Documentation
¶
Index ¶
- func IsPolicyCompatibilityError(err error) bool
- func LogExceptionPath(exceptionID, component, accessType, detail string)
- func LogPolicyDenied(sessionID, backend, operation, resource, reason string)
- func LogRelaxedMode(sessionID, backend, reason string, policy Policy, warnings ...string)
- func LogSessionClosed(sessionID, backend, reason string)
- func LogSessionCreated(sessionID, backend string, policy Policy)
- func LogUnsupportedBackend(policy Policy, attempted []string, reason string)
- func NewSessionID() string
- type DirEntry
- type Edit
- type EditResult
- type ExecOptions
- type ExecResult
- type Factory
- type FilesystemPolicy
- type HTTPOptions
- type HTTPResult
- type HTTPStream
- type Host
- type NetworkMode
- type NetworkPolicy
- type Policy
- type PolicyCompatibilityError
- type ProcessHandle
- type ProcessPolicy
- type ProcessRequest
- type ReadResult
- type Registry
- func (r *Registry) AvailableBackends() []string
- func (r *Registry) CreateRelaxedSession(ctx context.Context, base Policy) (Session, error)
- func (r *Registry) CreateSession(ctx context.Context, policy Policy) (Session, error)
- func (r *Registry) Get(name string) Factory
- func (r *Registry) List() []string
- func (r *Registry) Register(factory Factory) error
- func (r *Registry) Unregister(name string)
- type Session
- type StatResult
- type TempFile
- type WriteResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsPolicyCompatibilityError ¶
IsPolicyCompatibilityError reports whether an error is a policy compatibility error.
func LogExceptionPath ¶
func LogExceptionPath(exceptionID, component, accessType, detail string)
func LogPolicyDenied ¶
func LogPolicyDenied(sessionID, backend, operation, resource, reason string)
func LogRelaxedMode ¶
func LogSessionClosed ¶
func LogSessionClosed(sessionID, backend, reason string)
func LogSessionCreated ¶
func LogUnsupportedBackend ¶
func NewSessionID ¶
func NewSessionID() string
NewSessionID returns a unique session identifier for backend implementations.
Types ¶
type EditResult ¶
type EditResult struct {
AppliedEdits int
}
type ExecOptions ¶
type ExecResult ¶
type Factory ¶
type Factory interface {
CreateSession(ctx context.Context, policy Policy) (Session, error)
Supported(policy Policy) error
Name() string
Available() bool
}
Factory creates sessions from policies.
type FilesystemPolicy ¶
type FilesystemPolicy struct {
// WorkspaceRoot is the host path mounted as the sandbox root. When empty,
// WorkingDir is used for backwards compatibility.
WorkspaceRoot string
// WorkingDir is the logical working directory inside the sandbox root.
WorkingDir string
// ReadOnlyPaths are paths mounted read-only into the sandbox.
ReadOnlyPaths []string
// ReadWritePaths are paths allowed for read-write access.
// If empty, WorkingDir is used.
ReadWritePaths []string
// AllowEscapes permits paths outside WorkingDir when true.
// This is an explicit relaxation that should be used with care.
AllowEscapes bool
}
FilesystemPolicy defines filesystem constraints for a sandbox session.
type HTTPOptions ¶
type HTTPStream ¶
type HTTPStream interface {
Header() map[string][]string
Reader() io.ReadCloser
Close() error
}
type Host ¶
type Host interface {
ReadFile(ctx context.Context, path string, offset, limit int) (ReadResult, error)
WriteFile(ctx context.Context, path string, content []byte) (WriteResult, error)
EditFile(ctx context.Context, path string, edits []Edit) (EditResult, error)
Stat(ctx context.Context, path string) (StatResult, error)
ListDir(ctx context.Context, path string) ([]DirEntry, error)
MkdirAll(ctx context.Context, path string, perm uint32) error
Remove(ctx context.Context, path string, recursive bool) error
Rename(ctx context.Context, oldPath, newPath string) error
CreateTemp(ctx context.Context, dir, pattern string) (TempFile, error)
Exec(ctx context.Context, command string, opts ExecOptions) (ExecResult, error)
StartProcess(ctx context.Context, req ProcessRequest) (ProcessHandle, error)
HTTPRequest(ctx context.Context, opts HTTPOptions) (HTTPResult, error)
OpenHTTPStream(ctx context.Context, opts HTTPOptions) (HTTPStream, error)
ResolvePath(path string) (string, error)
WorkingDir() string
}
Host provides mediated access to host resources within a sandbox session.
