oxios_kernel/kernel_handle/
exec_api.rs

1//! Exec API — execution configuration and access management facade.
2
3use crate::access_manager::AccessManager;
4use crate::config::ExecConfig;
5use std::sync::Arc;
6
7/// Shared, hot-reloadable execution configuration.
8///
9/// `Arc<RwLock<...>>` so that runtime config changes (via `PUT /api/config`)
10/// take effect immediately for all subscribers, including the `ExecTool`
11/// embedded in agent CSpace registries.
12pub type SharedExecConfig = Arc<parking_lot::RwLock<ExecConfig>>;
13
14/// Execution management system calls.
15///
16/// Wraps [`ExecConfig`] for execution policy and [`AccessManager`] for
17/// RBAC / path sandboxing enforcement.
18pub struct ExecApi {
19    config: SharedExecConfig,
20    access_manager: Arc<parking_lot::Mutex<AccessManager>>,
21}
22
23impl ExecApi {
24    /// Create a new ExecApi.
25    pub fn new(
26        config: SharedExecConfig,
27        access_manager: Arc<parking_lot::Mutex<AccessManager>>,
28    ) -> Self {
29        Self {
30            config,
31            access_manager,
32        }
33    }
34
35    /// Take a snapshot of the current execution configuration.
36    ///
37    /// Returns a cloned `ExecConfig` so callers never hold the RwLock guard
38    /// across an await point or a long-running operation.
39    pub fn config_snapshot(&self) -> ExecConfig {
40        self.config.read().clone()
41    }
42
43    /// Access manager reference.
44    pub fn access_manager(&self) -> &Arc<parking_lot::Mutex<AccessManager>> {
45        &self.access_manager
46    }
47
48    /// Shared config reference (for wiring into ExecTool).
49    pub fn shared_config(&self) -> SharedExecConfig {
50        Arc::clone(&self.config)
51    }
52}
oxios_kernel/kernel_handle/exec_api.rs

oxios_kernel/kernel_handle/
exec_api.rs
