npm - 0agent - Versions diffs - 1.0.2 → 1.0.3 - Mend

0agent 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (431) hide show

package/packages/subagent/dist/Watchdog.js DELETED Viewed

@@ -1,44 +0,0 @@
-/**
- * Per-subagent timeout enforcer.
- *
- * Starts a timer that invokes a kill function when the deadline elapses.
- * The timer is unref'd so it does not keep the process alive.
- * cancel() is idempotent and safe to call multiple times.
- */
-export class Watchdog {
-    subagentId;
-    timeoutMs;
-    killFn;
-    timer = null;
-    constructor(subagentId, timeoutMs, killFn) {
-        this.subagentId = subagentId;
-        this.timeoutMs = timeoutMs;
-        this.killFn = killFn;
-    }
-    /**
-     * Start the watchdog timer. If already started, this is a no-op.
-     */
-    start() {
-        if (this.timer !== null) {
-            return;
-        }
-        this.timer = setTimeout(() => {
-            this.timer = null;
-            this.killFn();
-        }, this.timeoutMs);
-        // Allow the Node.js process to exit even if the timer is still pending.
-        if (typeof this.timer === 'object' && 'unref' in this.timer) {
-            this.timer.unref();
-        }
-    }
-    /**
-     * Cancel the watchdog timer. Idempotent — safe to call multiple times.
-     */
-    cancel() {
-        if (this.timer !== null) {
-            clearTimeout(this.timer);
-            this.timer = null;
-        }
-    }
-}
-//# sourceMappingURL=Watchdog.js.map

package/packages/subagent/dist/Watchdog.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"Watchdog.js","sourceRoot":"","sources":["../src/Watchdog.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,OAAO,QAAQ;IACF,UAAU,CAAS;IACnB,SAAS,CAAS;IAClB,MAAM,CAAa;IAC5B,KAAK,GAAyC,IAAI,CAAC;IAE3D,YAAY,UAAkB,EAAE,SAAiB,EAAE,MAAkB;QACnE,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAEnB,wEAAwE;QACxE,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5D,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACxB,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;CACF"}

package/packages/subagent/dist/index.d.ts DELETED Viewed

@@ -1,15 +0,0 @@
-export { SubagentOrchestrator, type SpawnRequest, type OrchestratorConfig, type IEventBus, } from './SubagentOrchestrator.js';
-export { SkillInvoker, type SkillInvocation, type SkillOutput, } from './SkillInvoker.js';
-export { SkillInputResolver, type ResolverContext, } from './SkillInputResolver.js';
-export { issueToken, signToken, validateToken, type CapabilityToken, type GraphReadScope, type SandboxConfig, type TaskType, type TokenIssueRequest, type ValidationResult, } from './CapabilityToken.js';
-export { type SubagentResult, type SubagentArtifact, type ToolCallRecord, errorResult, } from './SubagentResult.js';
-export { Watchdog } from './Watchdog.js';
-export { RESOURCE_DEFAULTS, type ResourceConfig, } from './ResourceDefaults.js';
-export { SandboxManager, type ISandboxBackend, type SandboxHandle, type SandboxCreateConfig, } from './sandbox/SandboxManager.js';
-export { DockerBackend } from './sandbox/DockerBackend.js';
-export { ProcessBackend } from './sandbox/ProcessBackend.js';
-export { PodmanBackend } from './sandbox/PodmanBackend.js';
-export { BwrapBackend } from './sandbox/BwrapBackend.js';
-export { FirecrackerBackend } from './sandbox/FirecrackerBackend.js';
-export { CloudBackend } from './sandbox/CloudBackend.js';
-//# sourceMappingURL=index.d.ts.map

package/packages/subagent/dist/index.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,oBAAoB,EACpB,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACvB,KAAK,SAAS,GACf,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EACL,YAAY,EACZ,KAAK,eAAe,EACpB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,kBAAkB,EAClB,KAAK,eAAe,GACrB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,UAAU,EACV,SAAS,EACT,aAAa,EACb,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,QAAQ,EACb,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,GACtB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,OAAO,EACL,iBAAiB,EACjB,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,cAAc,EACd,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,mBAAmB,GACzB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC"}

