0agent 1.0.0

package/packages/subagent/dist/index.js

@@ -0,0 +1,23 @@
+// ─── Orchestrator ───────────────────────────────────
+export { SubagentOrchestrator, } from './SubagentOrchestrator.js';
+// ─── Skill Invoker ──────────────────────────────────
+export { SkillInvoker, } from './SkillInvoker.js';
+// ─── Skill Input Resolver ───────────────────────────
+export { SkillInputResolver, } from './SkillInputResolver.js';
+// ─── Capability Token ───────────────────────────────
+export { issueToken, signToken, validateToken, } from './CapabilityToken.js';
+// ─── Subagent Result ────────────────────────────────
+export { errorResult, } from './SubagentResult.js';
+// ─── Watchdog ───────────────────────────────────────
+export { Watchdog } from './Watchdog.js';
+// ─── Resource Defaults ──────────────────────────────
+export { RESOURCE_DEFAULTS, } from './ResourceDefaults.js';
+// ─── Sandbox ────────────────────────────────────────
+export { SandboxManager, } from './sandbox/SandboxManager.js';
+export { DockerBackend } from './sandbox/DockerBackend.js';
+export { ProcessBackend } from './sandbox/ProcessBackend.js';
+export { PodmanBackend } from './sandbox/PodmanBackend.js';
+export { BwrapBackend } from './sandbox/BwrapBackend.js';
+export { FirecrackerBackend } from './sandbox/FirecrackerBackend.js';
+export { CloudBackend } from './sandbox/CloudBackend.js';
+//# sourceMappingURL=index.js.map

package/packages/subagent/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,OAAO,EACL,oBAAoB,GAIrB,MAAM,2BAA2B,CAAC;AAEnC,uDAAuD;AACvD,OAAO,EACL,YAAY,GAGb,MAAM,mBAAmB,CAAC;AAE3B,uDAAuD;AACvD,OAAO,EACL,kBAAkB,GAEnB,MAAM,yBAAyB,CAAC;AAEjC,uDAAuD;AACvD,OAAO,EACL,UAAU,EACV,SAAS,EACT,aAAa,GAOd,MAAM,sBAAsB,CAAC;AAE9B,uDAAuD;AACvD,OAAO,EAIL,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAE7B,uDAAuD;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,uDAAuD;AACvD,OAAO,EACL,iBAAiB,GAElB,MAAM,uBAAuB,CAAC;AAE/B,uDAAuD;AACvD,OAAO,EACL,cAAc,GAIf,MAAM,6BAA6B,CAAC;AAErC,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC"}

package/packages/subagent/dist/sandbox/BwrapBackend.d.ts

@@ -0,0 +1,14 @@
+import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
+/**
+ * Bubblewrap (bwrap) backend — Linux-only namespace isolation
+ * without requiring root or a container daemon.
+ *
+ * Uses unshare for PID/net/user namespaces and bind-mounts for filesystem isolation.
+ */
+export declare class BwrapBackend implements ISandboxBackend {
+    readonly type = "bwrap";
+    isAvailable(): Promise<boolean>;
+    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
+    destroy(handle: SandboxHandle): Promise<void>;
+}
+//# sourceMappingURL=BwrapBackend.d.ts.map

package/packages/subagent/dist/sandbox/BwrapBackend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BwrapBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/BwrapBackend.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAOtF;;;;;GAKG;AACH,qBAAa,YAAa,YAAW,eAAe;IAClD,QAAQ,CAAC,IAAI,WAAW;IAElB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAmH3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAGpD"}

