@agent-vm/openclaw-agent-vm-plugin 0.0.73 → 0.0.74
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +79 -11
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +143 -45
- package/dist/index.js.map +1 -1
- package/package.json +4 -3
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
import { EndToolVmActiveUseRequest, HeartbeatToolVmActiveUseResponse, StartToolVmActiveUseRequest, StartToolVmActiveUseResponse, ToolVmLeasePeek, ToolVmSshLease } from "@agent-vm/gateway-interface";
|
|
2
2
|
|
|
3
3
|
//#region src/controller-lease-client.d.ts
|
|
4
|
+
type JsonValue = boolean | null | number | string | {
|
|
5
|
+
readonly [key: string]: JsonValue;
|
|
6
|
+
} | readonly JsonValue[];
|
|
4
7
|
interface OpenClawRuntimeStatusReport {
|
|
5
8
|
readonly findings: readonly {
|
|
6
9
|
readonly hint: string;
|
|
@@ -10,6 +13,22 @@ interface OpenClawRuntimeStatusReport {
|
|
|
10
13
|
readonly pluginId: 'gondolin';
|
|
11
14
|
readonly zoneId: string;
|
|
12
15
|
}
|
|
16
|
+
interface OpenClawGondolinLeaseSandboxSnapshot {
|
|
17
|
+
readonly backend: unknown;
|
|
18
|
+
readonly mode: unknown;
|
|
19
|
+
readonly scope: unknown;
|
|
20
|
+
readonly workspaceAccess: unknown;
|
|
21
|
+
}
|
|
22
|
+
interface OpenClawGondolinLeaseRequest {
|
|
23
|
+
readonly agentId: string;
|
|
24
|
+
readonly agentWorkspaceDir: string;
|
|
25
|
+
readonly profileId: string;
|
|
26
|
+
readonly sandbox: OpenClawGondolinLeaseSandboxSnapshot;
|
|
27
|
+
readonly scopeKey: string;
|
|
28
|
+
readonly sessionKey: string;
|
|
29
|
+
readonly workMountDir: string;
|
|
30
|
+
readonly zoneId: string;
|
|
31
|
+
}
|
|
13
32
|
interface LeaseClient {
|
|
14
33
|
endActiveUse(leaseId: string, useId: string, request: EndToolVmActiveUseRequest): Promise<void>;
|
|
15
34
|
heartbeatActiveUse(leaseId: string, useId: string): Promise<HeartbeatToolVmActiveUseResponse>;
|
|
@@ -19,25 +38,19 @@ interface LeaseClient {
|
|
|
19
38
|
readonly force?: boolean;
|
|
20
39
|
}): Promise<void>;
|
|
21
40
|
renewLease(leaseId: string): Promise<ToolVmSshLease>;
|
|
22
|
-
requestLease(request:
|
|
23
|
-
readonly agentWorkspaceDir: string;
|
|
24
|
-
readonly profileId: string;
|
|
25
|
-
readonly scopeKey: string;
|
|
26
|
-
readonly workMountDir: string;
|
|
27
|
-
readonly zoneId: string;
|
|
28
|
-
}): Promise<ToolVmSshLease>;
|
|
41
|
+
requestLease(request: OpenClawGondolinLeaseRequest): Promise<ToolVmSshLease>;
|
|
29
42
|
startActiveUse(leaseId: string, request: StartToolVmActiveUseRequest): Promise<StartToolVmActiveUseResponse>;
|
|
30
43
|
}
|
|
31
44
|
type ControllerLeaseRequestErrorKind = 'client-error' | 'server-error';
|
|
32
45
|
declare class ControllerLeaseRequestError extends Error {
|
|
33
46
|
readonly bodyText: string;
|
|
34
47
|
readonly kind: ControllerLeaseRequestErrorKind;
|
|
35
|
-
readonly responseBody:
|
|
48
|
+
readonly responseBody: JsonValue | undefined;
|
|
36
49
|
readonly status: number;
|
|
37
50
|
constructor(options: {
|
|
38
51
|
readonly bodyText: string;
|
|
39
52
|
readonly context: string;
|
|
40
|
-
readonly responseBody:
|
|
53
|
+
readonly responseBody: JsonValue | undefined;
|
|
41
54
|
readonly status: number;
|
|
42
55
|
});
|
|
43
56
|
}
|
|
@@ -46,6 +59,60 @@ declare function createLeaseClient(options: {
|
|
|
46
59
|
readonly fetchImpl?: (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
|
|
47
60
|
}): LeaseClient;
|
|
48
61
|
//#endregion
|
|
62
|
+
//#region src/openclaw-gondolin-contract.d.ts
|
|
63
|
+
declare const OPENCLAW_DEFAULT_AGENT_ID = "main";
|
|
64
|
+
declare const OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS: readonly [{
|
|
65
|
+
readonly expectedValue: "gondolin";
|
|
66
|
+
readonly key: "backend";
|
|
67
|
+
}, {
|
|
68
|
+
readonly expectedValue: "all";
|
|
69
|
+
readonly key: "mode";
|
|
70
|
+
}, {
|
|
71
|
+
readonly expectedValue: "agent";
|
|
72
|
+
readonly key: "scope";
|
|
73
|
+
}, {
|
|
74
|
+
readonly expectedValue: "rw";
|
|
75
|
+
readonly key: "workspaceAccess";
|
|
76
|
+
}];
|
|
77
|
+
declare const OPENCLAW_GONDOLIN_LEASE_SCOPE_GUIDANCE = "Managed OpenClaw/Gondolin requires agents.*.sandbox.scope=\"agent\"; the lease scopeKey must be agent:<agentId>, not a raw channel, session, or subagent key.";
|
|
78
|
+
type OpenClawGondolinSandboxRequirement = (typeof OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS)[number];
|
|
79
|
+
type OpenClawGondolinSandboxRequirementKey = OpenClawGondolinSandboxRequirement['key'];
|
|
80
|
+
interface OpenClawGondolinSandboxSnapshot {
|
|
81
|
+
readonly backend?: unknown;
|
|
82
|
+
readonly mode?: unknown;
|
|
83
|
+
readonly scope?: unknown;
|
|
84
|
+
readonly workspaceAccess?: unknown;
|
|
85
|
+
}
|
|
86
|
+
interface OpenClawGondolinAgentConfig {
|
|
87
|
+
readonly id?: unknown;
|
|
88
|
+
readonly sandbox?: OpenClawGondolinSandboxSnapshot;
|
|
89
|
+
readonly workspace?: unknown;
|
|
90
|
+
}
|
|
91
|
+
declare function isOpenClawAgentId(value: string): boolean;
|
|
92
|
+
declare function effectiveOpenClawGondolinSandboxValue(defaults: OpenClawGondolinAgentConfig, agentConfig: OpenClawGondolinAgentConfig, key: OpenClawGondolinSandboxRequirementKey): unknown;
|
|
93
|
+
declare function formatOpenClawGondolinRequirementFieldPath(label: string, key: OpenClawGondolinSandboxRequirementKey): string;
|
|
94
|
+
declare function formatOpenClawGondolinRequirementFindingId(options: {
|
|
95
|
+
readonly fieldPath: string;
|
|
96
|
+
readonly label: string;
|
|
97
|
+
readonly zoneId: string;
|
|
98
|
+
}): string;
|
|
99
|
+
declare function formatOpenClawGondolinRequirementHint(options: {
|
|
100
|
+
readonly expectedValue: string;
|
|
101
|
+
readonly fieldPath: string;
|
|
102
|
+
readonly ok: boolean;
|
|
103
|
+
}): string;
|
|
104
|
+
declare function normalizeOpenClawAgentId(value: string | undefined | null): string;
|
|
105
|
+
declare function resolveOpenClawAgentIdFromSessionKey(sessionKey: string): string;
|
|
106
|
+
declare function isOpenClawAgentSessionKey(sessionKey: string): boolean;
|
|
107
|
+
declare function expectedOpenClawGondolinScopeKey(agentId: string): string;
|
|
108
|
+
declare function snapshotOpenClawGondolinSandboxConfig(cfg: OpenClawGondolinSandboxSnapshot): {
|
|
109
|
+
readonly backend: unknown;
|
|
110
|
+
readonly mode: unknown;
|
|
111
|
+
readonly scope: unknown;
|
|
112
|
+
readonly workspaceAccess: unknown;
|
|
113
|
+
};
|
|
114
|
+
declare function findOpenClawGondolinSandboxMismatch(sandbox: OpenClawGondolinSandboxSnapshot): OpenClawGondolinSandboxRequirement | undefined;
|
|
115
|
+
//#endregion
|
|
49
116
|
//#region src/sandbox-backend/sandbox-backend-contract.d.ts
|
|
50
117
|
interface OpenClawFsBridgeLeaseContext {
|
|
51
118
|
readonly remoteAgentWorkspaceDir: string;
|
|
@@ -187,7 +254,7 @@ declare function createGondolinSandboxBackendFactory(options: {
|
|
|
187
254
|
readonly zoneId: string;
|
|
188
255
|
}, dependencies: CreateBackendDependencies): (params: {
|
|
189
256
|
readonly agentWorkspaceDir: string;
|
|
190
|
-
readonly cfg: {
|
|
257
|
+
readonly cfg: OpenClawGondolinSandboxSnapshot & {
|
|
191
258
|
readonly docker?: {
|
|
192
259
|
readonly env?: Record<string, string>;
|
|
193
260
|
};
|
|
@@ -307,6 +374,7 @@ interface OpenClawToolRegistrationApi {
|
|
|
307
374
|
}
|
|
308
375
|
//#endregion
|
|
309
376
|
//#region src/openclaw-backend-dependencies.d.ts
|
|
377
|
+
declare const OPENCLAW_SSH_SESSION_SCRATCH_ROOT = "/work";
|
|
310
378
|
declare function createBackendDeps(ssh: SshHelpers): {
|
|
311
379
|
readonly buildExecSpec: CreateBackendDependencies['buildExecSpec'];
|
|
312
380
|
readonly createFsBridgeBuilder: (leaseContext: OpenClawFsBridgeLeaseContext) => (params: {
|
|
@@ -336,5 +404,5 @@ declare const plugin: {
|
|
|
336
404
|
//#region src/index.d.ts
|
|
337
405
|
declare const OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME = "@agent-vm/openclaw-agent-vm-plugin";
|
|
338
406
|
//#endregion
|
|
339
|
-
export { ControllerLeaseRequestError, ControllerLeaseRequestErrorKind, type CreateBackendDependencies, LeaseClient, OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME, type OpenClawFsBridgeLeaseContext, OpenClawRuntimeStatusReport, type OpenClawSandboxBackendHandle, type OpenClawSandboxFsBridge, ResolvedGondolinPluginConfig, type SshHelpers, createBackendDeps, createGondolinSandboxBackendFactory, createGondolinSandboxBackendManager, createLeaseClient, plugin as default, resolveGondolinPluginConfig };
|
|
407
|
+
export { ControllerLeaseRequestError, ControllerLeaseRequestErrorKind, type CreateBackendDependencies, JsonValue, LeaseClient, OPENCLAW_DEFAULT_AGENT_ID, OPENCLAW_GONDOLIN_LEASE_SCOPE_GUIDANCE, OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME, OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS, OPENCLAW_SSH_SESSION_SCRATCH_ROOT, type OpenClawFsBridgeLeaseContext, OpenClawGondolinAgentConfig, OpenClawGondolinLeaseRequest, OpenClawGondolinLeaseSandboxSnapshot, OpenClawGondolinSandboxRequirement, OpenClawGondolinSandboxRequirementKey, OpenClawGondolinSandboxSnapshot, OpenClawRuntimeStatusReport, type OpenClawSandboxBackendHandle, type OpenClawSandboxFsBridge, ResolvedGondolinPluginConfig, type SshHelpers, createBackendDeps, createGondolinSandboxBackendFactory, createGondolinSandboxBackendManager, createLeaseClient, plugin as default, effectiveOpenClawGondolinSandboxValue, expectedOpenClawGondolinScopeKey, findOpenClawGondolinSandboxMismatch, formatOpenClawGondolinRequirementFieldPath, formatOpenClawGondolinRequirementFindingId, formatOpenClawGondolinRequirementHint, isOpenClawAgentId, isOpenClawAgentSessionKey, normalizeOpenClawAgentId, resolveGondolinPluginConfig, resolveOpenClawAgentIdFromSessionKey, snapshotOpenClawGondolinSandboxConfig };
|
|
340
408
