Default to whitelist mode and parallelize tests
Flips the default sandbox mode from blacklist to whitelist and replaces the global RUST_TEST_THREADS=1 with a targeted RwLock that only serializes blacklist sandboxes against tests mutating glob-matching host paths. A new Sandbox newtype acquires the guard automatically when --blacklist is in args.
This commit is contained in:
+2
-2
@@ -10,11 +10,11 @@ use clap::Parser;
|
||||
about = "Sandbox agentic coding assistants with bubblewrap"
|
||||
)]
|
||||
pub struct Args {
|
||||
/// Blacklist mode: bind / read-only, overlay sensitive paths (default)
|
||||
/// Blacklist mode: bind / read-only, overlay sensitive paths
|
||||
#[arg(long, conflicts_with = "whitelist")]
|
||||
pub blacklist: bool,
|
||||
|
||||
/// Whitelist mode: only explicitly listed minimal paths visible
|
||||
/// Whitelist mode: only explicitly listed minimal paths visible (default)
|
||||
#[arg(long)]
|
||||
pub whitelist: bool,
|
||||
|
||||
|
||||
+1
-1
@@ -93,7 +93,7 @@ fn merge_mode(
|
||||
}
|
||||
resolve_mode(profile)
|
||||
.or_else(|| resolve_mode(globals))
|
||||
.unwrap_or(SandboxMode::Blacklist)
|
||||
.unwrap_or(SandboxMode::Whitelist)
|
||||
}
|
||||
|
||||
fn resolve_mode(opts: &Options) -> Option<SandboxMode> {
|
||||
|
||||
Reference in New Issue
Block a user