@a5c-ai/genty-runtime 5.1.1-staging.5e92128884d3

package/dist/execution/modes/kubernetes.js

@@ -0,0 +1,334 @@
+"use strict";
+/**
+ * KubernetesExecutor — kubectl-backed Kubernetes Job execution.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KubernetesExecutor = void 0;
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const policy_1 = require("../policy");
+class KubernetesExecutor {
+    entries = new Map();
+    kubectl;
+    pollIntervalMs;
+    constructor(options) {
+        this.kubectl = options?.kubectl ?? createKubectlInvoker(options?.kubectlPath ?? "kubectl");
+        this.pollIntervalMs = options?.pollIntervalMs ?? 1_000;
+    }
+    async spawn(command, args, config) {
+        const id = (0, node_crypto_1.randomUUID)();
+        const jobName = `babysitter-${id.slice(0, 8)}`;
+        const manifest = this._buildManifest(jobName, command, args, config);
+        const handle = {
+            id,
+            mode: "kubernetes",
+            status: "running",
+        };
+        const entry = { handle, config, manifest, jobName };
+        try {
+            await this.kubectl(["apply", "-f", "-"], { input: manifest, timeoutMs: config.kubectlTimeoutMs });
+        }
+        catch (error) {
+            handle.status = "failed";
+            throw normalizeKubectlError("kubectl apply failed", error);
+        }
+        this.entries.set(id, entry);
+        return this._toPublicHandle(entry);
+    }
+    async attach(id) {
+        const entry = this.entries.get(id);
+        if (!entry)
+            return undefined;
+        return this._toPublicHandle(entry);
+    }
+    list() {
+        return [...this.entries.values()].map((e) => this._toPublicHandle(e));
+    }
+    async destroy(id) {
+        const entry = this.entries.get(id);
+        if (!entry)
+            return;
+        try {
+            await this.kubectl([
+                "delete",
+                "job",
+                entry.jobName,
+                "-n",
+                entry.config.namespace,
+                "--ignore-not-found=true",
+            ], { timeoutMs: entry.config.kubectlTimeoutMs });
+            entry.handle.status = "stopped";
+        }
+        catch (error) {
+            entry.handle.status = "failed";
+            throw normalizeKubectlError("kubectl delete failed", error);
+        }
+        finally {
+            this.entries.delete(id);
+        }
+    }
+    async waitForCompletion(id) {
+        const entry = this.entries.get(id);
+        if (!entry) {
+            throw new Error(`Unknown Kubernetes execution handle: ${id}`);
+        }
+        const deadline = Date.now() + (entry.config.timeoutMs ?? 300_000);
+        while (Date.now() < deadline) {
+            const status = await this.readJobStatus(entry);
+            if ((status.succeeded ?? 0) > 0) {
+                entry.handle.status = "stopped";
+                if (entry.config.cleanupAfterCompletion)
+                    await this.destroy(id);
+                return this._toPublicHandle(entry);
+            }
+            if ((status.failed ?? 0) > 0) {
+                entry.handle.status = "failed";
+                if (entry.config.cleanupAfterCompletion) {
+                    await this.destroy(id);
+                    entry.handle.status = "failed";
+                }
+                throw new Error(`Kubernetes job ${entry.jobName} failed`);
+            }
+            const remainingMs = deadline - Date.now();
+            if (remainingMs <= 0)
+                break;
+            await sleep(Math.min(this.pollIntervalMs, remainingMs));
+        }
+        entry.handle.status = "failed";
+        if (entry.config.cleanupAfterCompletion) {
+            await this.destroy(id);
+            entry.handle.status = "failed";
+        }
+        throw new Error(`Kubernetes job ${entry.jobName} timed out`);
+    }
+    _buildManifest(jobName, command, args, config) {
+        (0, policy_1.validateFilesystemMounts)(config.policy);
+        const resourceBlock = this._resourcesFromConfig(config)
+            ? this._resourcesYaml(this._resourcesFromConfig(config))
+            : "";
+        const serviceAccountLine = config.serviceAccount
+            ? `      serviceAccountName: ${config.serviceAccount}\n`
+            : "";
+        const commandYaml = `          command: ${JSON.stringify([command, ...args])}`;
+        const envBlock = this._envYaml((0, policy_1.resolveExecutionEnvironment)(config.env, config.policy));
+        const securityContextBlock = this._securityContextYaml(config);
+        const volumeMountBlock = this._volumeMountsYaml(config);
+        const volumesBlock = this._volumesYaml(config);
+        return [
+            "apiVersion: batch/v1",
+            "kind: Job",
+            "metadata:",
+            `  name: ${jobName}`,
+            `  namespace: ${config.namespace}`,
+            "  labels:",
+            "    app.kubernetes.io/managed-by: babysitter",
+            `    babysitter.a5c.ai/execution-id: ${jobName}`,
+            "spec:",
+            "  backoffLimit: 0",
+            "  template:",
+            "    metadata:",
+            "      labels:",
+            `        babysitter.a5c.ai/execution-id: ${jobName}`,
+            "    spec:",
+            serviceAccountLine ? serviceAccountLine.trimEnd() : null,
+            "      restartPolicy: Never",
+            "      containers:",
+            "        - name: main",
+            `          image: ${config.image}`,
+            commandYaml,
+            envBlock || null,
+            volumeMountBlock || null,
+            securityContextBlock,
+            resourceBlock || null,
+            volumesBlock || null,
+        ]
+            .filter((line) => line !== null)
+            .join("\n");
+    }
+    async streamLogs(entry) {
+        const result = await this.kubectl([
+            "logs",
+            `job/${entry.jobName}`,
+            "-n",
+            entry.config.namespace,
+            "--all-containers=true",
+        ], { timeoutMs: entry.config.kubectlTimeoutMs });
+        entry.logs = redactText(result.stdout);
