pub fn create_sandbox(
sandbox: &SandboxConfig,
runtime_kind: &str,
workspace_dir: Option<&Path>,
) -> Arc<dyn Sandbox>Expand description
Create a sandbox based on auto-detection or explicit config.
Takes a SandboxConfig (synthesized from the active risk profile via
RiskProfileConfig::sandbox_config()). runtime_kind is the
runtime.kind string from the top-level config. When the caller has set
runtime.kind = "native", Docker must never be selected as the sandbox
backend during auto-detection — the user explicitly opted out of container
wrapping.