package/packages/subagent/dist/sandbox/BwrapBackend.js

@@ -0,0 +1,171 @@
+import { spawn, exec } from 'node:child_process';
+import { promisify } from 'node:util';
+import { platform } from 'node:os';
+const execAsync = promisify(exec);
+const INPUT_SENTINEL = '__PAYLOAD_END__';
+const OUTPUT_SENTINEL = '__OUTPUT_END__';
+/**
+ * Bubblewrap (bwrap) backend — Linux-only namespace isolation
+ * without requiring root or a container daemon.
+ *
+ * Uses unshare for PID/net/user namespaces and bind-mounts for filesystem isolation.
+ */
+export class BwrapBackend {
+    type = 'bwrap';
+    async isAvailable() {
+        if (platform() !== 'linux')
+            return false;
+        try {
+            await execAsync('bwrap --version', { timeout: 3_000 });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async create(config) {
+        const id = crypto.randomUUID();
+        const runtime = 'node'; // use node; Bun detection deferred to production
+        const bwrapArgs = [
+            '--unshare-all',
+            // Read-only bind the host root
+            '--ro-bind', '/', '/',
+            // Writable tmpfs mounts
+            '--tmpfs', '/tmp',
+            '--dev', '/dev',
+            '--proc', '/proc',
+            // Drop capabilities
+            '--cap-drop', 'ALL',
+            '--die-with-parent',
+        ];
+        // Network isolation
+        if (config.network === 'none') {
+            bwrapArgs.push('--unshare-net');
+        }
+        // Inject environment variables
+        for (const [k, v] of Object.entries(config.env)) {
+            bwrapArgs.push('--setenv', k, v);
+        }
+        bwrapArgs.push('--setenv', 'SANDBOX_TYPE', 'bwrap');
+        bwrapArgs.push('--setenv', 'SANDBOX_ID', id);
+        // The command to execute inside the sandbox
+        bwrapArgs.push('--', runtime, '--input-type=module', '-e', WORKER_SCRIPT);
+        const proc = spawn('bwrap', bwrapArgs, {
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        let outputBuffer = '';
+        let outputResolve = null;
+        let outputReject = null;
+        proc.stdout.on('data', (chunk) => {
+            outputBuffer += chunk.toString();
+            const idx = outputBuffer.indexOf(OUTPUT_SENTINEL);
+            if (idx !== -1 && outputResolve) {
+                const result = outputBuffer.slice(0, idx);
+                outputBuffer = outputBuffer.slice(idx + OUTPUT_SENTINEL.length + 1);
+                outputResolve(result);
+                outputResolve = null;
+                outputReject = null;
+            }
+        });
+        proc.stderr.on('data', (chunk) => {
+            process.stderr.write(`[sandbox:bwrap:${id.slice(0, 8)}] ${chunk.toString()}`);
+        });
+        proc.on('error', (err) => {
+            if (outputReject) {
+                outputReject(err);
+                outputResolve = null;
+                outputReject = null;
+            }
+        });
+        proc.on('close', (code) => {
+            if (outputReject) {
+                outputReject(new Error(`Bwrap process exited with code ${code}`));
+                outputResolve = null;
+                outputReject = null;
+            }
+        });
+        const handle = {
+            id,
+            backend_type: 'bwrap',
+            created_at: Date.now(),
+            async write(data) {
+                return new Promise((resolve, reject) => {
+                    if (!proc.stdin.writable) {
+                        reject(new Error('Bwrap stdin is not writable'));
+                        return;
+                    }
+                    proc.stdin.write(data + '\n' + INPUT_SENTINEL + '\n', (err) => {
+                        if (err)
+                            reject(err);
+                        else
+                            resolve();
+                    });
+                });
+            },
+            readOutput() {
+                const idx = outputBuffer.indexOf(OUTPUT_SENTINEL);
+                if (idx !== -1) {
+                    const result = outputBuffer.slice(0, idx);
+                    outputBuffer = outputBuffer.slice(idx + OUTPUT_SENTINEL.length + 1);
+                    return Promise.resolve(result);
+                }
+                return new Promise((resolve, reject) => {
+                    outputResolve = resolve;
+                    outputReject = reject;
+                });
+            },
+            async kill() {
+                try {
+                    proc.kill('SIGKILL');
+                }
+                catch {
+                    // already dead
+                }
+            },
+        };
+        return handle;
+    }
+    async destroy(handle) {
+        await handle.kill();
+    }
+}
+/** Inline worker script — same protocol as ProcessBackend. */
+const WORKER_SCRIPT = `
+import { createInterface } from 'node:readline';
+
+const INPUT_SENTINEL = '${INPUT_SENTINEL}';
+const OUTPUT_SENTINEL = '${OUTPUT_SENTINEL}';
+
+let buffer = '';
+
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', (chunk) => {
+  buffer += chunk;
+  const idx = buffer.indexOf(INPUT_SENTINEL);
+  if (idx !== -1) {
+    const payload = buffer.slice(0, idx).trim();
+    buffer = buffer.slice(idx + INPUT_SENTINEL.length + 1);
+    handlePayload(payload);
+  }
+});
+
+async function handlePayload(raw) {
+  let result;
+  try {
+    const payload = JSON.parse(raw);
+    if (payload.type === 'exec') {
+      const fn = new Function('return (async () => {' + payload.code + '})()');
+      const output = await fn();
+      result = { ok: true, output: output ?? null };
+    } else if (payload.type === 'ping') {
+      result = { ok: true, pong: true };
+    } else {
+      result = { ok: false, error: 'Unknown payload type: ' + payload.type };
+    }
+  } catch (err) {
+    result = { ok: false, error: String(err) };
+  }
+  process.stdout.write(JSON.stringify(result) + '\\n' + OUTPUT_SENTINEL + '\\n');
+}
+`;
+//# sourceMappingURL=BwrapBackend.js.map