+    }
+    async readJobStatus(entry) {
+        try {
+            const result = await this.kubectl([
+                "get",
+                "job",
+                entry.jobName,
+                "-n",
+                entry.config.namespace,
+                "-o",
+                "json",
+            ], { timeoutMs: entry.config.kubectlTimeoutMs });
+            const parsed = JSON.parse(result.stdout);
+            return parsed.status ?? {};
+        }
+        catch (error) {
+            entry.handle.status = "failed";
+            throw normalizeKubectlError("kubectl get job failed", error);
+        }
+    }
+    _resourcesYaml(resources) {
+        const lines = Object.entries(resources).map(([key, value]) => `              ${key}: "${value}"`);
+        return [
+            "          resources:",
+            "            requests:",
+            ...lines,
+            "            limits:",
+            ...lines,
+        ].join("\n");
+    }
+    _resourcesFromConfig(config) {
+        const resources = { ...(config.resources ?? {}) };
+        if (config.policy?.resources?.cpuCount !== undefined) {
+            resources.cpu = String(config.policy.resources.cpuCount);
+        }
+        if (config.policy?.resources?.memoryBytes !== undefined) {
+            resources.memory = String(config.policy.resources.memoryBytes);
+        }
+        return Object.keys(resources).length > 0 ? resources : undefined;
+    }
+    _envYaml(env) {
+        const entries = Object.entries(env);
+        if (entries.length === 0) {
+            return "";
+        }
+        return [
+            `          env:`,
+            ...entries.flatMap(([key, value]) => [
+                `            - name: ${key}`,
+                `              value: ${JSON.stringify(redactEnvValue(key, value))}`,
+            ]),
+        ].join("\n");
+    }
+    _volumeMountsYaml(config) {
+        const mounts = config.policy?.filesystem?.mounts ?? [];
+        if (mounts.length === 0) {
+            return "";
+        }
+        return [
+            `          volumeMounts:`,
+            ...mounts.flatMap((mount, index) => [
+                `            - name: policy-mount-${index}`,
+                `              mountPath: ${mount.containerPath}`,
+                `              readOnly: ${mount.readOnly ?? true}`,
+            ]),
+        ].join("\n");
+    }
+    _volumesYaml(config) {
+        const mounts = config.policy?.filesystem?.mounts ?? [];
+        if (mounts.length === 0) {
+            return "";
+        }
+        return [
+            `      volumes:`,
+            ...mounts.flatMap((mount, index) => [
+                `        - name: policy-mount-${index}`,
+                `          hostPath:`,
+                `            path: ${mount.hostPath}`,
+            ]),
+        ].join("\n");
+    }
+    _securityContextYaml(config) {
+        const policy = config.policy?.kubernetes;
+        return [
+            `          securityContext:`,
+            `            runAsNonRoot: ${policy?.runAsNonRoot ?? true}`,
+            `            readOnlyRootFilesystem: ${policy?.readOnlyRootFilesystem ?? true}`,
+            `            allowPrivilegeEscalation: ${policy?.allowPrivilegeEscalation ?? false}`,
+        ].join("\n");
+    }
+    // ---------- Handle --------------------------------------------------------
+    _toPublicHandle(entry) {
+        const self = this;
+        return {
+            get id() {
+                return entry.handle.id;
+            },
+            get mode() {
+                return entry.handle.mode;
+            },
+            get status() {
+                return entry.handle.status;
+            },
+            get manifest() {
+                return entry.manifest;
+            },
+            get jobName() {
+                return entry.jobName;
+            },
+            get logs() {
+                return entry.logs;
+            },
+            async attach() {
+                await self.streamLogs(entry);
+            },
+            async destroy() {
+                await self.destroy(entry.handle.id);
+            },
+        };
+    }
+}
+exports.KubernetesExecutor = KubernetesExecutor;
+function createKubectlInvoker(kubectlPath) {
+    return (args, options) => new Promise((resolve, reject) => {
+        const child = (0, node_child_process_1.spawn)(kubectlPath, args, { stdio: ["pipe", "pipe", "pipe"] });
+        let stdout = "";
+        let stderr = "";
+        const timeout = options?.timeoutMs
+            ? setTimeout(() => {
+                child.kill("SIGKILL");
+                reject(new Error(`kubectl timed out after ${options.timeoutMs}ms`));
+            }, options.timeoutMs)
+            : null;
+        child.stdout?.on("data", (chunk) => {
+            stdout += String(chunk);
+        });
+        child.stderr?.on("data", (chunk) => {
+            stderr += String(chunk);
+        });
+        child.on("error", (error) => {
+            if (timeout)
+                clearTimeout(timeout);
+            reject(error);
+        });
+        child.on("exit", (code) => {
+            if (timeout)
+                clearTimeout(timeout);
+            if (code === 0) {
+                resolve({ stdout, stderr });
+            }
+            else {
+                reject(new Error(`kubectl exited with code ${code}: ${stderr.trim()}`));
+            }
+        });
+        if (options?.input) {
+            child.stdin?.end(options.input);
+        }
+        else {
+            child.stdin?.end();
+        }
+    });
+}
+function normalizeKubectlError(prefix, error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return new Error(`${prefix}: ${redactText(message)}`);
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function redactEnvValue(name, value) {
+    return isSecretKey(name) ? "[REDACTED]" : value;
+}
+function redactText(value) {
+    return value.replace(/(token|secret|password|api[_-]?key)=\S+/gi, "$1=[REDACTED]");
+}
+function isSecretKey(key) {
+    return /(token|secret|password|api[_-]?key|credential)/i.test(key);
+}

