn detach(
&self,
request: DetachTransferRequest,
) -> Result<DetachTransferResult, AgentError>;
fn reclaim(
&self,
request: ReclaimRequest,
) -> Result<ReclaimResult, AgentError>;
}Expand description
Port or behavior contract for isolation runtime. Implementors should preserve policy, redaction, idempotency, and replay expectations from the surrounding module. Implementations may perform side effects only as described by the trait methods.
Required Methods§
Sourcefn runtime_ref(&self) -> &IsolationRuntimeRef
fn runtime_ref(&self) -> &IsolationRuntimeRef
Returns runtime ref for the current value. This is a read-only or data-construction helper unless the method body explicitly calls a port or store.
Sourcefn capability_report(&self) -> Result<IsolationCapabilityReport, AgentError>
fn capability_report(&self) -> Result<IsolationCapabilityReport, AgentError>
Returns capability report for the current value. This is a read-only or data-construction helper unless the method body explicitly calls a port or store.
Sourcefn prepare_session(
&self,
request: SessionPrepareRequest,
) -> Result<IsolationSessionRef, AgentError>
fn prepare_session( &self, request: SessionPrepareRequest, ) -> Result<IsolationSessionRef, AgentError>
Prepares or selects an isolation session for the request. Implementations allocate or select an isolation session for the request; they may mutate adapter sandbox state but must not start the process.
Sourcefn resolve_image(
&self,
request: ImageResolveRequest,
) -> Result<ImageResolution, AgentError>
fn resolve_image( &self, request: ImageResolveRequest, ) -> Result<ImageResolution, AgentError>
Resolves an image request into adapter-specific image metadata. Implementations resolve isolation planning data; only process-start methods may launch a process.
Sourcefn prepare_rootfs(
&self,
request: RootfsPrepareRequest,
) -> Result<RootfsRef, AgentError>
fn prepare_rootfs( &self, request: RootfsPrepareRequest, ) -> Result<RootfsRef, AgentError>
Prepares the root filesystem for the isolation session. Implementations materialize or select the requested root filesystem and may touch host storage or image caches; they must not start the process.
Sourcefn resolve_mounts(
&self,
request: MountResolveRequest,
) -> Result<MountPlan, AgentError>
fn resolve_mounts( &self, request: MountResolveRequest, ) -> Result<MountPlan, AgentError>
Resolves requested mounts into a mount plan for the environment. Implementations resolve isolation planning data; only process-start methods may launch a process.
Sourcefn configure_network(
&self,
request: NetworkPrepareRequest,
) -> Result<NetworkNamespaceRef, AgentError>
fn configure_network( &self, request: NetworkPrepareRequest, ) -> Result<NetworkNamespaceRef, AgentError>
Configures or selects the network namespace for the environment. Implementations resolve isolation planning data; only process-start methods may launch a process.
Sourcefn prepare_secrets(
&self,
request: SecretPrepareRequest,
) -> Result<SecretMaterializationPlan, AgentError>
fn prepare_secrets( &self, request: SecretPrepareRequest, ) -> Result<SecretMaterializationPlan, AgentError>
Prepares secret mounts or handles for the environment. Implementations materialize secret mounts or handles for the isolated environment and must not return raw secret values.
Sourcefn prepare_environment(
&self,
request: EnvironmentPrepareRequest,
) -> Result<PreparedEnvironmentRef, AgentError>
fn prepare_environment( &self, request: EnvironmentPrepareRequest, ) -> Result<PreparedEnvironmentRef, AgentError>
Combines prepared isolation pieces into an executable environment. Implementations combine prepared rootfs, mounts, network, and secrets into an executable environment handle; they must not start the process.
Sourcefn start_process(
&self,
request: ProcessStartRequest,
) -> Result<ProcessStartResult, AgentError>
fn start_process( &self, request: ProcessStartRequest, ) -> Result<ProcessStartResult, AgentError>
Starts the prepared isolated process through the host adapter. Implementations may launch a process or container and return process handles, but journal intent/result recording stays with the runtime.
Sourcefn stream_io(
&self,
request: ProcessIoRequest,
) -> Result<ProcessIoFrame, AgentError>
fn stream_io( &self, request: ProcessIoRequest, ) -> Result<ProcessIoFrame, AgentError>
Reads or writes one bounded I/O frame for an isolated process. Implementations may touch host process streams, but must preserve redaction and return stream refs or bounded data according to policy.
Sourcefn signal_process(
&self,
request: ProcessSignalRequest,
) -> Result<ProcessSignalResult, AgentError>
fn signal_process( &self, request: ProcessSignalRequest, ) -> Result<ProcessSignalResult, AgentError>
Sends a control signal to an already-started isolated process. Implementations return the observed signal result and leave lifecycle journal evidence to the runtime.
Sourcefn collect_stats(
&self,
request: ProcessStatsRequest,
) -> Result<ProcessStatsSnapshot, AgentError>
fn collect_stats( &self, request: ProcessStatsRequest, ) -> Result<ProcessStatsSnapshot, AgentError>
Collects statistics for an already-started isolated process. Implementations may query host process/container state and must return bounded metadata rather than raw process output.
Sourcefn cleanup(&self, request: CleanupRequest) -> Result<CleanupResult, AgentError>
fn cleanup(&self, request: CleanupRequest) -> Result<CleanupResult, AgentError>
Cleans up adapter-owned isolation resources for a finished process. Implementations may remove sessions, mounts, namespaces, or reclaim tickets selected by the cleanup request.
Sourcefn detach(
&self,
request: DetachTransferRequest,
) -> Result<DetachTransferResult, AgentError>
fn detach( &self, request: DetachTransferRequest, ) -> Result<DetachTransferResult, AgentError>
Transfers ownership of isolation resources according to a detach plan. Implementations may leave processes or resources running under a reclaim ticket, but must not silently discard cleanup responsibility.
Sourcefn reclaim(&self, request: ReclaimRequest) -> Result<ReclaimResult, AgentError>
fn reclaim(&self, request: ReclaimRequest) -> Result<ReclaimResult, AgentError>
Reclaims resources that were previously detached from runtime ownership. Implementations may stop processes or remove resources referenced by the reclaim ticket and must report any cleanup failure for repair.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".