Skip to main content

SandboxPolicy

Struct SandboxPolicy

pub struct SandboxPolicy {
    pub network: NetworkPolicy,
    pub filesystem: FilesystemPolicy,
    pub environment: EnvironmentPolicy,
    pub timeout: Duration,
    pub max_stdout_bytes: usize,
    pub max_stderr_bytes: usize,
    pub working_directory: Option<PathBuf>,
}

Available on crate feature code only.

Expand description

Sandbox policy describing the requested execution constraints.

Backends compare this policy against their BackendCapabilities and reject execution if they cannot enforce a requested control.

§Example

use adk_code::SandboxPolicy;

let policy = SandboxPolicy::strict_rust();
assert_eq!(policy.max_stdout_bytes, 1_048_576);

Fields§

§network: NetworkPolicy

Network access policy.

§filesystem: FilesystemPolicy

Filesystem access policy.

§environment: EnvironmentPolicy

Environment variable access policy.

§timeout: Duration

Maximum execution duration.

§max_stdout_bytes: usize

Maximum bytes captured from stdout before truncation.

§max_stderr_bytes: usize

Maximum bytes captured from stderr before truncation.

§working_directory: Option<PathBuf>

Working directory for execution, if any.

Implementations§

impl SandboxPolicy

pub fn strict_rust() -> SandboxPolicy

Strict policy for Rust sandbox execution.

No network access
No filesystem access
No environment variables
30-second timeout
1 MB stdout/stderr limits

pub fn host_local() -> SandboxPolicy

Host-local policy for backends that run on the host without isolation.

Unlike strict_rust, this policy uses NetworkPolicy::Enabled and FilesystemPolicy::None so that host-local backends (which cannot enforce network or filesystem restrictions) pass policy validation. The trade-off is that the executed code has the same network and filesystem access as the host process.

Network access: allowed (host-local cannot restrict)
Filesystem access: none requested
Environment variables: none exposed
30-second timeout
1 MB stdout/stderr limits

pub fn strict_js() -> SandboxPolicy

Strict policy for embedded JavaScript execution.

Same defaults as Rust but with a shorter 5-second timeout, appropriate for lightweight transforms and scripting.

Trait Implementations§

impl Clone for SandboxPolicy

fn clone(&self) -> SandboxPolicy

Returns a duplicate of the value. Read more

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for SandboxPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more

impl Default for SandboxPolicy

fn default() -> SandboxPolicy

Sensible defaults: no network, no filesystem, no env vars, 30s timeout, 1 MB limits.

Auto Trait Implementations§

impl Freeze for SandboxPolicy

impl RefUnwindSafe for SandboxPolicy

impl Send for SandboxPolicy

impl Sync for SandboxPolicy

impl Unpin for SandboxPolicy

impl UnsafeUnpin for SandboxPolicy

impl UnwindSafe for SandboxPolicy

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> DynClone for T
where T: Clone,

fn __clone_box(&self, _: Private) -> *mut ()

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> FromRef<T> for T
where T: Clone,

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self> ⓘ

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self> ⓘ

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> ⓘ
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self> ⓘ

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more