package/packages/subagent/dist/index.js DELETED Viewed

@@ -1,23 +0,0 @@
-// ─── Orchestrator ───────────────────────────────────
-export { SubagentOrchestrator, } from './SubagentOrchestrator.js';
-// ─── Skill Invoker ──────────────────────────────────
-export { SkillInvoker, } from './SkillInvoker.js';
-// ─── Skill Input Resolver ───────────────────────────
-export { SkillInputResolver, } from './SkillInputResolver.js';
-// ─── Capability Token ───────────────────────────────
-export { issueToken, signToken, validateToken, } from './CapabilityToken.js';
-// ─── Subagent Result ────────────────────────────────
-export { errorResult, } from './SubagentResult.js';
-// ─── Watchdog ───────────────────────────────────────
-export { Watchdog } from './Watchdog.js';
-// ─── Resource Defaults ──────────────────────────────
-export { RESOURCE_DEFAULTS, } from './ResourceDefaults.js';
-// ─── Sandbox ────────────────────────────────────────
-export { SandboxManager, } from './sandbox/SandboxManager.js';
-export { DockerBackend } from './sandbox/DockerBackend.js';
-export { ProcessBackend } from './sandbox/ProcessBackend.js';
-export { PodmanBackend } from './sandbox/PodmanBackend.js';
-export { BwrapBackend } from './sandbox/BwrapBackend.js';
-export { FirecrackerBackend } from './sandbox/FirecrackerBackend.js';
-export { CloudBackend } from './sandbox/CloudBackend.js';
-//# sourceMappingURL=index.js.map

package/packages/subagent/dist/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,OAAO,EACL,oBAAoB,GAIrB,MAAM,2BAA2B,CAAC;AAEnC,uDAAuD;AACvD,OAAO,EACL,YAAY,GAGb,MAAM,mBAAmB,CAAC;AAE3B,uDAAuD;AACvD,OAAO,EACL,kBAAkB,GAEnB,MAAM,yBAAyB,CAAC;AAEjC,uDAAuD;AACvD,OAAO,EACL,UAAU,EACV,SAAS,EACT,aAAa,GAOd,MAAM,sBAAsB,CAAC;AAE9B,uDAAuD;AACvD,OAAO,EAIL,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAE7B,uDAAuD;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,uDAAuD;AACvD,OAAO,EACL,iBAAiB,GAElB,MAAM,uBAAuB,CAAC;AAE/B,uDAAuD;AACvD,OAAO,EACL,cAAc,GAIf,MAAM,6BAA6B,CAAC;AAErC,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC"}

package/packages/subagent/dist/sandbox/BwrapBackend.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
-/**
- * Bubblewrap (bwrap) backend — Linux-only namespace isolation
- * without requiring root or a container daemon.
- *
- * Uses unshare for PID/net/user namespaces and bind-mounts for filesystem isolation.
- */
-export declare class BwrapBackend implements ISandboxBackend {
-    readonly type = "bwrap";
-    isAvailable(): Promise<boolean>;
-    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
-    destroy(handle: SandboxHandle): Promise<void>;
-}
-//# sourceMappingURL=BwrapBackend.d.ts.map

package/packages/subagent/dist/sandbox/BwrapBackend.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"BwrapBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/BwrapBackend.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAOtF;;;;;GAKG;AACH,qBAAa,YAAa,YAAW,eAAe;IAClD,QAAQ,CAAC,IAAI,WAAW;IAElB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAmH3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAGpD"}