package/dist/execution/modes/local.d.ts

@@ -0,0 +1,23 @@
+/**
+ * LocalExecutor — spawns processes on the host machine via child_process.
+ *
+ * This is the fully-functional executor: it creates real child processes,
+ * tracks them by handle ID, and supports attach (reconnect to streams)
+ * and destroy (kill process) operations.
+ */
+import type { ExecutionHandle, LocalExecutionConfig } from "../types";
+export interface Executor<C> {
+    spawn(command: string, args: string[], config: C): Promise<ExecutionHandle>;
+    attach(id: string): Promise<ExecutionHandle | undefined>;
+    list(): ExecutionHandle[];
+    destroy(id: string): Promise<void>;
+}
+export declare class LocalExecutor implements Executor<LocalExecutionConfig> {
+    private readonly processes;
+    spawn(command: string, args: string[], config: LocalExecutionConfig): Promise<ExecutionHandle>;
+    attach(id: string): Promise<ExecutionHandle | undefined>;
+    list(): ExecutionHandle[];
+    destroy(id: string): Promise<void>;
+    private _toPublicHandle;
+}
+//# sourceMappingURL=local.d.ts.map

package/dist/execution/modes/local.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../../src/execution/modes/local.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACrB,MAAM,UAAU,CAAC;AA0BlB,MAAM,WAAW,QAAQ,CAAC,CAAC;IACzB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,CAAC,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC5E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC,CAAC;IACzD,IAAI,IAAI,eAAe,EAAE,CAAC;IAC1B,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAMD,qBAAa,aAAc,YAAW,QAAQ,CAAC,oBAAoB,CAAC;IAClE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAmC;IAEvD,KAAK,CACT,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,eAAe,CAAC;IA2CrB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAM9D,IAAI,IAAI,eAAe,EAAE;IAInB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA8BxC,OAAO,CAAC,eAAe;CA0BxB"}