package/packages/subagent/dist/sandbox/BwrapBackend.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BwrapBackend.js","sourceRoot":"","sources":["../../src/sandbox/BwrapBackend.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAqB,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGnC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAElC,MAAM,cAAc,GAAG,iBAAiB,CAAC;AACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,OAAO,YAAY;IACd,IAAI,GAAG,OAAO,CAAC;IAExB,KAAK,CAAC,WAAW;QACf,IAAI,QAAQ,EAAE,KAAK,OAAO;YAAE,OAAO,KAAK,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACvD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAA2B;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,iDAAiD;QAEzE,MAAM,SAAS,GAAa;YAC1B,eAAe;YACf,+BAA+B;YAC/B,WAAW,EAAE,GAAG,EAAE,GAAG;YACrB,wBAAwB;YACxB,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,OAAO;YACjB,oBAAoB;YACpB,YAAY,EAAE,KAAK;YACnB,mBAAmB;SACpB,CAAC;QAEF,oBAAoB;QACpB,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC9B,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAClC,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACnC,CAAC;QACD,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;QACpD,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QAE7C,4CAA4C;QAC5C,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;QAE1E,MAAM,IAAI,GAAiB,KAAK,CAAC,OAAO,EAAE,SAAS,EAAE;YACnD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,IAAI,aAAa,GAAqC,IAAI,CAAC;QAC3D,IAAI,YAAY,GAAqC,IAAI,CAAC;QAE1D,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAClD,IAAI,GAAG,KAAK,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC1C,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACpE,aAAa,CAAC,MAAM,CAAC,CAAC;gBACtB,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,GAAG,CAAC,CAAC;gBAClB,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,IAAI,KAAK,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC,CAAC;gBAClE,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAkB;YAC5B,EAAE;YACF,YAAY,EAAE,OAAO;YACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YAEtB,KAAK,CAAC,KAAK,CAAC,IAAY;gBACtB,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC3C,IAAI,CAAC,IAAI,CAAC,KAAM,CAAC,QAAQ,EAAE,CAAC;wBAC1B,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;wBACjD,OAAO;oBACT,CAAC;oBACD,IAAI,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,GAAG,cAAc,GAAG,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;wBAC7D,IAAI,GAAG;4BAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;4BAChB,OAAO,EAAE,CAAC;oBACjB,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;YAED,UAAU;gBACR,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;gBAClD,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC1C,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBACpE,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBACjC,CAAC;gBACD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC7C,aAAa,GAAG,OAAO,CAAC;oBACxB,YAAY,GAAG,MAAM,CAAC;gBACxB,CAAC,CAAC,CAAC;YACL,CAAC;YAED,KAAK,CAAC,IAAI;gBACR,IAAI,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACvB,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IACtB,CAAC;CACF;AAED,8DAA8D;AAC9D,MAAM,aAAa,GAAG;;;0BAGI,cAAc;2BACb,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiCzC,CAAC"}

