Struct FileSystemSandboxPolicy 

pub struct FileSystemSandboxPolicy {
    pub kind: FileSystemSandboxKind,
    pub glob_scan_max_depth: Option<usize>,
    pub entries: Vec<FileSystemSandboxEntry>,
}

Fields

kind: FileSystemSandboxKind

glob_scan_max_depth: Option<usize>

entries: Vec<FileSystemSandboxEntry>

Implementations

impl FileSystemSandboxPolicy

pub fn unrestricted() -> Self

pub fn external_sandbox() -> Self

pub fn restricted(entries: Vec<FileSystemSandboxEntry>) -> Self

pub fn has_denied_read_restrictions(&self) -> bool

pub fn from_legacy_sandbox_policy_preserving_deny_entries( sandbox_policy: &SandboxPolicy, cwd: &Path, existing: &Self, ) -> Self

pub fn preserve_deny_read_restrictions_from(&mut self, existing: &Self)

Preserve explicit read-deny rules from existing when a caller replaces the allow side of a policy.

pub fn workspace_write( writable_roots: &[AbsolutePathBuf], exclude_tmpdir_env_var: bool, exclude_slash_tmp: bool, ) -> Self

Filesystem policy matching WorkspaceWrite semantics without requiring callers to construct a legacy SandboxPolicy first.

pub fn from_legacy_sandbox_policy_for_cwd( sandbox_policy: &SandboxPolicy, cwd: &Path, ) -> Self

Converts a legacy sandbox policy into an equivalent filesystem policy after resolving cwd-sensitive legacy defaults for the provided cwd.

Legacy WorkspaceWrite policies may list readable roots that live under an already-writable root. Those paths were redundant in the legacy model and should not become read-only carveouts when projected into split filesystem policy.

pub fn has_full_disk_read_access(&self) -> bool

Returns true when filesystem reads are unrestricted.

pub fn has_full_disk_write_access(&self) -> bool

Returns true when filesystem writes are unrestricted.

pub fn include_platform_defaults(&self) -> bool

Returns true when platform-default readable roots should be included.

pub fn resolve_access_with_cwd( &self, path: &Path, cwd: &Path, ) -> FileSystemAccessMode

pub fn can_read_path_with_cwd(&self, path: &Path, cwd: &Path) -> bool

pub fn can_write_path_with_cwd(&self, path: &Path, cwd: &Path) -> bool

pub fn materialize_project_roots_with_cwd(self, cwd: &Path) -> Self

Replaces symbolic :project_roots entries with absolute paths resolved against cwd.

Use this when a durable permission profile must survive a cwd-only update without rebinding its project-root authority to the new cwd.

pub fn with_additional_readable_roots( self, cwd: &Path, additional_readable_roots: &[AbsolutePathBuf], ) -> Self

pub fn with_additional_writable_roots( self, cwd: &Path, additional_writable_roots: &[AbsolutePathBuf], ) -> Self

pub fn with_additional_legacy_workspace_writable_roots( self, additional_writable_roots: &[AbsolutePathBuf], ) -> Self

Add roots using legacy WorkspaceWrite behavior.

Unlike Self::with_additional_writable_roots, this mirrors legacy writable-roots semantics by adding exact roots even when they are already writable through :project_roots, and by adding the default read-only protected subpaths for each new root.

pub fn needs_direct_runtime_enforcement( &self, network_policy: NetworkSandboxPolicy, cwd: &Path, ) -> bool

pub fn is_semantically_equivalent_to(&self, other: &Self, cwd: &Path) -> bool

Returns true when two policies resolve to the same filesystem access model for cwd, ignoring incidental entry ordering.

pub fn get_readable_roots_with_cwd(&self, cwd: &Path) -> Vec<AbsolutePathBuf>

Returns the explicit readable roots resolved against the provided cwd.

pub fn get_writable_roots_with_cwd(&self, cwd: &Path) -> Vec<WritableRoot>

Returns the writable roots together with read-only carveouts resolved against the provided cwd.

pub fn get_unreadable_roots_with_cwd(&self, cwd: &Path) -> Vec<AbsolutePathBuf>

Returns explicit unreadable roots resolved against the provided cwd.

pub fn get_unreadable_globs_with_cwd(&self, cwd: &Path) -> Vec<String>

Returns unreadable glob patterns resolved against the provided cwd.