package/packages/subagent/dist/sandbox/BwrapBackend.js DELETED Viewed

@@ -1,171 +0,0 @@
-import { spawn, exec } from 'node:child_process';
-import { promisify } from 'node:util';
-import { platform } from 'node:os';
-const execAsync = promisify(exec);
-const INPUT_SENTINEL = '__PAYLOAD_END__';
-const OUTPUT_SENTINEL = '__OUTPUT_END__';
-/**
- * Bubblewrap (bwrap) backend — Linux-only namespace isolation
- * without requiring root or a container daemon.
- *
- * Uses unshare for PID/net/user namespaces and bind-mounts for filesystem isolation.
- */
-export class BwrapBackend {
-    type = 'bwrap';
-    async isAvailable() {
-        if (platform() !== 'linux')
-            return false;
-        try {
-            await execAsync('bwrap --version', { timeout: 3_000 });
-            return true;
-        }
-        catch {
-            return false;
-        }
-    }
-    async create(config) {
-        const id = crypto.randomUUID();
-        const runtime = 'node'; // use node; Bun detection deferred to production
-        const bwrapArgs = [
-            '--unshare-all',
-            // Read-only bind the host root
-            '--ro-bind', '/', '/',
-            // Writable tmpfs mounts
-            '--tmpfs', '/tmp',
-            '--dev', '/dev',
-            '--proc', '/proc',
-            // Drop capabilities
-            '--cap-drop', 'ALL',
-            '--die-with-parent',
-        ];
-        // Network isolation
-        if (config.network === 'none') {
-            bwrapArgs.push('--unshare-net');
-        }
-        // Inject environment variables
-        for (const [k, v] of Object.entries(config.env)) {
-            bwrapArgs.push('--setenv', k, v);
-        }
-        bwrapArgs.push('--setenv', 'SANDBOX_TYPE', 'bwrap');
-        bwrapArgs.push('--setenv', 'SANDBOX_ID', id);
-        // The command to execute inside the sandbox
-        bwrapArgs.push('--', runtime, '--input-type=module', '-e', WORKER_SCRIPT);
-        const proc = spawn('bwrap', bwrapArgs, {
-            stdio: ['pipe', 'pipe', 'pipe'],
-        });
-        let outputBuffer = '';
-        let outputResolve = null;
-        let outputReject = null;
-        proc.stdout.on('data', (chunk) => {
-            outputBuffer += chunk.toString();
-            const idx = outputBuffer.indexOf(OUTPUT_SENTINEL);
-            if (idx !== -1 && outputResolve) {
-                const result = outputBuffer.slice(0, idx);
-                outputBuffer = outputBuffer.slice(idx + OUTPUT_SENTINEL.length + 1);
-                outputResolve(result);
-                outputResolve = null;
-                outputReject = null;
-            }
-        });
-        proc.stderr.on('data', (chunk) => {
-            process.stderr.write(`[sandbox:bwrap:${id.slice(0, 8)}] ${chunk.toString()}`);
-        });
-        proc.on('error', (err) => {
-            if (outputReject) {
-                outputReject(err);
-                outputResolve = null;
-                outputReject = null;
-            }
-        });
-        proc.on('close', (code) => {
-            if (outputReject) {
-                outputReject(new Error(`Bwrap process exited with code ${code}`));
-                outputResolve = null;
-                outputReject = null;
-            }
-        });
-        const handle = {
-            id,
-            backend_type: 'bwrap',
-            created_at: Date.now(),
-            async write(data) {
-                return new Promise((resolve, reject) => {
-                    if (!proc.stdin.writable) {
-                        reject(new Error('Bwrap stdin is not writable'));
-                        return;
-                    }
-                    proc.stdin.write(data + '\n' + INPUT_SENTINEL + '\n', (err) => {
-                        if (err)
-                            reject(err);
-                        else
-                            resolve();
-                    });
-                });
-            },
-            readOutput() {
-                const idx = outputBuffer.indexOf(OUTPUT_SENTINEL);
-                if (idx !== -1) {
-                    const result = outputBuffer.slice(0, idx);
-                    outputBuffer = outputBuffer.slice(idx + OUTPUT_SENTINEL.length + 1);
-                    return Promise.resolve(result);
-                }
-                return new Promise((resolve, reject) => {
-                    outputResolve = resolve;
-                    outputReject = reject;
-                });
-            },
-            async kill() {
-                try {
-                    proc.kill('SIGKILL');
-                }
-                catch {
-                    // already dead
-                }
-            },
-        };
-        return handle;
-    }
-    async destroy(handle) {
-        await handle.kill();
-    }
-}
-/** Inline worker script — same protocol as ProcessBackend. */
-const WORKER_SCRIPT = `
-import { createInterface } from 'node:readline';
-const INPUT_SENTINEL = '${INPUT_SENTINEL}';
-const OUTPUT_SENTINEL = '${OUTPUT_SENTINEL}';
-let buffer = '';
-process.stdin.setEncoding('utf8');
-process.stdin.on('data', (chunk) => {
-  buffer += chunk;
-  const idx = buffer.indexOf(INPUT_SENTINEL);
-  if (idx !== -1) {
-    const payload = buffer.slice(0, idx).trim();
-    buffer = buffer.slice(idx + INPUT_SENTINEL.length + 1);
-    handlePayload(payload);
-  }
-});
-async function handlePayload(raw) {
-  let result;
-  try {
-    const payload = JSON.parse(raw);
-    if (payload.type === 'exec') {
-      const fn = new Function('return (async () => {' + payload.code + '})()');
-      const output = await fn();
-      result = { ok: true, output: output ?? null };
-    } else if (payload.type === 'ping') {
-      result = { ok: true, pong: true };
-    } else {
-      result = { ok: false, error: 'Unknown payload type: ' + payload.type };
-    }
-  } catch (err) {
-    result = { ok: false, error: String(err) };
-  }
-  process.stdout.write(JSON.stringify(result) + '\\n' + OUTPUT_SENTINEL + '\\n');
-}
-`;
-//# sourceMappingURL=BwrapBackend.js.map

