npm - @agent-vm/openclaw-agent-vm-plugin - Versions diffs - 0.0.20 - Mend

@agent-vm/openclaw-agent-vm-plugin 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/LICENSE +21 -0
package/dist/index.d.ts +293 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +285 -0
package/dist/index.js.map +1 -0
package/dist/openclaw.plugin.json +20 -0
package/dist/sdk-validate.mjs +42 -0
package/package.json +38 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025-2026 Shravan Sunder
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,293 @@
+//#region src/controller-lease-client.d.ts
+interface GondolinLeaseResponse {
+  readonly leaseId: string;
+  readonly ssh: {
+    readonly host: string;
+    readonly identityPem: string;
+    readonly knownHostsLine: string;
+    readonly port: number;
+    readonly user: string;
+  };
+  readonly tcpSlot: number;
+  readonly workdir: string;
+}
+interface LeaseClient {
+  getLeaseStatus(leaseId: string): Promise<unknown>;
+  releaseLease(leaseId: string): Promise<void>;
+  requestLease(request: {
+    readonly agentWorkspaceDir: string;
+    readonly profileId: string;
+    readonly scopeKey: string;
+    readonly workspaceDir: string;
+    readonly zoneId: string;
+  }): Promise<GondolinLeaseResponse>;
+}
+declare function createLeaseClient(options: {
+  readonly controllerUrl: string;
+  readonly fetchImpl?: (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
+}): LeaseClient;
+//#endregion
+//#region src/sandbox-backend/sandbox-backend-contract.d.ts
+interface FsBridgeLeaseContext {
+  readonly remoteAgentWorkspaceDir: string;
+  readonly remoteWorkspaceDir: string;
+  readonly runRemoteShellScript: (params: {
+    readonly allowFailure?: boolean;
+    readonly args?: string[];
+    readonly script: string;
+    readonly signal?: AbortSignal;
+    readonly stdin?: Buffer | string;
+  }) => Promise<{
+    readonly code: number;
+    readonly stderr: Buffer;
+    readonly stdout: Buffer;
+  }>;
+}
+interface GondolinFsBridge {
+  mkdirp(params: {
+    readonly cwd?: string;
+    readonly filePath: string;
+    readonly signal?: AbortSignal;
+  }): Promise<void>;
+  readFile(params: {
+    readonly cwd?: string;
+    readonly filePath: string;
+    readonly signal?: AbortSignal;
+  }): Promise<Buffer>;
+  remove(params: {
+    readonly cwd?: string;
+    readonly filePath: string;
+    readonly force?: boolean;
+    readonly recursive?: boolean;
+    readonly signal?: AbortSignal;
+  }): Promise<void>;
+  rename(params: {
+    readonly cwd?: string;
+    readonly from: string;
+    readonly signal?: AbortSignal;
+    readonly to: string;
+  }): Promise<void>;
+  resolvePath(params: {
+    readonly cwd?: string;
+    readonly filePath: string;
+  }): {
+    readonly containerPath: string;
+    readonly relativePath: string;
+  };
+  stat(params: {
+    readonly cwd?: string;
+    readonly filePath: string;
+    readonly signal?: AbortSignal;
+  }): Promise<{
+    readonly mtimeMs: number;
+    readonly size: number;
+    readonly type: 'directory' | 'file' | 'other';
+  } | null>;
+  writeFile(params: {
+    readonly cwd?: string;
+    readonly data: Buffer | string;
+    readonly encoding?: BufferEncoding;
+    readonly filePath: string;
+    readonly mkdir?: boolean;
+    readonly signal?: AbortSignal;
+  }): Promise<void>;
+}
+interface CreateBackendDependencies {
+  readonly buildExecSpec: (params: {
+    readonly command: string;
+    readonly env: Record<string, string>;
+    readonly ssh: GondolinLeaseResponse['ssh'];
+    readonly usePty: boolean;
+    readonly workdir: string;
+  }) => Promise<{
+    readonly argv: string[];
+    readonly env: Record<string, string>;
+    readonly finalizeToken?: unknown;
+    readonly stdinMode: 'pipe-open' | 'pipe-closed';
+  }>;
+  readonly createFsBridgeBuilder?: (leaseContext: FsBridgeLeaseContext) => (params: {
+    readonly sandbox: unknown;
+  }) => GondolinFsBridge;
+  readonly createLeaseClient?: (options: {
+    readonly controllerUrl: string;
+  }) => LeaseClient;
+  readonly runRemoteShellScript: (params: {
+    readonly allowFailure?: boolean;
+    readonly script: string;
+    readonly signal?: AbortSignal;
+    readonly ssh: GondolinLeaseResponse['ssh'];
+    readonly stdin?: Buffer | string;
+  }) => Promise<{
+    readonly code: number;
+    readonly stderr: Buffer;
+    readonly stdout: Buffer;
+  }>;
+}
+interface GondolinSandboxBackendHandle {
+  readonly configLabel?: string;
+  readonly configLabelKind?: string;
+  createFsBridge?: (params: {
+    readonly sandbox: unknown;
+  }) => GondolinFsBridge;
+  env?: Record<string, string>;
+  readonly id: string;
+  readonly runtimeId: string;
+  readonly runtimeLabel: string;
+  readonly workdir: string;
+  buildExecSpec(params: {
+    readonly command: string;
+    readonly env: Record<string, string>;
+    readonly usePty: boolean;
+    readonly workdir?: string;
+  }): Promise<{
+    readonly argv: string[];
+    readonly env: Record<string, string>;
+    readonly finalizeToken?: unknown;
+    readonly stdinMode: 'pipe-open' | 'pipe-closed';
+  }>;
+  finalizeExec?: (params: {
+    readonly exitCode: number | null;
+    readonly status: 'completed' | 'failed';
+    readonly timedOut: boolean;
+    readonly token?: unknown;
+  }) => Promise<void>;
+  runShellCommand(params: {
+    readonly script: string;
+  }): Promise<{
+    readonly code: number;
+    readonly stderr: Buffer;
+    readonly stdout: Buffer;
+  }>;
+}
+//#endregion
+//#region src/sandbox-backend/sandbox-backend-handle-factory.d.ts
+declare function createGondolinSandboxBackendFactory(options: {
+  readonly controllerUrl: string;
+  readonly profileId?: string;
+  readonly zoneId: string;
+}, dependencies: CreateBackendDependencies): (params: {
+  readonly agentWorkspaceDir: string;
+  readonly cfg: {
+    readonly docker?: {
+      readonly env?: Record<string, string>;
+    };
+  };
+  readonly scopeKey: string;
+  readonly sessionKey: string;
+  readonly workspaceDir: string;
+}) => Promise<GondolinSandboxBackendHandle>;
+//#endregion
+//#region src/sandbox-backend/sandbox-backend-manager.d.ts
+declare function createGondolinSandboxBackendManager(options: {
+  readonly controllerUrl: string;
+  readonly zoneId: string;
+}, dependencies: CreateBackendDependencies): {
+  describeRuntime: (params: {
+    readonly entry: {
+      readonly containerName: string;
+    };
+  }) => Promise<{
+    readonly configLabelMatch: boolean;
+    readonly running: boolean;
+  }>;
+  removeRuntime: (params: {
+    readonly entry: {
+      readonly containerName: string;
+    };
+  }) => Promise<void>;
+};
+//#endregion
+//#region src/gondolin-plugin-config.d.ts
+interface ResolvedGondolinPluginConfig {
+  readonly controllerUrl: string;
+  readonly profileId?: string;
+  readonly zoneId: string;
+}
+declare function resolveGondolinPluginConfig(config: Record<string, unknown>): ResolvedGondolinPluginConfig;
+//#endregion
+//#region src/openclaw-sandbox-sdk-contract.d.ts
+interface SshSandboxSession {
+  readonly command: string;
+  readonly configPath: string;
+  readonly host: string;
+}
+interface SshHelpers {
+  readonly buildExecRemoteCommand: (params: {
+    readonly command: string;
+    readonly env: Record<string, string>;
+    readonly workdir?: string;
+  }) => string;
+  readonly buildRemoteCommand: (argv: readonly string[]) => string;
+  readonly buildSshSandboxArgv: (params: {
+    readonly remoteCommand: string;
+    readonly session: SshSandboxSession;
+    readonly tty?: boolean;
+  }) => string[];
+  readonly createRemoteShellSandboxFsBridge: (params: {
+    readonly runtime: {
+      readonly remoteAgentWorkspaceDir: string;
+      readonly remoteWorkspaceDir: string;
