1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
//! # adk-sandbox
//!
//! Isolated code execution runtime for ADK agents.
//!
//! This crate provides the [`SandboxBackend`] trait and two implementations:
//!
//! - **`ProcessBackend`** (default feature `process`): Executes code in child
//! processes via `tokio::process::Command`. Enforces timeout and environment
//! isolation but not memory or network isolation.
//!
//! - **`WasmBackend`** (feature `wasm`): Executes WebAssembly modules in-process
//! via `wasmtime`. Enforces timeout, memory limits, and full sandboxing (no
//! filesystem or network access).
//!
//! ## Quick Start
//!
//! ```rust,ignore
//! use adk_sandbox::{ProcessBackend, ExecRequest, Language};
//! use std::time::Duration;
//! use std::collections::HashMap;
//!
//! let backend = ProcessBackend::default();
//! let request = ExecRequest {
//! language: Language::Python,
//! code: "print('hello')".to_string(),
//! stdin: None,
//! timeout: Duration::from_secs(30),
//! memory_limit_mb: None,
//! env: HashMap::new(),
//! };
//! let result = backend.execute(request).await?;
//! println!("stdout: {}", result.stdout);
//! ```
//!
//! ## Feature Flags
//!
//! | Feature | Description | Default |
//! |-----------|--------------------------------------|---------|
//! | `process` | Subprocess execution via tokio | ✅ |
//! | `wasm` | In-process WASM execution via wasmtime | ❌ |
// Feature-gated modules
// Public re-exports
pub use ;
pub use SandboxError;
pub use SandboxTool;
pub use ;
pub use ;
pub use WasmBackend;