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/controller-lease-client.ts","../src/sandbox-backend/sandbox-backend-contract.ts","../src/sandbox-backend/sandbox-backend-handle-factory.ts","../src/sandbox-backend/sandbox-backend-manager.ts","../src/gondolin-plugin-config.ts","../src/openclaw-sandbox-sdk-contract.ts","../src/openclaw-backend-dependencies.ts","../src/openclaw-plugin-registration.ts","../src/index.ts"],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/controller-lease-client.ts","../src/openclaw-gondolin-contract.ts","../src/sandbox-backend/sandbox-backend-contract.ts","../src/sandbox-backend/sandbox-backend-handle-factory.ts","../src/sandbox-backend/sandbox-backend-manager.ts","../src/gondolin-plugin-config.ts","../src/openclaw-sandbox-sdk-contract.ts","../src/openclaw-backend-dependencies.ts","../src/openclaw-plugin-registration.ts","../src/index.ts"],"mappings":";;;KAcY,SAAA;EAAA,UAKG,GAAA,WAAc,SAAA;AAAA,aACjB,SAAA;AAAA,UAEK,2BAAA;EAAA,SACP,QAAA;IAAA,SACC,IAAA;IAAA,SACA,EAAA;IAAA,SACA,EAAA;EAAA;EAAA,SAED,QAAA;EAAA,SACA,MAAA;AAAA;AAAA,UAGO,oCAAA;EAAA,SACP,OAAA;EAAA,SACA,IAAA;EAAA,SACA,KAAA;EAAA,SACA,eAAA;AAAA;AAAA,UAGO,4BAAA;EAAA,SACP,OAAA;EAAA,SACA,iBAAA;EAAA,SACA,SAAA;EAAA,SACA,OAAA,EAAS,oCAAA;EAAA,SACT,QAAA;EAAA,SACA,UAAA;EAAA,SACA,YAAA;EAAA,SACA,MAAA;AAAA;AAAA,UAGO,WAAA;EAEhB,YAAA,CAAa,OAAA,UAAiB,KAAA,UAAe,OAAA,EAAS,yBAAA,GAA4B,OAAA;EAClF,kBAAA,CAAmB,OAAA,UAAiB,KAAA,WAAgB,OAAA,CAAQ,gCAAA;EAC5D,SAAA,CAAU,OAAA,WAAkB,OAAA,CAAQ,eAAA;EACpC,4BAAA,EAA8B,MAAA,EAAQ,2BAAA,GAA8B,OAAA;EACpE,YAAA,CAAa,OAAA,UAAiB,OAAA;IAAA,SAAqB,KAAA;EAAA,IAAoB,OAAA;EACvE,UAAA,CAAW,OAAA,WAAkB,OAAA,CAAQ,cAAA;EACrC,YAAA,CAAa,OAAA,EAAS,4BAAA,GAA+B,OAAA,CAAQ,cAAA;EAC7D,cAAA,CACC,OAAA,UACA,OAAA,EAAS,2BAAA,GACP,OAAA,CAAQ,4BAAA;AAAA;AAAA,KAGA,+BAAA;AAAA,cAEC,2BAAA,SAAoC,KAAA;EAAA,SACvC,QAAA;EAAA,SACA,IAAA,EAAM,+BAAA;EAAA,SACN,YAAA,EAAc,SAAA;EAAA,SACd,MAAA;cAEG,OAAA;IAAA,SACF,QAAA;IAAA,SACA,OAAA;IAAA,SACA,YAAA,EAAc,SAAA;IAAA,SACd,MAAA;EAAA;AAAA;AAAA,iBA0IK,iBAAA,CAAkB,OAAA;EAAA,SACxB,aAAA;EAAA,SACA,SAAA,IAAa,KAAA,WAAgB,GAAA,GAAM,OAAA,EAAS,IAAA,GAAO,WAAA,KAAgB,OAAA,CAAQ,QAAA;AAAA,IACjF,WAAA;;;cCxNS,yBAAA;AAAA,cAEA,sCAAA;EAAA;;;;;;;;;;;;cAOA,sCAAA;AAAA,KAGD,kCAAA,WACH,sCAAA;AAAA,KAEG,qCAAA,GAAwC,kCAAA;AAAA,UAEnC,+BAAA;EAAA,SACP,OAAA;EAAA,SACA,IAAA;EAAA,SACA,KAAA;EAAA,SACA,eAAA;AAAA;AAAA,UAGO,2BAAA;EAAA,SACP,EAAA;EAAA,SACA,OAAA,GAAU,+BAAA;EAAA,SACV,SAAA;AAAA;AAAA,iBAGM,iBAAA,CAAkB,KAAA;AAAA,iBAIlB,qCAAA,CACf,QAAA,EAAU,2BAAA,EACV,WAAA,EAAa,2BAAA,EACb,GAAA,EAAK,qCAAA;AAAA,iBAKU,0CAAA,CACf,KAAA,UACA,GAAA,EAAK,qCAAA;AAAA,iBAKU,0CAAA,CAA2C,OAAA;EAAA,SACjD,SAAA;EAAA,SACA,KAAA;EAAA,SACA,MAAA;AAAA;AAAA,iBAKM,qCAAA,CAAsC,OAAA;EAAA,SAC5C,aAAA;EAAA,SACA,SAAA;EAAA,SACA,EAAA;AAAA;AAAA,iBAOM,wBAAA,CAAyB,KAAA;AAAA,iBAKzB,oCAAA,CAAqC,UAAA;AAAA,iBAQrC,yBAAA,CAA0B,UAAA;AAAA,iBAK1B,gCAAA,CAAiC,OAAA;AAAA,iBAIjC,qCAAA,CAAsC,GAAA,EAAK,+BAAA;EAAA,SACjD,OAAA;EAAA,SACA,IAAA;EAAA,SACA,KAAA;EAAA,SACA,eAAA;AAAA;AAAA,iBAUM,mCAAA,CACf,OAAA,EAAS,+BAAA,GACP,kCAAA;;;UCvGc,4BAAA;EAAA,SACP,uBAAA;EAAA,SACA,kBAAA;EAAA,SACA,oBAAA,GAAuB,MAAA;IAAA,SACtB,YAAA;IAAA,SACA,IAAA;IAAA,SACA,MAAA;IAAA,SACA,MAAA,GAAS,WAAA;IAAA,SACT,KAAA,GAAQ,MAAA;EAAA,MACZ,OAAA;IAAA,SACI,IAAA;IAAA,SACA,MAAA,EAAQ,MAAA;IAAA,SACR,MAAA,EAAQ,MAAA;EAAA;AAAA;AAAA,UAIF,uBAAA;EAChB,MAAA,CAAO,MAAA;IAAA,SACG,GAAA;IAAA,SACA,QAAA;IAAA,SACA,MAAA,GAAS,WAAA;EAAA,IACf,OAAA;EACJ,QAAA,CAAS,MAAA;IAAA,SACC,GAAA;IAAA,SACA,QAAA;IAAA,SACA,MAAA,GAAS,WAAA;EAAA,IACf,OAAA,CAAQ,MAAA;EACZ,MAAA,CAAO,MAAA;IAAA,SACG,GAAA;IAAA,SACA,QAAA;IAAA,SACA,KAAA;IAAA,SACA,SAAA;IAAA,SACA,MAAA,GAAS,WAAA;EAAA,IACf,OAAA;EACJ,MAAA,CAAO,MAAA;IAAA,SACG,GAAA;IAAA,SACA,IAAA;IAAA,SACA,MAAA,GAAS,WAAA;IAAA,SACT,EAAA;EAAA,IACN,OAAA;EACJ,WAAA,CAAY,MAAA;IAAA,SAAmB,GAAA;IAAA,SAAuB,QAAA;EAAA;IAAA,SAC5C,aAAA;IAAA,SACA,YAAA;EAAA;EAEV,IAAA,CAAK,MAAA;IAAA,SACK,GAAA;IAAA,SACA,QAAA;IAAA,SACA,MAAA,GAAS,WAAA;EAAA,IACf,OAAA;IAAA,SACM,OAAA;IAAA,SACA,IAAA;IAAA,SACA,IAAA;EAAA;EAEV,SAAA,CAAU,MAAA;IAAA,SACA,GAAA;IAAA,SACA,IAAA,EAAM,MAAA;IAAA,SACN,QAAA,GAAW,cAAA;IAAA,SACX,QAAA;IAAA,SACA,KAAA;IAAA,SACA,MAAA,GAAS,WAAA;EAAA,IACf,OAAA;AAAA;AAAA,UAGY,yBAAA;EAAA,SACP,aAAA,GAAgB,MAAA;IAAA,SACf,OAAA;IAAA,SACA,GAAA,EAAK,MAAA;IAAA,SACL,GAAA,EAAK,cAAA;IAAA,SACL,MAAA;IAAA,SACA,OAAA;EAAA,MACJ,OAAA;IAAA,SACI,IAAA;IAAA,SACA,GAAA,EAAK,MAAA;IAAA,SACL,aAAA;IAAA,SACA,SAAA;EAAA;EAAA,SAED,qBAAA,IACR,YAAA,EAAc,4BAAA,MACT,MAAA;IAAA,SAAmB,OAAA;EAAA,MAAuB,uBAAA;EAAA,SACvC,iBAAA,IAAqB,OAAA;IAAA,SAAoB,aAAA;EAAA,MAA4B,WAAA;EAAA,SACrE,oBAAA,GAAuB,MAAA;IAAA,SACtB,YAAA;IAAA,SACA,MAAA;IAAA,SACA,MAAA,GAAS,WAAA;IAAA,SACT,GAAA,EAAK,cAAA;IAAA,SACL,KAAA,GAAQ,MAAA;EAAA,MACZ,OAAA;IAAA,SACI,IAAA;IAAA,SACA,MAAA,EAAQ,MAAA;IAAA,SACR,MAAA,EAAQ,MAAA;EAAA;AAAA;AAAA,UAIF,4BAAA;EAAA,SACP,WAAA;EAAA,SACA,eAAA;EAAA,SACA,cAAA,IAAkB,MAAA;IAAA,SAAmB,OAAA;EAAA,MAAuB,uBAAA;EAAA,SAC5D,GAAA,GAAM,MAAA;EAAA,SACN,EAAA;EAAA,SACA,SAAA;EAAA,SACA,YAAA;EAAA,SACA,OAAA;EACT,aAAA,CAAc,MAAA;IAAA,SACJ,OAAA;IAAA,SACA,GAAA,EAAK,MAAA;IAAA,SACL,MAAA;IAAA,SACA,OAAA;EAAA,IACN,OAAA;IAAA,SACM,IAAA;IAAA,SACA,GAAA,EAAK,MAAA;IAAA,SACL,aAAA;IAAA,SACA,SAAA;EAAA;EAAA,SAED,YAAA,IAAgB,MAAA;IAAA,SACf,QAAA;IAAA,SACA,MAAA;IAAA,SACA,QAAA;IAAA,SACA,KAAA;EAAA,MACJ,OAAA;EACN,eAAA,CAAgB,MAAA;IAAA,SAAmB,MAAA;EAAA,IAAmB,OAAA;IAAA,SAC5C,IAAA;IAAA,SACA,MAAA,EAAQ,MAAA;IAAA,SACR,MAAA,EAAQ,MAAA;EAAA;AAAA;;;iBCUH,mCAAA,CACf,OAAA;EAAA,SACU,aAAA;EAAA,SACA,6BAAA,SAAsC,2BAAA;EAAA,SACtC,SAAA;EAAA,SACA,MAAA;AAAA,GAEV,YAAA,EAAc,yBAAA,IACX,MAAA;EAAA,SACM,iBAAA;EAAA,SACA,GAAA,EAAK,+BAAA;IAAA,SACJ,MAAA;MAAA,SACC,GAAA,GAAM,MAAA;IAAA;EAAA;EAAA,SAGR,QAAA;EAAA,SACA,UAAA;EAAA,SACA,YAAA;AAAA,MACJ,OAAA,CAAQ,4BAAA;;;iBCvJE,mCAAA,CACf,OAAA;EAAA,SACU,aAAA;EAAA,SACA,MAAA;AAAA,GAEV,YAAA,EAAc,yBAAA;EAEd,eAAA,GAAkB,MAAA;IAAA,SACR,KAAA;MAAA,SAAkB,aAAA;IAAA;EAAA,MACtB,OAAA;IAAA,SAAmB,gBAAA;IAAA,SAAoC,OAAA;EAAA;EAC7D,aAAA,GAAgB,MAAA;IAAA,SAAmB,KAAA;MAAA,SAAkB,aAAA;IAAA;EAAA,MAA8B,OAAA;AAAA;;;UCbnE,4BAAA;EAAA,SACP,aAAA;EAAA,SACA,SAAA;EAAA,SACA,YAAA;EAAA,SACA,eAAA;EAAA,SACA,MAAA;AAAA;AAAA,iBAGM,2BAAA,CACf,MAAA,EAAQ,MAAA,oBACN,4BAAA;;;UCVc,iBAAA;EAAA,SACP,OAAA;EAAA,SACA,UAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAGO,UAAA;EAAA,SACP,sBAAA,GAAyB,MAAA;IAAA,SACxB,OAAA;IAAA,SACA,GAAA,EAAK,MAAA;IAAA,SACL,OAAA;EAAA;EAAA,SAED,kBAAA,GAAqB,IAAA;EAAA,SACrB,mBAAA,GAAsB,MAAA;IAAA,SACrB,aAAA;IAAA,SACA,OAAA,EAAS,iBAAA;IAAA,SACT,GAAA;EAAA;EAAA,SAED,gCAAA,GAAmC,MAAA;IAAA,SAClC,OAAA;MAAA,SACC,uBAAA;MAAA,SACA,kBAAA;MAAA,SACA,oBAAA,GAAuB,WAAA;QAAA,SACtB,YAAA;QAAA,SACA,IAAA;QAAA,SACA,MAAA;QAAA,SACA,MAAA,GAAS,WAAA;QAAA,SACT,KAAA,GAAQ,MAAA;MAAA,MACZ,OAAA;QAAA,SACI,IAAA;QAAA,SACA,MAAA,EAAQ,MAAA;QAAA,SACR,MAAA,EAAQ,MAAA;MAAA;IAAA;IAAA,SAGV,OAAA;EAAA,MANK,uBAAA;EAAA,SAQN,mCAAA,GAAsC,QAAA;IAAA,SACrC,OAAA;IAAA,SACA,YAAA;IAAA,SACA,qBAAA;IAAA,SACA,MAAA;IAAA,SACA,cAAA;IAAA,SACA,aAAA;EAAA,MACJ,OAAA,CAAQ,iBAAA;EAAA,SACL,wBAAA,IAA4B,OAAA,EAAS,iBAAA,KAAsB,OAAA;EAAA,SAC3D,oBAAA,GAAuB,MAAA;IAAA,SACtB,YAAA;IAAA,SACA,aAAA;IAAA,SACA,OAAA,EAAS,iBAAA;IAAA,SACT,MAAA,GAAS,WAAA;IAAA,SACT,KAAA,GAAQ,MAAA;EAAA,MACZ,OAAA;IAAA,SACI,IAAA;IAAA,SACA,MAAA,EAAQ,MAAA;IAAA,SACR,MAAA,EAAQ,MAAA;EAAA;EAAA,SAET,eAAA,GAAkB,GAAA,EAAK,MAAA,CAAO,UAAA;IAAA,SAC7B,OAAA,EAAS,MAAA;EAAA;AAAA;AAAA,UAIH,wBAAA;EAAA,SACP,WAAA;EAAA,SACA,OAAA,GAAU,UAAA,UAAoB,MAAA,cAAoB,OAAA,CAAQ,kBAAA;EAAA,SAC1D,IAAA;EAAA,SACA,UAAA,EAAY,MAAA;AAAA;AAAA,UAGL,+BAAA;EAAA,SACP,IAAA;EAAA,SACA,KAAA;EAAA,SACA,QAAA;AAAA;AAAA,UAGO,kBAAA;EAAA,SACP,OAAA;EAAA,SACA,OAAA;AAAA;AAAA,UAGO,2BAAA;EAAA,SACP,YAAA,IACR,IAAA,EAAM,wBAAA,EACN,OAAA,GAAU,+BAAA;AAAA;;;cC3EC,iCAAA;AAAA,iBAEG,iBAAA,CAAkB,GAAA,EAAK,UAAA;EAAA,SAC7B,aAAA,EAAe,yBAAA;EAAA,SACf,qBAAA,GACR,YAAA,EAAc,4BAAA,MACT,MAAA;IAAA,SAAmB,OAAA;EAAA,MAAuB,uBAAA;EAAA,SACvC,oBAAA,EAAsB,yBAAA;AAAA;;;cCK1B,MAAA;;;;;aAMK,MAAA,GAAS,MAAA;IAAA,SACT,YAAA,EAAc,MAAA;IAAA,SACd,YAAA,GAAe,2BAAA;IAAA,SACf,gBAAA;IAAA,SACA,OAAA;MAAA,SACC,MAAA;QAAA,SACC,OAAA,SAAgB,MAAA;MAAA;IAAA;EAAA;AAAA;;;cCxBhB,qCAAA"}
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { createToolVmActiveUseHandle, isToolVmLeasePeek, isToolVmSshLease } from "@agent-vm/gateway-interface";
|
|
2
|
+
import { z } from "zod";
|
|
2
3
|
//#region src/controller-lease-client.ts
|
|
3
4
|
var ControllerLeaseRequestError = class extends Error {
|
|
4
5
|
bodyText;
|
|
@@ -7,16 +8,36 @@ var ControllerLeaseRequestError = class extends Error {
|
|
|
7
8
|
status;
|
|
8
9
|
constructor(options) {
|
|
9
10
|
const kind = options.status >= 400 && options.status < 500 ? "client-error" : "server-error";
|
|
10
|
-
super(`${options.context} returned HTTP ${String(options.status)} (${kind})`);
|
|
11
|
+
super(`${options.context} returned HTTP ${String(options.status)} (${kind})${formatStructuredErrorSuffix(options.responseBody)}`);
|
|
11
12
|
this.bodyText = options.bodyText;
|
|
12
13
|
this.kind = kind;
|
|
13
14
|
this.responseBody = options.responseBody;
|
|
14
15
|
this.status = options.status;
|
|
15
16
|
}
|
|
16
17
|
};
|
|
18
|
+
const structuredControllerErrorSchema = z.object({
|
|
19
|
+
guidance: z.string().trim().min(1).optional(),
|
|
20
|
+
message: z.string().trim().min(1).optional()
|
|
21
|
+
});
|
|
22
|
+
function isJsonObjectRecord(value) {
|
|
23
|
+
return typeof value === "object" && value !== null && !Array.isArray(value) && Object.values(value).every(isJsonValue);
|
|
24
|
+
}
|
|
25
|
+
function isJsonValue(value) {
|
|
26
|
+
if (value === null || typeof value === "string" || typeof value === "boolean" || typeof value === "number") return true;
|
|
27
|
+
if (Array.isArray(value)) return value.every(isJsonValue);
|
|
28
|
+
return isJsonObjectRecord(value);
|
|
29
|
+
}
|
|
30
|
+
const jsonValueSchema = z.custom(isJsonValue);
|
|
17
31
|
function objectValue(value) {
|
|
18
32
|
return typeof value === "object" && value !== null ? value : void 0;
|
|
19
33
|
}
|
|
34
|
+
function formatStructuredErrorSuffix(responseBody) {
|
|
35
|
+
const parsedError = structuredControllerErrorSchema.safeParse(responseBody);
|
|
36
|
+
if (!parsedError.success) return "";
|
|
37
|
+
const { guidance, message } = parsedError.data;
|
|
38
|
+
const parts = [message, guidance ? `Guidance: ${guidance}` : void 0].filter((part) => part !== void 0);
|
|
39
|
+
return parts.length > 0 ? `: ${parts.join(" ")}` : "";
|
|
40
|
+
}
|
|
20
41
|
function isStartActiveUseResponse(value) {
|
|
21
42
|
const record = objectValue(value);
|
|
22
43
|
return record !== void 0 && typeof Reflect.get(record, "expiresAt") === "number" && typeof Reflect.get(record, "heartbeatAfterMs") === "number" && typeof Reflect.get(record, "useId") === "string";