+      readonly runRemoteShellScript: (shellParams: {
+        readonly allowFailure?: boolean;
+        readonly args?: string[];
+        readonly script: string;
+        readonly signal?: AbortSignal;
+        readonly stdin?: Buffer | string;
+      }) => Promise<{
+        readonly code: number;
+        readonly stderr: Buffer;
+        readonly stdout: Buffer;
+      }>;
+    };
+    readonly sandbox: unknown;
+  }) => GondolinFsBridge;
+  readonly createSshSandboxSessionFromSettings: (settings: {
+    readonly command: string;
+    readonly identityData?: string;
+    readonly strictHostKeyChecking: boolean;
+    readonly target: string;
+    readonly updateHostKeys: boolean;
+    readonly workspaceRoot: string;
+  }) => Promise<SshSandboxSession>;
+  readonly disposeSshSandboxSession?: (session: SshSandboxSession) => Promise<void>;
+  readonly runSshSandboxCommand: (params: {
+    readonly allowFailure?: boolean;
+    readonly remoteCommand: string;
+    readonly session: SshSandboxSession;
+    readonly signal?: AbortSignal;
+    readonly stdin?: Buffer | string;
+  }) => Promise<{
+    readonly code: number;
+    readonly stderr: Buffer;
+    readonly stdout: Buffer;
+  }>;
+  readonly sanitizeEnvVars: (env: NodeJS.ProcessEnv) => {
+    readonly allowed: Record<string, string>;
+  };
+}
+//#endregion
+//#region src/openclaw-backend-dependencies.d.ts
+declare function createBackendDeps(ssh: SshHelpers): {
+  readonly buildExecSpec: CreateBackendDependencies['buildExecSpec'];
+  readonly createFsBridgeBuilder: (leaseContext: FsBridgeLeaseContext) => (params: {
+    readonly sandbox: unknown;
+  }) => GondolinFsBridge;
+  readonly runRemoteShellScript: CreateBackendDependencies['runRemoteShellScript'];
+};
+//#endregion
+//#region src/openclaw-plugin-registration.d.ts
+declare const plugin: {
+  id: string;
+  name: string;
+  description: string;
+  register(api: {
+    readonly pluginConfig: Record<string, unknown>;
+    readonly registrationMode: string;
+  }): void;
+};
+//#endregion
+//#region src/index.d.ts
+declare const OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME = "@agent-vm/openclaw-agent-vm-plugin";
+//#endregion
+export { CreateBackendDependencies, FsBridgeLeaseContext, GondolinFsBridge, GondolinLeaseResponse, GondolinSandboxBackendHandle, LeaseClient, OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME, ResolvedGondolinPluginConfig, type SshHelpers, createBackendDeps, createGondolinSandboxBackendFactory, createGondolinSandboxBackendManager, createLeaseClient, plugin as default, resolveGondolinPluginConfig };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","names":[],"sources":["../src/controller-lease-client.ts","../src/sandbox-backend/sandbox-backend-contract.ts","../src/sandbox-backend/sandbox-backend-handle-factory.ts","../src/sandbox-backend/sandbox-backend-manager.ts","../src/gondolin-plugin-config.ts","../src/openclaw-sandbox-sdk-contract.ts","../src/openclaw-backend-dependencies.ts","../src/openclaw-plugin-registration.ts","../src/index.ts"],"sourcesContent":[],"mappings":";UAAiB,qBAAA;EAAA,SAAA,OAAA,EAAA,MAAqB;EAarB,SAAA,GAAA,EAAW;IACM,SAAA,IAAA,EAAA,MAAA;IACF,SAAA,WAAA,EAAA,MAAA;IAOnB,SAAA,cAAA,EAAA,MAAA;IAAR,SAAA,IAAA,EAAA,MAAA;IAAO,SAAA,IAAA,EAAA,MAAA;EAaI,CAAA;EAEuB,SAAA,OAAA,EAAA,MAAA;EAAM,SAAA,OAAA,EAAA,MAAA;;AAAwC,UAxBpE,WAAA,CAwBoE;EAAR,cAAA,CAAA,OAAA,EAAA,MAAA,CAAA,EAvB3C,OAuB2C,CAAA,OAAA,CAAA;EACzE,YAAA,CAAA,OAAA,EAAA,MAAA,CAAA,EAvB4B,OAuB5B,CAAA,IAAA,CAAA;EAAW,YAAA,CAAA,OAAA,EAAA;;;;ICxBE,SAAA,YAAoB,EAAA,MAAA;IAOjB,SAAA,MAAA,EAAA,MAAA;EACD,CAAA,CAAA,EDAd,OCAc,CDAN,qBCAM,CAAA;;AAIA,iBDSH,iBAAA,CCTG,OAAA,EAAA;EAHZ,SAAA,aAAA,EAAA,MAAA;EAAO,SAAA,SAAA,CAAA,EAAA,CAAA,KAAA,EAAA,MAAA,GDcyB,GCdzB,GDc+B,OCd/B,EAAA,IAAA,CAAA,EDc+C,WCd/C,EAAA,GDc+D,OCd/D,CDcuE,QCdvE,CAAA;AAOd,CAAA,CAAA,EDQI,WCRa;;;ADjBA,UCCA,oBAAA,CDDW;EACM,SAAA,uBAAA,EAAA,MAAA;EACF,SAAA,kBAAA,EAAA,MAAA;EAOnB,SAAA,oBAAA,EAAA,CAAA,MAAA,EAAA;IAAR,SAAA,YAAA,CAAA,EAAA,OAAA;IAAO,SAAA,IAAA,CAAA,EAAA,MAAA,EAAA;IAaI,SAAA,MAAA,EAAiB,MAAA;IAEM,SAAA,MAAA,CAAA,EChBnB,WDgBmB;IAAM,SAAA,KAAA,CAAA,ECf1B,MDe0B,GAAA,MAAA;EAAgB,CAAA,EAAA,GCdtD,ODcsD,CAAA;IAAwB,SAAA,IAAA,EAAA,MAAA;IAAR,SAAA,MAAA,ECZ1D,MDY0D;IACzE,SAAA,MAAA,ECZe,MDYf;EAAW,CAAA,CAAA;;UCRE,gBAAA;;IAhBA,SAAA,GAAA,CAAA,EAAA,MAAoB;IAOjB,SAAA,QAAA,EAAA,MAAA;IACD,SAAA,MAAA,CAAA,EAYC,WAZD;EAGA,CAAA,CAAA,EAUd,OAVc,CAAA,IAAA,CAAA;EACA,QAAA,CAAA,MAAA,EAAA;IAHZ,SAAA,GAAA,CAAA,EAAA,MAAA;IAAO,SAAA,QAAA,EAAA,MAAA;IAOG,SAAA,MAAgB,CAAA,EASb,WATa;EAIb,CAAA,CAAA,EAMf,OANe,CAMP,MANO,CAAA;EACf,MAAA,CAAA,MAAA,EAAA;IAIe,SAAA,GAAA,CAAA,EAAA,MAAA;IACP,SAAA,QAAA,EAAA,MAAA;IAAR,SAAA,KAAA,CAAA,EAAA,OAAA;IAMe,SAAA,SAAA,CAAA,EAAA,OAAA;IACf,SAAA,MAAA,CAAA,EADe,WACf;EAIe,CAAA,CAAA,EAJf,OAIe,CAAA,IAAA,CAAA;EAEf,MAAA,CAAA,MAAA,EAAA;IAQe,SAAA,GAAA,CAAA,EAAA,MAAA;IACf,SAAA,IAAA,EAAA,MAAA;IAOY,SAAA,MAAA,CAAA,EAlBG,WAkBH;IACK,SAAA,EAAA,EAAA,MAAA;EAGF,CAAA,CAAA,EApBf,OAoBe,CAAA,IAAA,CAAA;EACf,WAAA,CAAA,MAAA,EAAA;IAAO,SAAA,GAAA,CAAA,EAAA,MAAA;IAGK,SAAA,QAAA,EAAA,MAAyB;EAG1B,CAAA,CAAA,EAAA;IACA,SAAA,aAAA,EAAA,MAAA;IAKA,SAAA,YAAA,EAAA,MAAA;EAFT,CAAA;EAOS,IAAA,CAAA,MAAA,EAAA;IACiC,SAAA,GAAA,CAAA,EAAA,MAAA;IAC8B,SAAA,QAAA,EAAA,MAAA;IAI3D,SAAA,MAAA,CAAA,EApCA,WAoCA;EACJ,CAAA,CAAA,EApCX,OAoCW,CAAA;IACG,SAAA,OAAA,EAAA,MAAA;IAGA,SAAA,IAAA,EAAA,MAAA;IACA,SAAA,IAAA,EAAA,WAAA,GAAA,MAAA,GAAA,OAAA;EAHZ,CAAA,GAAA,IAAA,CAAA;EAAO,SAAA,CAAA,MAAA,EAAA;IAOG,SAAA,GAAA,CAAA,EAAA,MAAA;IAG4C,SAAA,IAAA,EAzC5C,MAyC4C,GAAA,MAAA;IACtD,SAAA,QAAA,CAAA,EAzCe,cAyCf;IAOS,SAAA,QAAA,EAAA,MAAA;IAKA,SAAA,KAAA,CAAA,EAAA,OAAA;IAFX,SAAA,MAAA,CAAA,EAhDe,WAgDf;EAWE,CAAA,CAAA,EA1DF,OA0DE,CAAA,IAAA,CAAA;;AAIY,UA3DF,yBAAA,CA2DE;EAHoC,SAAA,aAAA,EAAA,CAAA,MAAA,EAAA;IAAO,SAAA,OAAA,EAAA,MAAA;kBArD9C;kBACA;;ICvEA,SAAA,OAAA,EAAA,MAAA;EAMD,CAAA,EAAA,GDoER,OCpEQ,CAAA;IAKG,SAAA,IAAA,EAAA,MAAA,EAAA;IAMJ,SAAA,GAAA,ED2DE,MC3DF,CAAA,MAAA,EAAA,MAAA,CAAA;IAAR,SAAA,aAAA,CAAA,EAAA,OAAA;IAAO,SAAA,SAAA,EAAA,WAAA,GAAA,aAAA;;kDDgEG;;EExFA,CAAA,EAAA,GFyFiC,gBEzFjC;EAKD,SAAA,iBAAA,CAAA,EAAA,CAAA,OAAA,EAAA;IAIR,SAAA,aAAA,EAAA,MAAA;EAC6E,CAAA,EAAA,GFgFL,WEhFK;EAAO,SAAA,oBAAA,EAAA,CAAA,MAAA,EAAA;;;sBFoFvE;IGjGH,SAAA,GAAA,EHkGD,qBGlG6B,CAAA,KAAA,CAAA;IAM7B,SAAA,KAAA,CAAA,EH6FG,MG7FH,GAA2B,MAAA;QH8FpC;;qBAEY;IItGF,SAAA,MAAA,EJuGE,MIvGe;EAMjB,CAAA,CAAA;;AASG,UJ4FH,4BAAA,CI5FG;EAWE,SAAA,WAAA,CAAA,EAAA,MAAA;EACD,SAAA,eAAA,CAAA,EAAA,MAAA;EAGA,cAAA,CAAA,EAAA,CAAA,MAAA,EAAA;IACA,SAAA,OAAA,EAAA,OAAA;EAHZ,CAAA,EAAA,GJkFoD,gBIlFpD;EAAO,GAAA,CAAA,EJmFT,MInFS,CAAA,MAAA,EAAA,MAAA,CAAA;EAeD,SAAA,EAAA,EAAA,MAAA;EAAR,SAAA,SAAA,EAAA,MAAA;EACwC,SAAA,YAAA,EAAA,MAAA;EAAsB,SAAA,OAAA,EAAA,MAAA;EAIjD,aAAA,CAAA,MAAA,EAAA;IACA,SAAA,OAAA,EAAA,MAAA;IACD,SAAA,GAAA,EJoEH,MIpEG,CAAA,MAAA,EAAA,MAAA,CAAA;IAGA,SAAA,MAAA,EAAA,OAAA;IACA,SAAA,OAAA,CAAA,EAAA,MAAA;EAHZ,CAAA,CAAA,EJsEF,OItEE,CAAA;IAKiC,SAAA,IAAA,EAAA,MAAA,EAAA;IACpB,SAAA,GAAA,EJkEJ,MIlEI,CAAA,MAAA,EAAA,MAAA,CAAA;IAAM,SAAA,aAAA,CAAA,EAAA,OAAA;;;;IClDV,SAAA,QAAiB,EAAA,MAAA,GAAA,IAAA;IAAM,SAAA,MAAA,EAAA,WAAA,GAAA,QAAA;IACd,SAAA,QAAA,EAAA,OAAA;IAET,SAAA,KAAA,CAAA,EAAA,OAAA;EACiC,CAAA,EAAA,GLyH1C,OKzH0C,CAAA,IAAA,CAAA;EACjB,eAAA,CAAA,MAAA,EAAA;IAAyB,SAAA,MAAA,EAAA,MAAA;MLyHF;;qBAEpC;IM3Hb,SA+CL,MAAA,EN6EkB,MMtHY;;;;;APlBd,iBEUD,mCAAA,CFVsB,OAAA,EAAA;EAarB,SAAA,aAAW,EAAA,MAAA;EACM,SAAA,SAAA,CAAA,EAAA,MAAA;EACF,SAAA,MAAA,EAAA,MAAA;CAOnB,EAAA,YAAA,EENE,yBFMF,CAAA,EAAA,CAAA,MAAA,EAAA;EAAR,SAAA,iBAAA,EAAA,MAAA;EAAO,SAAA,GAAA,EAAA;IAaI,SAAA,MAAA,CAAiB,EAAA;MAEM,SAAA,GAAA,CAAA,EEhBrB,MFgBqB,CAAA,MAAA,EAAA,MAAA,CAAA;IAAM,CAAA;EAAgB,CAAA;EAAwB,SAAA,QAAA,EAAA,MAAA;EAAR,SAAA,UAAA,EAAA,MAAA;EACzE,SAAA,YAAA,EAAA,MAAA;CAAW,EAAA,GEXT,OFWS,CEXD,4BFWC,CAAA;;;AAtCE,iBGGD,mCAAA,CHHsB,OAAA,EAAA;EAarB,SAAA,aAAW,EAAA,MAAA;EACM,SAAA,MAAA,EAAA,MAAA;CACF,EAAA,YAAA,EGPjB,yBHOiB,CAAA,EAAA;EAOnB,eAAA,EAAA,CAAA,MAAA,EAAA;IAAR,SAAA,KAAA,EAAA;MAAO,SAAA,aAAA,EAAA,MAAA;IAaI,CAAA;EAEuB,CAAA,EAAA,GGzBhC,OHyBgC,CAAA;IAAM,SAAA,gBAAA,EAAA,OAAA;IAAgB,SAAA,OAAA,EAAA,OAAA;EAAwB,CAAA,CAAA;EAAR,aAAA,EAAA,CAAA,MAAA,EAAA;IACzE,SAAA,KAAA,EAAA;MAAW,SAAA,aAAA,EAAA,MAAA;;QGzBqE;;;;UCbnE,4BAAA;EJAA,SAAA,aAAA,EAAqB,MAAA;EAarB,SAAA,SAAW,CAAA,EAAA,MAAA;EACM,SAAA,MAAA,EAAA,MAAA;;AAQrB,iBIhBG,2BAAA,CJgBH,MAAA,EIfJ,MJeI,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA,EIdV,4BJcU;;;UKtBI,iBAAA;ELAA,SAAA,OAAA,EAAA,MAAqB;EAarB,SAAA,UAAW,EAAA,MAAA;EACM,SAAA,IAAA,EAAA,MAAA;;AAQrB,UKhBI,UAAA,CLgBJ;EAAR,SAAA,sBAAA,EAAA,CAAA,MAAA,EAAA;IAAO,SAAA,OAAA,EAAA,MAAA;IAaI,SAAA,GAAA,EK1BA,ML0BiB,CAAA,MAAA,EAAA,MAAA,CAAA;IAEM,SAAA,OAAA,CAAA,EAAA,MAAA;EAAM,CAAA,EAAA,GAAA,MAAA;EAAgB,SAAA,kBAAA,EAAA,CAAA,IAAA,EAAA,SAAA,MAAA,EAAA,EAAA,GAAA,MAAA;EAAwB,SAAA,mBAAA,EAAA,CAAA,MAAA,EAAA;IAAR,SAAA,aAAA,EAAA,MAAA;IACzE,SAAA,OAAA,EKvBgB,iBLuBhB;IAAW,SAAA,GAAA,CAAA,EAAA,OAAA;;;;MCxBE,SAAA,uBAAoB,EAAA,MAAA;MAOjB,SAAA,kBAAA,EAAA,MAAA;MACD,SAAA,oBAAA,EAAA,CAAA,WAAA,EAAA;QAGA,SAAA,YAAA,CAAA,EAAA,OAAA;QACA,SAAA,IAAA,CAAA,EAAA,MAAA,EAAA;QAHZ,SAAA,MAAA,EAAA,MAAA;QAAO,SAAA,MAAA,CAAA,EIGQ,WJHR;QAOG,SAAgB,KAAA,CAAA,EIHZ,MJGY,GAAA,MAAA;MAIb,CAAA,EAAA,GINX,OJMW,CAAA;QACf,SAAA,IAAA,EAAA,MAAA;QAIe,SAAA,MAAA,EITC,MJSD;QACP,SAAA,MAAA,EITQ,MJSR;MAAR,CAAA,CAAA;IAMe,CAAA;IACf,SAAA,OAAA,EAAA,OAAA;EAIe,CAAA,EAAA,GIvBJ,gBJuBI;EAEf,SAAA,mCAAA,EAAA,CAAA,QAAA,EAAA;IAQe,SAAA,OAAA,EAAA,MAAA;IACf,SAAA,YAAA,CAAA,EAAA,MAAA;IAOY,SAAA,qBAAA,EAAA,OAAA;IACK,SAAA,MAAA,EAAA,MAAA;IAGF,SAAA,cAAA,EAAA,OAAA;IACf,SAAA,aAAA,EAAA,MAAA;EAAO,CAAA,EAAA,GI/BL,OJ+BK,CI/BG,iBJ+BH,CAAA;EAGK,SAAA,wBAAyB,CAAA,EAAA,CAAA,OAAA,EIjCK,iBJiCL,EAAA,GIjC2B,OJiC3B,CAAA,IAAA,CAAA;EAG1B,SAAA,oBAAA,EAAA,CAAA,MAAA,EAAA;IACA,SAAA,YAAA,CAAA,EAAA,OAAA;IAKA,SAAA,aAAA,EAAA,MAAA;IAFT,SAAA,OAAA,EIpCa,iBJoCb;IAOS,SAAA,MAAA,CAAA,EI1CI,WJ0CJ;IACiC,SAAA,KAAA,CAAA,EI1C9B,MJ0C8B,GAAA,MAAA;EAC8B,CAAA,EAAA,GI1CxE,OJ0CwE,CAAA;IAI3D,SAAA,IAAA,EAAA,MAAA;IACJ,SAAA,MAAA,EI7CG,MJ6CH;IACG,SAAA,MAAA,EI7CA,MJ6CA;EAGA,CAAA,CAAA;EACA,SAAA,eAAA,EAAA,CAAA,GAAA,EI/Cc,MAAA,CAAO,UJ+CrB,EAAA,GAAA;IAHZ,SAAA,OAAA,EI3Ca,MJ2Cb,CAAA,MAAA,EAAA,MAAA,CAAA;EAAO,CAAA;AAOd;;;AD9FiB,iBMND,iBAAA,CNMY,GAAA,EMNW,UNMX,CAAA,EAAA;EACM,SAAA,aAAA,EMNT,yBNMS,CAAA,eAAA,CAAA;EACF,SAAA,qBAAA,EAAA,CAAA,YAAA,EMLhB,oBNKgB,EAAA,GAAA,CAAA,MAAA,EAAA;IAOnB,SAAA,OAAA,EAAA,OAAA;EAAR,CAAA,EAAA,GMX4C,gBNW5C;EAAO,SAAA,oBAAA,EMVoB,yBNUpB,CAAA,sBAAA,CAAA;AAaZ,CAAA;;;AAtBA,cODM,MPCsB,EAAA;EACM,EAAA,EAAA,MAAA;EACF,IAAA,EAAA,MAAA;EAOnB,WAAA,EAAA,MAAA;EAAR,QAAA,CAAA,GAAA,EAAA;IAAO,SAAA,YAAA,EOJa,MPIb,CAAA,MAAA,EAAA,OAAA,CAAA;IAaI,SAAA,gBAAiB,EAAA,MAAA;EAEM,CAAA,CAAA,EAAA,IAAA;CAAM;;;AAfhC,cQhBA,qCAAA,GRgBA,oCAAA"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,285 @@
+//#region src/controller-lease-client.ts
+function isGondolinLeaseResponse$1(value) {
+	return typeof value === "object" && value !== null && typeof value.leaseId === "string" && typeof value.tcpSlot === "number" && typeof value.workdir === "string";
+}
+function createLeaseClient(options) {
+	const fetchImpl = options.fetchImpl ?? fetch;
+	const baseUrl = options.controllerUrl.replace(/\/$/u, "");
+	return {
+		getLeaseStatus: async (leaseId) => {
+			const response = await fetchImpl(`${baseUrl}/lease/${leaseId}`);
+			if (!response.ok) {
+				const errorBody = await response.text().catch(() => "(unreadable)");
+				throw new TypeError(`Controller lease status API returned HTTP ${response.status}: ${errorBody}`);
+			}
+			return await response.json();
+		},
+		releaseLease: async (leaseId) => {
+			await fetchImpl(`${baseUrl}/lease/${leaseId}`, { method: "DELETE" });
+		},
+		requestLease: async (request) => {
+			const response = await fetchImpl(`${baseUrl}/lease`, {
+				body: JSON.stringify(request),
+				headers: { "content-type": "application/json" },
+				method: "POST"
+			});
+			if (!response.ok) {
+				const errorBody = await response.text().catch(() => "(unreadable)");
+				throw new TypeError(`Controller lease API returned HTTP ${response.status}: ${errorBody}`);
+			}
+			const payload = await response.json();
+			if (!isGondolinLeaseResponse$1(payload)) throw new TypeError(`Controller returned an invalid lease response: ${JSON.stringify(payload).slice(0, 200)}`);
+			return payload;
+		}
+	};
+}
+//#endregion
+//#region src/sandbox-backend/sandbox-backend-contract.ts
+function isGondolinLeaseResponse(value) {
+	return typeof value === "object" && value !== null && typeof value.leaseId === "string" && typeof value.tcpSlot === "number" && typeof value.workdir === "string" && typeof value.ssh === "object" && value.ssh !== null;
+}
+//#endregion
+//#region src/sandbox-backend/sandbox-shell-script.ts
+function buildShellScriptWithArgs(script, args) {
+	if (!args || args.length === 0) return script;
+	return `set -- ${args.map((arg) => `'${arg.replace(/'/g, "'\\''")}'`).join(" ")}; ${script}`;
+}
+//#endregion
+//#region src/sandbox-backend/sandbox-backend-handle-factory.ts
+function createGondolinSandboxBackendFactory(options, dependencies) {
+	const scopeCache = /* @__PURE__ */ new Map();
+	return async (params) => {
+		const leaseClient = dependencies.createLeaseClient?.({ controllerUrl: options.controllerUrl }) ?? createLeaseClient({ controllerUrl: options.controllerUrl });
+		const cachedEntry = scopeCache.get(params.scopeKey);
+		if (cachedEntry) try {
+			await leaseClient.getLeaseStatus(cachedEntry.lease.leaseId);
+			return cachedEntry.handle;
+		} catch {
+			scopeCache.delete(params.scopeKey);
+		}
+		const leaseResponse = await leaseClient.requestLease({
+			agentWorkspaceDir: params.agentWorkspaceDir,
+			profileId: options.profileId ?? "standard",
+			scopeKey: params.scopeKey,
+			workspaceDir: params.workspaceDir,
+			zoneId: options.zoneId
+		});
+		if (!isGondolinLeaseResponse(leaseResponse)) throw new TypeError("Controller lease API returned an unexpected response.");
+		const lease = leaseResponse;
+		const handle = createSandboxBackendHandle({
+			cfg: params.cfg,
+			controllerUrl: options.controllerUrl,
+			createFsBridgeBuilder: dependencies.createFsBridgeBuilder,
+			lease,
+			runRemoteShellScript: dependencies.runRemoteShellScript,
+			buildExecSpec: dependencies.buildExecSpec,
+			scopeKey: params.scopeKey,
+			zoneId: options.zoneId
+		});
+		scopeCache.set(params.scopeKey, {
+			handle,
+			lease
+		});
+		return handle;
+	};
+}
+function createSandboxBackendHandle(options) {
+	const boundRunRemoteShellScript = async (shellParams) => await options.runRemoteShellScript({
+		...shellParams.allowFailure !== void 0 ? { allowFailure: shellParams.allowFailure } : {},
+		script: buildShellScriptWithArgs(shellParams.script, shellParams.args),
+		...shellParams.signal !== void 0 ? { signal: shellParams.signal } : {},
+		ssh: options.lease.ssh,
+		...shellParams.stdin !== void 0 ? { stdin: shellParams.stdin } : {}
+	});
+	const createFsBridge = options.createFsBridgeBuilder?.({
+		remoteAgentWorkspaceDir: options.lease.workdir,
+		remoteWorkspaceDir: options.lease.workdir,
+		runRemoteShellScript: boundRunRemoteShellScript
+	});
+	return {
+		...createFsBridge ? { createFsBridge } : {},
+		...options.cfg.docker?.env ? { env: options.cfg.docker.env } : {},
+		configLabel: `${options.controllerUrl} (${options.zoneId})`,
+		configLabelKind: "VM",
+		id: "gondolin",
+		runtimeId: options.lease.leaseId,
+		runtimeLabel: options.lease.leaseId,
+		workdir: options.lease.workdir,
+		buildExecSpec: async (execParams) => await options.buildExecSpec({
+			command: execParams.command,
+			env: execParams.env,
+			ssh: options.lease.ssh,
+			usePty: execParams.usePty,
+			workdir: execParams.workdir ?? options.lease.workdir
+		}),
+		finalizeExec: async (finalizeParams) => {
