Struct PathLattice 

pub struct PathLattice {
    pub allowed: HashSet<String>,
    pub blocked: HashSet<String>,
    pub work_dir: Option<PathBuf>,
}

Path access lattice with allowed/blocked semantics.

• allowed: Glob patterns for allowed paths. Empty means “all allowed”.
• blocked: Glob patterns for blocked paths. Checked first (takes priority).
• work_dir: Optional sandbox root. All paths are resolved relative to this.

Security

• All paths are canonicalized to prevent ../../../.env traversal attacks
• Symlinks are resolved and checked against the work_dir sandbox
• Paths outside the work_dir are blocked when sandbox is enabled

Fields

allowed: HashSet<String>

Allowed paths (glob patterns). Empty means “all allowed”.

blocked: HashSet<String>

Blocked paths (glob patterns). Union in meet operation.

work_dir: Option<PathBuf>

Optional sandbox root directory. When set, all paths must be within this directory.

Implementations

impl PathLattice

pub fn with_work_dir(work_dir: impl Into<PathBuf>) -> Self

Create a new path lattice with a sandbox root directory.

All path operations will be constrained to this directory.

pub fn meet(&self, other: &Self) -> Self

Meet operation: intersection of allowed, union of blocked.

The work_dir is taken from the first lattice if set, otherwise from the second. If both have work_dirs, the more restrictive (shorter prefix) is used.

pub fn join(&self, other: &Self) -> Self

Join operation: union of allowed, intersection of blocked.

pub fn can_access(&self, path: &Path) -> bool

Check if a path is accessible according to this lattice.

Security

This method:

1. Canonicalizes the path to prevent traversal attacks
2. Checks if the path is within the sandbox (if work_dir is set)
3. Checks blocked patterns (takes priority)
4. Checks allowed patterns (if any are set)

pub fn leq(&self, other: &Self) -> bool

Check if this lattice is less than or equal to another.

pub fn block_sensitive() -> Self

Create a path lattice that blocks sensitive files.

pub fn sandboxed_sensitive(work_dir: impl Into<PathBuf>) -> Self

Create a path lattice that blocks sensitive files and sandboxes to a directory.

Trait Implementations

impl Clone for PathLattice

fn clone(&self) -> PathLattice

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for PathLattice

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for PathLattice

fn default() -> PathLattice

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for PathLattice

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for PathLattice

fn eq(&self, other: &PathLattice) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for PathLattice

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for PathLattice

impl StructuralPartialEq for PathLattice