Filesystem-based sandbox isolation for delegations. More...

#include <filesystem>
#include <optional>
#include <string>
#include <vector>

Include dependency graph for sandbox.h:

This graph shows which files directly or indirectly include this file:

Classes
struct	entropic::SandboxInfo
	Identifies one delegation's sandbox directory. More...

struct	entropic::SandboxResult
	Final artifact emitted by a finalized sandbox. More...

class	entropic::SandboxManager
	Create, finalize, and discard per-delegation filesystem sandboxes. More...

class	entropic::ScopedSandbox
	RAII directory swapper for sandbox-scoped tool execution. More...

Namespaces
namespace	entropic
	Activate model on GPU (WARM → ACTIVE).

Detailed Description

Filesystem-based sandbox isolation for delegations.

Replaces the v1.8.6–v2.1.4 git-worktree-based isolation (WorktreeManager) which corrupted user repo state (gh#29).

The sandbox lives at ~/.entropic/sandbox/<session-id>/, entirely outside the user's project directory. The engine NEVER touches the user's repo: no git checkout, no branches, no commits, no merges. Delegations run in isolated copies of the project tree and produce a portable unified-diff patch as their final artifact. The consumer (TUI/CLI/IDE plugin) is responsible for applying that patch — with the user's consent and authorship — back to the project.

Layout: ~/.entropic/sandbox/<session-id>/

base/ Project snapshot at session start

d-<delegation-id>/ Per-delegation sandbox (copy of base/

or of a prior delegation when chaining)

pending/<delegation-id>.patch

Default-deny output when the consumer

registered no completion callback.

Invariant: Every filesystem write performed by this module must occur at a path under session_base_. The path_in_session_base() helper is the single chokepoint enforcing this; tests assert it directly.

Version: 2.1.5

Definition in file sandbox.h.

Classes

Namespaces

Detailed Description