|
|
@@ -33,7 +54,9 @@ function writeLeaseClientLog(message) {
|
|
|
33
54
|
}
|
|
34
55
|
function parseJsonBody(bodyText, context) {
|
|
35
56
|
try {
|
|
36
|
-
|
|
57
|
+
const parsedJson = JSON.parse(bodyText);
|
|
58
|
+
const parsedBody = jsonValueSchema.safeParse(parsedJson);
|
|
59
|
+
return parsedBody.success ? parsedBody.data : void 0;
|
|
37
60
|
} catch (error) {
|
|
38
61
|
writeLeaseClientLog(`${context} returned a non-JSON error body: ${formatUnknownError$1(error)}`);
|
|
39
62
|
return;
|
|
@@ -123,9 +146,12 @@ function createLeaseClient(options) {
|
|
|
123
146
|
requestLease: async (request) => {
|
|
124
147
|
return await readJsonResponse(await fetchImpl(`${baseUrl}/lease`, {
|
|
125
148
|
body: JSON.stringify({
|
|
149
|
+
agentId: request.agentId,
|
|
126
150
|
agentWorkspaceDir: request.agentWorkspaceDir,
|
|
127
151
|
profileId: request.profileId,
|
|
152
|
+
sandbox: request.sandbox,
|
|
128
153
|
scopeKey: request.scopeKey,
|
|
154
|
+
sessionKey: request.sessionKey,
|
|
129
155
|
workMountDir: request.workMountDir,
|
|
130
156
|
zoneId: request.zoneId
|
|
131
157
|
}),
|
|
@@ -143,6 +169,71 @@ function createLeaseClient(options) {
|
|
|
143
169
|
};
|
|
144
170
|
}
|
|
145
171
|
//#endregion
|
|
172
|
+
//#region src/openclaw-gondolin-contract.ts
|
|
173
|
+
const agentIdPattern = /^[a-z0-9][a-z0-9_-]{0,63}$/iu;
|
|
174
|
+
const OPENCLAW_DEFAULT_AGENT_ID = "main";
|
|
175
|
+
const OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS = [
|
|
176
|
+
{
|
|
177
|
+
expectedValue: "gondolin",
|
|
178
|
+
key: "backend"
|
|
179
|
+
},
|
|
180
|
+
{
|
|
181
|
+
expectedValue: "all",
|
|
182
|
+
key: "mode"
|
|
183
|
+
},
|
|
184
|
+
{
|
|
185
|
+
expectedValue: "agent",
|
|
186
|
+
key: "scope"
|
|
187
|
+
},
|
|
188
|
+
{
|
|
189
|
+
expectedValue: "rw",
|
|
190
|
+
key: "workspaceAccess"
|
|
191
|
+
}
|
|
192
|
+
];
|
|
193
|
+
const OPENCLAW_GONDOLIN_LEASE_SCOPE_GUIDANCE = "Managed OpenClaw/Gondolin requires agents.*.sandbox.scope=\"agent\"; the lease scopeKey must be agent:<agentId>, not a raw channel, session, or subagent key.";
|
|
194
|
+
function isOpenClawAgentId(value) {
|
|
195
|
+
return agentIdPattern.test(value.trim());
|
|
196
|
+
}
|
|
197
|
+
function effectiveOpenClawGondolinSandboxValue(defaults, agentConfig, key) {
|
|
198
|
+
return agentConfig.sandbox?.[key] ?? defaults.sandbox?.[key];
|
|
199
|
+
}
|
|
200
|
+
function formatOpenClawGondolinRequirementFieldPath(label, key) {
|
|
201
|
+
return `agents.${label}.sandbox.${key}`;
|
|
202
|
+
}
|
|
203
|
+
function formatOpenClawGondolinRequirementFindingId(options) {
|
|
204
|
+
return `openclaw-tool-vm-${options.fieldPath.replace(/[.[\]]/gu, "-")}-${options.zoneId}-${options.label}`;
|
|
205
|
+
}
|
|
206
|
+
function formatOpenClawGondolinRequirementHint(options) {
|
|
207
|
+
return options.ok ? `${options.fieldPath}=${options.expectedValue}` : `Set ${options.fieldPath} to "${options.expectedValue}" for OpenClaw Tool VM mediation.`;
|
|
208
|
+
}
|
|
209
|
+
function normalizeOpenClawAgentId(value) {
|
|
210
|
+
const trimmed = (value ?? "").trim().toLowerCase();
|
|
211
|
+
return isOpenClawAgentId(trimmed) ? trimmed : OPENCLAW_DEFAULT_AGENT_ID;
|
|
212
|
+
}
|
|
213
|
+
function resolveOpenClawAgentIdFromSessionKey(sessionKey) {
|
|
214
|
+
const parts = sessionKey.trim().split(":");
|
|
215
|
+
if (parts[0] !== "agent" || !parts[1]) return OPENCLAW_DEFAULT_AGENT_ID;
|
|
216
|
+
return normalizeOpenClawAgentId(parts[1]);
|
|
217
|
+
}
|
|
218
|
+
function isOpenClawAgentSessionKey(sessionKey) {
|
|
219
|
+
const parts = sessionKey.trim().split(":");
|
|
220
|
+
return parts[0] === "agent" && parts[1] !== void 0 && isOpenClawAgentId(parts[1]);
|
|
221
|
+
}
|
|
222
|
+
function expectedOpenClawGondolinScopeKey(agentId) {
|
|
223
|
+
return `agent:${agentId}`;
|
|
224
|
+
}
|
|
225
|
+
function snapshotOpenClawGondolinSandboxConfig(cfg) {
|
|
226
|
+
return {
|
|
227
|
+
backend: cfg.backend,
|
|
228
|
+
mode: cfg.mode,
|
|
229
|
+
scope: cfg.scope,
|
|
230
|
+
workspaceAccess: cfg.workspaceAccess
|
|
231
|
+
};
|
|
232
|
+
}
|
|
233
|
+
function findOpenClawGondolinSandboxMismatch(sandbox) {
|
|
234
|
+
return OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS.find((requirement) => sandbox[requirement.key] !== requirement.expectedValue);
|
|
235
|
+
}
|
|
236
|
+
//#endregion
|
|
146
237
|
//#region src/sandbox-backend/sandbox-shell-script.ts
|
|
147
238
|
function buildShellScriptWithArgs(script, args) {
|
|
148
239
|
if (!args || args.length === 0) return script;
|
|
@@ -159,7 +250,12 @@ function scopeCacheKey(params) {
|
|
|
159
250
|
params.workspaceDir
|
|
160
251
|
].join("\0");
|
|
161
252
|
}
|
|
253
|
+
function formatControllerLeaseRequestError(error) {
|
|
254
|
+
const responseBody = error.responseBody === void 0 ? error.bodyText : JSON.stringify(error.responseBody);
|
|
255
|
+
return `${error.message}; response=${responseBody}`;
|
|
256
|
+
}
|
|
162
257
|
function formatUnknownError(error) {
|
|
258
|
+
if (error instanceof ControllerLeaseRequestError) return formatControllerLeaseRequestError(error);
|
|
163
259
|
return error instanceof Error ? error.message : String(error);
|
|
164
260
|
}
|
|
165
261
|
function writeSandboxBackendLog(message) {
|
|
@@ -180,10 +276,25 @@ function isActiveUseFinalizeToken(value) {
|
|
|
180
276
|
function activeUseOutcomeForFinalizeParams(finalizeParams) {
|
|
181
277
|
return finalizeParams.timedOut ? "timed-out" : finalizeParams.status === "completed" ? "completed" : "failed";
|
|
182
278
|
}
|
|
279
|
+
function resolveLeaseRequestAgentId(sessionKey) {
|
|
280
|
+
return resolveOpenClawAgentIdFromSessionKey(sessionKey);
|
|
281
|
+
}
|
|
282
|
+
function assertPluginLeaseContract(params) {
|
|
283
|
+
const mismatch = findOpenClawGondolinSandboxMismatch(params.cfg);
|
|
284
|
+
if (mismatch) throw new Error(`OpenClaw Gondolin sandbox requires ${mismatch.key}=${mismatch.expectedValue}; received ${String(params.cfg[mismatch.key])}.`);
|
|
285
|
+
const expectedScopeKey = expectedOpenClawGondolinScopeKey(params.agentId);
|
|
286
|
+
if (params.scopeKey !== expectedScopeKey) throw new Error(`OpenClaw Gondolin sandbox requires scopeKey '${expectedScopeKey}' for agent '${params.agentId}'; received '${params.scopeKey}'. ${OPENCLAW_GONDOLIN_LEASE_SCOPE_GUIDANCE}`);
|
|
287
|
+
}
|
|
183
288
|
function createGondolinSandboxBackendFactory(options, dependencies) {
|
|
184
289
|
const scopeCache = /* @__PURE__ */ new Map();
|
|
185
290
|
return async (params) => {
|
|
186
291
|
const profileId = options.profileId ?? "standard";
|
|
292
|
+
const agentId = resolveLeaseRequestAgentId(params.sessionKey);
|
|
293
|
+
assertPluginLeaseContract({
|
|
294
|
+
agentId,
|
|
295
|
+
cfg: params.cfg,
|
|
296
|
+
scopeKey: params.scopeKey
|
|
297
|
+
});
|
|
187
298
|
const cacheKey = scopeCacheKey({
|
|
188
299
|
agentWorkspaceDir: params.agentWorkspaceDir,
|
|
189
300
|
profileId,
|
|
@@ -204,9 +315,12 @@ function createGondolinSandboxBackendFactory(options, dependencies) {
|
|
|
204
315
|
const runtimeStatus = options.openClawRuntimeStatusProvider?.();
|
|
205
316
|
if (runtimeStatus && leaseClient.publishOpenClawRuntimeStatus) await leaseClient.publishOpenClawRuntimeStatus(runtimeStatus);
|
|
206
317
|
const leaseResponse = await leaseClient.requestLease({
|
|
318
|
+
agentId,
|
|
207
319
|
agentWorkspaceDir: params.agentWorkspaceDir,
|
|
208
320
|
profileId,
|
|
321
|
+
sandbox: snapshotOpenClawGondolinSandboxConfig(params.cfg),
|
|
209
322
|
scopeKey: params.scopeKey,
|
|
323
|
+
sessionKey: params.sessionKey,
|
|
210
324
|
workMountDir: params.workspaceDir,
|
|
211
325
|
zoneId: options.zoneId
|
|
212
326
|
});
|
|
@@ -384,6 +498,7 @@ function resolveGondolinPluginConfig(config) {
|
|
|
384
498
|
}
|
|
385
499
|
//#endregion
|
|
386
500
|
//#region src/openclaw-backend-dependencies.ts
|
|
501
|
+
const OPENCLAW_SSH_SESSION_SCRATCH_ROOT = "/work";
|
|
387
502
|
function createBackendDeps(ssh) {
|
|
388
503
|
return {
|
|
389
504
|
buildExecSpec: async ({ command, env, ssh: sshCreds, usePty, workdir }) => {
|
|
@@ -393,7 +508,7 @@ function createBackendDeps(ssh) {
|
|
|
393
508
|
strictHostKeyChecking: false,
|
|
394
509
|
target: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,
|
|
395
510
|
updateHostKeys: false,
|
|
396
|
-
workspaceRoot:
|
|
511
|
+
workspaceRoot: OPENCLAW_SSH_SESSION_SCRATCH_ROOT
|
|
397
512
|
});
|
|
398
513
|
const disposeSshSandboxSession = ssh.disposeSshSandboxSession;
|
|
399
514
|
return {
|
|
@@ -431,7 +546,7 @@ function createBackendDeps(ssh) {
|
|
|
431
546
|
strictHostKeyChecking: false,
|
|
432
547
|
target: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,
|
|
433
548
|
updateHostKeys: false,
|
|
434
|
-
workspaceRoot:
|
|
549
|
+
workspaceRoot: OPENCLAW_SSH_SESSION_SCRATCH_ROOT
|
|
435
550
|
});
|
|
436
551
|
return await ssh.runSshSandboxCommand({
|
|
437
552
|
...allowFailure !== void 0 ? { allowFailure } : {},
|
|
@@ -464,18 +579,23 @@ function readAgentConfigEntries(config) {
|
|
|
464
579
|
label: "defaults"
|
|
465
580
|
}, ...agentConfigs];
|
|
466
581
|
}
|
|
467
|
-
function effectiveSandboxValue(defaults, agentConfig, key) {
|
|
468
|
-
return agentConfig.sandbox?.[key] ?? defaults.sandbox?.[key];
|
|
469
|
-
}
|
|
470
582
|
function effectiveWorkspace(defaults, agentConfig) {
|
|
471
583
|
return agentConfig.workspace ?? defaults.workspace;
|
|
472
584
|
}
|
|
473
585
|
function requirementFinding(options) {
|
|
474
586
|
const ok = options.actualValue === options.expectedValue;
|
|
475
587
|
return {
|
|
476
|
-
id:
|
|
588
|
+
id: formatOpenClawGondolinRequirementFindingId({
|
|
589
|
+
fieldPath: options.fieldPath,
|
|
590
|
+
label: options.label,
|
|
591
|
+
zoneId: options.zoneId
|
|
592
|
+
}),
|
|
477
593
|
ok,
|
|
478
|
-
hint:
|
|
594
|
+
hint: formatOpenClawGondolinRequirementHint({
|
|
595
|
+
expectedValue: options.expectedValue,
|
|
596
|
+
fieldPath: options.fieldPath,
|
|
597
|
+
ok
|
|
598
|
+
})
|
|
479
599
|
};
|
|
480
600
|
}
|
|
481
601
|
function buildOpenClawRuntimeStatusReport(options) {
