eryx_vfs/lib.rs
1//! Virtual Filesystem for Eryx Sandbox
2//!
3//! Provides a custom `wasi:filesystem` implementation backed by a key-value
4//! store, allowing sandboxed Python code to read and write files that persist
5//! across sandbox executions.
6//!
7//! ## Architecture
8//!
9//! The VFS consists of:
10//! - [`VfsStorage`] - A trait for pluggable storage backends
11//! - [`InMemoryStorage`] - An in-memory implementation for testing
12//! - WASI host implementations that bridge storage to the component model
13//!
14//! ## Usage
15//!
16//! ```rust,ignore
17//! use eryx_vfs::{InMemoryStorage, VfsCtx, VfsState, VfsView, add_vfs_to_linker};
18//! use std::sync::Arc;
19//!
20//! // Create storage
21//! let storage = Arc::new(InMemoryStorage::new());
22//!
23//! // Create VFS context
24//! let mut vfs_ctx = VfsCtx::new(storage);
25//!
26//! // Add WASI to linker first, then override filesystem with VFS
27//! wasmtime_wasi::p2::add_to_linker_async(&mut linker)?;
28//! add_vfs_to_linker(&mut linker)?;
29//! ```
30
31#![deny(unsafe_code)]
32
33mod bindings;
34mod error;
35mod host;
36pub mod hybrid;
37mod hybrid_bindings;
38mod hybrid_host;
39mod linker;
40pub mod scrubbing;
41mod storage;
42mod streams;
43mod wasi_impl;
44
45pub use error::{VfsError, VfsResult};
46pub use hybrid::{
47 HybridDescriptor, HybridPreopen, HybridVfsCtx, HybridVfsState, RealDir, RealFile, RestrictedDir,
48};
49pub use hybrid_bindings::HybridReaddirIterator;
50pub use linker::{HybridVfsView, VfsView, add_hybrid_vfs_to_linker, add_vfs_to_linker};
51pub use scrubbing::{
52 FileScrubPolicy as VfsFileScrubPolicy, ScrubbingStorage, SecretConfig as VfsSecretConfig,
53};
54pub use storage::{ArcStorage, DirEntry, InMemoryStorage, Metadata, VfsStorage};
55pub use wasi_impl::{VfsCtx, VfsDescriptor, VfsReaddirIterator, VfsState};
56
57// Re-export permission types from wasmtime-wasi for convenience
58pub use wasmtime_wasi::{DirPerms, FilePerms};