+			if (finalizeParams.token && typeof finalizeParams.token === "object" && "dispose" in finalizeParams.token) await finalizeParams.token.dispose();
+		},
+		runShellCommand: async (commandParams) => await options.runRemoteShellScript({
+			script: commandParams.script,
+			ssh: options.lease.ssh
+		})
+	};
+}
+//#endregion
+//#region src/sandbox-backend/sandbox-backend-manager.ts
+function createGondolinSandboxBackendManager(options, dependencies) {
+	return {
+		describeRuntime: async (params) => {
+			const leaseClient = dependencies.createLeaseClient?.({ controllerUrl: options.controllerUrl }) ?? createLeaseClient({ controllerUrl: options.controllerUrl });
+			try {
+				return {
+					configLabelMatch: true,
+					running: await leaseClient.getLeaseStatus(params.entry.containerName) !== null
+				};
+			} catch {
+				return {
+					configLabelMatch: false,
+					running: false
+				};
+			}
+		},
+		removeRuntime: async (params) => {
+			await (dependencies.createLeaseClient?.({ controllerUrl: options.controllerUrl }) ?? createLeaseClient({ controllerUrl: options.controllerUrl })).releaseLease(params.entry.containerName);
+		}
+	};
+}
+//#endregion
+//#region src/gondolin-plugin-config.ts
+function resolveGondolinPluginConfig(config) {
+	if (typeof config.controllerUrl !== "string" || typeof config.zoneId !== "string") throw new Error("Gondolin plugin config requires controllerUrl and zoneId.");
+	return {
+		controllerUrl: config.controllerUrl,
+		...typeof config.profileId === "string" ? { profileId: config.profileId } : {},
+		zoneId: config.zoneId
+	};
+}
+//#endregion
+//#region src/openclaw-backend-dependencies.ts
+function createBackendDeps(ssh) {
+	return {
+		buildExecSpec: async ({ command, env, ssh: sshCreds, usePty, workdir }) => {
+			const session = await ssh.createSshSandboxSessionFromSettings({
+				command: "ssh",
+				identityData: sshCreds.identityPem,
+				strictHostKeyChecking: false,
+				target: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,
+				updateHostKeys: false,
+				workspaceRoot: workdir
+			});
+			const disposeSshSandboxSession = ssh.disposeSshSandboxSession;
+			return {
+				argv: ssh.buildSshSandboxArgv({
+					remoteCommand: ssh.buildExecRemoteCommand({
+						command,
+						env,
+						workdir
+					}),
+					session,
+					tty: usePty
+				}),
+				env: ssh.sanitizeEnvVars(process.env).allowed,
+				finalizeToken: {
+					dispose: async () => {
+						if (disposeSshSandboxSession) await disposeSshSandboxSession(session);
+					},
+					session
+				},
+				stdinMode: "pipe-open"
+			};
+		},
+		createFsBridgeBuilder: (leaseContext) => (params) => ssh.createRemoteShellSandboxFsBridge({
+			sandbox: params.sandbox,
+			runtime: {
+				remoteAgentWorkspaceDir: leaseContext.remoteAgentWorkspaceDir,
+				remoteWorkspaceDir: leaseContext.remoteWorkspaceDir,
+				runRemoteShellScript: leaseContext.runRemoteShellScript
+			}
+		}),
+		runRemoteShellScript: async ({ allowFailure, script, signal, ssh: sshCreds, stdin }) => {
+			const session = await ssh.createSshSandboxSessionFromSettings({
+				command: "ssh",
+				identityData: sshCreds.identityPem,
+				strictHostKeyChecking: false,
+				target: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,
+				updateHostKeys: false,
+				workspaceRoot: "/workspace"
+			});
+			return await ssh.runSshSandboxCommand({
+				...allowFailure !== void 0 ? { allowFailure } : {},
+				remoteCommand: ssh.buildRemoteCommand([
+					"/bin/sh",
+					"-c",
+					script,
+					"gondolin-sandbox-fs"
+				]),
+				session,
+				...signal !== void 0 ? { signal } : {},
+				...stdin !== void 0 ? { stdin } : {}
+			});
+		}
+	};
+}
+//#endregion
+//#region src/openclaw-sandbox-sdk-contract.ts
+function assertSdkShape(value) {
+	if (typeof value !== "object" || value === null) throw new TypeError("OpenClaw SDK module is not an object");
+	for (const exportName of [
+		"buildExecRemoteCommand",
+		"buildRemoteCommand",
+		"buildSshSandboxArgv",
+		"createRemoteShellSandboxFsBridge",
+		"createSshSandboxSessionFromSettings",
+		"runSshSandboxCommand",
+		"sanitizeEnvVars",
+		"registerSandboxBackend"
+	]) if (typeof value[exportName] !== "function") throw new TypeError(`OpenClaw SDK missing required export: ${exportName}`);
+}
+//#endregion
+//#region src/openclaw-plugin-registration.ts
+const plugin = {
+	id: "gondolin",
+	name: "Gondolin VM Sandbox",
+	description: "Sandbox backend powered by Gondolin micro-VMs.",
+	register(api) {
+		if (api.registrationMode !== "full") return;
+		const pluginConfig = resolveGondolinPluginConfig(api.pluginConfig);
+		import("/opt/openclaw-sdk/sandbox.js").then((sdkRaw) => {
+			assertSdkShape(sdkRaw);
+			const backendDependencies = createBackendDeps({
+				buildExecRemoteCommand: sdkRaw.buildExecRemoteCommand,
+				buildRemoteCommand: sdkRaw.buildRemoteCommand,
+				buildSshSandboxArgv: sdkRaw.buildSshSandboxArgv,
+				createRemoteShellSandboxFsBridge: sdkRaw.createRemoteShellSandboxFsBridge,
+				createSshSandboxSessionFromSettings: sdkRaw.createSshSandboxSessionFromSettings,
+				...typeof sdkRaw.disposeSshSandboxSession === "function" ? { disposeSshSandboxSession: sdkRaw.disposeSshSandboxSession } : {},
+				runSshSandboxCommand: sdkRaw.runSshSandboxCommand,
+				sanitizeEnvVars: sdkRaw.sanitizeEnvVars
+			});
+			sdkRaw.registerSandboxBackend("gondolin", {
+				factory: createGondolinSandboxBackendFactory(pluginConfig, backendDependencies),
+				manager: createGondolinSandboxBackendManager(pluginConfig, backendDependencies)
+			});
+		}).catch((error) => {
+			const message = error instanceof Error ? error.message : JSON.stringify(error);
+			process.stderr.write(`[gondolin] failed to load OpenClaw SDK: ${message}\n`);
+		});
+	}
+};
+var openclaw_plugin_registration_default = plugin;
+//#endregion
+//#region src/index.ts
+const OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME = "@agent-vm/openclaw-agent-vm-plugin";
+//#endregion
+export { OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME, createBackendDeps, createGondolinSandboxBackendFactory, createGondolinSandboxBackendManager, createLeaseClient, openclaw_plugin_registration_default as default, resolveGondolinPluginConfig };
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","names":["isGondolinLeaseResponse","boundRunRemoteShellScript: FsBridgeLeaseContext['runRemoteShellScript']"],"sources":["../src/controller-lease-client.ts","../src/sandbox-backend/sandbox-backend-contract.ts","../src/sandbox-backend/sandbox-shell-script.ts","../src/sandbox-backend/sandbox-backend-handle-factory.ts","../src/sandbox-backend/sandbox-backend-manager.ts","../src/gondolin-plugin-config.ts","../src/openclaw-backend-dependencies.ts","../src/openclaw-sandbox-sdk-contract.ts","../src/openclaw-plugin-registration.ts","../src/index.ts"],"sourcesContent":["export interface GondolinLeaseResponse {\n\treadonly leaseId: string;\n\treadonly ssh: {\n\t\treadonly host: string;\n\t\treadonly identityPem: string;\n\t\treadonly knownHostsLine: string;\n\t\treadonly port: number;\n\t\treadonly user: string;\n\t};\n\treadonly tcpSlot: number;\n\treadonly workdir: string;\n}\n\nexport interface LeaseClient {\n\tgetLeaseStatus(leaseId: string): Promise<unknown>;\n\treleaseLease(leaseId: string): Promise<void>;\n\trequestLease(request: {\n\t\treadonly agentWorkspaceDir: string;\n\t\treadonly profileId: string;\n\t\treadonly scopeKey: string;\n\t\treadonly workspaceDir: string;\n\t\treadonly zoneId: string;\n\t}): Promise<GondolinLeaseResponse>;\n}\n\nfunction isGondolinLeaseResponse(value: unknown): value is GondolinLeaseResponse {\n\treturn (\n\t\ttypeof value === 'object' &&\n\t\tvalue !