astrid_workspace/lib.rs
1//! Astrid Workspace - Operational boundaries for agent actions.
2//!
3//! This crate provides workspace boundaries that define where the agent
4//! can operate. Unlike the WASM sandbox (which is inescapable), the
5//! operational workspace can be escaped with user approval.
6//!
7//! # Key Concepts
8//!
9//! - **Workspace**: A directory tree where the agent can freely operate
10//! - **Escape**: Operations outside the workspace require approval
11//! - **Modes**: Safe (always ask), Guided (smart defaults), Autonomous (no restrictions)
12//!
13//! # Example
14//!
15//! ```rust,ignore
16//! use astrid_workspace::{WorkspaceBoundary, WorkspaceConfig, WorkspaceMode};
17//!
18//! let config = WorkspaceConfig::new("/home/user/project")
19//! .with_mode(WorkspaceMode::Guided);
20//!
21//! let boundary = WorkspaceBoundary::new(config);
22//!
23//! // Check if a path is allowed
24//! match boundary.check("/home/user/project/src/main.rs") {
25//! PathCheck::Allowed => println!("Path is in workspace"),
26//! PathCheck::RequiresApproval => println!("Needs user approval"),
27//! _ => {}
28//! }
29//! ```
30
31#![deny(unsafe_code)]
32#![deny(missing_docs)]
33#![deny(clippy::all)]
34#![deny(unreachable_pub)]
35#![deny(clippy::unwrap_used)]
36#![cfg_attr(test, allow(clippy::unwrap_used))]
37
38pub mod prelude;
39
40#[allow(dead_code)]
41pub(crate) mod boundaries;
42#[allow(dead_code)]
43pub(crate) mod config;
44#[allow(dead_code)]
45pub(crate) mod escape;
46#[allow(dead_code)]
47pub(crate) mod profiles;
48/// Host-level sandbox generation for shell processes.
49pub mod sandbox;
50/// Git worktree management for agent sessions.
51#[allow(dead_code)]
52pub(crate) mod worktree;
53
54pub use sandbox::{ProcessSandboxConfig, SandboxCommand, SandboxPolicy, SandboxPrefix};