package/packages/subagent/dist/sandbox/CloudBackend.d.ts

@@ -0,0 +1,28 @@
+import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
+export interface CloudBackendOptions {
+    /** E2B API key. If absent, the backend reports itself as unavailable. */
+    apiKey?: string;
+    /** Base URL for the E2B API (default: https://api.e2b.dev). */
+    apiUrl?: string;
+}
+/**
+ * E2B Cloud sandbox backend — delegates execution to a remote cloud VM.
+ *
+ * Currently a stub: the backend is only "available" when an API key is
+ * configured, and create() returns an error result immediately.
+ *
+ * In production this would:
+ *   1. Call the E2B API to provision a cloud sandbox
+ *   2. Stream stdin/stdout over WebSocket
+ *   3. Return a handle with the remote sandbox ID
+ */
+export declare class CloudBackend implements ISandboxBackend {
+    readonly type = "cloud";
+    private readonly apiKey;
+    private readonly apiUrl;
+    constructor(options?: CloudBackendOptions);
+    isAvailable(): Promise<boolean>;
+    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
+    destroy(handle: SandboxHandle): Promise<void>;
+}
+//# sourceMappingURL=CloudBackend.d.ts.map

package/packages/subagent/dist/sandbox/CloudBackend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CloudBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/CloudBackend.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEtF,MAAM,WAAW,mBAAmB;IAClC,yEAAyE;IACzE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,YAAa,YAAW,eAAe;IAClD,QAAQ,CAAC,IAAI,WAAW;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqB;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;gBAEpB,OAAO,GAAE,mBAAwB;IAKvC,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAI/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAiC3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAIpD"}

package/packages/subagent/dist/sandbox/CloudBackend.js

@@ -0,0 +1,52 @@
+/**
+ * E2B Cloud sandbox backend — delegates execution to a remote cloud VM.
+ *
+ * Currently a stub: the backend is only "available" when an API key is
+ * configured, and create() returns an error result immediately.
+ *
+ * In production this would:
+ *   1. Call the E2B API to provision a cloud sandbox
+ *   2. Stream stdin/stdout over WebSocket
+ *   3. Return a handle with the remote sandbox ID
+ */
+export class CloudBackend {
+    type = 'cloud';
+    apiKey;
+    apiUrl;
+    constructor(options = {}) {
+        this.apiKey = options.apiKey ?? process.env['E2B_API_KEY'];
+        this.apiUrl = options.apiUrl ?? 'https://api.e2b.dev';
+    }
+    async isAvailable() {
+        return typeof this.apiKey === 'string' && this.apiKey.length > 0;
+    }
+    async create(config) {
+        const id = crypto.randomUUID();
+        console.warn(`[sandbox:cloud] E2B Cloud sandbox not yet connected. ` +
+            `API URL: ${this.apiUrl}, sandbox ${id.slice(0, 8)}.`);
+        const handle = {
+            id,
+            backend_type: 'cloud',
+            created_at: Date.now(),
+            async write(_data) {
+                console.warn('[sandbox:cloud] write() called on stub handle — no-op');
+            },
+            async readOutput() {
+                return JSON.stringify({
+                    ok: false,
+                    error: 'E2B Cloud sandbox is not yet connected. Configure E2B_API_KEY and implement the Cloud backend.',
+                    exit_reason: 'stub',
+                });
+            },
+            async kill() {
+                // nothing to kill — no remote sandbox was created
+            },
+        };
+        return handle;
+    }
+    async destroy(handle) {
+        await handle.kill();
+        // In production: call E2B API to terminate the remote sandbox
+    }
+}
+//# sourceMappingURL=CloudBackend.js.map

