Sandbox that runs against an in-memory virtual filesystem and a Rust-implemented bash interpreter via the bashkit NIF.
No host process spawning by default. Host directories can be mounted into
the virtual filesystem at construction time via :mounts, or at runtime via
Condukt.Sandbox.Virtual.Tools.Mount.
Initializing
{:ok, sandbox} = Condukt.Sandbox.new(Condukt.Sandbox.Virtual)
# Mount the host project at /workspace, read-only:
{:ok, sandbox} =
Condukt.Sandbox.new(Condukt.Sandbox.Virtual,
mounts: [{File.cwd!(), "/workspace", :readonly}]
)Notes
Each exec/3 call is stateless: shell variables, cd, and export do not
persist across calls. This matches Sandbox.Local's contract and lets the
Bash tool behave identically in both sandboxes. For a stateful interactive
shell, use Condukt.Sandbox.Virtual.Tools.Shell (planned).