== null &&\n\t\ttypeof (value as { leaseId?: unknown }).leaseId === 'string' &&\n\t\ttypeof (value as { tcpSlot?: unknown }).tcpSlot === 'number' &&\n\t\ttypeof (value as { workdir?: unknown }).workdir === 'string'\n\t);\n}\n\nexport function createLeaseClient(options: {\n\treadonly controllerUrl: string;\n\treadonly fetchImpl?: (input: string | URL | Request, init?: RequestInit) => Promise<Response>;\n}): LeaseClient {\n\tconst fetchImpl = options.fetchImpl ?? fetch;\n\tconst baseUrl = options.controllerUrl.replace(/\\/$/u, '');\n\n\treturn {\n\t\tgetLeaseStatus: async (leaseId: string): Promise<unknown> => {\n\t\t\tconst response = await fetchImpl(`${baseUrl}/lease/${leaseId}`);\n\t\t\tif (!response.ok) {\n\t\t\t\tconst errorBody = await response.text().catch(() => '(unreadable)');\n\t\t\t\tthrow new TypeError(\n\t\t\t\t\t`Controller lease status API returned HTTP ${response.status}: ${errorBody}`,\n\t\t\t\t);\n\t\t\t}\n\t\t\treturn await response.json();\n\t\t},\n\t\treleaseLease: async (leaseId: string): Promise<void> => {\n\t\t\tawait fetchImpl(`${baseUrl}/lease/${leaseId}`, {\n\t\t\t\tmethod: 'DELETE',\n\t\t\t});\n\t\t},\n\t\trequestLease: async (request): Promise<GondolinLeaseResponse> => {\n\t\t\tconst response = await fetchImpl(`${baseUrl}/lease`, {\n\t\t\t\tbody: JSON.stringify(request),\n\t\t\t\theaders: {\n\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t},\n\t\t\t\tmethod: 'POST',\n\t\t\t});\n\t\t\tif (!response.ok) {\n\t\t\t\tconst errorBody = await response.text().catch(() => '(unreadable)');\n\t\t\t\tthrow new TypeError(`Controller lease API returned HTTP ${response.status}: ${errorBody}`);\n\t\t\t}\n\t\t\tconst payload = await response.json();\n\t\t\tif (!isGondolinLeaseResponse(payload)) {\n\t\t\t\tthrow new TypeError(\n\t\t\t\t\t`Controller returned an invalid lease response: ${JSON.stringify(payload).slice(0, 200)}`,\n\t\t\t\t);\n\t\t\t}\n\t\t\treturn payload;\n\t\t},\n\t};\n}\n","import type { GondolinLeaseResponse, LeaseClient } from '../controller-lease-client.js';\n\nexport function isGondolinLeaseResponse(value: unknown): value is GondolinLeaseResponse {\n\treturn (\n\t\ttypeof value === 'object' &&\n\t\tvalue !== null &&\n\t\ttypeof (value as { leaseId?: unknown }).leaseId === 'string' &&\n\t\ttypeof (value as { tcpSlot?: unknown }).tcpSlot === 'number' &&\n\t\ttypeof (value as { workdir?: unknown }).workdir === 'string' &&\n\t\ttypeof (value as { ssh?: unknown }).ssh === 'object' &&\n\t\t(value as { ssh?: unknown }).ssh !== null\n\t);\n}\n\nexport interface FsBridgeLeaseContext {\n\treadonly remoteAgentWorkspaceDir: string;\n\treadonly remoteWorkspaceDir: string;\n\treadonly runRemoteShellScript: (params: {\n\t\treadonly allowFailure?: boolean;\n\t\treadonly args?: string[];\n\t\treadonly script: string;\n\t\treadonly signal?: AbortSignal;\n\t\treadonly stdin?: Buffer | string;\n\t}) => Promise<{\n\t\treadonly code: number;\n\t\treadonly stderr: Buffer;\n\t\treadonly stdout: Buffer;\n\t}>;\n}\n\nexport interface GondolinFsBridge {\n\tmkdirp(params: {\n\t\treadonly cwd?: string;\n\t\treadonly filePath: string;\n\t\treadonly signal?: AbortSignal;\n\t}): Promise<void>;\n\treadFile(params: {\n\t\treadonly cwd?: string;\n\t\treadonly filePath: string;\n\t\treadonly signal?: AbortSignal;\n\t}): Promise<Buffer>;\n\tremove(params: {\n\t\treadonly cwd?: string;\n\t\treadonly filePath: string;\n\t\treadonly force?: boolean;\n\t\treadonly recursive?: boolean;\n\t\treadonly signal?: AbortSignal;\n\t}): Promise<void>;\n\trename(params: {\n\t\treadonly cwd?: string;\n\t\treadonly from: string;\n\t\treadonly signal?: AbortSignal;\n\t\treadonly to: string;\n\t}): Promise<void>;\n\tresolvePath(params: { readonly cwd?: string; readonly filePath: string }): {\n\t\treadonly containerPath: string;\n\t\treadonly relativePath: string;\n\t};\n\tstat(params: {\n\t\treadonly cwd?: string;\n\t\treadonly filePath: string;\n\t\treadonly signal?: AbortSignal;\n\t}): Promise<{\n\t\treadonly mtimeMs: number;\n\t\treadonly size: number;\n\t\treadonly type: 'directory' | 'file' | 'other';\n\t} | null>;\n\twriteFile(params: {\n\t\treadonly cwd?: string;\n\t\treadonly data: Buffer | string;\n\t\treadonly encoding?: BufferEncoding;\n\t\treadonly filePath: string;\n\t\treadonly mkdir?: boolean;\n\t\treadonly signal?: AbortSignal;\n\t}): Promise<void>;\n}\n\nexport interface CreateBackendDependencies {\n\treadonly buildExecSpec: (params: {\n\t\treadonly command: string;\n\t\treadonly env: Record<string, string>;\n\t\treadonly ssh: GondolinLeaseResponse['ssh'];\n\t\treadonly usePty: boolean;\n\t\treadonly workdir: string;\n\t}) => Promise<{\n\t\treadonly argv: string[];\n\t\treadonly env: Record<string, string>;\n\t\treadonly finalizeToken?: unknown;\n\t\treadonly stdinMode: 'pipe-open' | 'pipe-closed';\n\t}>;\n\treadonly createFsBridgeBuilder?: (\n\t\tleaseContext: FsBridgeLeaseContext,\n\t) => (params: { readonly sandbox: unknown }) => GondolinFsBridge;\n\treadonly createLeaseClient?: (options: { readonly controllerUrl: string }) => LeaseClient;\n\treadonly runRemoteShellScript: (params: {\n\t\treadonly allowFailure?: boolean;\n\t\treadonly script: string;\n\t\treadonly signal?: AbortSignal;\n\t\treadonly ssh: GondolinLeaseResponse['ssh'];\n\t\treadonly stdin?: Buffer | string;\n\t}) => Promise<{\n\t\treadonly code: number;\n\t\treadonly stderr: Buffer;\n\t\treadonly stdout: Buffer;\n\t}>;\n}\n\nexport interface GondolinSandboxBackendHandle {\n\treadonly configLabel?: string;\n\treadonly configLabelKind?: string;\n\tcreateFsBridge?: (params: { readonly sandbox: unknown }) => GondolinFsBridge;\n\tenv?: Record<string, string>;\n\treadonly id: string;\n\treadonly runtimeId: string;\n\treadonly runtimeLabel: string;\n\treadonly workdir: string;\n\tbuildExecSpec(params: {\n\t\treadonly command: string;\n\t\treadonly env: Record<string, string>;\n\t\treadonly usePty: boolean;\n\t\treadonly workdir?: string;\n\t}): Promise<{\n\t\treadonly argv: string[];\n\t\treadonly env: Record<string, string>;\n\t\treadonly finalizeToken?: unknown;\n\t\treadonly stdinMode: 'pipe-open' | 'pipe-closed';\n\t}>;\n\tfinalizeExec?: (params: {\n\t\treadonly exitCode: number | null;\n\t\treadonly status: 'completed' | 'failed';\n\t\treadonly timedOut: boolean;\n\t\treadonly token?: unknown;\n\t}) => Promise<void>;\n\trunShellCommand(params: { readonly script: string }): Promise<{\n\t\treadonly code: number;\n\t\treadonly stderr: Buffer;\n\t\treadonly stdout: Buffer;\n\t}>;\n}\n\nexport interface CachedScopeEntry {\n\treadonly handle: GondolinSandboxBackendHandle;\n\treadonly lease: GondolinLeaseResponse;\n}\n","export function buildShellScriptWithArgs(script: string, args?: readonly string[]): string {\n\tif (!args || args.length === 0) {\n\t\treturn script;\n\t}\n\n\tconst escapedArgs = args.map((arg) => `'${arg.replace(/'/g, \"'\\\\''\")}'`).join(' ');\n\treturn `set -- ${escapedArgs}; ${script}`;\n}\n","import { createLeaseClient, type GondolinLeaseResponse } from '../controller-lease-client.js';\nimport {\n\ttype CachedScopeEntry,\n\ttype CreateBackendDependencies,\n\ttype FsBridgeLeaseContext,\n\ttype GondolinSandboxBackendHandle,\n\tisGondolinLeaseResponse,\n} from './sandbox-backend-contract.js';\nimport { buildShellScriptWithArgs } from './sandbox-shell-script.js';\n\nexport function createGondolinSandboxBackendFactory(\n\toptions: {\n\t\treadonly controllerUrl: string;\n\t\treadonly profileId?: string;\n\t\treadonly zoneId: string;\n\t},\n\tdependencies: CreateBackendDependencies,\n): (params: {\n\treadonly agentWorkspaceDir: string;\n\treadonly cfg: {\n\t\treadonly docker?: {\n\t\t\treadonly env?: Record<string, string>;\n\t\t};\n\t};\n\treadonly scopeKey: string;\n\treadonly sessionKey: string;\n\treadonly workspaceDir: string;\n}) => Promise<GondolinSandboxBackendHandle> {\n\tconst scopeCache = new Map<string, CachedScopeEntry>();\n\n\treturn async (params) => {\n\t\tconst leaseClient =\n\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\tconst cachedEntry = scopeCache.get(params.scopeKey);\n\t\tif (cachedEntry) {\n\t\t\ttry {\n\t\t\t\tawait leaseClient.getLeaseStatus(cachedEntry.lease.leaseId);\n\t\t\t\treturn cachedEntry.handle;\n\t\t\t} catch {\n\t\t\t\tscopeCache.delete(params.scopeKey);\n\t\t\t}\n\t\t}\n\t\tconst leaseResponse = await leaseClient.requestLease({\n\t\t\tagentWorkspaceDir: params.agentWorkspaceDir,\n\t\t\tprofileId: options.profileId ?? 