pub fn to_legacy_sandbox_policy( &self, network_policy: NetworkSandboxPolicy, cwd: &Path, ) -> Result<SandboxPolicy>

Trait Implementations

impl Clone for FileSystemSandboxPolicy

fn clone(&self) -> FileSystemSandboxPolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for FileSystemSandboxPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for FileSystemSandboxPolicy

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for FileSystemSandboxPolicy

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl From<&FileSystemPermissions> for FileSystemSandboxPolicy

fn from(value: &FileSystemPermissions) -> Self

Converts to this type from the input type.

impl From<&FileSystemSandboxPolicy> for FileSystemPermissions

fn from(value: &FileSystemSandboxPolicy) -> Self

Converts to this type from the input type.

impl From<&SandboxPolicy> for FileSystemSandboxPolicy

fn from(value: &SandboxPolicy) -> Self

Converts to this type from the input type.

impl FromStr for FileSystemSandboxPolicy

type Err = Error

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type.

impl JsonSchema for FileSystemSandboxPolicy

fn schema_name() -> String

The name of the generated JSON Schema.

fn schema_id() -> Cow<'static, str>

Returns a string that uniquely identifies the schema produced by this type.

fn json_schema(generator: &mut SchemaGenerator) -> Schema

Generates a JSON Schema for this type.

fn is_referenceable() -> bool

Whether JSON Schemas generated for this type should be re-used where possible using the $ref keyword.

impl PartialEq for FileSystemSandboxPolicy

fn eq(&self, other: &FileSystemSandboxPolicy) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for FileSystemSandboxPolicy

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl TS for FileSystemSandboxPolicy

type WithoutGenerics = FileSystemSandboxPolicy

If this type does not have generic parameters, then WithoutGenerics should just be Self. If the type does have generic parameters, then all generic parameters must be replaced with a dummy type, e.g ts_rs::Dummy or (). The only requirement for these dummy types is that EXPORT_TO must be None.

type OptionInnerType = FileSystemSandboxPolicy

If the implementing type is std::option::Option<T>, then this associated type is set to T. All other implementations of TS should set this type to Self instead.

fn ident() -> String

Identifier of this type, excluding generic parameters.

fn name() -> String

Name of this type in TypeScript, including generic parameters

fn decl_concrete() -> String

Declaration of this type using the supplied generic arguments. The resulting TypeScript definition will not be generic. For that, see TS::decl(). If this type is not generic, then this function is equivalent to TS::decl().

fn decl() -> String

Declaration of this type, e.g. type User = { user_id: number, ... }. This function will panic if the type has no declaration.

fn inline() -> String

Formats this types definition in TypeScript, e.g { user_id: number }. This function will panic if the type cannot be inlined.

fn inline_flattened() -> String

Flatten a type declaration.
This function will panic if the type cannot be flattened.

fn visit_generics(v: &mut impl TypeVisitor)

where Self: 'static,

Iterates over all type parameters of this type.

fn output_path() -> Option<PathBuf>

Returns the output path to where T should be exported.
The returned path does not include the base directory from TS_RS_EXPORT_DIR.

fn visit_dependencies(v: &mut impl TypeVisitor)

where Self: 'static,

Iterates over all dependency of this type.

fn docs() -> Option<String>

JSDoc comment to describe this type in TypeScript - when TS is derived, docs are automatically read from your doc comments or #[doc = ".."] attributes

fn dependencies() -> Vec<Dependency>

where Self: 'static,

Resolves all dependencies of this type recursively.

fn export() -> Result<(), ExportError>

where Self: 'static,

Manually export this type to the filesystem. To export this type together with all of its dependencies, use TS::export_all.

fn export_all() -> Result<(), ExportError>

where Self: 'static,

Manually export this type to the filesystem, together with all of its dependencies.
To export only this type, without its dependencies, use TS::export.

fn export_all_to(out_dir: impl AsRef<Path>) -> Result<(), ExportError>

where Self: 'static,

Manually export this type into the given directory, together with all of its dependencies.
To export only this type, without its dependencies, use TS::export.

fn export_to_string() -> Result<String, ExportError>

where Self: 'static,

Manually generate bindings for this type, returning a String.
This function does not format the output, even if the format feature is enabled.

fn default_output_path() -> Option<PathBuf>

Returns the output path to where T should be exported.

impl Eq for FileSystemSandboxPolicy

impl StructuralPartialEq for FileSystemSandboxPolicy