1 files changed, 43 insertions, 0 deletions

diff --git a/src/zencompute/runners/macrunner.h b/src/zencompute/runners/macrunner.h
new file mode 100644
index 000000000..d653b923a
--- /dev/null
+++ b/src/zencompute/runners/macrunner.h
@@ -0,0 +1,43 @@
+// Copyright Epic Games, Inc. All Rights Reserved.
+
+#pragma once
+
+#include "localrunner.h"
+
+#if ZEN_WITH_COMPUTE_SERVICES && ZEN_PLATFORM_MAC
+
+namespace zen::compute {
+
+/** Native macOS process runner for executing Mac worker executables directly.
+
+	Subclasses LocalProcessRunner, reusing sandbox management, worker manifesting,
+	input/output handling, and monitor thread infrastructure. Overrides only the
+	platform-specific methods: process spawning, sweep, and cancellation.
+
+	When Sandboxed is true, child processes are isolated using macOS Seatbelt
+	(sandbox_init): no network access and no filesystem access outside the
+	explicitly allowed sandbox and worker directories. This requires no elevation.
+ */
+class MacProcessRunner : public LocalProcessRunner
+{
+public:
+	MacProcessRunner(ChunkResolver&				  Resolver,
+					 const std::filesystem::path& BaseDir,
+					 DeferredDirectoryDeleter&	  Deleter,
+					 WorkerThreadPool&			  WorkerPool,
+					 bool						  Sandboxed			   = false,
+					 int32_t					  MaxConcurrentActions = 0);
+
+	[[nodiscard]] SubmitResult SubmitAction(Ref<RunnerAction> Action) override;
+	void					   SweepRunningActions() override;
+	void					   CancelRunningActions() override;
+	bool					   CancelAction(int ActionLsn) override;
+	void					   SampleProcessCpu(RunningAction& Running) override;
+
+private:
+	bool m_Sandboxed = false;
+};
+
+}  // namespace zen::compute
+
+#endif