Struct ProjectSandbox 

pub struct ProjectSandbox { /* private fields */ }

Default sandbox rooted at the project directory.

• project_root — where .git/.orcs was detected (immutable after creation)
• permissive_root — effective boundary (defaults to project_root, narrowed by scoped())

Example

use orcs_runtime::sandbox::{ProjectSandbox, SandboxPolicy};

let sandbox = ProjectSandbox::new("/home/user/myproject").expect("sandbox init");
assert!(sandbox.validate_read("src/main.rs").is_ok());
assert!(sandbox.validate_read("/etc/passwd").is_err());

Implementations

impl ProjectSandbox

pub fn new(project_root: impl AsRef<Path>) -> Result<Self, SandboxError>

Creates a new sandbox rooted at the given project directory.

The path is canonicalized to resolve symlinks.

Errors

Returns SandboxError::Init if the path cannot be canonicalized.

pub fn scoped(&self, sub_path: impl AsRef<Path>) -> Result<Self, SandboxError>

Creates a scoped (virtual) sandbox within this one.

The effective boundary is narrowed to sub_path (relative to current root()). The project_root remains unchanged.

Errors

Returns error if sub_path resolves outside the current boundary.

Trait Implementations

impl Clone for ProjectSandbox

fn clone(&self) -> ProjectSandbox

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ProjectSandbox

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl SandboxPolicy for ProjectSandbox

fn project_root(&self) -> &Path

The project root (where .git/.orcs was detected).

fn root(&self) -> &Path

The effective sandbox boundary.

fn validate_read(&self, path: &str) -> Result<PathBuf, SandboxError>

Validates an existing path for reading.

fn validate_write(&self, path: &str) -> Result<PathBuf, SandboxError>

Validates a (potentially new) path for writing.