Struct AccessManager 

pub struct AccessManager { /* private fields */ }

Access Manager — least-privilege security for agents.

Example

use oxios_kernel::access_manager::{AccessManager, AgentPermissions};

let mut access = AccessManager::new();

// Create and configure permissions for a new agent
let mut perms = AgentPermissions::for_new_agent("code-agent");
perms.allow_tool("read");
perms.allow_tool("write");
perms.allow_path("/workspace/");
access.set_permissions(perms);

// Check tool access
let can_exec = access.can_use_tool("code-agent", "exec");
let can_read = access.can_use_tool("code-agent", "read");

// Check path access
let can_read_workspace = access.can_access_path("code-agent", "/workspace/file.rs");
let can_read_root = access.can_access_path("code-agent", "/etc/passwd");

Access Manager — least-privilege security for agents.

Implementations

impl AccessManager

pub fn new() -> Self

Creates a new access manager.

pub fn with_max_audit_entries(max_audit_entries: usize) -> Self

Creates a new access manager with custom settings.

Arguments

• max_audit_entries - Maximum audit log size (oldest entries are pruned)

pub fn with_audit_log_path(self, path: PathBuf) -> Self

Configure an audit log file path for persistence.

Spawns a background tokio task that reads from a bounded channel and appends audit entries to the file. Uses a bounded channel of capacity 1000 to provide backpressure.

pub fn can_use_tool(&mut self, agent_name: &str, tool: &str) -> bool

Checks if an agent is allowed to use a specific tool.

Logs the access decision to the audit log.

pub fn can_access_path(&mut self, agent_name: &str, path: &str) -> bool

Checks if an agent is allowed to access a specific path.

Enforces both allowed_paths and denied_paths rules. A path is only allowed if it matches an allowed pattern AND does not match any denied pattern.

Logs the access decision to the audit log.

pub fn can_access_network(&mut self, agent_name: &str) -> bool

Checks if an agent is allowed to make network requests.

Logs the access decision to the audit log.

pub fn can_execute_for(&self, agent_name: &str, duration_secs: u64) -> bool

Checks if an agent can execute for the given duration (in seconds).

Returns true if unlimited (max_execution_time_secs = 0) or if the requested duration is within the limit.

pub fn can_use_memory(&self, agent_name: &str, memory_mb: u64) -> bool

Checks if an agent can use the specified amount of memory (in MB).

Returns true if unlimited (max_memory_mb = 0) or if the requested memory is within the limit.

pub fn can_fork(&self, agent_name: &str) -> bool

Checks if an agent can fork (spawn sub-agents).

pub fn get_permissions(&self, agent_name: &str) -> Option<&AgentPermissions>

Gets the permission set for an agent.

Returns None if no permissions are defined for the agent.

pub fn get_or_create_permissions( &mut self, agent_name: &str, ) -> &mut AgentPermissions

Gets the permission set for an agent, creating a default one if needed.

Useful for dynamically creating permissions on first access.

pub fn set_permissions(&mut self, permissions: AgentPermissions)

Sets the permissions for an agent.

Overwrites any existing permissions for this agent.

pub fn update_permissions( &mut self, agent_name: &str, update: PermissionUpdate, ) -> Result<()>

Updates permissions for an agent using a partial update.

Creates default permissions if the agent doesn’t exist. Only updates fields that are Some() in the update.

pub fn remove_permissions(&mut self, agent_name: &str)

Removes permissions for an agent.

After removal, all access by this agent will be denied.

pub fn list_agents(&self) -> Vec<String>

Lists all agents with defined permissions.

pub fn audit_log(&self) -> &[AuditEntry]

Gets the full audit log.

Returns entries in chronological order (oldest first).

pub fn audit_log_recent(&self, limit: usize) -> Vec<AuditEntry>

Gets recent audit log entries.