type NetworkMode ¶
type NetworkMode string
NetworkMode defines the network access mode for a sandbox session.
const ( // NetworkDisabled blocks all network access. NetworkDisabled NetworkMode = "disabled" // NetworkAllowAll allows unrestricted network access. NetworkAllowAll NetworkMode = "allow_all" // NetworkWhitelist allows only specified hosts/CIDRs. NetworkWhitelist NetworkMode = "whitelist" )
type NetworkPolicy ¶
type NetworkPolicy struct {
// Mode is the network access mode.
Mode NetworkMode
// Allowlist contains CIDRs/hosts allowed in whitelist mode.
Allowlist []string
// Timeout for network operations. Zero means no timeout.
Timeout time.Duration
}
NetworkPolicy defines network constraints for a sandbox session.
type Policy ¶
type Policy struct {
// Backend selects a specific backend when non-empty. Empty means auto-select.
Backend string
// Relaxed explicitly allows reduced enforcement on partially compatible backends.
// It is never implied by fallback and must be explicitly set.
Relaxed bool
// Filesystem policy
Filesystem FilesystemPolicy
// Network policy
Network NetworkPolicy
// Process policy
Process ProcessPolicy
}
Policy is an immutable, backend-agnostic session policy describing requested limits for filesystem, network, process, and future resource constraints.
func (Policy) IsRelaxed ¶
IsRelaxed returns true if this policy explicitly opts into relaxed enforcement.
func (Policy) NetworkModeOrDefault ¶
func (p Policy) NetworkModeOrDefault() NetworkMode
NetworkModeOrDefault returns the network mode with default applied.
func (Policy) RequiresWhitelist ¶
RequiresWhitelist returns true if the policy requires whitelist network mode.
func (Policy) Validate ¶
Validate returns an error if the policy contains invalid configurations. This validates policy structure, not backend compatibility.
func (Policy) WorkspaceRootOrDefault ¶
WorkspaceRootOrDefault returns the mounted sandbox root on the host.
type PolicyCompatibilityError ¶
type PolicyCompatibilityError struct {
Backend string
Policy Policy
Reason string
RelaxedWouldHelp bool
}
PolicyCompatibilityError indicates a policy is not compatible with a backend.
func (*PolicyCompatibilityError) Error ¶
func (e *PolicyCompatibilityError) Error() string
type ProcessHandle ¶
type ProcessHandle interface {
PID() int
Wait(ctx context.Context) (ExecResult, error)
Stdin() io.WriteCloser
Stdout() io.ReadCloser
Stderr() io.ReadCloser
Close() error
}
type ProcessPolicy ¶
type ProcessPolicy struct {
// MaxConcurrent limits concurrent processes. Zero means unlimited.
MaxConcurrent int
// Timeout for process execution. Zero means no timeout.
Timeout time.Duration
// Environment variables to set for processes.
Environment map[string]string
// InheritEnv includes system environment variables when true.
InheritEnv bool
}
ProcessPolicy defines process constraints for a sandbox session.
type ProcessRequest ¶
type ReadResult ¶
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry manages available backend factories and creates sessions.
func (*Registry) AvailableBackends ¶
AvailableBackends returns available factory names in registration order.
func (*Registry) CreateRelaxedSession ¶
CreateRelaxedSession creates a session with relaxed policy.
func (*Registry) CreateSession ¶
CreateSession creates a session using a compatible backend.
func (*Registry) Unregister ¶
Unregister removes a factory from the registry.
type Session ¶
type Session interface {
Host() Host
Policy() Policy
Close() error
Alive() bool
Done() <-chan struct{}
}
Session is a sandbox-managed execution boundary.
type StatResult ¶
type WriteResult ¶
type WriteResult struct {
BytesWritten int
}
Source Files
Click to show internal directories.
Click to hide internal directories.