'standard',\n\t\t\tscopeKey: params.scopeKey,\n\t\t\tworkspaceDir: params.workspaceDir,\n\t\t\tzoneId: options.zoneId,\n\t\t});\n\t\tif (!isGondolinLeaseResponse(leaseResponse)) {\n\t\t\tthrow new TypeError('Controller lease API returned an unexpected response.');\n\t\t}\n\n\t\tconst lease = leaseResponse;\n\t\tconst handle = createSandboxBackendHandle({\n\t\t\tcfg: params.cfg,\n\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\tcreateFsBridgeBuilder: dependencies.createFsBridgeBuilder,\n\t\t\tlease,\n\t\t\trunRemoteShellScript: dependencies.runRemoteShellScript,\n\t\t\tbuildExecSpec: dependencies.buildExecSpec,\n\t\t\tscopeKey: params.scopeKey,\n\t\t\tzoneId: options.zoneId,\n\t\t});\n\t\tscopeCache.set(params.scopeKey, { handle, lease });\n\t\treturn handle;\n\t};\n}\n\nfunction createSandboxBackendHandle(options: {\n\treadonly buildExecSpec: CreateBackendDependencies['buildExecSpec'];\n\treadonly cfg: {\n\t\treadonly docker?: {\n\t\t\treadonly env?: Record<string, string>;\n\t\t};\n\t};\n\treadonly controllerUrl: string;\n\treadonly createFsBridgeBuilder?: CreateBackendDependencies['createFsBridgeBuilder'];\n\treadonly lease: GondolinLeaseResponse;\n\treadonly runRemoteShellScript: CreateBackendDependencies['runRemoteShellScript'];\n\treadonly scopeKey: string;\n\treadonly zoneId: string;\n}): GondolinSandboxBackendHandle {\n\tconst boundRunRemoteShellScript: FsBridgeLeaseContext['runRemoteShellScript'] = async (\n\t\tshellParams,\n\t) =>\n\t\tawait options.runRemoteShellScript({\n\t\t\t...(shellParams.allowFailure !== undefined ? { allowFailure: shellParams.allowFailure } : {}),\n\t\t\tscript: buildShellScriptWithArgs(shellParams.script, shellParams.args),\n\t\t\t...(shellParams.signal !== undefined ? { signal: shellParams.signal } : {}),\n\t\t\tssh: options.lease.ssh,\n\t\t\t...(shellParams.stdin !== undefined ? { stdin: shellParams.stdin } : {}),\n\t\t});\n\n\tconst createFsBridge = options.createFsBridgeBuilder?.({\n\t\tremoteAgentWorkspaceDir: options.lease.workdir,\n\t\tremoteWorkspaceDir: options.lease.workdir,\n\t\trunRemoteShellScript: boundRunRemoteShellScript,\n\t});\n\n\treturn {\n\t\t...(createFsBridge ? { createFsBridge } : {}),\n\t\t...(options.cfg.docker?.env ? { env: options.cfg.docker.env } : {}),\n\t\tconfigLabel: `${options.controllerUrl} (${options.zoneId})`,\n\t\tconfigLabelKind: 'VM',\n\t\tid: 'gondolin',\n\t\truntimeId: options.lease.leaseId,\n\t\truntimeLabel: options.lease.leaseId,\n\t\tworkdir: options.lease.workdir,\n\t\tbuildExecSpec: async (execParams) =>\n\t\t\tawait options.buildExecSpec({\n\t\t\t\tcommand: execParams.command,\n\t\t\t\tenv: execParams.env,\n\t\t\t\tssh: options.lease.ssh,\n\t\t\t\tusePty: execParams.usePty,\n\t\t\t\tworkdir: execParams.workdir ?? options.lease.workdir,\n\t\t\t}),\n\t\tfinalizeExec: async (finalizeParams) => {\n\t\t\tif (\n\t\t\t\tfinalizeParams.token &&\n\t\t\t\ttypeof finalizeParams.token === 'object' &&\n\t\t\t\t'dispose' in finalizeParams.token\n\t\t\t) {\n\t\t\t\tawait (finalizeParams.token as { dispose: () => Promise<void> }).dispose();\n\t\t\t}\n\t\t},\n\t\trunShellCommand: async (commandParams) =>\n\t\t\tawait options.runRemoteShellScript({\n\t\t\t\tscript: commandParams.script,\n\t\t\t\tssh: options.lease.ssh,\n\t\t\t}),\n\t} satisfies GondolinSandboxBackendHandle;\n}\n","import { createLeaseClient } from '../controller-lease-client.js';\nimport type { CreateBackendDependencies } from './sandbox-backend-contract.js';\n\nexport function createGondolinSandboxBackendManager(\n\toptions: {\n\t\treadonly controllerUrl: string;\n\t\treadonly zoneId: string;\n\t},\n\tdependencies: CreateBackendDependencies,\n): {\n\tdescribeRuntime: (params: {\n\t\treadonly entry: { readonly containerName: string };\n\t}) => Promise<{ readonly configLabelMatch: boolean; readonly running: boolean }>;\n\tremoveRuntime: (params: { readonly entry: { readonly containerName: string } }) => Promise<void>;\n} {\n\treturn {\n\t\tdescribeRuntime: async (params) => {\n\t\t\tconst leaseClient =\n\t\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\t\ttry {\n\t\t\t\tconst leaseStatus = await leaseClient.getLeaseStatus(params.entry.containerName);\n\t\t\t\treturn { configLabelMatch: true, running: leaseStatus !== null };\n\t\t\t} catch {\n\t\t\t\treturn { configLabelMatch: false, running: false };\n\t\t\t}\n\t\t},\n\t\tremoveRuntime: async (params) => {\n\t\t\tconst leaseClient =\n\t\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\t\tawait leaseClient.releaseLease(params.entry.containerName);\n\t\t},\n\t};\n}\n","export interface ResolvedGondolinPluginConfig {\n\treadonly controllerUrl: string;\n\treadonly profileId?: string;\n\treadonly zoneId: string;\n}\n\nexport function resolveGondolinPluginConfig(\n\tconfig: Record<string, unknown>,\n): ResolvedGondolinPluginConfig {\n\tif (typeof config.controllerUrl !== 'string' || typeof config.zoneId !== 'string') {\n\t\tthrow new Error('Gondolin plugin config requires controllerUrl and zoneId.');\n\t}\n\n\treturn {\n\t\tcontrollerUrl: config.controllerUrl,\n\t\t...(typeof config.profileId === 'string' ? { profileId: config.profileId } : {}),\n\t\tzoneId: config.zoneId,\n\t};\n}\n","import type { SshHelpers, SshSandboxSession } from './openclaw-sandbox-sdk-contract.js';\nimport type {\n\tCreateBackendDependencies,\n\tFsBridgeLeaseContext,\n\tGondolinFsBridge,\n} from './sandbox-backend-factory.js';\n\nexport function createBackendDeps(ssh: SshHelpers): {\n\treadonly buildExecSpec: CreateBackendDependencies['buildExecSpec'];\n\treadonly createFsBridgeBuilder: (\n\t\tleaseContext: FsBridgeLeaseContext,\n\t) => (params: { readonly sandbox: unknown }) => GondolinFsBridge;\n\treadonly runRemoteShellScript: CreateBackendDependencies['runRemoteShellScript'];\n} {\n\treturn {\n\t\tbuildExecSpec: async ({ command, env, ssh: sshCreds, usePty, workdir }) => {\n\t\t\tconst session = await ssh.createSshSandboxSessionFromSettings({\n\t\t\t\tcommand: 'ssh',\n\t\t\t\tidentityData: sshCreds.identityPem,\n\t\t\t\tstrictHostKeyChecking: false,\n\t\t\t\ttarget: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,\n\t\t\t\tupdateHostKeys: false,\n\t\t\t\tworkspaceRoot: workdir,\n\t\t\t});\n\t\t\tconst disposeSshSandboxSession = ssh.disposeSshSandboxSession;\n\t\t\treturn {\n\t\t\t\targv: ssh.buildSshSandboxArgv({\n\t\t\t\t\tremoteCommand: ssh.buildExecRemoteCommand({\n\t\t\t\t\t\tcommand,\n\t\t\t\t\t\tenv,\n\t\t\t\t\t\tworkdir,\n\t\t\t\t\t}),\n\t\t\t\t\tsession,\n\t\t\t\t\ttty: usePty,\n\t\t\t\t}),\n\t\t\t\tenv: ssh.sanitizeEnvVars(process.env).allowed,\n\t\t\t\tfinalizeToken: {\n\t\t\t\t\tdispose: async (): Promise<void> => {\n\t\t\t\t\t\tif (disposeSshSandboxSession) {\n\t\t\t\t\t\t\tawait disposeSshSandboxSession(session);\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t\tsession,\n\t\t\t\t},\n\t\t\t\tstdinMode: 'pipe-open' as const,\n\t\t\t};\n\t\t},\n\t\tcreateFsBridgeBuilder:\n\t\t\t(leaseContext: FsBridgeLeaseContext) =>\n\t\t\t(params: { readonly sandbox: unknown }): GondolinFsBridge =>\n\t\t\t\tssh.createRemoteShellSandboxFsBridge({\n\t\t\t\t\tsandbox: params.sandbox,\n\t\t\t\t\truntime: {\n\t\t\t\t\t\tremoteAgentWorkspaceDir: leaseContext.remoteAgentWorkspaceDir,\n\t\t\t\t\t\tremoteWorkspaceDir: leaseContext.remoteWorkspaceDir,\n\t\t\t\t\t\trunRemoteShellScript: leaseContext.runRemoteShellScript,\n\t\t\t\t\t},\n\t\t\t\t}),\n\t\trunRemoteShellScript: async ({ allowFailure, script, signal, ssh: sshCreds, stdin }) => {\n\t\t\tconst session = await ssh.createSshSandboxSessionFromSettings({\n\t\t\t\tcommand: 'ssh',\n\t\t\t\tidentityData: sshCreds.identityPem,\n\t\t\t\tstrictHostKeyChecking: false,\n\t\t\t\ttarget: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,\n\t\t\t\tupdateHostKeys: false,\n\t\t\t\tworkspaceRoot: '/workspace',\n\t\t\t});\n\t\t\treturn await ssh.runSshSandboxCommand({\n\t\t\t\t...