package/packages/subagent/dist/sandbox/BwrapBackend.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"BwrapBackend.js","sourceRoot":"","sources":["../../src/sandbox/BwrapBackend.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAqB,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGnC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAElC,MAAM,cAAc,GAAG,iBAAiB,CAAC;AACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,OAAO,YAAY;IACd,IAAI,GAAG,OAAO,CAAC;IAExB,KAAK,CAAC,WAAW;QACf,IAAI,QAAQ,EAAE,KAAK,OAAO;YAAE,OAAO,KAAK,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACvD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAA2B;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,iDAAiD;QAEzE,MAAM,SAAS,GAAa;YAC1B,eAAe;YACf,+BAA+B;YAC/B,WAAW,EAAE,GAAG,EAAE,GAAG;YACrB,wBAAwB;YACxB,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,OAAO;YACjB,oBAAoB;YACpB,YAAY,EAAE,KAAK;YACnB,mBAAmB;SACpB,CAAC;QAEF,oBAAoB;QACpB,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC9B,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAClC,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACnC,CAAC;QACD,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;QACpD,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QAE7C,4CAA4C;QAC5C,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;QAE1E,MAAM,IAAI,GAAiB,KAAK,CAAC,OAAO,EAAE,SAAS,EAAE;YACnD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,IAAI,aAAa,GAAqC,IAAI,CAAC;QAC3D,IAAI,YAAY,GAAqC,IAAI,CAAC;QAE1D,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAClD,IAAI,GAAG,KAAK,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC1C,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACpE,aAAa,CAAC,MAAM,CAAC,CAAC;gBACtB,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,GAAG,CAAC,CAAC;gBAClB,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,IAAI,KAAK,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC,CAAC;gBAClE,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAkB;YAC5B,EAAE;YACF,YAAY,EAAE,OAAO;YACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YAEtB,KAAK,CAAC,KAAK,CAAC,IAAY;gBACtB,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC3C,IAAI,CAAC,IAAI,CAAC,KAAM,CAAC,QAAQ,EAAE,CAAC;wBAC1B,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;wBACjD,OAAO;oBACT,CAAC;oBACD,IAAI,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,GAAG,cAAc,GAAG,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;wBAC7D,IAAI,GAAG;4BAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;4BAChB,OAAO,EAAE,CAAC;oBACjB,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;YAED,UAAU;gBACR,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;gBAClD,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC1C,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBACpE,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBACjC,CAAC;gBACD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC7C,aAAa,GAAG,OAAO,CAAC;oBACxB,YAAY,GAAG,MAAM,CAAC;gBACxB,CAAC,CAAC,CAAC;YACL,CAAC;YAED,KAAK,CAAC,IAAI;gBACR,IAAI,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACvB,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IACtB,CAAC;CACF;AAED,8DAA8D;AAC9D,MAAM,aAAa,GAAG;;;0BAGI,cAAc;2BACb,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiCzC,CAAC"}

package/packages/subagent/dist/sandbox/CloudBackend.d.ts DELETED Viewed

@@ -1,28 +0,0 @@
-import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
-export interface CloudBackendOptions {
-    /** E2B API key. If absent, the backend reports itself as unavailable. */
-    apiKey?: string;
-    /** Base URL for the E2B API (default: https://api.e2b.dev). */
-    apiUrl?: string;
-}
-/**
- * E2B Cloud sandbox backend — delegates execution to a remote cloud VM.
- *
- * Currently a stub: the backend is only "available" when an API key is
- * configured, and create() returns an error result immediately.
- *
- * In production this would:
- *   1. Call the E2B API to provision a cloud sandbox
- *   2. Stream stdin/stdout over WebSocket
- *   3. Return a handle with the remote sandbox ID
- */
-export declare class CloudBackend implements ISandboxBackend {
-    readonly type = "cloud";
-    private readonly apiKey;
-    private readonly apiUrl;
-    constructor(options?: CloudBackendOptions);
-    isAvailable(): Promise<boolean>;
-    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
-    destroy(handle: SandboxHandle): Promise<void>;
-}
-//# sourceMappingURL=CloudBackend.d.ts.map