|
|
@@ -486,41 +606,19 @@ function buildOpenClawRuntimeStatusReport(options) {
|
|
|
486
606
|
zoneId: options.zoneId,
|
|
487
607
|
findings: readAgentConfigEntries(config).flatMap(({ config: agentConfig, label }) => {
|
|
488
608
|
const workspace = effectiveWorkspace(defaults, agentConfig);
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
zoneId: options.zoneId
|
|
503
|
-
}),
|
|
504
|
-
requirementFinding({
|
|
505
|
-
actualValue: effectiveSandboxValue(defaults, agentConfig, "scope"),
|
|
506
|
-
expectedValue: "agent",
|
|
507
|
-
fieldPath: `agents.${label}.sandbox.scope`,
|
|
508
|
-
label,
|
|
509
|
-
zoneId: options.zoneId
|
|
510
|
-
}),
|
|
511
|
-
requirementFinding({
|
|
512
|
-
actualValue: effectiveSandboxValue(defaults, agentConfig, "workspaceAccess"),
|
|
513
|
-
expectedValue: "rw",
|
|
514
|
-
fieldPath: `agents.${label}.sandbox.workspaceAccess`,
|
|
515
|
-
label,
|
|
516
|
-
zoneId: options.zoneId
|
|
517
|
-
}),
|
|
518
|
-
{
|
|
519
|
-
id: `openclaw-tool-vm-workspace-${options.zoneId}-${label}`,
|
|
520
|
-
ok: workspace !== "/zone",
|
|
521
|
-
hint: workspace === "/zone" ? "Use /zone/agents/default or per-agent workspaces; keep /zone for shared zone files." : typeof workspace === "string" ? workspace : "agents workspace is unset"
|
|
522
|
-
}
|
|
523
|
-
];
|
|
609
|
+
const requirementFindings = OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS.map((requirement) => requirementFinding({
|
|
610
|
+
actualValue: effectiveOpenClawGondolinSandboxValue(defaults, agentConfig, requirement.key),
|
|
611
|
+
expectedValue: requirement.expectedValue,
|
|
612
|
+
fieldPath: formatOpenClawGondolinRequirementFieldPath(label, requirement.key),
|
|
613
|
+
label,
|
|
614
|
+
zoneId: options.zoneId
|
|
615
|
+
}));
|
|
616
|
+
const workspaceFinding = {
|
|
617
|
+
id: `openclaw-tool-vm-workspace-${options.zoneId}-${label}`,
|
|
618
|
+
ok: workspace !== "/zone",
|
|
619
|
+
hint: workspace === "/zone" ? "Use /zone/agents/default or per-agent workspaces; keep /zone for shared zone files." : typeof workspace === "string" ? workspace : "agents workspace is unset"
|
|
620
|
+
};
|
|
621
|
+
return requirementFindings.concat(workspaceFinding);
|
|
524
622
|
})
|
|
525
623
|
};
|
|
526
624
|
}
|
|
@@ -660,6 +758,6 @@ const plugin = {
|
|
|
660
758
|
//#region src/index.ts
|
|
661
759
|
const OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME = "@agent-vm/openclaw-agent-vm-plugin";
|
|
662
760
|
//#endregion
|
|
663
|
-
export { ControllerLeaseRequestError, OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME, createBackendDeps, createGondolinSandboxBackendFactory, createGondolinSandboxBackendManager, createLeaseClient, plugin as default, resolveGondolinPluginConfig };
|
|
761
|
+
export { ControllerLeaseRequestError, OPENCLAW_DEFAULT_AGENT_ID, OPENCLAW_GONDOLIN_LEASE_SCOPE_GUIDANCE, OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME, OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS, OPENCLAW_SSH_SESSION_SCRATCH_ROOT, createBackendDeps, createGondolinSandboxBackendFactory, createGondolinSandboxBackendManager, createLeaseClient, plugin as default, effectiveOpenClawGondolinSandboxValue, expectedOpenClawGondolinScopeKey, findOpenClawGondolinSandboxMismatch, formatOpenClawGondolinRequirementFieldPath, formatOpenClawGondolinRequirementFindingId, formatOpenClawGondolinRequirementHint, isOpenClawAgentId, isOpenClawAgentSessionKey, normalizeOpenClawAgentId, resolveGondolinPluginConfig, resolveOpenClawAgentIdFromSessionKey, snapshotOpenClawGondolinSandboxConfig };
|
|
664
762
|
|
|
665
763
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":["formatUnknownError"],"sources":["../src/controller-lease-client.ts","../src/sandbox-backend/sandbox-shell-script.ts","../src/sandbox-backend/sandbox-backend-handle-factory.ts","../src/sandbox-backend/sandbox-backend-manager.ts","../src/gondolin-plugin-config.ts","../src/openclaw-backend-dependencies.ts","../src/openclaw-runtime-status.ts","../src/openclaw-sandbox-sdk-contract.ts","../src/zone-git-tool.ts","../src/openclaw-plugin-registration.ts","../src/index.ts"],"sourcesContent":["import {\n\tisToolVmLeasePeek,\n\tisToolVmSshLease,\n\ttype ToolVmLeasePeek,\n\ttype ToolVmSshLease,\n} from '@agent-vm/gateway-interface';\nimport type {\n\tEndToolVmActiveUseRequest,\n\tHeartbeatToolVmActiveUseResponse,\n\tStartToolVmActiveUseRequest,\n\tStartToolVmActiveUseResponse,\n} from '@agent-vm/gateway-interface';\n\nexport interface OpenClawRuntimeStatusReport {\n\treadonly findings: readonly {\n\t\treadonly hint: string;\n\t\treadonly id: string;\n\t\treadonly ok: boolean;\n\t}[];\n\treadonly pluginId: 'gondolin';\n\treadonly zoneId: string;\n}\n\nexport interface LeaseClient {\n\t// Cached handles use renewLease; read-only runtime probes use peekLease.\n\tendActiveUse(leaseId: string, useId: string, request: EndToolVmActiveUseRequest): Promise<void>;\n\theartbeatActiveUse(leaseId: string, useId: string): Promise<HeartbeatToolVmActiveUseResponse>;\n\tpeekLease(leaseId: string): Promise<ToolVmLeasePeek>;\n\tpublishOpenClawRuntimeStatus?(report: OpenClawRuntimeStatusReport): Promise<void>;\n\treleaseLease(leaseId: string, options?: { readonly force?: boolean }): Promise<void>;\n\trenewLease(leaseId: string): Promise<ToolVmSshLease>;\n\trequestLease(request: {\n\t\treadonly agentWorkspaceDir: string;\n\t\treadonly profileId: string;\n\t\treadonly scopeKey: string;\n\t\treadonly workMountDir: string;\n\t\treadonly zoneId: string;\n\t}): Promise<ToolVmSshLease>;\n\tstartActiveUse(\n\t\tleaseId: string,\n\t\trequest: StartToolVmActiveUseRequest,\n\t): Promise<StartToolVmActiveUseResponse>;\n}\n\nexport type ControllerLeaseRequestErrorKind = 'client-error' | 'server-error';\n\nexport class ControllerLeaseRequestError extends Error {\n\treadonly bodyText: string;\n\treadonly kind: ControllerLeaseRequestErrorKind;\n\treadonly responseBody: unknown;\n\treadonly status: number;\n\n\tconstructor(options: {\n\t\treadonly bodyText: string;\n\t\treadonly context: string;\n\t\treadonly responseBody: unknown;\n\t\treadonly status: number;\n\t}) {\n\t\tconst kind: ControllerLeaseRequestErrorKind =\n\t\t\toptions.status >= 400 && options.status < 500 ? 'client-error' : 'server-error';\n\t\tsuper(`${options.context} returned HTTP ${String(options.status)} (${kind})`);\n\t\tthis.bodyText = options.bodyText;\n\t\tthis.kind = kind;\n\t\tthis.responseBody = options.responseBody;\n\t\tthis.status = options.status;\n\t}\n}\n\nfunction objectValue(value: unknown): object | undefined {\n\treturn typeof value === 'object' && value !== null ? value : undefined;\n}\n\nfunction isStartActiveUseResponse(value: unknown): value is StartToolVmActiveUseResponse {\n\tconst record = objectValue(value);\n\treturn (\n\t\trecord !== undefined &&\n\t\ttypeof Reflect.get(record, 'expiresAt') === 'number' &&\n\t\ttypeof Reflect.get(record, 'heartbeatAfterMs') === 'number' &&\n\t\ttypeof Reflect.get(record, 'useId') === 'string'\n\t);\n}\n\nfunction isHeartbeatActiveUseResponse(value: unknown): value is HeartbeatToolVmActiveUseResponse {\n\tconst record = objectValue(value);\n\treturn (\n\t\trecord !== undefined &&\n\t\ttypeof Reflect.get(record, 'expiresAt') === 'number' &&\n\t\ttypeof Reflect.get(record, 'heartbeatAfterMs') === 'number'\n\t);\n}\n\nfunction formatUnknownError(error: unknown): string {\n\treturn error instanceof Error ? error.message : String(error);\n}\n\nfunction writeLeaseClientLog(message: string): void {\n\tprocess.stderr.write(`[openclaw-agent-vm-plugin] ${message}\\n`);\n}\n\nfunction parseJsonBody(bodyText: string, context: string): unknown {\n\ttry {\n\t\treturn JSON.parse(bodyText);\n\t} catch (error) {\n\t\twriteLeaseClientLog(`${context} returned a non-JSON error body: ${formatUnknownError(error)}`);\n\t\treturn undefined;\n\t}\n}\n\nasync function readErrorBody(\n\tresponse: Response,\n\tcontext: string,\n): Promise<{\n\treadonly bodyText: string;\n\treadonly responseBody: unknown;\n}> {\n\tconst bodyText = await response.text().catch(() => '(unreadable)');\n\treturn {\n\t\tbodyText,\n\t\tresponseBody: bodyText === '(unreadable)' ? undefined : parseJsonBody(bodyText, context),\n\t};\n}\n\nasync function readJsonResponse<TValue>(\n\tresponse: Response,\n\tcontext: string,\n\tisExpectedResponse: (value: unknown) => value is TValue,\n): Promise<TValue> {\n\tif (!response.ok) {\n\t\tconst errorBody = await readErrorBody(response, context);\n\t\tthrow new ControllerLeaseRequestError({\n\t\t\tbodyText: errorBody.bodyText,\n\t\t\tcontext,\n\t\t\tresponseBody: errorBody.responseBody,\n\t\t\tstatus: response.status,\n\t\t});\n\t}\n\tconst payload = await response.json();\n\tif (!isExpectedResponse(payload)) {\n\t\tthrow new TypeError(\n\t\t\t`${context} returned an invalid response: ${JSON.stringify(payload).slice(0, 200)}`,\n\t\t);\n\t}\n\treturn payload;\n}\n\nexport function createLeaseClient(options: {\n\treadonly controllerUrl: string;\n\treadonly fetchImpl?: (input: string | URL | Request, init?: RequestInit) => Promise<Response>;\n}): LeaseClient {\n\tconst fetchImpl = options.fetchImpl ?? fetch;\n\tconst baseUrl = options.controllerUrl.replace(/\\/$/u, '');\n\tconst renewLease = async (leaseId: string): Promise<ToolVmSshLease> => {\n\t\tconst response = await fetchImpl(`${baseUrl}/lease/${encodeURIComponent(leaseId)}/renew`, {\n\t\t\tmethod: 'POST',\n\t\t});\n\t\treturn await readJsonResponse(response, 'Controller lease renew API', isToolVmSshLease);\n\t};\n\n\treturn {\n\t\tendActiveUse: async (\n\t\t\tleaseId: string,\n\t\t\tuseId: string,\n\t\t\trequest: EndToolVmActiveUseRequest,\n\t\t): Promise<void> => {\n\t\t\tconst response = await fetchImpl(\n\t\t\t\t`${baseUrl}/lease/${encodeURIComponent(leaseId)}/uses/${encodeURIComponent(useId)}`,\n\t\t\t\t{\n\t\t\t\t\tbody: JSON.stringify(request),\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t\t},\n\t\t\t\t\tmethod: 'DELETE',\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (!response.ok) {\n\t\t\t\tconst errorBody = await readErrorBody(response, 'Controller active-use end API');\n\t\t\t\tthrow