Skip to main content

SandboxPolicy

clawft_plugin::sandbox

Struct SandboxPolicy

pub struct SandboxPolicy {
    pub agent_id: String,
    pub sandbox_type: SandboxType,
    pub network: NetworkPolicy,
    pub filesystem: FilesystemPolicy,
    pub process: ProcessPolicy,
    pub env: EnvPolicy,
    pub allowed_tools: Vec<String>,
    pub denied_tools: Vec<String>,
    pub audit_logging: bool,
}

Expand description

Per-agent sandbox policy.

Created from an agent’s configuration and enforced at runtime by the sandbox enforcement layer. Each agent’s tool restrictions map to a SandboxPolicy.

Fields§

§agent_id: String

Agent or plugin identifier.

§sandbox_type: SandboxType

Sandbox isolation type.

§network: NetworkPolicy

Network access policy.

§filesystem: FilesystemPolicy

Filesystem access policy.

§process: ProcessPolicy

Process execution policy.

§env: EnvPolicy

Environment variable access policy.

§allowed_tools: Vec<String>

Tools this agent is allowed to use (empty = all tools allowed).

§denied_tools: Vec<String>

Tools explicitly denied to this agent.

§audit_logging: bool

Whether audit logging is enabled for this agent.

Implementations§

impl SandboxPolicy

pub fn new(agent_id: impl Into<String>) -> Self

Create a new sandbox policy for the given agent.

pub fn is_tool_allowed(&self, tool_name: &str) -> bool

Check whether a specific tool is allowed by this policy.

pub fn is_domain_allowed(&self, domain: &str) -> bool

Check whether a domain is allowed by the network policy.

pub fn is_path_readable(&self, path: &Path) -> bool

Check whether a file path is readable.

pub fn is_path_writable(&self, path: &Path) -> bool

Check whether a file path is writable.

pub fn is_command_allowed(&self, command: &str) -> bool

Check whether a command is allowed by the process policy.

pub fn effective_tools(&self) -> HashSet<String>

Collect the set of all effective tool names that are allowed.

pub fn effective_sandbox_type(&self) -> SandboxType

Return the platform-appropriate sandbox type.

On macOS, downgrades OsSandbox and Combined to Wasm with a warning, since seccomp/landlock are Linux-only.

Trait Implementations§

impl Clone for SandboxPolicy

fn clone(&self) -> SandboxPolicy

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for SandboxPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for SandboxPolicy

fn default() -> Self

Returns the “default value” for a type. Read more

impl<'de> Deserialize<'de> for SandboxPolicy

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

impl Serialize for SandboxPolicy

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

impl Freeze for SandboxPolicy

impl RefUnwindSafe for SandboxPolicy

impl Send for SandboxPolicy

impl Sync for SandboxPolicy

impl Unpin for SandboxPolicy

impl UnsafeUnpin for SandboxPolicy

impl UnwindSafe for SandboxPolicy

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,