detectBackend
detectBackend(
deps?):SandboxBackend
Defined in: src/sandbox.ts:118
Detect the sandbox backend with a real per-host SELF-TEST (cached per process).
Not merely bwrap --version: kernel/user-namespace policy can let bwrap exist
yet refuse to actually create a sandbox (e.g. unprivileged userns disabled). So
the probe builds the real derived membrane around BOTH node --version AND a
git invocation and runs it; only an exit 0 proves a usable backend.
Available (“bwrap”) iff bwrap --version exits 0 AND the wrapped probe exits 0.
Parameters
Section titled “Parameters”BackendProbeDeps = {}