
# all ? so why sandbox
# --allow-network

# priv:
# docker style
# deno style
# wasm style

# x sb --network --pwd
# x sb --network --home
# x sb --network -r "$file" -w "$file"

___x_cmd_sb_run(){
    [ $# -gt 0 ]    ||          set -- --help

    local sbarg="-4"

    local argf=""
    local argfc=0

    arg:init:x  sb
    # auto add create
    while [ $# -gt 0 ]; do
        case "$1" in
            -h|--help)          ___x_cmd help -m sb run "$@";  return 0 ;;

            -n|--net)           arg:add     sbarg   --net       ;;
            --tty)              arg:add     sbarg   "$1"        ;;

            --wd|--workdir)     arg:add     sbarg   --workdir   "$2"  ;;
            --wf|--workfile)    arg:add     sbarg   --workfile  "$2"  ;;

            --all|--allrx|--home|--pwd|--ws)
                                arg:add     sbarg   "$1" ;;

            # --argf)             argfc="$((argfc + 1 ))";
            #                     [ "$argfc" -le 10 ]         || N=sb M="Exit because --argf is invoked more than 10 times." log:ret:64
            #                     argf="$2"; [ -r "$argf" ]   || N=sb M="Unreadable file -> $argf" log:ret:64
            #                     arg:2:shift
            #                     while read -r line; do
            #                         set -- "$line" "$@"
            #                     done <"$argf"
            #                     ;;

            --)                 shift ;     break ;;
            *)                  break
        esac
        shift
    done

    ! ___x_cmd_is_termux || N=sb M="Unsupported system -> termux" log:ret:1

    local x_=""
    ___x_cmd os name_
    case "$x_" in
        darwin)     ___x_cmd_sb_run___sb        "$@" ;;
        linux)      ___x_cmd_sb_run___pledge    "$@" ;;
        *)
                    if [ -z "$___X_CMD_SB_RUN_ANYWAY" ]; then
                        N=sb M="Unsupported system -> $x_" log:ret:1
                    else
                        "$@"
                    fi
                    ;;
    esac
}

___x_cmd_sb_run___sb(){
    eval ___x_cmd mac sb    "$sbarg" -- '"$@"'
}

___x_cmd_sb_run___pledge(){
    eval ___x_cmd pldg      "$sbarg" -- '"$@"'
}