package/packages/subagent/dist/sandbox/CloudBackend.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"CloudBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/CloudBackend.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEtF,MAAM,WAAW,mBAAmB;IAClC,yEAAyE;IACzE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,YAAa,YAAW,eAAe;IAClD,QAAQ,CAAC,IAAI,WAAW;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqB;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;gBAEpB,OAAO,GAAE,mBAAwB;IAKvC,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAI/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAiC3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAIpD"}

package/packages/subagent/dist/sandbox/CloudBackend.js DELETED Viewed

@@ -1,52 +0,0 @@
-/**
- * E2B Cloud sandbox backend — delegates execution to a remote cloud VM.
- *
- * Currently a stub: the backend is only "available" when an API key is
- * configured, and create() returns an error result immediately.
- *
- * In production this would:
- *   1. Call the E2B API to provision a cloud sandbox
- *   2. Stream stdin/stdout over WebSocket
- *   3. Return a handle with the remote sandbox ID
- */
-export class CloudBackend {
-    type = 'cloud';
-    apiKey;
-    apiUrl;
-    constructor(options = {}) {
-        this.apiKey = options.apiKey ?? process.env['E2B_API_KEY'];
-        this.apiUrl = options.apiUrl ?? 'https://api.e2b.dev';
-    }
-    async isAvailable() {
-        return typeof this.apiKey === 'string' && this.apiKey.length > 0;
-    }
-    async create(config) {
-        const id = crypto.randomUUID();
-        console.warn(`[sandbox:cloud] E2B Cloud sandbox not yet connected. ` +
-            `API URL: ${this.apiUrl}, sandbox ${id.slice(0, 8)}.`);
-        const handle = {
-            id,
-            backend_type: 'cloud',
-            created_at: Date.now(),
-            async write(_data) {
-                console.warn('[sandbox:cloud] write() called on stub handle — no-op');
-            },
-            async readOutput() {
-                return JSON.stringify({
-                    ok: false,
-                    error: 'E2B Cloud sandbox is not yet connected. Configure E2B_API_KEY and implement the Cloud backend.',
-                    exit_reason: 'stub',
-                });
-            },
-            async kill() {
-                // nothing to kill — no remote sandbox was created
-            },
-        };
-        return handle;
-    }
-    async destroy(handle) {
-        await handle.kill();
-        // In production: call E2B API to terminate the remote sandbox
-    }
-}
-//# sourceMappingURL=CloudBackend.js.map

package/packages/subagent/dist/sandbox/CloudBackend.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"CloudBackend.js","sourceRoot":"","sources":["../../src/sandbox/CloudBackend.ts"],"names":[],"mappings":"AASA;;;;;;;;;;GAUG;AACH,MAAM,OAAO,YAAY;IACd,IAAI,GAAG,OAAO,CAAC;IACP,MAAM,CAAqB;IAC3B,MAAM,CAAS;IAEhC,YAAY,UAA+B,EAAE;QAC3C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,qBAAqB,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAA2B;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAE/B,OAAO,CAAC,IAAI,CACV,uDAAuD;YACvD,YAAY,IAAI,CAAC,MAAM,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CACtD,CAAC;QAEF,MAAM,MAAM,GAAkB;YAC5B,EAAE;YACF,YAAY,EAAE,OAAO;YACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YAEtB,KAAK,CAAC,KAAK,CAAC,KAAa;gBACvB,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YACxE,CAAC;YAED,KAAK,CAAC,UAAU;gBACd,OAAO,IAAI,CAAC,SAAS,CAAC;oBACpB,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,gGAAgG;oBACvG,WAAW,EAAE,MAAM;iBACpB,CAAC,CAAC;YACL,CAAC;YAED,KAAK,CAAC,IAAI;gBACR,kDAAkD;YACpD,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,8DAA8D;IAChE,CAAC;CACF"}

package/packages/subagent/dist/sandbox/DockerBackend.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
-/**
- * Docker container backend with resource limits, read-only root,
- * and optional network isolation.
- */
-export declare class DockerBackend implements ISandboxBackend {
-    readonly type = "docker";
-    isAvailable(): Promise<boolean>;
-    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
-    destroy(handle: SandboxHandle): Promise<void>;
-    /** Build the `docker run` argument list from config. */
-    private buildRunArgs;
-}
-//# sourceMappingURL=DockerBackend.d.ts.map

package/packages/subagent/dist/sandbox/DockerBackend.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"DockerBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/DockerBackend.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAOtF;;;GAGG;AACH,qBAAa,aAAc,YAAW,eAAe;IACnD,QAAQ,CAAC,IAAI,YAAY;IAEnB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAS/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAuF3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAanD,wDAAwD;IACxD,OAAO,CAAC,YAAY;CA0CrB"}

