pub trait SandboxPolicy:
Send
+ Sync
+ Debug {
// Required methods
fn project_root(&self) -> &Path;
fn root(&self) -> &Path;
fn validate_read(&self, path: &str) -> Result<PathBuf, SandboxError>;
fn validate_write(&self, path: &str) -> Result<PathBuf, SandboxError>;
}Expand description
Resource boundary policy for file operations.
Controls which paths are accessible. All file I/O in tools and shell executors goes through this trait.
§Implementors
ProjectSandbox(inorcs-runtime) — default filesystem implementation- Custom impls for testing or restricted environments
Required Methods§
Sourcefn project_root(&self) -> &Path
fn project_root(&self) -> &Path
The project root (where .git/.orcs was detected).
Sourcefn root(&self) -> &Path
fn root(&self) -> &Path
The effective sandbox boundary.
All file operations must resolve to paths under this root.
May be narrower than project_root() for scoped sandboxes.
Sourcefn validate_read(&self, path: &str) -> Result<PathBuf, SandboxError>
fn validate_read(&self, path: &str) -> Result<PathBuf, SandboxError>
Validates an existing path for reading.
Resolves relative paths against root(), canonicalizes,
and verifies the result is under root().
Sourcefn validate_write(&self, path: &str) -> Result<PathBuf, SandboxError>
fn validate_write(&self, path: &str) -> Result<PathBuf, SandboxError>
Validates a (potentially new) path for writing.
For paths that don’t exist yet, walks up to the deepest existing ancestor and validates that.