package/packages/subagent/dist/sandbox/CloudBackend.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CloudBackend.js","sourceRoot":"","sources":["../../src/sandbox/CloudBackend.ts"],"names":[],"mappings":"AASA;;;;;;;;;;GAUG;AACH,MAAM,OAAO,YAAY;IACd,IAAI,GAAG,OAAO,CAAC;IACP,MAAM,CAAqB;IAC3B,MAAM,CAAS;IAEhC,YAAY,UAA+B,EAAE;QAC3C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,qBAAqB,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAA2B;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAE/B,OAAO,CAAC,IAAI,CACV,uDAAuD;YACvD,YAAY,IAAI,CAAC,MAAM,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CACtD,CAAC;QAEF,MAAM,MAAM,GAAkB;YAC5B,EAAE;YACF,YAAY,EAAE,OAAO;YACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YAEtB,KAAK,CAAC,KAAK,CAAC,KAAa;gBACvB,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YACxE,CAAC;YAED,KAAK,CAAC,UAAU;gBACd,OAAO,IAAI,CAAC,SAAS,CAAC;oBACpB,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,gGAAgG;oBACvG,WAAW,EAAE,MAAM;iBACpB,CAAC,CAAC;YACL,CAAC;YAED,KAAK,CAAC,IAAI;gBACR,kDAAkD;YACpD,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,8DAA8D;IAChE,CAAC;CACF"}

package/packages/subagent/dist/sandbox/DockerBackend.d.ts

@@ -0,0 +1,14 @@
+import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
+/**
+ * Docker container backend with resource limits, read-only root,
+ * and optional network isolation.
+ */
+export declare class DockerBackend implements ISandboxBackend {
+    readonly type = "docker";
+    isAvailable(): Promise<boolean>;
+    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
+    destroy(handle: SandboxHandle): Promise<void>;
+    /** Build the `docker run` argument list from config. */
+    private buildRunArgs;
+}
+//# sourceMappingURL=DockerBackend.d.ts.map

package/packages/subagent/dist/sandbox/DockerBackend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DockerBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/DockerBackend.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAOtF;;;GAGG;AACH,qBAAa,aAAc,YAAW,eAAe;IACnD,QAAQ,CAAC,IAAI,YAAY;IAEnB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAS/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAuF3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAanD,wDAAwD;IACxD,OAAO,CAAC,YAAY;CA0CrB"}

