zeph-tools 0.19.2

Tool executor trait with shell, web scrape, and composite executors for Zeph
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

// SPDX-FileCopyrightText: 2026 Andrei G <bug-ops>
// SPDX-License-Identifier: MIT OR Apache-2.0

//! No-op sandbox backend used when no OS-native implementation is available.

use super::{Sandbox, SandboxError, SandboxPolicy};

/// Identity sandbox that passes the command through unchanged.
///
/// Used on platforms without native sandbox support (Windows, BSDs, etc.) or when
/// the `sandbox` feature is compiled without the Linux backend.
///
/// Emits a single `WARN` log on construction via [`build_sandbox`](super::build_sandbox) so
/// operators are aware that subprocess isolation is absent.
#[derive(Debug, Clone, Copy)]
pub struct NoopSandbox;

impl Sandbox for NoopSandbox {
    fn name(&self) -> &'static str {
        "noop"
    }

    fn supports(&self, _policy: &SandboxPolicy) -> Result<(), SandboxError> {
        Ok(())
    }

    fn wrap(
        &self,
        _cmd: &mut tokio::process::Command,
        _policy: &SandboxPolicy,
    ) -> Result<(), SandboxError> {
        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn noop_supports_any_policy() {
        let sb = NoopSandbox;
        let policy = SandboxPolicy::default();
        assert!(sb.supports(&policy).is_ok());
    }

    #[test]
    fn noop_wrap_is_identity() {
        let sb = NoopSandbox;
        let policy = SandboxPolicy::default();
        let mut cmd = tokio::process::Command::new("bash");
        // wrap must not return an error
        assert!(sb.wrap(&mut cmd, &policy).is_ok());
    }
}