package/packages/subagent/dist/sandbox/DockerBackend.js DELETED Viewed

@@ -1,149 +0,0 @@
-import { spawn, exec } from 'node:child_process';
-import { promisify } from 'node:util';
-const execAsync = promisify(exec);
-const INPUT_SENTINEL = '__PAYLOAD_END__';
-const OUTPUT_SENTINEL = '__OUTPUT_END__';
-/**
- * Docker container backend with resource limits, read-only root,
- * and optional network isolation.
- */
-export class DockerBackend {
-    type = 'docker';
-    async isAvailable() {
-        try {
-            await execAsync('docker info', { timeout: 5_000 });
-            return true;
-        }
-        catch {
-            return false;
-        }
-    }
-    async create(config) {
-        const id = crypto.randomUUID();
-        const args = this.buildRunArgs(id, config);
-        const proc = spawn('docker', args, {
-            stdio: ['pipe', 'pipe', 'pipe'],
-        });
-        let outputBuffer = '';
-        let outputResolve = null;
-        let outputReject = null;
-        proc.stdout.on('data', (chunk) => {
-            outputBuffer += chunk.toString();
-            const idx = outputBuffer.indexOf(OUTPUT_SENTINEL);
-            if (idx !== -1 && outputResolve) {
-                const result = outputBuffer.slice(0, idx);
-                outputBuffer = outputBuffer.slice(idx + OUTPUT_SENTINEL.length + 1);
-                outputResolve(result);
-                outputResolve = null;
-                outputReject = null;
-            }
-        });
-        proc.stderr.on('data', (chunk) => {
-            process.stderr.write(`[sandbox:docker:${id.slice(0, 8)}] ${chunk.toString()}`);
-        });
-        proc.on('error', (err) => {
-            if (outputReject) {
-                outputReject(err);
-                outputResolve = null;
-                outputReject = null;
-            }
-        });
-        proc.on('close', (code) => {
-            if (outputReject) {
-                outputReject(new Error(`Docker container exited with code ${code}`));
-                outputResolve = null;
-                outputReject = null;
-            }
-        });
-        const handle = {
-            id,
-            backend_type: 'docker',
-            created_at: Date.now(),
-            async write(data) {
-                return new Promise((resolve, reject) => {
-                    if (!proc.stdin.writable) {
-                        reject(new Error('Docker stdin is not writable'));
-                        return;
-                    }
-                    proc.stdin.write(data + '\n' + INPUT_SENTINEL + '\n', (err) => {
-                        if (err)
-                            reject(err);
-                        else
-                            resolve();
-                    });
-                });
-            },
-            readOutput() {
-                const idx = outputBuffer.indexOf(OUTPUT_SENTINEL);
-                if (idx !== -1) {
-                    const result = outputBuffer.slice(0, idx);
-                    outputBuffer = outputBuffer.slice(idx + OUTPUT_SENTINEL.length + 1);
-                    return Promise.resolve(result);
-                }
-                return new Promise((resolve, reject) => {
-                    outputResolve = resolve;
-                    outputReject = reject;
-                });
-            },
-            async kill() {
-                try {
-                    proc.kill('SIGKILL');
-                }
-                catch {
-                    // already dead
-                }
-            },
-        };
-        return handle;
-    }
-    async destroy(handle) {
-        await handle.kill();
-        // Force-remove by label in case --rm did not clean up
-        try {
-            await execAsync(`docker rm -f $(docker ps -aq --filter "label=0agent-sandbox=${handle.id}") 2>/dev/null`, { timeout: 5_000 });
-        }
-        catch {
-            // ignore — container may already be removed
-        }
-    }
-    /** Build the `docker run` argument list from config. */
-    buildRunArgs(id, config) {
-        const args = [
-            'run', '--rm', '--interactive',
-            `--memory=${config.memory_mb}m`,
-            `--cpus=${config.cpus}`,
-            '--read-only',
-            '--tmpfs', '/tmp:size=100m',
-            '--tmpfs', '/root/.bun:size=50m',
-            '--security-opt', 'no-new-privileges',
-            '--label', `0agent-sandbox=${id}`,
-        ];
-        // --- Network isolation ---
-        if (config.network === 'none') {
-            args.push('--network=none');
-        }
-        else if (config.network === 'allowlist') {
-            args.push('--network=bridge');
-            if (config.network_allowlist?.length) {
-                args.push('--env', `NETWORK_ALLOWLIST=${config.network_allowlist.join(',')}`);
-            }
-        }
-        // 'full' → default docker bridge, no extra flags
-        // --- Display / VNC ---
-        if (config.has_display) {
-            args.push('--env', 'DISPLAY=:99');
-        }
-        // --- Environment variables ---
-        for (const [k, v] of Object.entries(config.env)) {
-            args.push('--env', `${k}=${v}`);
-        }
-        // --- Image selection ---
-        const image = config.image
-            ?? (config.has_browser
-                ? '0agent/subagent-runtime:chrome'
-                : '0agent/subagent-runtime:latest');
-        args.push(image);
-        return args;
-    }
-}
-//# sourceMappingURL=DockerBackend.js.map