new ControllerLeaseRequestError({\n\t\t\t\t\tbodyText: errorBody.bodyText,\n\t\t\t\t\tcontext: 'Controller active-use end API',\n\t\t\t\t\tresponseBody: errorBody.responseBody,\n\t\t\t\t\tstatus: response.status,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t\theartbeatActiveUse: async (\n\t\t\tleaseId: string,\n\t\t\tuseId: string,\n\t\t): Promise<HeartbeatToolVmActiveUseResponse> => {\n\t\t\tconst response = await fetchImpl(\n\t\t\t\t`${baseUrl}/lease/${encodeURIComponent(leaseId)}/uses/${encodeURIComponent(useId)}/heartbeat`,\n\t\t\t\t{\n\t\t\t\t\tmethod: 'POST',\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn await readJsonResponse(\n\t\t\t\tresponse,\n\t\t\t\t'Controller active-use heartbeat API',\n\t\t\t\tisHeartbeatActiveUseResponse,\n\t\t\t);\n\t\t},\n\t\trenewLease,\n\t\tpeekLease: async (leaseId: string): Promise<ToolVmLeasePeek> => {\n\t\t\tconst response = await fetchImpl(`${baseUrl}/lease/${encodeURIComponent(leaseId)}/peek`);\n\t\t\treturn await readJsonResponse(response, 'Controller lease peek API', isToolVmLeasePeek);\n\t\t},\n\t\tpublishOpenClawRuntimeStatus: async (report): Promise<void> => {\n\t\t\tconst response = await fetchImpl(\n\t\t\t\t`${baseUrl}/zones/${encodeURIComponent(report.zoneId)}/openclaw-runtime-status`,\n\t\t\t\t{\n\t\t\t\t\tbody: JSON.stringify(report),\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t\t},\n\t\t\t\t\tmethod: 'POST',\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (!response.ok) {\n\t\t\t\tconst errorBody = await readErrorBody(response, 'Controller OpenClaw runtime status API');\n\t\t\t\tthrow new ControllerLeaseRequestError({\n\t\t\t\t\tbodyText: errorBody.bodyText,\n\t\t\t\t\tcontext: 'Controller OpenClaw runtime status API',\n\t\t\t\t\tresponseBody: errorBody.responseBody,\n\t\t\t\t\tstatus: response.status,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t\treleaseLease: async (\n\t\t\tleaseId: string,\n\t\t\treleaseOptions: { readonly force?: boolean } = {},\n\t\t): Promise<void> => {\n\t\t\tconst releaseUrl = new URL(`${baseUrl}/lease/${encodeURIComponent(leaseId)}`);\n\t\t\tif (releaseOptions.force === true) {\n\t\t\t\treleaseUrl.searchParams.set('force', 'true');\n\t\t\t}\n\t\t\tconst response = await fetchImpl(releaseUrl.toString(), {\n\t\t\t\tmethod: 'DELETE',\n\t\t\t});\n\t\t\tif (!response.ok) {\n\t\t\t\tconst errorBody = await readErrorBody(response, 'Controller lease release API');\n\t\t\t\tthrow new ControllerLeaseRequestError({\n\t\t\t\t\tbodyText: errorBody.bodyText,\n\t\t\t\t\tcontext: 'Controller lease release API',\n\t\t\t\t\tresponseBody: errorBody.responseBody,\n\t\t\t\t\tstatus: response.status,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t\trequestLease: async (request): Promise<ToolVmSshLease> => {\n\t\t\tconst response = await fetchImpl(`${baseUrl}/lease`, {\n\t\t\t\tbody: JSON.stringify({\n\t\t\t\t\tagentWorkspaceDir: request.agentWorkspaceDir,\n\t\t\t\t\tprofileId: request.profileId,\n\t\t\t\t\tscopeKey: request.scopeKey,\n\t\t\t\t\tworkMountDir: request.workMountDir,\n\t\t\t\t\tzoneId: request.zoneId,\n\t\t\t\t}),\n\t\t\t\theaders: {\n\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t},\n\t\t\t\tmethod: 'POST',\n\t\t\t});\n\t\t\treturn await readJsonResponse(response, 'Controller lease API', isToolVmSshLease);\n\t\t},\n\t\tstartActiveUse: async (\n\t\t\tleaseId: string,\n\t\t\trequest: StartToolVmActiveUseRequest,\n\t\t): Promise<StartToolVmActiveUseResponse> => {\n\t\t\tconst response = await fetchImpl(`${baseUrl}/lease/${encodeURIComponent(leaseId)}/uses`, {\n\t\t\t\tbody: JSON.stringify(request),\n\t\t\t\theaders: {\n\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t},\n\t\t\t\tmethod: 'POST',\n\t\t\t});\n\t\t\treturn await readJsonResponse(\n\t\t\t\tresponse,\n\t\t\t\t'Controller active-use start API',\n\t\t\t\tisStartActiveUseResponse,\n\t\t\t);\n\t\t},\n\t};\n}\n","export function buildShellScriptWithArgs(script: string, args?: readonly string[]): string {\n\tif (!args || args.length === 0) {\n\t\treturn script;\n\t}\n\n\tconst escapedArgs = args.map((arg) => `'${arg.replace(/'/g, \"'\\\\''\")}'`).join(' ');\n\treturn `set -- ${escapedArgs}; ${script}`;\n}\n","import {\n\tcreateToolVmActiveUseHandle,\n\ttype ToolVmActiveUseHandle,\n\ttype ToolVmActiveUseOutcome,\n\ttype ToolVmActiveUseCorrelation,\n\ttype StartToolVmActiveUseRequest,\n\ttype StartToolVmActiveUseResponse,\n\ttype HeartbeatToolVmActiveUseResponse,\n\ttype EndToolVmActiveUseRequest,\n\tisToolVmSshLease,\n} from '@agent-vm/gateway-interface';\n\nimport {\n\tControllerLeaseRequestError,\n\tcreateLeaseClient,\n\ttype LeaseClient,\n\ttype OpenClawRuntimeStatusReport,\n} from '../controller-lease-client.js';\nimport {\n\ttype CachedScopeEntry,\n\ttype CreateBackendDependencies,\n\ttype OpenClawFsBridgeLeaseContext,\n\ttype OpenClawSandboxBackendHandle,\n} from './sandbox-backend-contract.js';\nimport { buildShellScriptWithArgs } from './sandbox-shell-script.js';\n\nfunction scopeCacheKey(params: {\n\treadonly agentWorkspaceDir: string;\n\treadonly profileId: string;\n\treadonly scopeKey: string;\n\treadonly workspaceDir: string;\n\treadonly zoneId: string;\n}): string {\n\treturn [\n\t\tparams.zoneId,\n\t\tparams.scopeKey,\n\t\tparams.profileId,\n\t\tparams.agentWorkspaceDir,\n\t\tparams.workspaceDir,\n\t].join('\\0');\n}\n\nfunction formatUnknownError(error: unknown): string {\n\treturn error instanceof Error ? error.message : String(error);\n}\n\nfunction writeSandboxBackendLog(message: string): void {\n\tprocess.stderr.write(`[openclaw-agent-vm-plugin] ${message}\\n`);\n}\n\nfunction shouldRefreshCachedLease(error: unknown): boolean {\n\treturn error instanceof ControllerLeaseRequestError && error.status === 404;\n}\n\nfunction isCleanupNotFound(error: unknown): boolean {\n\treturn error instanceof ControllerLeaseRequestError && error.status === 404;\n}\n\ninterface DisposableFinalizeToken {\n\tdispose(): Promise<void>;\n}\n\ninterface ActiveUseFinalizeToken {\n\treadonly activeUseHandle: ToolVmActiveUseHandle;\n\treadonly innerToken?: unknown;\n}\n\nfunction isDisposableFinalizeToken(value: unknown): value is DisposableFinalizeToken {\n\treturn (\n\t\ttypeof value === 'object' &&\n\t\tvalue !== null &&\n\t\t'dispose' in value &&\n\t\ttypeof Reflect.get(value, 'dispose') === 'function'\n\t);\n}\n\nfunction isActiveUseFinalizeToken(value: unknown): value is ActiveUseFinalizeToken {\n\treturn (\n\t\ttypeof value === 'object' &&\n\t\tvalue !== null &&\n\t\t'activeUseHandle' in value &&\n\t\ttypeof Reflect.get(value, 'activeUseHandle') === 'object'\n\t);\n}\n\nfunction activeUseOutcomeForFinalizeParams(finalizeParams: {\n\treadonly status: 'completed' | 'failed';\n\treadonly timedOut: boolean;\n}): ToolVmActiveUseOutcome {\n\treturn finalizeParams.timedOut\n\t\t? 'timed-out'\n\t\t: finalizeParams.status === 'completed'\n\t\t\t? 'completed'\n\t\t\t: 'failed';\n}\n\nexport function createGondolinSandboxBackendFactory(\n\toptions: {\n\t\treadonly controllerUrl: string;\n\t\treadonly openClawRuntimeStatusProvider?: () => OpenClawRuntimeStatusReport | undefined;\n\t\treadonly profileId?: string;\n\t\treadonly zoneId: string;\n\t},\n\tdependencies: CreateBackendDependencies,\n): (params: {\n\treadonly agentWorkspaceDir: string;\n\treadonly cfg: {\n\t\treadonly docker?: {\n\t\t\treadonly env?: Record<string, string>;\n\t\t};\n\t};\n\treadonly scopeKey: string;\n\treadonly sessionKey: string;\n\treadonly workspaceDir: string;\n}) => Promise<OpenClawSandboxBackendHandle> {\n\tconst scopeCache = new Map<string, CachedScopeEntry>();\n\n\treturn async (params) => {\n\t\tconst profileId = options.profileId ?? 'standard';\n\t\tconst cacheKey = scopeCacheKey({\n\t\t\tagentWorkspaceDir: params.agentWorkspaceDir,\n\t\t\tprofileId,\n\t\t\tscopeKey: params.scopeKey,\n\t\t\tworkspaceDir: params.workspaceDir,\n\t\t\tzoneId: options.zoneId,\n\t\t});\n\t\tconst leaseClient =\n\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\tconst cachedEntry = scopeCache.get(cacheKey);\n\t\tif (cachedEntry) {\n\t\t\ttry {\n\t\t\t\tawait leaseClient.renewLease(cachedEntry.lease.leaseId);\n\t\t\t\treturn cachedEntry.handle;\n\t\t\t} catch (error) {\n\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t`lease renew failed for zone '${options.zoneId}' scope '${params.scopeKey}' lease '${cachedEntry.lease.leaseId}': ${formatUnknownError(error)}`,\n\t\t\t\t);\n\t\t\t\tif (!shouldRefreshCachedLease(error)) {\n\t\t\t\t\tthrow error;\n\t\t\t\t}\n\t\t\t\tscopeCache.delete(cacheKey);\n\t\t\t}\n\t\t}\n\t\t// OpenClaw SDK still names the selected sandbox path `workspaceDir`.\n\t\t// agent-vm's controller calls the same value `workMountDir` because it\n\t\t// backs the Tool VM /work mount.\n\t\tconst runtimeStatus = options.openClawRuntimeStatusProvider?.