Crate kastellan_sandbox 

kastellan-sandbox: declarative, cross-platform sandbox for tool workers.

One SandboxPolicy drives all backends. Backend selection is automatic per OS, with an optional micro-VM backend for stronger isolation.

Backends (Phase 0/0b):

• linux_bwrap — bubblewrap + Landlock + seccomp-bpf
• macos_seatbelt — sandbox-exec (Seatbelt) + setrlimit
• microvm — Firecracker (Linux) / Apple container CLI (macOS Tahoe+)

Modules

linux_bwrap

Linux backend for SandboxBackend: shells out to bwrap (bubblewrap).

linux_cgroup

Linux cgroup v2 CPU/memory caps via systemd-run --user --scope.

Structs

SandboxBackends

Per-OS bundle of constructed sandbox backends, used by the lifecycle managers to resolve a per-worker SandboxBackendKind to a concrete Arc<dyn SandboxBackend>.

SandboxPolicy

Enums

Net

Profile

Coarse profile presets that map to backend-specific defaults.

SandboxBackendKind

Operator-facing identifier for selecting a specific sandbox backend per-worker. Cfg-gated per-OS so cross-OS mis-config (e.g. declaring Container on Linux) is a compile-time error rather than a runtime surprise.

SandboxError

Traits

SandboxBackend

Common backend interface. To be implemented by linux_bwrap, [macos_seatbelt], and [microvm] in subsequent phases.

Functions

default_backend

Pick the default backend for the current OS.