Arguments

• limit - Maximum number of entries to return (from the end)

pub fn audit_log_for_agent(&self, agent_name: &str) -> Vec<AuditEntry>

Gets audit log entries for a specific agent.

pub fn denied_actions(&self) -> Vec<&AuditEntry>

Searches audit log for denied actions.

pub fn rbac_manager(&self) -> &RbacManager

Returns a reference to the RBAC manager (for HitL approvals).

pub fn rbac_manager_mut(&mut self) -> &mut RbacManager

Returns a mutable reference to the RBAC manager (for HitL approvals).

pub fn register_workspace_path( &mut self, workspace_name: &str, workspace_path: PathBuf, )

Registers a workspace path.

This is used to report which paths belong to each workspace.

Arguments

• workspace_name - Name of the workspace
• workspace_path - Absolute path to the workspace directory

pub fn assign_workspace( &mut self, agent_name: &str, workspace_name: &str, ) -> bool

Assigns an agent to a specific workspace.

After assignment, the agent is sandboxed to that workspace.

Arguments

• agent_name - Name of the agent to assign
• workspace_name - Name of the workspace to assign the agent to

Returns

true if assignment succeeded, false if the workspace doesn’t exist

pub fn get_workspace_for_agent(&self, agent_name: &str) -> Option<String>

Gets the workspace name that an agent is assigned to.

Returns

Some(workspace_name) if assigned, None if the agent is not assigned to any workspace

pub fn get_workspace_path(&self, workspace_name: &str) -> Option<&PathBuf>

Gets the path for a specific workspace.

Returns

Some(path) if the workspace exists, None otherwise

pub fn list_workspaces(&self) -> Vec<String>

Lists all registered workspaces.

pub fn list_agents_in_workspace(&self, workspace_name: &str) -> Vec<String>

Lists all agents assigned to a specific workspace.

pub fn can_access_workspace( &self, agent_name: &str, workspace_name: &str, ) -> bool

Checks if an agent can access a specific workspace.

An agent can access a workspace if it is assigned to it.

Arguments

• agent_name - Name of the agent
• workspace_name - Name of the workspace to check

Returns

true if the agent is assigned to the workspace, false otherwise

pub fn is_path_in_workspace(&self, workspace_name: &str, path: &str) -> bool

Checks if a path is within a workspace’s directory.

This performs a canonical path comparison to ensure the path is a descendant of the workspace directory.

Arguments

• workspace_name - Name of the workspace
• path - Path to check (absolute or relative)

Returns

true if the path is within the workspace, false otherwise

pub fn can_access_path_in_workspace( &mut self, agent_id: &AgentId, agent_name: &str, path: &str, workspace: Option<&str>, ) -> bool

Full sandbox check: RBAC → path allowed? → within workspace?

This is the main method for enforcing sandbox boundaries. It checks:

1. RBAC - does the agent’s role allow the action?
2. Path permissions - is the path in the agent’s allowed_paths?
3. Workspace boundary - is the path within the assigned workspace?

If any check fails, the access is denied and logged as “sandbox violation” if the path would be valid but outside the workspace boundary.

Arguments

• agent_name - Name of the agent
• path - Path to access
• workspace - Workspace context (if agent is assigned to one)

Returns

true if all checks pass, false otherwise Check whether an agent can access a path within its workspace.

Verifies RBAC permissions, path allow/deny lists, and workspace boundary.

Arguments

• agent_id - The agent’s unique identifier
• agent_name - Human-readable agent name for permission lookup
• path - The path to check access for
• workspace - Optional explicit workspace name

pub fn unassign_workspace(&mut self, agent_name: &str) -> Option<String>

Unassigns an agent from its workspace (if any).

The agent will no longer be sandboxed to any workspace.

pub fn remove_workspace(&mut self, workspace_name: &str)

Removes a workspace and unassigns all agents from it.

All agents assigned to this workspace will have their assignments cleared.

pub fn clear_audit_log(&mut self)

Clears the audit log.

pub fn validate_permissions(&self, perms: &AgentPermissions) -> Vec<String>

Validates a permission set for correctness.

Returns a list of warnings about the permissions.

Trait Implementations

impl Clone for AccessManager

fn clone(&self) -> AccessManager

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AccessManager

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for AccessManager

fn default() -> Self

Returns the “default value” for a type.