();\n\t\tif (runtimeStatus && leaseClient.publishOpenClawRuntimeStatus) {\n\t\t\tawait leaseClient.publishOpenClawRuntimeStatus(runtimeStatus);\n\t\t}\n\t\tconst leaseResponse = await leaseClient.requestLease({\n\t\t\tagentWorkspaceDir: params.agentWorkspaceDir,\n\t\t\tprofileId,\n\t\t\tscopeKey: params.scopeKey,\n\t\t\tworkMountDir: params.workspaceDir,\n\t\t\tzoneId: options.zoneId,\n\t\t});\n\t\tif (!isToolVmSshLease(leaseResponse)) {\n\t\t\tthrow new TypeError('Controller lease API returned an unexpected response.');\n\t\t}\n\n\t\tconst lease = leaseResponse;\n\t\tconst handle = createSandboxBackendHandle({\n\t\t\tcfg: params.cfg,\n\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\tcreateFsBridgeBuilder: dependencies.createFsBridgeBuilder,\n\t\t\tlease,\n\t\t\tleaseClient,\n\t\t\trunRemoteShellScript: dependencies.runRemoteShellScript,\n\t\t\tbuildExecSpec: dependencies.buildExecSpec,\n\t\t\tscopeKey: params.scopeKey,\n\t\t\tsessionKey: params.sessionKey,\n\t\t\tzoneId: options.zoneId,\n\t\t});\n\t\tscopeCache.set(cacheKey, { handle, lease });\n\t\treturn handle;\n\t};\n}\n\nfunction createSandboxBackendHandle(options: {\n\treadonly buildExecSpec: CreateBackendDependencies['buildExecSpec'];\n\treadonly cfg: {\n\t\treadonly docker?: {\n\t\t\treadonly env?: Record<string, string>;\n\t\t};\n\t};\n\treadonly controllerUrl: string;\n\treadonly createFsBridgeBuilder?: CreateBackendDependencies['createFsBridgeBuilder'];\n\treadonly lease: CachedScopeEntry['lease'];\n\treadonly leaseClient: LeaseClient;\n\treadonly runRemoteShellScript: CreateBackendDependencies['runRemoteShellScript'];\n\treadonly scopeKey: string;\n\treadonly sessionKey: string;\n\treadonly zoneId: string;\n}): OpenClawSandboxBackendHandle {\n\tconst createActiveUseHandle = async (\n\t\tcorrelation: ToolVmActiveUseCorrelation,\n\t): Promise<ToolVmActiveUseHandle> =>\n\t\tawait createToolVmActiveUseHandle({\n\t\t\tcorrelation,\n\t\t\tendActiveUse: async (useId: string, request: EndToolVmActiveUseRequest): Promise<void> => {\n\t\t\t\tawait options.leaseClient.endActiveUse(options.lease.leaseId, useId, request);\n\t\t\t},\n\t\t\theartbeatActiveUse: async (useId: string): Promise<HeartbeatToolVmActiveUseResponse> =>\n\t\t\t\tawait options.leaseClient.heartbeatActiveUse(options.lease.leaseId, useId),\n\t\t\tisEndErrorTolerable: isCleanupNotFound,\n\t\t\tlogEndFailure: (error: unknown): void => {\n\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t`active-use cleanup ignored for zone '${options.zoneId}' lease '${options.lease.leaseId}': ${formatUnknownError(error)}`,\n\t\t\t\t);\n\t\t\t},\n\t\t\tlogHeartbeatFailure: (error: unknown): void => {\n\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t`active-use heartbeat failed for zone '${options.zoneId}' lease '${options.lease.leaseId}': ${formatUnknownError(error)}`,\n\t\t\t\t);\n\t\t\t},\n\t\t\tstartActiveUse: async (\n\t\t\t\trequest: StartToolVmActiveUseRequest,\n\t\t\t): Promise<StartToolVmActiveUseResponse> =>\n\t\t\t\tawait options.leaseClient.startActiveUse(options.lease.leaseId, request),\n\t\t});\n\n\tconst runWithActiveUse = async <TResult>(\n\t\tcorrelation: ToolVmActiveUseCorrelation,\n\t\tfn: () => Promise<TResult>,\n\t): Promise<TResult> => {\n\t\tconst activeUseHandle = await createActiveUseHandle(correlation);\n\t\ttry {\n\t\t\tconst result = await fn();\n\t\t\tawait activeUseHandle.dispose('completed');\n\t\t\treturn result;\n\t\t} catch (error) {\n\t\t\tawait activeUseHandle.dispose('failed').catch((cleanupError: unknown) => {\n\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t`failed to end active use after operation failure for zone '${options.zoneId}' lease '${options.lease.leaseId}': ${formatUnknownError(cleanupError)}`,\n\t\t\t\t);\n\t\t\t});\n\t\t\tthrow error;\n\t\t}\n\t};\n\n\tconst boundRunRemoteShellScript: OpenClawFsBridgeLeaseContext['runRemoteShellScript'] = async (\n\t\tshellParams,\n\t) =>\n\t\tawait runWithActiveUse(\n\t\t\t{\n\t\t\t\tsessionKey: options.sessionKey,\n\t\t\t\ttoolName: 'fs-bridge',\n\t\t\t},\n\t\t\tasync () =>\n\t\t\t\tawait options.runRemoteShellScript({\n\t\t\t\t\t...(shellParams.allowFailure !== undefined\n\t\t\t\t\t\t? { allowFailure: shellParams.allowFailure }\n\t\t\t\t\t\t: {}),\n\t\t\t\t\tscript: buildShellScriptWithArgs(shellParams.script, shellParams.args),\n\t\t\t\t\t...(shellParams.signal !== undefined ? { signal: shellParams.signal } : {}),\n\t\t\t\t\tssh: options.lease.ssh,\n\t\t\t\t\t...(shellParams.stdin !== undefined ? { stdin: shellParams.stdin } : {}),\n\t\t\t\t}),\n\t\t);\n\n\tconst disposeInnerFinalizeToken = async (token: unknown): Promise<void> => {\n\t\tif (isDisposableFinalizeToken(token)) {\n\t\t\tawait token.dispose();\n\t\t}\n\t};\n\n\tconst endActiveUseFinalizeToken = async (\n\t\ttoken: ActiveUseFinalizeToken,\n\t\toutcome: ToolVmActiveUseOutcome,\n\t): Promise<void> => {\n\t\tlet innerError: unknown;\n\t\ttry {\n\t\t\tawait disposeInnerFinalizeToken(token.innerToken);\n\t\t} catch (error) {\n\t\t\tinnerError = error;\n\t\t}\n\t\tlet activeUseError: unknown;\n\t\ttry {\n\t\t\tawait token.activeUseHandle.dispose(outcome);\n\t\t} catch (error) {\n\t\t\tactiveUseError = error;\n\t\t}\n\t\tif (innerError) {\n\t\t\tthrow innerError;\n\t\t}\n\t\tif (activeUseError) {\n\t\t\tthrow activeUseError;\n\t\t}\n\t};\n\n\tconst createFsBridge = options.createFsBridgeBuilder?.({\n\t\tremoteAgentWorkspaceDir: options.lease.workdir,\n\t\tremoteWorkspaceDir: options.lease.workdir,\n\t\trunRemoteShellScript: boundRunRemoteShellScript,\n\t});\n\n\treturn {\n\t\t...(createFsBridge ? { createFsBridge } : {}),\n\t\t...(options.cfg.docker?.env ? { env: options.cfg.docker.env } : {}),\n\t\tconfigLabel: `${options.controllerUrl} (${options.zoneId})`,\n\t\tconfigLabelKind: 'VM',\n\t\tid: 'gondolin',\n\t\truntimeId: options.lease.leaseId,\n\t\truntimeLabel: options.lease.leaseId,\n\t\tworkdir: options.lease.workdir,\n\t\tbuildExecSpec: async (execParams) => {\n\t\t\tconst activeUseHandle = await createActiveUseHandle({\n\t\t\t\tsessionKey: options.sessionKey,\n\t\t\t\ttoolName: 'shell',\n\t\t\t});\n\t\t\ttry {\n\t\t\t\tconst execSpec = await options.buildExecSpec({\n\t\t\t\t\tcommand: execParams.command,\n\t\t\t\t\tenv: execParams.env,\n\t\t\t\t\tssh: options.lease.ssh,\n\t\t\t\t\tusePty: execParams.usePty,\n\t\t\t\t\tworkdir: execParams.workdir ?? options.lease.workdir,\n\t\t\t\t});\n\t\t\t\treturn {\n\t\t\t\t\t...execSpec,\n\t\t\t\t\tfinalizeToken: {\n\t\t\t\t\t\tactiveUseHandle,\n\t\t\t\t\t\t...(execSpec.finalizeToken !== undefined ? { innerToken: execSpec.finalizeToken } : {}),\n\t\t\t\t\t} satisfies ActiveUseFinalizeToken,\n\t\t\t\t};\n\t\t\t} catch (error) {\n\t\t\t\tawait activeUseHandle.dispose('failed').catch((cleanupError: unknown) => {\n\t\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t\t`failed to end active use after buildExecSpec failure for zone '${options.zoneId}' lease '${options.lease.leaseId}': ${formatUnknownError(cleanupError)}`,\n\t\t\t\t\t);\n\t\t\t\t});\n\t\t\t\tthrow error;\n\t\t\t}\n\t\t},\n\t\tfinalizeExec: async (finalizeParams) => {\n\t\t\tif (isActiveUseFinalizeToken(finalizeParams.token)) {\n\t\t\t\tawait endActiveUseFinalizeToken(\n\t\t\t\t\tfinalizeParams.token,\n\t\t\t\t\tactiveUseOutcomeForFinalizeParams(finalizeParams),\n\t\t\t\t);\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tawait disposeInnerFinalizeToken(finalizeParams.token);\n\t\t},\n\t\trunShellCommand: async (commandParams) =>\n\t\t\tawait runWithActiveUse(\n\t\t\t\t{\n\t\t\t\t\tsessionKey: options.sessionKey,\n\t\t\t\t\ttoolName: 'runShellCommand',\n\t\t\t\t},\n\t\t\t\tasync () =>\n\t\t\t\t\tawait options.runRemoteShellScript({\n\t\t\t\t\t\tscript: commandParams.script,\n\t\t\t\t\t\tssh: options.lease.ssh,\n\t\t\t\t\t}),\n\t\t\t),\n\t} satisfies OpenClawSandboxBackendHandle;\n}\n","import { ControllerLeaseRequestError, createLeaseClient } from '../controller-lease-client.js';\nimport type { CreateBackendDependencies } from './sandbox-backend-contract.js';\n\nexport function createGondolinSandboxBackendManager(\n\toptions: {\n\t\treadonly controllerUrl: string;\n\t\treadonly zoneId: string;\n\t},\n\tdependencies: CreateBackendDependencies,\n): {\n\tdescribeRuntime: (params: {\n\t\treadonly entry: { readonly containerName: string };\n\t}) => Promise<{ readonly configLabelMatch: boolean; readonly running: boolean }>;\n\tremoveRuntime: (params: { readonly entry: { readonly containerName: string } }) => Promise<void>;\n} {\n\treturn {\n\t\tdescribeRuntime: async (params) => {\n\t\t\tconst leaseClient =\n\t\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\t\ttry {\n\t\t\t\tconst leaseStatus = await leaseClient.peekLease(params.entry.containerName);\n\t\t\t\treturn { configLabelMatch: true, running: leaseStatus !== null };\n\t\t\t} catch (error) {\n\t\t\t\tif (!(error instanceof ControllerLeaseRequestError) || error.status !== 404) {\n\t\t\t\t\tthrow error;\n\t\t\t\t}\n\t\t\t\treturn { configLabelMatch: false, running: false };\n\t\t\t}\n\t\t},\n\t\tremoveRuntime: async (params) => {\n\t\t\tconst leaseClient =\n\t\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\t\tawait leaseClient.releaseLease(params.entry.containerName, { force: true });\n\t\t},\n\t};\n}\n","export interface ResolvedGondolinPluginConfig {\n\treadonly controllerUrl: string;\n\treadonly profileId?: string;\n\treadonly zoneGitToken?: string;\n\treadonly zoneGitTokenEnv?: string;\n\treadonly zoneId: string;\n}\n\nexport function resolveGondolinPluginConfig(\n\tconfig: Record<string, unknown>,\n): ResolvedGondolinPluginConfig {\n\tif (typeof config.controllerUrl !== 'string' || typeof config.zoneId !== 'string') {\n\t\tthrow new Error('Gondolin plugin config requires controllerUrl and zoneId.');\n\t}\n\n\treturn {\n\t\tcontrollerUrl: config.controllerUrl,\n\t\t...(typeof config.profileId === 'string' ? { profileId: config.profileId } : {}),\n\t\t...(typeof config.zoneGitToken === 'string' ? { zoneGitToken: config.zoneGitToken } : {}),\n\t\t...(typeof config.zoneGitTokenEnv === 'string'\n\t\t\t? { zoneGitTokenEnv: config.zoneGitTokenEnv }\n\t\t\t: {}),\n\t\tzoneId: config.zoneId,\n\t};\n}\n","import type { SshHelpers, SshSandboxSession } from './openclaw-sandbox-sdk-contract.js';\nimport type {\n\tCreateBackendDependencies,\n\tOpenClawFsBridgeLeaseContext,\n\tOpenClawSandboxFsBridge,\n} from './sandbox-backend-factory.js';\n\nexport function createBackendDeps(ssh: SshHelpers): {\n\treadonly buildExecSpec: CreateBackendDependencies['buildExecSpec'];\n\treadonly createFsBridgeBuilder: (\n\t\tleaseContext: OpenClawFsBridgeLeaseContext,\n\t) => (params: { readonly sandbox: unknown }) => OpenClawSandboxFsBridge;\n\treadonly runRemoteShellScript: CreateBackendDependencies['runRemoteShellScript'];\n} {\n\treturn {\n\t\tbuildExecSpec: async ({ command, env, ssh: sshCreds, usePty, workdir }) => {\n\t\t\tconst session = await ssh.createSshSandboxSessionFromSettings({\n\t\t\t\tcommand: 'ssh',\n\t\t\t\tidentityData: sshCreds.identityPem,\n\t\t\t\tstrictHostKeyChecking: false,\n\t\t\t\ttarget: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,\n\t\t\t\tupdateHostKeys: false,\n\t\t\t\tworkspaceRoot: workdir,\n\t\t\t});\n\t\t\tconst disposeSshSandboxSession = ssh.disposeSshSandboxSession;\n\t\t\treturn {\n\t\t\t\targv: ssh.buildSshSandboxArgv({\n\t\t\t\t\tremoteCommand: ssh.buildExecRemoteCommand({\n\t\t\t\t\t\tcommand,\n\t\t\t\t\t\tenv,\n\t\t\t\t\t\tworkdir,\n\t\t\t\t\t}),\n\t\t\t\t\tsession,\n\t\t\t\t\ttty: usePty,\n\t\t\t\t}),\n\t\t\t\tenv: ssh.sanitizeEnvVars(process.env).allowed,\n\t\t\t\tfinalizeToken: {\n\t\t\t\t\tdispose: async (): Promise<void> => {\n\t\t\t\t\t\tif (disposeSshSandboxSession) {\n\t\t\t\t\t\t\tawait disposeSshSandboxSession(session);\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t\tsession,\n\t\t\t\t},\n\t\t\t\tstdinMode: 'pipe-open' as const,\n\t\t\t};\n\t\t},\n\t\tcreateFsBridgeBuilder:\n\t\t\t(leaseContext: OpenClawFsBridgeLeaseContext) =>\n\t\t\t(params: { readonly sandbox: unknown }): OpenClawSandboxFsBridge =>\n\t\t\t\tssh.createRemoteShellSandboxFsBridge({\n\t\t\t\t\tsandbox: params.sandbox,\n\t\t\t\t\truntime: {\n\t\t\t\t\t\tremoteAgentWorkspaceDir: leaseContext.remoteAgentWorkspaceDir,\n\t\t\t\t\t\tremoteWorkspaceDir: leaseContext.remoteWorkspaceDir,\n\t\t\t\t\t\trunRemoteShellScript: leaseContext.runRemoteShellScript,\n\t\t\t\t\t},\n\t\t\t\t}),\n\t\trunRemoteShellScript: async ({ allowFailure, script, signal, ssh: sshCreds, stdin }) => {\n\t\t\tconst session = await ssh.createSshSandboxSessionFromSettings({\n\t\t\t\tcommand: 'ssh',\n\t\t\t\tidentityData: sshCreds.identityPem,\n\t\t\t\tstrictHostKeyChecking: false,\n\t\t\t\ttarget: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,\n\t\t\t\tupdateHostKeys: false,\n\t\t\t\tworkspaceRoot: '/work',\n\t\t\t});\n\t\t\treturn await ssh.runSshSandboxCommand({\n\t\t\t\t...