package/dist/execution/modes/local.js

@@ -0,0 +1,117 @@
+"use strict";
+/**
+ * LocalExecutor — spawns processes on the host machine via child_process.
+ *
+ * This is the fully-functional executor: it creates real child processes,
+ * tracks them by handle ID, and supports attach (reconnect to streams)
+ * and destroy (kill process) operations.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalExecutor = void 0;
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const policy_1 = require("../policy");
+// ---------------------------------------------------------------------------
+// LocalExecutor
+// ---------------------------------------------------------------------------
+class LocalExecutor {
+    processes = new Map();
+    async spawn(command, args, config) {
+        (0, policy_1.validateLocalExecutionPolicy)(config);
+        const id = (0, node_crypto_1.randomUUID)();
+        const child = (0, node_child_process_1.spawn)(command, args, {
+            cwd: config.cwd,
+            env: (0, policy_1.resolveExecutionEnvironment)(config.env, config.policy),
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        const timeoutMs = config.policy?.resources?.timeoutMs;
+        let timeout;
+        if (timeoutMs !== undefined) {
+            timeout = setTimeout(() => {
+                if (!child.killed && child.exitCode === null) {
+                    child.kill("SIGTERM");
+                }
+            }, timeoutMs);
+        }
+        const handle = {
+            id,
+            mode: "local",
+            status: "running",
+        };
+        const entry = { handle, process: child, config };
+        this.processes.set(id, entry);
+        // Update status when the child exits.
+        child.on("exit", (code) => {
+            if (timeout)
+                clearTimeout(timeout);
+            handle.status = code === 0 ? "stopped" : "failed";
+        });
+        child.on("error", () => {
+            if (timeout)
+                clearTimeout(timeout);
+            handle.status = "failed";
+        });
+        return this._toPublicHandle(entry);
+    }
+    async attach(id) {
+        const entry = this.processes.get(id);
+        if (!entry)
+            return undefined;
+        return this._toPublicHandle(entry);
+    }
+    list() {
+        return [...this.processes.values()].map((e) => this._toPublicHandle(e));
+    }
+    async destroy(id) {
+        const entry = this.processes.get(id);
+        if (!entry)
+            return;
+        const child = entry.process;
+        if (!child.killed && child.exitCode === null) {
+            child.kill("SIGTERM");
+            // Give the process a short window to exit gracefully before SIGKILL.
+            await new Promise((resolve) => {
+                const timeout = setTimeout(() => {
+                    if (!child.killed && child.exitCode === null) {
+                        child.kill("SIGKILL");
+                    }
+                    resolve();
+                }, 3_000);
+                child.on("exit", () => {
+                    clearTimeout(timeout);
+                    resolve();
+                });
+            });
+        }
+        entry.handle.status = "stopped";
+        this.processes.delete(id);
+    }
+    // ---------- Helpers -------------------------------------------------------
+    _toPublicHandle(entry) {
+        const self = this;
+        return {
+            get id() {
+                return entry.handle.id;
+            },
+            get mode() {
+                return entry.handle.mode;
+            },
+            get status() {
+                return entry.handle.status;
+            },
+            async attach() {
+                // Re-attach to stdout/stderr by piping to the current process streams.
+                if (entry.process.stdout) {
+                    entry.process.stdout.pipe(process.stdout, { end: false });
+                }
+                if (entry.process.stderr) {
+                    entry.process.stderr.pipe(process.stderr, { end: false });
+                }
+            },
+            async destroy() {
+                await self.destroy(entry.handle.id);
+            },
+        };
+    }
+}
+exports.LocalExecutor = LocalExecutor;

