Rust Agent Tool Sandbox Reference
TeaQL enforces strict API guardrails for AI Agents and human developers alike. Any side-effect or IO-bound capability (e.g., HTTP, Message Queues, File System) must be accessed via the UserContext sandbox.
This guarantees that:
- Capabilities are opt-in: If a feature is not loaded via Cargo Features, the Agent cannot use it, keeping the scratch container binary tiny and attack surfaces minimized.
- Intent is mandatory: Operations cannot be executed without declaring a
.purpose()(for reads) or an.audit_as()(for writes).
API Reference
In Rust, capabilities are statically checked at compile-time and selectively included via Cargo.toml feature flags (features = ["http", "mq"]).
Important: Rust enforces the intent phase through the Typestate Pattern. Calling
ctx.http().post()consumes the builder and returns a state that does not have an.execute()method. It only exposes.audit_as(), which returns the final executable state.
| Capability Feature (Cargo) | Action Type | Intent Phase Method | Typestate Chain Example |
|---|---|---|---|
feature = "http" | Write / Action (POST) | audit_as() | ctx.http().post(url, body).audit_as("Sync inventory data").execute().await; |
feature = "http" | Read / Query (GET) | purpose() | ctx.http().get(url).purpose("Fetch exchange rates").execute().await; |
feature = "mq" | Write / Send | audit_as() | ctx.mq().send(topic, msg).audit_as("Notify fulfillment system").commit().await; |
feature = "fs" | Write / Save | audit_as() | ctx.fs().write_text(path, txt).audit_as("Export invoice backup").commit().await; |
feature = "fs" | Read / Query | purpose() | ctx.fs().read_text(path).purpose("Load temporary certificate").execute().await; |
feature = "email" | Write / Send | audit_as() | ctx.email().send(to, body).audit_as("Send password reset link").commit().await; |