from pathlib import Path
from typing import Optional


class Sandbox:
    def __init__(self, root: Path, allow_network: bool = False) -> None:
        self.root = root
        self.allow_network = allow_network

    def _resolve(self, path: str) -> Path:
        target = (self.root / path).resolve()
        if not str(target).startswith(str(self.root.resolve())):
            raise PermissionError("Path outside sandbox")
        return target

    def read_text(self, path: str, encoding: str = "utf-8") -> str:
        target = self._resolve(path)
        return target.read_text(encoding=encoding)

    def write_text(self, path: str, data: str, encoding: str = "utf-8") -> None:
        target = self._resolve(path)
        target.parent.mkdir(parents=True, exist_ok=True)
        target.write_text(data, encoding=encoding)

    def can_network(self) -> bool:
        return self.allow_network

    def for_plugin(self, name: str) -> "Sandbox":
        return Sandbox(self.root / "external" / name, allow_network=self.allow_network)