package/dist/execution/modes/ssh.d.ts

@@ -0,0 +1,23 @@
+/**
+ * SshExecutor — constructs `ssh` commands from SshExecutionConfig and
+ * spawns them via child_process.
+ *
+ * This is a structural stub: it correctly assembles the SSH CLI invocation
+ * but the host must have an SSH client installed and the target must be
+ * reachable for it to work at runtime.
+ */
+import type { ExecutionHandle, SshExecutionConfig } from "../types";
+import type { Executor } from "./local";
+export declare class SshExecutor implements Executor<SshExecutionConfig> {
+    private readonly processes;
+    spawn(command: string, args: string[], config: SshExecutionConfig): Promise<ExecutionHandle>;
+    attach(id: string): Promise<ExecutionHandle | undefined>;
+    list(): ExecutionHandle[];
+    destroy(id: string): Promise<void>;
+    /** Build the full `ssh` argument list. */
+    _buildSshArgs(command: string, args: string[], config: SshExecutionConfig): string[];
+    /** Minimal shell escaping for remote command construction. */
+    private _shellEscape;
+    private _toPublicHandle;
+}
+//# sourceMappingURL=ssh.d.ts.map

package/dist/execution/modes/ssh.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh.d.ts","sourceRoot":"","sources":["../../../src/execution/modes/ssh.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EACV,eAAe,EACf,kBAAkB,EACnB,MAAM,UAAU,CAAC;AAElB,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAsBxC,qBAAa,WAAY,YAAW,QAAQ,CAAC,kBAAkB,CAAC;IAC9D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAiC;IAErD,KAAK,CACT,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,eAAe,CAAC;IA2BrB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAM9D,IAAI,IAAI,eAAe,EAAE;IAInB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA2BxC,0CAA0C;IAC1C,aAAa,CACX,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,MAAM,EAAE,kBAAkB,GACzB,MAAM,EAAE;IA4CX,8DAA8D;IAC9D,OAAO,CAAC,YAAY;IAKpB,OAAO,CAAC,eAAe;CAyBxB"}

package/dist/execution/modes/ssh.js

@@ -0,0 +1,144 @@
+"use strict";
+/**
+ * SshExecutor — constructs `ssh` commands from SshExecutionConfig and
+ * spawns them via child_process.
+ *
+ * This is a structural stub: it correctly assembles the SSH CLI invocation
+ * but the host must have an SSH client installed and the target must be
+ * reachable for it to work at runtime.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SshExecutor = void 0;
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const policy_1 = require("../policy");
+// ---------------------------------------------------------------------------
+// SshExecutor
+// ---------------------------------------------------------------------------
+class SshExecutor {
+    processes = new Map();
+    async spawn(command, args, config) {
+        const id = (0, node_crypto_1.randomUUID)();
+        const sshArgs = this._buildSshArgs(command, args, config);
+        const child = (0, node_child_process_1.spawn)("ssh", sshArgs, {
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        const handle = {
+            id,
+            mode: "ssh",
+            status: "running",
+        };
+        const entry = { handle, process: child, config };
+        this.processes.set(id, entry);
+        child.on("exit", (code) => {
+            handle.status = code === 0 ? "stopped" : "failed";
+        });
+        child.on("error", () => {
+            handle.status = "failed";
+        });
+        return this._toPublicHandle(entry);
+    }
+    async attach(id) {
+        const entry = this.processes.get(id);
+        if (!entry)
+            return undefined;
+        return this._toPublicHandle(entry);
+    }
+    list() {
+        return [...this.processes.values()].map((e) => this._toPublicHandle(e));
+    }
+    async destroy(id) {
+        const entry = this.processes.get(id);
+        if (!entry)
+            return;
+        const child = entry.process;
+        if (!child.killed && child.exitCode === null) {
+            child.kill("SIGTERM");
+            await new Promise((resolve) => {
+                const timeout = setTimeout(() => {
+                    if (!child.killed && child.exitCode === null) {
+                        child.kill("SIGKILL");
+                    }
+                    resolve();
+                }, 3_000);
+                child.on("exit", () => {
+                    clearTimeout(timeout);
+                    resolve();
+                });
+            });
+        }
+        entry.handle.status = "stopped";
+        this.processes.delete(id);
+    }
+    // ---------- Helpers -------------------------------------------------------
+    /** Build the full `ssh` argument list. */
+    _buildSshArgs(command, args, config) {
+        const sshArgs = [];
+        // Identity file.
+        if (config.keyPath) {
+            sshArgs.push("-i", config.keyPath);
+        }
+        // Port.
+        if (config.port && config.port !== 22) {
+            sshArgs.push("-p", String(config.port));
+        }
+        const sshPolicy = config.policy?.ssh;
+        if (sshPolicy?.insecureSkipHostKeyChecking) {
+            sshArgs.push("-o", "StrictHostKeyChecking=no");
+        }
+        else {
+            sshArgs.push("-o", `StrictHostKeyChecking=${sshPolicy?.strictHostKeyChecking ?? "yes"}`);
+            if (sshPolicy?.knownHostsFile) {
+                sshArgs.push("-o", `UserKnownHostsFile=${sshPolicy.knownHostsFile}`);
+            }
+        }
+        sshArgs.push("-o", "BatchMode=yes");
+        // Target: user@host.
+        sshArgs.push(`${config.user}@${config.host}`);
+        // Build the remote command string.
+        // Prepend env vars if provided.
+        let remoteCommand = "";
+        const env = (0, policy_1.resolveExecutionEnvironment)(config.env, config.policy);
+        if (Object.keys(env).length > 0) {
+            const envPrefix = Object.entries(env)
+                .map(([k, v]) => `${k}=${this._shellEscape(v)}`)
+                .join(" ");
+            remoteCommand = `${envPrefix} `;
+        }
+        remoteCommand += [command, ...args].map((a) => this._shellEscape(a)).join(" ");
+        sshArgs.push("--", remoteCommand);
+        return sshArgs;
+    }
+    /** Minimal shell escaping for remote command construction. */
+    _shellEscape(s) {
+        if (/^[a-zA-Z0-9_/.:=-]+$/.test(s))
+            return s;
+        return `'${s.replace(/'/g, "'\\''")}'`;
+    }
+    _toPublicHandle(entry) {
+        const self = this;
+        return {
+            get id() {
+                return entry.handle.id;
+            },
+            get mode() {
+                return entry.handle.mode;
+            },
+            get status() {
+                return entry.handle.status;
+            },
+            async attach() {
+                if (entry.process.stdout) {
+                    entry.process.stdout.pipe(process.stdout, { end: false });
+                }
+                if (entry.process.stderr) {
+                    entry.process.stderr.pipe(process.stderr, { end: false });
+                }
+            },
+            async destroy() {
+                await self.destroy(entry.handle.id);
+            },
+        };
+    }
+}
+exports.SshExecutor = SshExecutor;