package/packages/subagent/dist/sandbox/DockerBackend.js

@@ -0,0 +1,149 @@
+import { spawn, exec } from 'node:child_process';
+import { promisify } from 'node:util';
+const execAsync = promisify(exec);
+const INPUT_SENTINEL = '__PAYLOAD_END__';
+const OUTPUT_SENTINEL = '__OUTPUT_END__';
+/**
+ * Docker container backend with resource limits, read-only root,
+ * and optional network isolation.
+ */
+export class DockerBackend {
+    type = 'docker';
+    async isAvailable() {
+        try {
+            await execAsync('docker info', { timeout: 5_000 });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async create(config) {
+        const id = crypto.randomUUID();
+        const args = this.buildRunArgs(id, config);
+        const proc = spawn('docker', args, {
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        let outputBuffer = '';
+        let outputResolve = null;
+        let outputReject = null;
+        proc.stdout.on('data', (chunk) => {
+            outputBuffer += chunk.toString();
+            const idx = outputBuffer.indexOf(OUTPUT_SENTINEL);
+            if (idx !== -1 && outputResolve) {
+                const result = outputBuffer.slice(0, idx);
+                outputBuffer = outputBuffer.slice(idx + OUTPUT_SENTINEL.length + 1);
+                outputResolve(result);
+                outputResolve = null;
+                outputReject = null;
+            }
+        });
+        proc.stderr.on('data', (chunk) => {
+            process.stderr.write(`[sandbox:docker:${id.slice(0, 8)}] ${chunk.toString()}`);
+        });
+        proc.on('error', (err) => {
+            if (outputReject) {
+                outputReject(err);
+                outputResolve = null;
+                outputReject = null;
+            }
+        });
+        proc.on('close', (code) => {
+            if (outputReject) {
+                outputReject(new Error(`Docker container exited with code ${code}`));
+                outputResolve = null;
+                outputReject = null;
+            }
+        });
+        const handle = {
+            id,
+            backend_type: 'docker',
+            created_at: Date.now(),
+            async write(data) {
+                return new Promise((resolve, reject) => {
+                    if (!proc.stdin.writable) {
+                        reject(new Error('Docker stdin is not writable'));
+                        return;
+                    }
+                    proc.stdin.write(data + '\n' + INPUT_SENTINEL + '\n', (err) => {
+                        if (err)
+                            reject(err);
+                        else
+                            resolve();
+                    });
+                });
+            },
+            readOutput() {
+                const idx = outputBuffer.indexOf(OUTPUT_SENTINEL);
+                if (idx !== -1) {
+                    const result = outputBuffer.slice(0, idx);
+                    outputBuffer = outputBuffer.slice(idx + OUTPUT_SENTINEL.length + 1);
+                    return Promise.resolve(result);
+                }
+                return new Promise((resolve, reject) => {
+                    outputResolve = resolve;
+                    outputReject = reject;
+                });
+            },
+            async kill() {
+                try {
+                    proc.kill('SIGKILL');
+                }
+                catch {
+                    // already dead
+                }
+            },
+        };
+        return handle;
+    }
+    async destroy(handle) {
+        await handle.kill();
+        // Force-remove by label in case --rm did not clean up
+        try {
+            await execAsync(`docker rm -f $(docker ps -aq --filter "label=0agent-sandbox=${handle.id}") 2>/dev/null`, { timeout: 5_000 });
+        }
+        catch {
+            // ignore — container may already be removed
+        }
+    }
+    /** Build the `docker run` argument list from config. */
+    buildRunArgs(id, config) {
+        const args = [
+            'run', '--rm', '--interactive',
+            `--memory=${config.memory_mb}m`,
+            `--cpus=${config.cpus}`,
+            '--read-only',
+            '--tmpfs', '/tmp:size=100m',
+            '--tmpfs', '/root/.bun:size=50m',
+            '--security-opt', 'no-new-privileges',
+            '--label', `0agent-sandbox=${id}`,
+        ];
+        // --- Network isolation ---
+        if (config.network === 'none') {
+            args.push('--network=none');
+        }
+        else if (config.network === 'allowlist') {
+            args.push('--network=bridge');
+            if (config.network_allowlist?.length) {
+                args.push('--env', `NETWORK_ALLOWLIST=${config.network_allowlist.join(',')}`);
+            }
+        }
+        // 'full' → default docker bridge, no extra flags
+        // --- Display / VNC ---
+        if (config.has_display) {
+            args.push('--env', 'DISPLAY=:99');
+        }
+        // --- Environment variables ---
+        for (const [k, v] of Object.entries(config.env)) {
+            args.push('--env', `${k}=${v}`);
+        }
+        // --- Image selection ---
+        const image = config.image
+            ?? (config.has_browser
+                ? '0agent/subagent-runtime:chrome'
+                : '0agent/subagent-runtime:latest');
+        args.push(image);
+        return args;
+    }
+}
+//# sourceMappingURL=DockerBackend.js.map