(allowFailure !== undefined ? { allowFailure } : {}),\n\t\t\t\tremoteCommand: ssh.buildRemoteCommand(['/bin/sh', '-c', script, 'gondolin-sandbox-fs']),\n\t\t\t\tsession,\n\t\t\t\t...(signal !== undefined ? { signal } : {}),\n\t\t\t\t...(stdin !== undefined ? { stdin } : {}),\n\t\t\t});\n\t\t},\n\t};\n}\n\nexport type { SshHelpers, SshSandboxSession };\n","interface OpenClawAgentConfig {\n\treadonly [key: string]: unknown;\n\treadonly id?: unknown;\n\treadonly sandbox?: {\n\t\treadonly [key: string]: unknown;\n\t\treadonly backend?: unknown;\n\t\treadonly mode?: unknown;\n\t\treadonly scope?: unknown;\n\t\treadonly workspaceAccess?: unknown;\n\t};\n\treadonly workspace?: unknown;\n}\n\ninterface OpenClawRuntimeConfig {\n\treadonly [key: string]: unknown;\n\treadonly agents?: {\n\t\treadonly defaults?: OpenClawAgentConfig;\n\t\treadonly list?: readonly unknown[];\n\t};\n}\n\nexport interface OpenClawRuntimeRequirementFinding {\n\treadonly hint: string;\n\treadonly id: string;\n\treadonly ok: boolean;\n}\n\nexport interface OpenClawRuntimeStatusReport {\n\treadonly findings: readonly OpenClawRuntimeRequirementFinding[];\n\treadonly pluginId: 'gondolin';\n\treadonly zoneId: string;\n}\n\nfunction isObjectRecord(value: unknown): value is Record<string, unknown> {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nfunction readAgentConfigEntries(config: OpenClawRuntimeConfig): readonly {\n\treadonly config: OpenClawAgentConfig;\n\treadonly label: string;\n}[] {\n\tconst defaultConfig = config.agents?.defaults ?? {};\n\tconst agentConfigs = (config.agents?.list ?? [])\n\t\t.filter(isObjectRecord)\n\t\t.map((agentConfig, agentIndex) => ({\n\t\t\tconfig: agentConfig,\n\t\t\tlabel:\n\t\t\t\ttypeof agentConfig.id === 'string'\n\t\t\t\t\t? `agent-${agentConfig.id}`\n\t\t\t\t\t: `agent-${String(agentIndex)}`,\n\t\t}));\n\treturn [{ config: defaultConfig, label: 'defaults' }, ...agentConfigs];\n}\n\nfunction effectiveSandboxValue(\n\tdefaults: OpenClawAgentConfig,\n\tagentConfig: OpenClawAgentConfig,\n\tkey: 'backend' | 'mode' | 'scope' | 'workspaceAccess',\n): unknown {\n\treturn agentConfig.sandbox?.[key] ?? defaults.sandbox?.[key];\n}\n\nfunction effectiveWorkspace(\n\tdefaults: OpenClawAgentConfig,\n\tagentConfig: OpenClawAgentConfig,\n): unknown {\n\treturn agentConfig.workspace ?? defaults.workspace;\n}\n\nfunction requirementFinding(options: {\n\treadonly actualValue: unknown;\n\treadonly expectedValue: string;\n\treadonly fieldPath: string;\n\treadonly label: string;\n\treadonly zoneId: string;\n}): OpenClawRuntimeRequirementFinding {\n\tconst ok = options.actualValue === options.expectedValue;\n\treturn {\n\t\tid: `openclaw-tool-vm-${options.fieldPath.replace(/[.[\\]]/gu, '-')}-${options.zoneId}-${options.label}`,\n\t\tok,\n\t\thint: ok\n\t\t\t? `${options.fieldPath}=${options.expectedValue}`\n\t\t\t: `Set ${options.fieldPath} to \"${options.expectedValue}\" for OpenClaw Tool VM mediation.`,\n\t};\n}\n\nexport function buildOpenClawRuntimeStatusReport(options: {\n\treadonly config: Record<string, unknown>;\n\treadonly zoneId: string;\n}): OpenClawRuntimeStatusReport {\n\tconst config: OpenClawRuntimeConfig = options.config;\n\tconst defaults = config.agents?.defaults ?? {};\n\treturn {\n\t\tpluginId: 'gondolin',\n\t\tzoneId: options.zoneId,\n\t\tfindings: readAgentConfigEntries(config).flatMap(({ config: agentConfig, label }) => {\n\t\t\tconst workspace = effectiveWorkspace(defaults, agentConfig);\n\t\t\treturn [\n\t\t\t\trequirementFinding({\n\t\t\t\t\tactualValue: effectiveSandboxValue(defaults, agentConfig, 'backend'),\n\t\t\t\t\texpectedValue: 'gondolin',\n\t\t\t\t\tfieldPath: `agents.${label}.sandbox.backend`,\n\t\t\t\t\tlabel,\n\t\t\t\t\tzoneId: options.zoneId,\n\t\t\t\t}),\n\t\t\t\trequirementFinding({\n\t\t\t\t\tactualValue: effectiveSandboxValue(defaults, agentConfig, 'mode'),\n\t\t\t\t\texpectedValue: 'all',\n\t\t\t\t\tfieldPath: `agents.${label}.sandbox.mode`,\n\t\t\t\t\tlabel,\n\t\t\t\t\tzoneId: options.zoneId,\n\t\t\t\t}),\n\t\t\t\trequirementFinding({\n\t\t\t\t\tactualValue: effectiveSandboxValue(defaults, agentConfig, 'scope'),\n\t\t\t\t\texpectedValue: 'agent',\n\t\t\t\t\tfieldPath: `agents.${label}.sandbox.scope`,\n\t\t\t\t\tlabel,\n\t\t\t\t\tzoneId: options.zoneId,\n\t\t\t\t}),\n\t\t\t\trequirementFinding({\n\t\t\t\t\tactualValue: effectiveSandboxValue(defaults, agentConfig, 'workspaceAccess'),\n\t\t\t\t\texpectedValue: 'rw',\n\t\t\t\t\tfieldPath: `agents.${label}.sandbox.workspaceAccess`,\n\t\t\t\t\tlabel,\n\t\t\t\t\tzoneId: options.zoneId,\n\t\t\t\t}),\n\t\t\t\t{\n\t\t\t\t\tid: `openclaw-tool-vm-workspace-${options.zoneId}-${label}`,\n\t\t\t\t\tok: workspace !== '/zone',\n\t\t\t\t\thint:\n\t\t\t\t\t\tworkspace === '/zone'\n\t\t\t\t\t\t\t? 'Use /zone/agents/default or per-agent workspaces; keep /zone for shared zone files.'\n\t\t\t\t\t\t\t: typeof workspace === 'string'\n\t\t\t\t\t\t\t\t? workspace\n\t\t\t\t\t\t\t\t: 'agents workspace is unset',\n\t\t\t\t},\n\t\t\t] as const satisfies readonly OpenClawRuntimeRequirementFinding[];\n\t\t}),\n\t};\n}\n","export interface SshSandboxSession {\n\treadonly command: string;\n\treadonly configPath: string;\n\treadonly host: string;\n}\n\nexport interface SshHelpers {\n\treadonly buildExecRemoteCommand: (params: {\n\t\treadonly command: string;\n\t\treadonly env: Record<string, string>;\n\t\treadonly workdir?: string;\n\t}) => string;\n\treadonly buildRemoteCommand: (argv: readonly string[]) => string;\n\treadonly buildSshSandboxArgv: (params: {\n\t\treadonly remoteCommand: string;\n\t\treadonly session: SshSandboxSession;\n\t\treadonly tty?: boolean;\n\t}) => string[];\n\treadonly createRemoteShellSandboxFsBridge: (params: {\n\t\treadonly runtime: {\n\t\t\treadonly remoteAgentWorkspaceDir: string;\n\t\t\treadonly remoteWorkspaceDir: string;\n\t\t\treadonly runRemoteShellScript: (shellParams: {\n\t\t\t\treadonly allowFailure?: boolean;\n\t\t\t\treadonly args?: string[];\n\t\t\t\treadonly script: string;\n\t\t\t\treadonly signal?: AbortSignal;\n\t\t\t\treadonly stdin?: Buffer | string;\n\t\t\t}) => Promise<{\n\t\t\t\treadonly code: number;\n\t\t\t\treadonly stderr: Buffer;\n\t\t\t\treadonly stdout: Buffer;\n\t\t\t}>;\n\t\t};\n\t\treadonly sandbox: unknown;\n\t}) => import('./sandbox-backend-factory.js').OpenClawSandboxFsBridge;\n\treadonly createSshSandboxSessionFromSettings: (settings: {\n\t\treadonly command: string;\n\t\treadonly identityData?: string;\n\t\treadonly strictHostKeyChecking: boolean;\n\t\treadonly target: string;\n\t\treadonly updateHostKeys: boolean;\n\t\treadonly workspaceRoot: string;\n\t}) => Promise<SshSandboxSession>;\n\treadonly disposeSshSandboxSession?: (session: SshSandboxSession) => Promise<void>;\n\treadonly runSshSandboxCommand: (params: {\n\t\treadonly allowFailure?: boolean;\n\t\treadonly remoteCommand: string;\n\t\treadonly session: SshSandboxSession;\n\t\treadonly signal?: AbortSignal;\n\t\treadonly stdin?: Buffer | string;\n\t}) => Promise<{\n\t\treadonly code: number;\n\t\treadonly stderr: Buffer;\n\t\treadonly stdout: Buffer;\n\t}>;\n\treadonly sanitizeEnvVars: (env: NodeJS.ProcessEnv) => {\n\t\treadonly allowed: Record<string, string>;\n\t};\n}\n\nexport interface OpenClawToolRegistration {\n\treadonly description: string;\n\treadonly execute: (toolCallId: string, params: unknown) => Promise<OpenClawToolResult>;\n\treadonly name: string;\n\treadonly parameters: Record<string, unknown>;\n}\n\nexport interface OpenClawToolRegistrationOptions {\n\treadonly name?: string;\n\treadonly names?: readonly string[];\n\treadonly optional?: boolean;\n}\n\nexport interface OpenClawToolResult {\n\treadonly content: string;\n\treadonly details?: unknown;\n}\n\nexport interface OpenClawToolRegistrationApi {\n\treadonly registerTool?: (\n\t\ttool: OpenClawToolRegistration,\n\t\toptions?: OpenClawToolRegistrationOptions,\n\t) => void;\n}\n\nexport function assertSdkShape(value: unknown): asserts value is SshHelpers & {\n\tregisterSandboxBackend: (\n\t\tid: string,\n\t\tregistration: {\n\t\t\tfactory: ReturnType<\n\t\t\t\ttypeof import('./sandbox-backend-factory.js').createGondolinSandboxBackendFactory\n\t\t\t>;\n\t\t\tmanager?: ReturnType<\n\t\t\t\ttypeof import('./sandbox-backend-factory.js').createGondolinSandboxBackendManager\n\t\t\t>;\n\t\t},\n\t) => void;\n} {\n\tif (typeof value !== 'object' || value === null) {\n\t\tthrow new TypeError('OpenClaw SDK module is not an object');\n\t}\n\n\tfor (const exportName of [\n\t\t'buildExecRemoteCommand',\n\t\t'buildRemoteCommand',\n\t\t'buildSshSandboxArgv',\n\t\t'createRemoteShellSandboxFsBridge',\n\t\t'createSshSandboxSessionFromSettings',\n\t\t'runSshSandboxCommand',\n\t\t'sanitizeEnvVars',\n\t\t'registerSandboxBackend',\n\t] as const) {\n\t\tif (typeof (value as Record<string, unknown>)[exportName] !