add restrictive pragmatic sandbox

packages/SimulationStudio-Sandbox.package/PragmaticSandbox.class/instance/context.activateMethod.withArgs.receiver.do..st

@@ -26,4 +26,6 @@ context: aContext activateMethod: aCompiledMethod withArgs: arguments receiver:
 		self perform: selector withArguments: args]
 			on: Error do:
 				[^ super context: aContext activateMethod: aCompiledMethod withArgs: arguments receiver: receiver do: aBlock].
-	^ aContext push: result
+	^ (aContext isPrimFailToken: result)
+		ifTrue: [result second value]
+		ifFalse: [aContext push: result]

packages/SimulationStudio-Sandbox.package/PragmaticSandbox.class/methodProperties.json

@@ -11,7 +11,7 @@
 		"addPragmaticMultiMethodsTo:" : "ct 1/3/2025 01:37",
 		"assertUnmodifiedObject:" : "ct 1/2/2025 04:50",
 		"basicEvaluate:" : "ct 12/29/2024 06:20",
-		"context:activateMethod:withArgs:receiver:do:" : "ct 1/1/2025 20:35",
+		"context:activateMethod:withArgs:receiver:do:" : "ct 1/3/2025 01:30",
 		"context:doPrimitive:method:receiver:args:do:" : "ct 12/29/2024 04:56",
 		"doCompiledMethodPreamble:" : "ct 1/2/2025 22:56",
 		"doDateAndTime:perform:context:" : "ct 1/2/2025 04:49",

packages/SimulationStudio-Sandbox.package/RestrictivePragmaticSandbox.class/README.md

@@ -0,0 +1 @@
+I am a more restrictive version of the pragmatic sandbox. I explicitly disallow common headful operations that should typically not be done in headless environments.

packages/SimulationStudio-Sandbox.package/RestrictivePragmaticSandbox.class/instance/doMorphOpenInWorld.context..st

@@ -0,0 +1,5 @@
+pragmatic methods - Morph
+doMorphOpenInWorld: aMorph context: aContext
+	<pragmaticClass: #Morph selector: #openInWorld>
+
+	^ self pragmatic: aContext forbidden: 'Use #imageForm instead'

packages/SimulationStudio-Sandbox.package/RestrictivePragmaticSandbox.class/instance/doObjectInspect.perform.context..st

@@ -0,0 +1,5 @@
+pragmatic methods - Object
+doObjectInspect: aMorph perform: selector context: aContext
+	<pragmaticClass: #Object selectors: #(inspect explore)>
+
+	^ self pragmatic: aContext forbidden: 'Use #longPrintString instead'

packages/SimulationStudio-Sandbox.package/RestrictivePragmaticSandbox.class/instance/doToolSetBrowse.perform.args.context..st

@@ -0,0 +1,6 @@
+pragmatic methods - ToolSet
+doToolSetBrowse: aToolSetClass perform: selector args: args context: aContext
+	<pragmaticClass: #'ToolSet class'>
+
+	self assert: (selector beginsWithAnyOf: #(browse open handle inspect)).
+	^ self pragmatic: aContext forbidden: 'Don''t use ToolSet in headless context'

packages/SimulationStudio-Sandbox.package/RestrictivePragmaticSandbox.class/instance/pragmatic.forbidden..st

@@ -0,0 +1,5 @@
+private
+pragmatic: aContext forbidden: messageText
+
+	^ self nextSimulator context: aContext primitiveFailTokenFor:
+		[self nextSimulator context: aContext activateOperationForbidden: messageText]

packages/SimulationStudio-Sandbox.package/RestrictivePragmaticSandbox.class/instance/pragmaticForbidden..st

@@ -0,0 +1,4 @@
+private
+pragmaticForbidden: aContext
+
+	^ self pragmatic: aContext forbidden: 'Operation forbidden'

packages/SimulationStudio-Sandbox.package/RestrictivePragmaticSandbox.class/methodProperties.json

@@ -0,0 +1,9 @@
+{
+	"class" : {
+		 },
+	"instance" : {
+		"doMorphOpenInWorld:context:" : "ct 1/3/2025 01:32",
+		"doObjectInspect:perform:context:" : "ct 1/3/2025 01:32",
+		"doToolSetBrowse:perform:args:context:" : "ct 1/3/2025 01:35",
+		"pragmatic:forbidden:" : "ct 1/3/2025 01:31",
+		"pragmaticForbidden:" : "ct 1/3/2025 01:27" } }

packages/SimulationStudio-Sandbox.package/RestrictivePragmaticSandbox.class/properties.json

@@ -0,0 +1,14 @@
+{
+	"category" : "SimulationStudio-Sandbox",
+	"classinstvars" : [
+		 ],
+	"classvars" : [
+		 ],
+	"commentStamp" : "ct 1/3/2025 02:22",
+	"instvars" : [
+		 ],
+	"name" : "RestrictivePragmaticSandbox",
+	"pools" : [
+		 ],
+	"super" : "PragmaticSandbox",
+	"type" : "normal" }