package/packages/subagent/dist/sandbox/DockerBackend.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"DockerBackend.js","sourceRoot":"","sources":["../../src/sandbox/DockerBackend.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAqB,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAElC,MAAM,cAAc,GAAG,iBAAiB,CAAC;AACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC;AAEzC;;;GAGG;AACH,MAAM,OAAO,aAAa;IACf,IAAI,GAAG,QAAQ,CAAC;IAEzB,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,aAAa,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAA2B;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAE3C,MAAM,IAAI,GAAiB,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE;YAC/C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,IAAI,aAAa,GAAqC,IAAI,CAAC;QAC3D,IAAI,YAAY,GAAqC,IAAI,CAAC;QAE1D,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAClD,IAAI,GAAG,KAAK,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC1C,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACpE,aAAa,CAAC,MAAM,CAAC,CAAC;gBACtB,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,GAAG,CAAC,CAAC;gBAClB,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,IAAI,KAAK,CAAC,qCAAqC,IAAI,EAAE,CAAC,CAAC,CAAC;gBACrE,aAAa,GAAG,IAAI,CAAC;gBACrB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAkB;YAC5B,EAAE;YACF,YAAY,EAAE,QAAQ;YACtB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YAEtB,KAAK,CAAC,KAAK,CAAC,IAAY;gBACtB,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC3C,IAAI,CAAC,IAAI,CAAC,KAAM,CAAC,QAAQ,EAAE,CAAC;wBAC1B,MAAM,CAAC,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC;wBAClD,OAAO;oBACT,CAAC;oBACD,IAAI,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,GAAG,cAAc,GAAG,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;wBAC7D,IAAI,GAAG;4BAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;4BAChB,OAAO,EAAE,CAAC;oBACjB,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;YAED,UAAU;gBACR,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;gBAClD,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC1C,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBACpE,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBACjC,CAAC;gBACD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC7C,aAAa,GAAG,OAAO,CAAC;oBACxB,YAAY,GAAG,MAAM,CAAC;gBACxB,CAAC,CAAC,CAAC;YACL,CAAC;YAED,KAAK,CAAC,IAAI;gBACR,IAAI,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACvB,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,sDAAsD;QACtD,IAAI,CAAC;YACH,MAAM,SAAS,CACb,+DAA+D,MAAM,CAAC,EAAE,gBAAgB,EACxF,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,4CAA4C;QAC9C,CAAC;IACH,CAAC;IAED,wDAAwD;IAChD,YAAY,CAAC,EAAU,EAAE,MAA2B;QAC1D,MAAM,IAAI,GAAa;YACrB,KAAK,EAAE,MAAM,EAAE,eAAe;YAC9B,YAAY,MAAM,CAAC,SAAS,GAAG;YAC/B,UAAU,MAAM,CAAC,IAAI,EAAE;YACvB,aAAa;YACb,SAAS,EAAE,gBAAgB;YAC3B,SAAS,EAAE,qBAAqB;YAChC,gBAAgB,EAAE,mBAAmB;YACrC,SAAS,EAAE,kBAAkB,EAAE,EAAE;SAClC,CAAC;QAEF,4BAA4B;QAC5B,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC9B,CAAC;aAAM,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;YAC1C,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC9B,IAAI,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;gBACrC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,qBAAqB,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QACD,iDAAiD;QAEjD,wBAAwB;QACxB,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACpC,CAAC;QAED,gCAAgC;QAChC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClC,CAAC;QAED,0BAA0B;QAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK;eACrB,CAAC,MAAM,CAAC,WAAW;gBACpB,CAAC,CAAC,gCAAgC;gBAClC,CAAC,CAAC,gCAAgC,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEjB,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/packages/subagent/dist/sandbox/FirecrackerBackend.d.ts DELETED Viewed

