Declarative isolation policy for Vibe evaluation runtimes.
OTP gives strong fault isolation, supervision, timeouts, monitors, group leaders, ports, and separate BEAM nodes/processes. It is not, by itself, a security sandbox for malicious code with filesystem/network access.
Summary
Types
@type isolation() ::
:same_process | :process | :node | :os_process | :container | :remote
@type t() :: %Vibe.Sandbox.Policy{ cwd: Path.t() | nil, env: %{optional(String.t()) => String.t()}, filesystem: :inherit | :workspace | :tmp | :readonly, isolation: isolation(), max_heap_size: pos_integer() | nil, network: :inherit | :off, timeout: pos_integer() }