package/packages/subagent/dist/sandbox/DockerBackend.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DockerBackend.js","sourceRoot":"","sources":["../../src/sandbox/DockerBackend.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAqB,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAElC,MAAM,cAAc,GAAG,iBAAiB,CAAC;AACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC;AAEzC;;;GAGG;AACH,MAAM,OAAO,aAAa;IACf,IAAI,GAAG,QAAQ,CAAC;IAEzB,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,aAAa,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAA2B;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAE3C,MAAM,IAAI,GAAiB,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE;YAC/C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,IAAI,aAAa,GAAqC,IAAI,CAAC;QAC3D,IAAI,YAAY,GAAqC,IAAI,CAAC;QAE1D,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAClD,IAAI,GAAG,KAAK,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC1C,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACpE,aAAa,CAAC,MAAM,CAAC,CAAC;gBACtB,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,GAAG,CAAC,CAAC;gBAClB,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,IAAI,KAAK,CAAC,qCAAqC,IAAI,EAAE,CAAC,CAAC,CAAC;gBACrE,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAkB;YAC5B,EAAE;YACF,YAAY,EAAE,QAAQ;YACtB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YAEtB,KAAK,CAAC,KAAK,CAAC,IAAY;gBACtB,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC3C,IAAI,CAAC,IAAI,CAAC,KAAM,CAAC,QAAQ,EAAE,CAAC;wBAC1B,MAAM,CAAC,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC;wBAClD,OAAO;oBACT,CAAC;oBACD,IAAI,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,GAAG,cAAc,GAAG,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;wBAC7D,IAAI,GAAG;4BAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;4BAChB,OAAO,EAAE,CAAC;oBACjB,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;YAED,UAAU;gBACR,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;gBAClD,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC1C,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBACpE,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBACjC,CAAC;gBACD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC7C,aAAa,GAAG,OAAO,CAAC;oBACxB,YAAY,GAAG,MAAM,CAAC;gBACxB,CAAC,CAAC,CAAC;YACL,CAAC;YAED,KAAK,CAAC,IAAI;gBACR,IAAI,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACvB,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,sDAAsD;QACtD,IAAI,CAAC;YACH,MAAM,SAAS,CACb,+DAA+D,MAAM,CAAC,EAAE,gBAAgB,EACxF,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,4CAA4C;QAC9C,CAAC;IACH,CAAC;IAED,wDAAwD;IAChD,YAAY,CAAC,EAAU,EAAE,MAA2B;QAC1D,MAAM,IAAI,GAAa;YACrB,KAAK,EAAE,MAAM,EAAE,eAAe;YAC9B,YAAY,MAAM,CAAC,SAAS,GAAG;YAC/B,UAAU,MAAM,CAAC,IAAI,EAAE;YACvB,aAAa;YACb,SAAS,EAAE,gBAAgB;YAC3B,SAAS,EAAE,qBAAqB;YAChC,gBAAgB,EAAE,mBAAmB;YACrC,SAAS,EAAE,kBAAkB,EAAE,EAAE;SAClC,CAAC;QAEF,4BAA4B;QAC5B,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC9B,CAAC;aAAM,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;YAC1C,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC9B,IAAI,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;gBACrC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,qBAAqB,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QACD,iDAAiD;QAEjD,wBAAwB;QACxB,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACpC,CAAC;QAED,gCAAgC;QAChC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClC,CAAC;QAED,0BAA0B;QAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK;eACrB,CAAC,MAAM,CAAC,WAAW;gBACpB,CAAC,CAAC,gCAAgC;gBAClC,CAAC,CAAC,gCAAgC,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEjB,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/packages/subagent/dist/sandbox/FirecrackerBackend.d.ts

@@ -0,0 +1,17 @@
+import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
+/**
+ * Firecracker microVM backend — requires Linux with KVM support.
+ *
+ * Currently a stub: logs a warning and falls back to a no-op handle.
+ * In production this would:
+ *   1. Restore a pre-built microVM snapshot via the Firecracker API
+ *   2. Communicate over vsock
+ *   3. Provide full hardware-level isolation
+ */
+export declare class FirecrackerBackend implements ISandboxBackend {
+    readonly type = "firecracker";
+    isAvailable(): Promise<boolean>;
+    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
+    destroy(handle: SandboxHandle): Promise<void>;
+}
+//# sourceMappingURL=FirecrackerBackend.d.ts.map

package/packages/subagent/dist/sandbox/FirecrackerBackend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"FirecrackerBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/FirecrackerBackend.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEtF;;;;;;;;GAQG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD,QAAQ,CAAC,IAAI,iBAAiB;IAExB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAkC3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAGpD"}

