Struct PathBoundary 

pub struct PathBoundary<Marker = ()> { /* private fields */ }

A path boundary that serves as the secure foundation for validated path operations.

PathBoundary represents the trusted starting point (like /home/users/alice) from which all path operations begin. When you call path_boundary.strict_join("documents/file.txt"), you’re building outward from this secure boundary with validated path construction.

Implementations

impl<Marker> PathBoundary<Marker>

pub fn try_new<P: AsRef<Path>>(restriction_path: P) -> Result<Self>

Creates a new PathBoundary rooted at restriction_path (which must already exist and be a directory).

Uses AsRef<Path> for maximum ergonomics, including direct TempDir support for clean shadowing patterns:

use strict_path::PathBoundary;
let tmp_dir = tempfile::tempdir()?;
let tmp_dir = PathBoundary::<()>::try_new(tmp_dir)?; // Clean variable shadowing

pub fn try_new_create<P: AsRef<Path>>(root: P) -> Result<Self>

Creates the directory if missing, then constructs a new PathBoundary.

Uses AsRef<Path> for maximum ergonomics, including direct TempDir support for clean shadowing patterns:

use strict_path::PathBoundary;
let tmp_dir = tempfile::tempdir()?;
let tmp_dir = PathBoundary::<()>::try_new_create(tmp_dir)?; // Clean variable shadowing

pub fn strict_join( &self, candidate_path: impl AsRef<Path>, ) -> Result<StrictPath<Marker>>

Joins a path to this restrictor root and validates it remains within the restriction boundary.

Accepts absolute or relative inputs; ensures the resulting path remains within the restriction.

pub fn exists(&self) -> bool

Returns true if the PathBoundary root exists.

This is always true for a constructed PathBoundary, but we query the filesystem for robustness.

pub fn interop_path(&self) -> &OsStr

Returns the PathBoundary root path for interop with AsRef<Path> APIs.

This provides allocation-free, OS-native string access to the PathBoundary root for use with standard library APIs that accept AsRef<Path>.

pub fn strictpath_display(&self) -> Display<'_>

Returns a Display wrapper that shows the PathBoundary root system path.

pub fn metadata(&self) -> Result<Metadata>

Returns filesystem metadata for the PathBoundary root path.

pub fn strict_symlink(&self, link_path: &StrictPath<Marker>) -> Result<()>

Creates a symbolic link at link_path that points to this PathBoundary’s root.

pub fn strict_hard_link(&self, link_path: &StrictPath<Marker>) -> Result<()>

Creates a hard link at link_path that points to this PathBoundary’s root.

pub fn read_dir(&self) -> Result<ReadDir>

Reads the directory entries under this PathBoundary root (like std::fs::read_dir).

This is intended for discovery. Prefer collecting entry names and joining via strict_join/virtual_join before performing I/O.

pub fn remove_dir(&self) -> Result<()>

Removes this PathBoundary root directory (non-recursive).

Equivalent to std::fs::remove_dir(root). Fails if the directory is not empty.

pub fn remove_dir_all(&self) -> Result<()>

Recursively removes this PathBoundary root directory and all its contents.

Equivalent to std::fs::remove_dir_all(root).

pub fn virtualize(self) -> VirtualRoot<Marker>

Converts this PathBoundary into a VirtualRoot.

This creates a virtual root view of the PathBoundary, allowing virtual path operations that treat the PathBoundary root as the virtual filesystem root “/”.

Trait Implementations

impl<Marker> AsRef<Path> for PathBoundary<Marker>

fn as_ref(&self) -> &Path

Converts this type into a shared reference of the (usually inferred) input type.

impl<Marker> Clone for PathBoundary<Marker>

fn clone(&self) -> Self

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<Marker> Debug for PathBoundary<Marker>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<Marker: Default> FromStr for PathBoundary<Marker>

fn from_str(path: &str) -> Result<Self, Self::Err>

Parse a PathBoundary from a string path for universal ergonomics.

Creates the directory if it doesn’t exist, enabling seamless integration with any string-parsing context (clap, config files, environment variables, etc.):

let temp_dir = tempfile::tempdir()?;
let safe_path = temp_dir.path().join("safe_dir");
let boundary: PathBoundary<()> = safe_path.to_string_lossy().parse()?;
assert!(safe_path.exists());

type Err = StrictPathError

The associated error which can be returned from parsing.

impl<Marker> Hash for PathBoundary<Marker>

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl<Marker> Ord for PathBoundary<Marker>

fn cmp(&self, other: &Self) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl<Marker> PartialEq<&Path> for PathBoundary<Marker>

fn eq(&self, other: &&Path) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<Marker> PartialEq<Path> for PathBoundary<Marker>

fn eq(&self, other: &Path) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<Marker> PartialEq<PathBoundary<Marker>> for VirtualRoot<Marker>

fn eq(&self, other: &PathBoundary<Marker>) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<Marker> PartialEq<PathBuf> for PathBoundary<Marker>

fn eq(&self, other: &PathBuf) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<Marker> PartialEq<VirtualRoot<Marker>> for PathBoundary<Marker>

fn eq(&self, other: &VirtualRoot<Marker>) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<Marker> PartialEq for PathBoundary<Marker>

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<Marker> PartialOrd for PathBoundary<Marker>

fn partial_cmp(&self, other: &Self) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl<Marker> Eq for PathBoundary<Marker>