@@ -1,17 +0,0 @@
-import type { ISandboxBackend, SandboxCreateConfig, SandboxHandle } from './types.js';
-/**
- * Firecracker microVM backend — requires Linux with KVM support.
- *
- * Currently a stub: logs a warning and falls back to a no-op handle.
- * In production this would:
- *   1. Restore a pre-built microVM snapshot via the Firecracker API
- *   2. Communicate over vsock
- *   3. Provide full hardware-level isolation
- */
-export declare class FirecrackerBackend implements ISandboxBackend {
-    readonly type = "firecracker";
-    isAvailable(): Promise<boolean>;
-    create(config: SandboxCreateConfig): Promise<SandboxHandle>;
-    destroy(handle: SandboxHandle): Promise<void>;
-}
-//# sourceMappingURL=FirecrackerBackend.d.ts.map

package/packages/subagent/dist/sandbox/FirecrackerBackend.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"FirecrackerBackend.d.ts","sourceRoot":"","sources":["../../src/sandbox/FirecrackerBackend.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEtF;;;;;;;;GAQG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD,QAAQ,CAAC,IAAI,iBAAiB;IAExB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/B,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAkC3D,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAGpD"}

package/packages/subagent/dist/sandbox/FirecrackerBackend.js DELETED Viewed

@@ -1,54 +0,0 @@
-import { access, constants } from 'node:fs/promises';
-import { platform } from 'node:os';
-/**
- * Firecracker microVM backend — requires Linux with KVM support.
- *
- * Currently a stub: logs a warning and falls back to a no-op handle.
- * In production this would:
- *   1. Restore a pre-built microVM snapshot via the Firecracker API
- *   2. Communicate over vsock
- *   3. Provide full hardware-level isolation
- */
-export class FirecrackerBackend {
-    type = 'firecracker';
-    async isAvailable() {
-        if (platform() !== 'linux')
-            return false;
-        try {
-            await access('/dev/kvm', constants.R_OK | constants.W_OK);
-            return true;
-        }
-        catch {
-            return false;
-        }
-    }
-    async create(config) {
-        const id = crypto.randomUUID();
-        console.warn(`[sandbox:firecracker] Firecracker snapshot restore not yet implemented. ` +
-            `Returning stub handle for sandbox ${id.slice(0, 8)}.`);
-        // Stub handle that acknowledges writes but produces no output
-        const handle = {
-            id,
-            backend_type: 'firecracker',
-            created_at: Date.now(),
-            async write(_data) {
-                console.warn('[sandbox:firecracker] write() called on stub handle — no-op');
-            },
-            async readOutput() {
-                return JSON.stringify({
-                    ok: false,
-                    error: 'Firecracker backend is not yet implemented. Use docker or process backend.',
-                    exit_reason: 'stub',
-                });
-            },
-            async kill() {
-                // nothing to kill
-            },
-        };
-        return handle;
-    }
-    async destroy(handle) {
-        await handle.kill();
-    }
-}
-//# sourceMappingURL=FirecrackerBackend.js.map

package/packages/subagent/dist/sandbox/FirecrackerBackend.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"FirecrackerBackend.js","sourceRoot":"","sources":["../../src/sandbox/FirecrackerBackend.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGnC;;;;;;;;GAQG;AACH,MAAM,OAAO,kBAAkB;IACpB,IAAI,GAAG,aAAa,CAAC;IAE9B,KAAK,CAAC,WAAW;QACf,IAAI,QAAQ,EAAE,KAAK,OAAO;YAAE,OAAO,KAAK,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAA2B;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAE/B,OAAO,CAAC,IAAI,CACV,0EAA0E;YAC1E,qCAAqC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CACvD,CAAC;QAEF,8DAA8D;QAC9D,MAAM,MAAM,GAAkB;YAC5B,EAAE;YACF,YAAY,EAAE,aAAa;YAC3B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YAEtB,KAAK,CAAC,KAAK,CAAC,KAAa;gBACvB,OAAO,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;YAC9E,CAAC;YAED,KAAK,CAAC,UAAU;gBACd,OAAO,IAAI,CAAC,SAAS,CAAC;oBACpB,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,4EAA4E;oBACnF,WAAW,EAAE,MAAM;iBACpB,CAAC,CAAC;YACL,CAAC;YAED,KAAK,CAAC,IAAI;gBACR,kBAAkB;YACpB,CAAC;SACF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IACtB,CAAC;CACF"}