package/dist/execution/policy.d.ts

@@ -0,0 +1,15 @@
+import type { ExecutionPolicy, LocalExecutionConfig, NormalizedResourceLimits } from "./types";
+export interface ResourceAdmission {
+    readonly accepted: boolean;
+    readonly osLimits: NormalizedResourceLimits;
+    readonly unsupported: string[];
+    readonly warnings: string[];
+}
+export declare function resolveExecutionEnvironment(explicitEnv?: Record<string, string>, policy?: ExecutionPolicy, parentEnv?: NodeJS.ProcessEnv): Record<string, string>;
+export declare function validateFilesystemPolicy(cwd: string, policy?: ExecutionPolicy): void;
+export declare function validateFilesystemMounts(policy?: ExecutionPolicy): void;
+export declare function validateLocalExecutionPolicy(config: LocalExecutionConfig): void;
+export declare function normalizeResourceLimits(policy?: ExecutionPolicy): NormalizedResourceLimits;
+export declare function admitExecutionPolicy(policy?: ExecutionPolicy): ResourceAdmission;
+export declare function shouldInheritParentEnv(policy?: ExecutionPolicy): boolean;
+//# sourceMappingURL=policy.d.ts.map

package/dist/execution/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/execution/policy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,wBAAwB,EACzB,MAAM,SAAS,CAAC;AAEjB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,wBAAwB,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,wBAAgB,2BAA2B,CACzC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACpC,MAAM,CAAC,EAAE,eAAe,EACxB,SAAS,GAAE,MAAM,CAAC,UAAwB,GACzC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CA0BxB;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,eAAe,GAAG,IAAI,CAUpF;AAED,wBAAgB,wBAAwB,CAAC,MAAM,CAAC,EAAE,eAAe,GAAG,IAAI,CAavE;AAaD,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI,CAsC/E;AAED,wBAAgB,uBAAuB,CAAC,MAAM,CAAC,EAAE,eAAe,GAAG,wBAAwB,CAU1F;AAED,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,eAAe,GAAG,iBAAiB,CAgBhF;AAED,wBAAgB,sBAAsB,CAAC,MAAM,CAAC,EAAE,eAAe,GAAG,OAAO,CAExE"}