(allowFailure !== undefined ? { allowFailure } : {}),\n\t\t\t\tremoteCommand: ssh.buildRemoteCommand(['/bin/sh', '-c', script, 'gondolin-sandbox-fs']),\n\t\t\t\tsession,\n\t\t\t\t...(signal !== undefined ? { signal } : {}),\n\t\t\t\t...(stdin !== undefined ? { stdin } : {}),\n\t\t\t});\n\t\t},\n\t};\n}\n\nexport type { SshHelpers, SshSandboxSession };\n","export interface SshSandboxSession {\n\treadonly command: string;\n\treadonly configPath: string;\n\treadonly host: string;\n}\n\nexport interface SshHelpers {\n\treadonly buildExecRemoteCommand: (params: {\n\t\treadonly command: string;\n\t\treadonly env: Record<string, string>;\n\t\treadonly workdir?: string;\n\t}) => string;\n\treadonly buildRemoteCommand: (argv: readonly string[]) => string;\n\treadonly buildSshSandboxArgv: (params: {\n\t\treadonly remoteCommand: string;\n\t\treadonly session: SshSandboxSession;\n\t\treadonly tty?: boolean;\n\t}) => string[];\n\treadonly createRemoteShellSandboxFsBridge: (params: {\n\t\treadonly runtime: {\n\t\t\treadonly remoteAgentWorkspaceDir: string;\n\t\t\treadonly remoteWorkspaceDir: string;\n\t\t\treadonly runRemoteShellScript: (shellParams: {\n\t\t\t\treadonly allowFailure?: boolean;\n\t\t\t\treadonly args?: string[];\n\t\t\t\treadonly script: string;\n\t\t\t\treadonly signal?: AbortSignal;\n\t\t\t\treadonly stdin?: Buffer | string;\n\t\t\t}) => Promise<{\n\t\t\t\treadonly code: number;\n\t\t\t\treadonly stderr: Buffer;\n\t\t\t\treadonly stdout: Buffer;\n\t\t\t}>;\n\t\t};\n\t\treadonly sandbox: unknown;\n\t}) => import('./sandbox-backend-factory.js').GondolinFsBridge;\n\treadonly createSshSandboxSessionFromSettings: (settings: {\n\t\treadonly command: string;\n\t\treadonly identityData?: string;\n\t\treadonly strictHostKeyChecking: boolean;\n\t\treadonly target: string;\n\t\treadonly updateHostKeys: boolean;\n\t\treadonly workspaceRoot: string;\n\t}) => Promise<SshSandboxSession>;\n\treadonly disposeSshSandboxSession?: (session: SshSandboxSession) => Promise<void>;\n\treadonly runSshSandboxCommand: (params: {\n\t\treadonly allowFailure?: boolean;\n\t\treadonly remoteCommand: string;\n\t\treadonly session: SshSandboxSession;\n\t\treadonly signal?: AbortSignal;\n\t\treadonly stdin?: Buffer | string;\n\t}) => Promise<{\n\t\treadonly code: number;\n\t\treadonly stderr: Buffer;\n\t\treadonly stdout: Buffer;\n\t}>;\n\treadonly sanitizeEnvVars: (env: NodeJS.ProcessEnv) => {\n\t\treadonly allowed: Record<string, string>;\n\t};\n}\n\nexport function assertSdkShape(value: unknown): asserts value is SshHelpers & {\n\tregisterSandboxBackend: (\n\t\tid: string,\n\t\tregistration: {\n\t\t\tfactory: ReturnType<\n\t\t\t\ttypeof import('./sandbox-backend-factory.js').createGondolinSandboxBackendFactory\n\t\t\t>;\n\t\t\tmanager?: ReturnType<\n\t\t\t\ttypeof import('./sandbox-backend-factory.js').createGondolinSandboxBackendManager\n\t\t\t>;\n\t\t},\n\t) => void;\n} {\n\tif (typeof value !== 'object' || value === null) {\n\t\tthrow new TypeError('OpenClaw SDK module is not an object');\n\t}\n\n\tfor (const exportName of [\n\t\t'buildExecRemoteCommand',\n\t\t'buildRemoteCommand',\n\t\t'buildSshSandboxArgv',\n\t\t'createRemoteShellSandboxFsBridge',\n\t\t'createSshSandboxSessionFromSettings',\n\t\t'runSshSandboxCommand',\n\t\t'sanitizeEnvVars',\n\t\t'registerSandboxBackend',\n\t] as const) {\n\t\tif (typeof (value as Record<string, unknown>)[exportName] !== 'function') {\n\t\t\tthrow new TypeError(`OpenClaw SDK missing required export: ${exportName}`);\n\t\t}\n\t}\n}\n","import { resolveGondolinPluginConfig } from './gondolin-plugin-config.js';\nimport { createBackendDeps } from './openclaw-backend-dependencies.js';\nimport {\n\tassertSdkShape,\n\ttype SshHelpers,\n\ttype SshSandboxSession,\n} from './openclaw-sandbox-sdk-contract.js';\nimport {\n\tcreateGondolinSandboxBackendFactory,\n\tcreateGondolinSandboxBackendManager,\n} from './sandbox-backend-factory.js';\n\nconst plugin = {\n\tid: 'gondolin',\n\tname: 'Gondolin VM Sandbox',\n\tdescription: 'Sandbox backend powered by Gondolin micro-VMs.',\n\n\tregister(api: {\n\t\treadonly pluginConfig: Record<string, unknown>;\n\t\treadonly registrationMode: string;\n\t}): void {\n\t\tif (api.registrationMode !== 'full') {\n\t\t\treturn;\n\t\t}\n\n\t\tconst pluginConfig = resolveGondolinPluginConfig(api.pluginConfig);\n\t\tconst sdkPath = '/opt/openclaw-sdk/sandbox.js';\n\t\tconst sdkPromise = import(sdkPath).then((sdkRaw: Record<string, unknown>) => {\n\t\t\tassertSdkShape(sdkRaw);\n\n\t\t\tconst sshHelpers: SshHelpers = {\n\t\t\t\tbuildExecRemoteCommand: sdkRaw.buildExecRemoteCommand,\n\t\t\t\tbuildRemoteCommand: sdkRaw.buildRemoteCommand,\n\t\t\t\tbuildSshSandboxArgv: sdkRaw.buildSshSandboxArgv,\n\t\t\t\tcreateRemoteShellSandboxFsBridge: sdkRaw.createRemoteShellSandboxFsBridge,\n\t\t\t\tcreateSshSandboxSessionFromSettings: sdkRaw.createSshSandboxSessionFromSettings,\n\t\t\t\t...(typeof sdkRaw.disposeSshSandboxSession === 'function'\n\t\t\t\t\t? {\n\t\t\t\t\t\t\tdisposeSshSandboxSession: sdkRaw.disposeSshSandboxSession as (\n\t\t\t\t\t\t\t\tsession: SshSandboxSession,\n\t\t\t\t\t\t\t) => Promise<void>,\n\t\t\t\t\t\t}\n\t\t\t\t\t: {}),\n\t\t\t\trunSshSandboxCommand: sdkRaw.runSshSandboxCommand,\n\t\t\t\tsanitizeEnvVars: sdkRaw.sanitizeEnvVars,\n\t\t\t};\n\n\t\t\tconst backendDependencies = createBackendDeps(sshHelpers);\n\t\t\tsdkRaw.registerSandboxBackend('gondolin', {\n\t\t\t\tfactory: createGondolinSandboxBackendFactory(pluginConfig, backendDependencies),\n\t\t\t\tmanager: createGondolinSandboxBackendManager(pluginConfig, backendDependencies),\n\t\t\t});\n\t\t});\n\n\t\tsdkPromise.catch((error: unknown) => {\n\t\t\tconst message = error instanceof Error ? error.message : JSON.stringify(error);\n\t\t\tprocess.stderr.write(`[gondolin] failed to load OpenClaw SDK: ${message}\\n`);\n\t\t});\n\t},\n};\n\nexport default plugin;\n\nexport { createBackendDeps };\nexport type { SshHelpers };\n","export * from './sandbox-backend-factory.js';\nexport * from './gondolin-plugin-config.js';\nexport * from './controller-lease-client.js';\nexport * from './openclaw-plugin-registration.js';\nexport { default } from './openclaw-plugin-registration.js';\n\nexport const OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME = '@agent-vm/openclaw-agent-vm-plugin';\n"],"mappings":";AAyBA,SAASA,0BAAwB,OAAgD;AAChF,QACC,OAAO,UAAU,YACjB,UAAU,QACV,OAAQ,MAAgC,YAAY,YACpD,OAAQ,MAAgC,YAAY,YACpD,OAAQ,MAAgC,YAAY;;AAItD,SAAgB,kBAAkB,SAGlB;CACf,MAAM,YAAY,QAAQ,aAAa;CACvC,MAAM,UAAU,QAAQ,cAAc,QAAQ,QAAQ,GAAG;AAEzD,QAAO;EACN,gBAAgB,OAAO,YAAsC;GAC5D,MAAM,WAAW,MAAM,UAAU,GAAG,QAAQ,SAAS,UAAU;AAC/D,OAAI,CAAC,SAAS,IAAI;IACjB,MAAM,YAAY,MAAM,SAAS,MAAM,CAAC,YAAY,eAAe;AACnE,UAAM,IAAI,UACT,6CAA6C,SAAS,OAAO,IAAI,YACjE;;AAEF,UAAO,MAAM,SAAS,MAAM;;EAE7B,cAAc,OAAO,YAAmC;AACvD,SAAM,UAAU,GAAG,QAAQ,SAAS,WAAW,EAC9C,QAAQ,UACR,CAAC;;EAEH,cAAc,OAAO,YAA4C;GAChE,MAAM,WAAW,MAAM,UAAU,GAAG,QAAQ,SAAS;IACpD,MAAM,KAAK,UAAU,QAAQ;IAC7B,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CAAC;AACF,OAAI,CAAC,SAAS,IAAI;IACjB,MAAM,YAAY,MAAM,SAAS,MAAM,CAAC,YAAY,eAAe;AACnE,UAAM,IAAI,UAAU,sCAAsC,SAAS,OAAO,IAAI,YAAY;;GAE3F,MAAM,UAAU,MAAM,SAAS,MAAM;AACrC,OAAI,CAACA,0BAAwB,QAAQ,CACpC,OAAM,IAAI,UACT,kDAAkD,KAAK,UAAU,QAAQ,CAAC,MAAM,GAAG,IAAI,GACvF;AAEF,UAAO;;EAER;;;;;AC5EF,SAAgB,wBAAwB,OAAgD;AACvF,QACC,OAAO,UAAU,YACjB,UAAU,QACV,OAAQ,MAAgC,YAAY,YACpD,OAAQ,MAAgC,YAAY,YACpD,OAAQ,MAAgC,YAAY,YACpD,OAAQ,MAA4B,QAAQ,YAC3C,MAA4B,QAAQ;;;;;ACVvC,SAAgB,yBAAyB,QAAgB,MAAkC;AAC1F,KAAI,CAAC,QAAQ,KAAK,WAAW,EAC5B,QAAO;AAIR,QAAO,UADa,KAAK,KAAK,QAAQ,IAAI,IAAI,QAAQ,MAAM,QAAQ,CAAC,GAAG,CAAC,KAAK,IAAI,CACrD,IAAI;;;;;ACIlC,SAAgB,oCACf,SAKA,cAW2C;CAC3C,MAAM,6BAAa,IAAI,KAA+B;AAEtD,QAAO,OAAO,WAAW;EACxB,MAAM,cACL,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC;EAClE,MAAM,cAAc,WAAW,IAAI,OAAO,SAAS;AACnD,MAAI,YACH,KAAI;AACH,SAAM,YAAY,eAAe,YAAY,MAAM,QAAQ;AAC3D,UAAO,YAAY;UACZ;AACP,cAAW,OAAO,OAAO,SAAS;;EAGpC,MAAM,gBAAgB,MAAM,YAAY,aAAa;GACpD,mBAAmB,OAAO;GAC1B,WAAW,QAAQ,aAAa;GAChC,UAAU,OAAO;GACjB,cAAc,OAAO;GACrB,QAAQ,QAAQ;GAChB,CAAC;AACF,MAAI,CAAC,wBAAwB,cAAc,CAC1C,OAAM,IAAI,UAAU,wDAAwD;EAG7E,MAAM,QAAQ;EACd,MAAM,SAAS,2BAA2B;GACzC,KAAK,OAAO;GACZ,eAAe,QAAQ;GACvB,uBAAuB,aAAa;GACpC;GACA,sBAAsB,aAAa;GACnC,eAAe,aAAa;GAC5B,UAAU,OAAO;GACjB,QAAQ,QAAQ;GAChB,CAAC;AACF,aAAW,IAAI,OAAO,UAAU;GAAE;GAAQ;GAAO,CAAC;AAClD,SAAO;;;AAIT,SAAS,2BAA2B,SAaH;CAChC,MAAMC,4BAA0E,OAC/E,gBAEA,MAAM,QAAQ,qBAAqB;EAClC,GAAI,YAAY,iBAAiB,SAAY,EAAE,cAAc,YAAY,cAAc,GAAG,EAAE;EAC5F,QAAQ,yBAAyB,YAAY,QAAQ,YAAY,KAAK;EACtE,GAAI,YAAY,WAAW,SAAY,EAAE,QAAQ,YAAY,QAAQ,GAAG,EAAE;EAC1E,KAAK,QAAQ,MAAM;EACnB,GAAI,YAAY,UAAU,SAAY,EAAE,OAAO,YAAY,OAAO,GAAG,EAAE;EACvE,CAAC;CAEH,MAAM,iBAAiB,QAAQ,wBAAwB;EACtD,yBAAyB,QAAQ,MAAM;EACvC,oBAAoB,QAAQ,MAAM;EAClC,sBAAsB;EACtB,CAAC;AAEF,QAAO;EACN,GAAI,iBAAiB,EAAE,gBAAgB,GAAG,EAAE;EAC5C,GAAI,QAAQ,IAAI,QAAQ,MAAM,EAAE,KAAK,QAAQ,IAAI,OAAO,KAAK,GAAG,EAAE;EAClE,aAAa,GAAG,QAAQ,cAAc,IAAI,QAAQ,OAAO;EACzD,iBAAiB;EACjB,IAAI;EACJ,WAAW,QAAQ,MAAM;EACzB,cAAc,QAAQ,MAAM;EAC5B,SAAS,QAAQ,MAAM;EACvB,eAAe,OAAO,eACrB,MAAM,QAAQ,cAAc;GAC3B,SAAS,WAAW;GACpB,KAAK,WAAW;GAChB,KAAK,QAAQ,MAAM;GACnB,QAAQ,WAAW;GACnB,SAAS,WAAW,WAAW,QAAQ,MAAM;GAC7C,CAAC;EACH,cAAc,OAAO,mBAAmB;AACvC,OACC,eAAe,SACf,OAAO,eAAe,UAAU,YAChC,aAAa,eAAe,MAE5B,OAAO,eAAe,MAA2C,SAAS;;EAG5E,iBAAiB,OAAO,kBACvB,MAAM,QAAQ,qBAAqB;GAClC,QAAQ,cAAc;GACtB,KAAK,QAAQ,MAAM;GACnB,CAAC;EACH;;;;;AClIF,SAAgB,oCACf,SAIA,cAMC;AACD,QAAO;EACN,iBAAiB,OAAO,WAAW;GAClC,MAAM,cACL,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC;AAClE,OAAI;AAEH,WAAO;KAAE,kBAAkB;KAAM,SADb,MAAM,YAAY,eAAe,OAAO,MAAM,cAAc,KACtB;KAAM;WACzD;AACP,WAAO;KAAE,kBAAkB;KAAO,SAAS;KAAO;;;EAGpD,eAAe,OAAO,WAAW;AAKhC,UAHC,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC,EAChD,aAAa,OAAO,MAAM,cAAc;;EAE3D;;;;;AC7BF,SAAgB,4BACf,QAC+B;AAC/B,KAAI,OAAO,OAAO,kBAAkB,YAAY,OAAO,OAAO,WAAW,SACxE,OAAM,IAAI,MAAM,4DAA4D;AAG7E,QAAO;EACN,eAAe,OAAO;EACtB,GAAI,OAAO,OAAO,cAAc,WAAW,EAAE,WAAW,OAAO,WAAW,GAAG,EAAE;EAC/E,QAAQ,OAAO;EACf;;;;;ACVF,SAAgB,kBAAkB,KAMhC;AACD,QAAO;EACN,eAAe,OAAO,EAAE,SAAS,KAAK,KAAK,UAAU,QAAQ,cAAc;GAC1E,MAAM,UAAU,MAAM,IAAI,oCAAoC;IAC7D,SAAS;IACT,cAAc,SAAS;IACvB,uBAAuB;IACvB,QAAQ,GAAG,SAAS,KAAK,GAAG,SAAS,KAAK,GAAG,SAAS;IACtD,gBAAgB;IAChB,eAAe;IACf,CAAC;GACF,MAAM,2BAA2B,IAAI;AACrC,UAAO;IACN,MAAM,IAAI,oBAAoB;KAC7B,eAAe,IAAI,uBAAuB;MACzC;MACA;MACA;MACA,CAAC;KACF;KACA,KAAK;KACL,CAAC;IACF,KAAK,IAAI,gBAAgB,QAAQ,IAAI,CAAC;IACtC,eAAe;KACd,SAAS,YAA2B;AACnC,UAAI,yBACH,OAAM,yBAAyB,QAAQ;;KAGzC;KACA;IACD,WAAW;IACX;;EAEF,wBACE,kBACA,WACA,IAAI,iCAAiC;GACpC,SAAS,OAAO;GAChB,SAAS;IACR,yBAAyB,aAAa;IACtC,oBAAoB,aAAa;IACjC,sBAAsB,aAAa;IACnC;GACD,CAAC;EACJ,sBAAsB,OAAO,EAAE,cAAc,QAAQ,QAAQ,KAAK,UAAU,YAAY;GACvF,MAAM,UAAU,MAAM,IAAI,oCAAoC;IAC7D,SAAS;IACT,cAAc,SAAS;IACvB,uBAAuB;IACvB,QAAQ,GAAG,SAAS,KAAK,GAAG,SAAS,KAAK,GAAG,SAAS;IACtD,gBAAgB;IAChB,eAAe;IACf,CAAC;AACF,UAAO,MAAM,IAAI,qBAAqB;IACrC,GAAI,iBAAiB,SAAY,EAAE,cAAc,GAAG,EAAE;IACtD,eAAe,IAAI,mBAAmB;KAAC;KAAW;KAAM;KAAQ;KAAsB,CAAC;IACvF;IACA,GAAI,WAAW,SAAY,EAAE,QAAQ,GAAG,EAAE;IAC1C,GAAI,UAAU,SAAY,EAAE,OAAO,GAAG,EAAE;IACxC,CAAC;;EAEH;;;;;ACdF,SAAgB,eAAe,OAY7B;AACD,KAAI,OAAO,UAAU,YAAY,UAAU,KAC1C,OAAM,IAAI,UAAU,uCAAuC;AAG5D,MAAK,MAAM,cAAc;EACxB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,CACA,KAAI,OAAQ,MAAkC,gBAAgB,WAC7D,OAAM,IAAI,UAAU,yCAAyC,aAAa;;;;;AC7E7E,MAAM,SAAS;CACd,IAAI;CACJ,MAAM;CACN,aAAa;CAEb,SAAS,KAGA;AACR,MAAI,IAAI,qBAAqB,OAC5B;EAGD,MAAM,eAAe,4BAA4B,IAAI,aAAa;AA6BlE,EA3BmB,OADH,gCACmB,MAAM,WAAoC;AAC5E,kBAAe,OAAO;GAmBtB,MAAM,sBAAsB,kBAjBG;IAC9B,wBAAwB,OAAO;IAC/B,oBAAoB,OAAO;IAC3B,qBAAqB,OAAO;IAC5B,kCAAkC,OAAO;IACzC,qCAAqC,OAAO;IAC5C,GAAI,OAAO,OAAO,6BAA6B,aAC5C,EACA,0BAA0B,OAAO,0BAGjC,GACA,EAAE;IACL,sBAAsB,OAAO;IAC7B,iBAAiB,OAAO;IACxB,CAEwD;AACzD,UAAO,uBAAuB,YAAY;IACzC,SAAS,oCAAoC,cAAc,oBAAoB;IAC/E,SAAS,oCAAoC,cAAc,oBAAoB;IAC/E,CAAC;IACD,CAES,OAAO,UAAmB;GACpC,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,KAAK,UAAU,MAAM;AAC9E,WAAQ,OAAO,MAAM,2CAA2C,QAAQ,IAAI;IAC3E;;CAEH;AAED,2CAAe;;;;ACvDf,MAAa,wCAAwC"}

package/dist/openclaw.plugin.json ADDED Viewed

@@ -0,0 +1,20 @@
+{
+	"id": "gondolin",
+	"name": "Gondolin VM Sandbox",
+	"description": "Sandbox backend powered by Gondolin micro-VMs with SSH-based command execution via controller lease API.",
+	"configSchema": {
+		"type": "object",
+		"additionalProperties": false,
+		"properties": {
+			"controllerUrl": {
+				"type": "string",
+				"minLength": 1
+			},
+			"zoneId": {
+				"type": "string",
+				"minLength": 1
+			}
+		},
+		"required": ["controllerUrl", "zoneId"]
+	}
+}

package/dist/sdk-validate.mjs ADDED Viewed

@@ -0,0 +1,42 @@
+#!/usr/bin/env node
+/**
+ * Runtime SDK validation — run this INSIDE a gateway VM to verify
+ * our plugin's type guard matches the actual OpenClaw SDK exports.
+ *
+ * Usage (inside VM):
+ *   node /opt/extensions/gondolin/sdk-validate.mjs
+ *
+ * Exit 0 = compatible, Exit 1 = mismatch (lists missing exports)
+ */
+const SDK_PATH = '/opt/openclaw-sdk/sandbox.js';
+const REQUIRED_EXPORTS = [
+	'buildExecRemoteCommand',
+	'buildRemoteCommand',
+	'buildSshSandboxArgv',
+	'createSshSandboxSessionFromSettings',
+	'runSshSandboxCommand',
+	'sanitizeEnvVars',
+	'registerSandboxBackend',
+];
+try {
+	const sdk = await import(SDK_PATH);
+	const missing = REQUIRED_EXPORTS.filter((name) => typeof sdk[name] !== 'function');
+	if (missing.length > 0) {
+		process.stderr.write(`SDK MISMATCH - missing exports: ${missing.join(', ')}\n`);
+		process.stderr.write('Update assertSdkShape() and SshHelpers interface in plugin.ts\n');
+		process.exit(1);
+	}
+	process.stdout.write(
+		`SDK COMPATIBLE - all ${String(REQUIRED_EXPORTS.length)} required exports found\n`,
+	);
+	process.exit(0);
+} catch (error) {
+	const message = error instanceof Error ? error.message : JSON.stringify(error);
+	process.stderr.write(`SDK LOAD FAILED: ${message}\n`);
+	process.stderr.write(`Is OpenClaw installed? Expected at: ${SDK_PATH}\n`);
+	process.exit(1);
+}

package/package.json ADDED Viewed

@@ -0,0 +1,38 @@
+{
+  "name": "@agent-vm/openclaw-agent-vm-plugin",
+  "version": "0.0.20",
+  "description": "OpenClaw sandbox-backend plugin that delegates execution to a Gondolin-managed VM.",
+  "homepage": "https://github.com/ShravanSunder/agent-vm#readme",
+  "bugs": {
+    "url": "https://github.com/ShravanSunder/agent-vm/issues"
+  },
+  "license": "MIT",
+  "author": "Shravan Sunder <ShravanSunder@users.noreply.github.com>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ShravanSunder/agent-vm.git",
+    "directory": "packages/openclaw-agent-vm-plugin"
+  },
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@agent-vm/gondolin-adapter": "0.0.20"
+  },
+  "scripts": {
+    "build": "tsdown && cp openclaw.plugin.json sdk-validate.mjs dist/",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  }
+}