package/packages/subagent/dist/sandbox/FirecrackerBackend.js

@@ -0,0 +1,54 @@
+import { access, constants } from 'node:fs/promises';
+import { platform } from 'node:os';
+/**
+ * Firecracker microVM backend — requires Linux with KVM support.
+ *
+ * Currently a stub: logs a warning and falls back to a no-op handle.
+ * In production this would:
+ *   1. Restore a pre-built microVM snapshot via the Firecracker API
+ *   2. Communicate over vsock
+ *   3. Provide full hardware-level isolation
+ */
+export class FirecrackerBackend {
+    type = 'firecracker';
+    async isAvailable() {
+        if (platform() !== 'linux')
+            return false;
+        try {
+            await access('/dev/kvm', constants.R_OK | constants.W_OK);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async create(config) {
+        const id = crypto.randomUUID();
+        console.warn(`[sandbox:firecracker] Firecracker snapshot restore not yet implemented. ` +
+            `Returning stub handle for sandbox ${id.slice(0, 8)}.`);
+        // Stub handle that acknowledges writes but produces no output
+        const handle = {
+            id,
+            backend_type: 'firecracker',
+            created_at: Date.now(),
+            async write(_data) {
+                console.warn('[sandbox:firecracker] write() called on stub handle — no-op');
+            },
+            async readOutput() {
+                return JSON.stringify({
+                    ok: false,
+                    error: 'Firecracker backend is not yet implemented. Use docker or process backend.',
+                    exit_reason: 'stub',
+                });
+            },
+            async kill() {
+                // nothing to kill
+            },
+        };
+        return handle;
+    }
+    async destroy(handle) {
+        await handle.kill();
+    }
+}
+//# sourceMappingURL=FirecrackerBackend.js.map

package/packages/subagent/dist/sandbox/FirecrackerBackend.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"FirecrackerBackend.js","sourceRoot":"","sources":["../../src/sandbox/FirecrackerBackend.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGnC;;;;;;;;GAQG;AACH,MAAM,OAAO,kBAAkB;IACpB,IAAI,GAAG,aAAa,CAAC;IAE9B,KAAK,CAAC,WAAW;QACf,IAAI,QAAQ,EAAE,KAAK,OAAO;YAAE,OAAO,KAAK,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAA2B;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAE/B,OAAO,CAAC,IAAI,CACV,0EAA0E;YAC1E,qCAAqC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CACvD,CAAC;QAEF,8DAA8D;QAC9D,MAAM,MAAM,GAAkB;YAC5B,EAAE;YACF,YAAY,EAAE,aAAa;YAC3B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YAEtB,KAAK,CAAC,KAAK,CAAC,KAAa;gBACvB,OAAO,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;YAC9E,CAAC;YAED,KAAK,CAAC,UAAU;gBACd,OAAO,IAAI,CAAC,SAAS,CAAC;oBACpB,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,4EAA4E;oBACnF,WAAW,EAAE,MAAM;iBACpB,CAAC,CAAC;YACL,CAAC;YAED,KAAK,CAAC,IAAI;gBACR,kBAAkB;YACpB,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IACtB,CAAC;CACF"}

package/packages/subagent/dist/sandbox/PodmanBackend.d.ts

@@ -0,0 +1,13 @@
+import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
+/**
+ * Rootless Podman backend — same container interface as Docker
+ * but runs without a daemon and supports rootless operation out of the box.
+ */
+export declare class PodmanBackend implements ISandboxBackend {
+    readonly type = "podman";
+    isAvailable(): Promise<boolean>;
+    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
+    destroy(handle: SandboxHandle): Promise<void>;
+    private buildRunArgs;
+}
+//# sourceMappingURL=PodmanBackend.d.ts.map

package/packages/subagent/dist/sandbox/PodmanBackend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PodmanBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/PodmanBackend.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAOtF;;;GAGG;AACH,qBAAa,aAAc,YAAW,eAAe;IACnD,QAAQ,CAAC,IAAI,YAAY;IAEnB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAS/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAuF3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAYnD,OAAO,CAAC,YAAY;CAuCrB"}