== 'function') {\n\t\t\tthrow new TypeError(`OpenClaw SDK missing required export: ${exportName}`);\n\t\t}\n\t}\n}\n","import type { OpenClawToolRegistrationApi } from './openclaw-sandbox-sdk-contract.js';\n\ntype RequiredOpenClawToolRegistrationApi = OpenClawToolRegistrationApi & {\n\treadonly registerTool: NonNullable<OpenClawToolRegistrationApi['registerTool']>;\n};\n\nexport interface RegisterZoneGitToolOptions {\n\treadonly api: RequiredOpenClawToolRegistrationApi;\n\treadonly controllerUrl: string;\n\treadonly fetchImpl?: typeof fetch;\n\treadonly zoneGitToken?: string;\n\treadonly zoneId: string;\n}\n\nconst zoneGitCapabilityHeader = 'x-agent-vm-zone-git-token';\n\nfunction readExpectedHead(input: unknown): string {\n\tif (typeof input !== 'object' || input === null || !('expectedHead' in input)) {\n\t\tthrow new Error('zone_git_push requires expectedHead.');\n\t}\n\tconst expectedHead = input.expectedHead;\n\tif (typeof expectedHead !== 'string' || expectedHead.length === 0) {\n\t\tthrow new Error('zone_git_push requires expectedHead.');\n\t}\n\treturn expectedHead;\n}\n\nfunction buildControllerUrl(controllerUrl: string, zoneId: string): string {\n\treturn `${controllerUrl.replace(/\\/$/u, '')}/zones/${encodeURIComponent(zoneId)}/zone-git/push`;\n}\n\nasync function readResponseText(response: Response): Promise<string> {\n\ttry {\n\t\treturn await response.text();\n\t} catch (error) {\n\t\treturn error instanceof Error ? error.message : String(error);\n\t}\n}\n\nfunction parseJsonPayload(responseText: string): unknown {\n\ttry {\n\t\treturn JSON.parse(responseText);\n\t} catch (error) {\n\t\tthrow new Error(`zone_git_push returned non-JSON response: ${responseText.slice(0, 500)}`, {\n\t\t\tcause: error,\n\t\t});\n\t}\n}\n\nexport function registerZoneGitTool(options: RegisterZoneGitToolOptions): void {\n\toptions.api.registerTool(\n\t\t{\n\t\t\tname: 'zone_git_push',\n\t\t\tdescription:\n\t\t\t\t'Push committed OpenClaw zone workspace changes through the agent-vm controller. Use after git commit; do not run raw git push.',\n\t\t\tparameters: {\n\t\t\t\ttype: 'object',\n\t\t\t\tadditionalProperties: false,\n\t\t\t\tproperties: {\n\t\t\t\t\texpectedHead: { type: 'string' },\n\t\t\t\t},\n\t\t\t\trequired: ['expectedHead'],\n\t\t\t},\n\t\t\texecute: async (_toolCallId: string, input: unknown) => {\n\t\t\t\tconst expectedHead = readExpectedHead(input);\n\t\t\t\tconst response = await (options.fetchImpl ?? fetch)(\n\t\t\t\t\tbuildControllerUrl(options.controllerUrl, options.zoneId),\n\t\t\t\t\t{\n\t\t\t\t\t\tbody: JSON.stringify({ expectedHead }),\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t\t\t\t...(options.zoneGitToken ? { [zoneGitCapabilityHeader]: options.zoneGitToken } : {}),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmethod: 'POST',\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tconst responseText = await readResponseText(response);\n\t\t\t\tif (!response.ok) {\n\t\t\t\t\tthrow new Error(`zone_git_push failed: ${response.status} ${responseText.slice(0, 500)}`);\n\t\t\t\t}\n\t\t\t\tconst payload = parseJsonPayload(responseText);\n\t\t\t\treturn {\n\t\t\t\t\tcontent: JSON.stringify(payload),\n\t\t\t\t\tdetails: payload,\n\t\t\t\t};\n\t\t\t},\n\t\t},\n\t\t{ name: 'zone_git_push', optional: true },\n\t);\n}\n","import { createLeaseClient } from './controller-lease-client.js';\nimport { resolveGondolinPluginConfig } from './gondolin-plugin-config.js';\nimport { createBackendDeps } from './openclaw-backend-dependencies.js';\nimport { buildOpenClawRuntimeStatusReport } from './openclaw-runtime-status.js';\nimport {\n\tassertSdkShape,\n\ttype OpenClawToolRegistrationApi,\n\ttype SshHelpers,\n\ttype SshSandboxSession,\n} from './openclaw-sandbox-sdk-contract.js';\nimport {\n\tcreateGondolinSandboxBackendFactory,\n\tcreateGondolinSandboxBackendManager,\n} from './sandbox-backend-factory.js';\nimport { registerZoneGitTool } from './zone-git-tool.js';\n\nconst plugin = {\n\tid: 'gondolin',\n\tname: 'Gondolin VM Sandbox',\n\tdescription: 'Sandbox backend powered by Gondolin micro-VMs.',\n\n\tregister(api: {\n\t\treadonly config?: Record<string, unknown>;\n\t\treadonly pluginConfig: Record<string, unknown>;\n\t\treadonly registerTool?: OpenClawToolRegistrationApi['registerTool'];\n\t\treadonly registrationMode: string;\n\t\treadonly runtime?: {\n\t\t\treadonly config?: {\n\t\t\t\treadonly current?: () => Record<string, unknown>;\n\t\t\t};\n\t\t};\n\t}): void {\n\t\tconst registerTool = api.registerTool;\n\t\tif (typeof registerTool !== 'function') {\n\t\t\tif (api.registrationMode === 'full') {\n\t\t\t\tthrow new Error('Gondolin full registration requires OpenClaw registerTool.');\n\t\t\t}\n\t\t\treturn;\n\t\t}\n\t\tconst pluginConfig = resolveGondolinPluginConfig(api.pluginConfig);\n\t\tconst zoneGitToken =\n\t\t\tpluginConfig.zoneGitToken ??\n\t\t\t(pluginConfig.zoneGitTokenEnv ? process.env[pluginConfig.zoneGitTokenEnv] : undefined);\n\t\tregisterZoneGitTool({\n\t\t\tapi: { registerTool },\n\t\t\tcontrollerUrl: pluginConfig.controllerUrl,\n\t\t\t...(zoneGitToken ? { zoneGitToken } : {}),\n\t\t\tzoneId: pluginConfig.zoneId,\n\t\t});\n\t\tif (api.registrationMode !== 'full') {\n\t\t\treturn;\n\t\t}\n\t\tconst buildRuntimeStatus = ():\n\t\t\t| ReturnType<typeof buildOpenClawRuntimeStatusReport>\n\t\t\t| undefined => {\n\t\t\tconst runtimeConfig = api.runtime?.config?.current?.() ?? api.config;\n\t\t\treturn runtimeConfig\n\t\t\t\t? buildOpenClawRuntimeStatusReport({\n\t\t\t\t\t\tconfig: runtimeConfig,\n\t\t\t\t\t\tzoneId: pluginConfig.zoneId,\n\t\t\t\t\t})\n\t\t\t\t: undefined;\n\t\t};\n\t\tconst initialRuntimeStatus = buildRuntimeStatus();\n\t\tif (initialRuntimeStatus) {\n\t\t\tconst leaseClient = createLeaseClient({ controllerUrl: pluginConfig.controllerUrl });\n\t\t\tvoid leaseClient\n\t\t\t\t.publishOpenClawRuntimeStatus?.(initialRuntimeStatus)\n\t\t\t\t?.catch((error: unknown) => {\n\t\t\t\t\tconst message = error instanceof Error ? error.message : JSON.stringify(error);\n\t\t\t\t\tprocess.stderr.write(\n\t\t\t\t\t\t`[gondolin] failed to publish OpenClaw runtime status: ${message}\\n`,\n\t\t\t\t\t);\n\t\t\t\t});\n\t\t}\n\n\t\tconst sdkPath = '/opt/openclaw-sdk/sandbox.js';\n\t\tconst sdkPromise = import(sdkPath).then((sdkRaw: Record<string, unknown>) => {\n\t\t\tassertSdkShape(sdkRaw);\n\n\t\t\tconst sshHelpers: SshHelpers = {\n\t\t\t\tbuildExecRemoteCommand: sdkRaw.buildExecRemoteCommand,\n\t\t\t\tbuildRemoteCommand: sdkRaw.buildRemoteCommand,\n\t\t\t\tbuildSshSandboxArgv: sdkRaw.buildSshSandboxArgv,\n\t\t\t\tcreateRemoteShellSandboxFsBridge: sdkRaw.createRemoteShellSandboxFsBridge,\n\t\t\t\tcreateSshSandboxSessionFromSettings: sdkRaw.createSshSandboxSessionFromSettings,\n\t\t\t\t...(typeof sdkRaw.disposeSshSandboxSession === 'function'\n\t\t\t\t\t? {\n\t\t\t\t\t\t\tdisposeSshSandboxSession: sdkRaw.disposeSshSandboxSession as (\n\t\t\t\t\t\t\t\tsession: SshSandboxSession,\n\t\t\t\t\t\t\t) => Promise<void>,\n\t\t\t\t\t\t}\n\t\t\t\t\t: {}),\n\t\t\t\trunSshSandboxCommand: sdkRaw.runSshSandboxCommand,\n\t\t\t\tsanitizeEnvVars: sdkRaw.sanitizeEnvVars,\n\t\t\t};\n\n\t\t\tconst backendDependencies = createBackendDeps(sshHelpers);\n\t\t\tsdkRaw.registerSandboxBackend('gondolin', {\n\t\t\t\tfactory: createGondolinSandboxBackendFactory(\n\t\t\t\t\t{\n\t\t\t\t\t\t...pluginConfig,\n\t\t\t\t\t\topenClawRuntimeStatusProvider: buildRuntimeStatus,\n\t\t\t\t\t},\n\t\t\t\t\tbackendDependencies,\n\t\t\t\t),\n\t\t\t\tmanager: createGondolinSandboxBackendManager(pluginConfig, backendDependencies),\n\t\t\t});\n\t\t});\n\n\t\tsdkPromise.catch((error: unknown) => {\n\t\t\tconst message = error instanceof Error ? error.message : JSON.stringify(error);\n\t\t\tprocess.stderr.write(`[gondolin] failed to load OpenClaw SDK: ${message}\\n`);\n\t\t});\n\t},\n};\n\nexport default plugin;\n\nexport { createBackendDeps };\nexport type { SshHelpers };\n","export * from './sandbox-backend-factory.js';\nexport * from './gondolin-plugin-config.js';\nexport * from './controller-lease-client.js';\nexport * from './openclaw-plugin-registration.js';\nexport { default } from './openclaw-plugin-registration.js';\n\nexport const OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME = '@agent-vm/openclaw-agent-vm-plugin';\n"],"mappings":";;AA8CA,IAAa,8BAAb,cAAiD,MAAM;CACtD;CACA;CACA;CACA;CAEA,YAAY,SAKT;EACF,MAAM,OACL,QAAQ,UAAU,OAAO,QAAQ,SAAS,MAAM,iBAAiB;EAClE,MAAM,GAAG,QAAQ,QAAQ,iBAAiB,OAAO,QAAQ,OAAO,CAAC,IAAI,KAAK,GAAG;EAC7E,KAAK,WAAW,QAAQ;EACxB,KAAK,OAAO;EACZ,KAAK,eAAe,QAAQ;EAC5B,KAAK,SAAS,QAAQ;;;AAIxB,SAAS,YAAY,OAAoC;CACxD,OAAO,OAAO,UAAU,YAAY,UAAU,OAAO,QAAQ,KAAA;;AAG9D,SAAS,yBAAyB,OAAuD;CACxF,MAAM,SAAS,YAAY,MAAM;CACjC,OACC,WAAW,KAAA,KACX,OAAO,QAAQ,IAAI,QAAQ,YAAY,KAAK,YAC5C,OAAO,QAAQ,IAAI,QAAQ,mBAAmB,KAAK,YACnD,OAAO,QAAQ,IAAI,QAAQ,QAAQ,KAAK;;AAI1C,SAAS,6BAA6B,OAA2D;CAChG,MAAM,SAAS,YAAY,MAAM;CACjC,OACC,WAAW,KAAA,KACX,OAAO,QAAQ,IAAI,QAAQ,YAAY,KAAK,YAC5C,OAAO,QAAQ,IAAI,QAAQ,mBAAmB,KAAK;;AAIrD,SAASA,qBAAmB,OAAwB;CACnD,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;AAG9D,SAAS,oBAAoB,SAAuB;CACnD,QAAQ,OAAO,MAAM,8BAA8B,QAAQ,IAAI;;AAGhE,SAAS,cAAc,UAAkB,SAA0B;CAClE,IAAI;EACH,OAAO,KAAK,MAAM,SAAS;UACnB,OAAO;EACf,oBAAoB,GAAG,QAAQ,mCAAmCA,qBAAmB,MAAM,GAAG;EAC9F;;;AAIF,eAAe,cACd,UACA,SAIE;CACF,MAAM,WAAW,MAAM,SAAS,MAAM,CAAC,YAAY,eAAe;CAClE,OAAO;EACN;EACA,cAAc,aAAa,iBAAiB,KAAA,IAAY,cAAc,UAAU,QAAQ;EACxF;;AAGF,eAAe,iBACd,UACA,SACA,oBACkB;CAClB,IAAI,CAAC,SAAS,IAAI;EACjB,MAAM,YAAY,MAAM,cAAc,UAAU,QAAQ;EACxD,MAAM,IAAI,4BAA4B;GACrC,UAAU,UAAU;GACpB;GACA,cAAc,UAAU;GACxB,QAAQ,SAAS;GACjB,CAAC;;CAEH,MAAM,UAAU,MAAM,SAAS,MAAM;CACrC,IAAI,CAAC,mBAAmB,QAAQ,EAC/B,MAAM,IAAI,UACT,GAAG,QAAQ,iCAAiC,KAAK,UAAU,QAAQ,CAAC,MAAM,GAAG,IAAI,GACjF;CAEF,OAAO;;AAGR,SAAgB,kBAAkB,SAGlB;CACf,MAAM,YAAY,QAAQ,aAAa;CACvC,MAAM,UAAU,QAAQ,cAAc,QAAQ,QAAQ,GAAG;CACzD,MAAM,aAAa,OAAO,YAA6C;EAItE,OAAO,MAAM,iBAAiB,MAHP,UAAU,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,SAAS,EACzF,QAAQ,QACR,CAAC,EACsC,8BAA8B,iBAAiB;;CAGxF,OAAO;EACN,cAAc,OACb,SACA,OACA,YACmB;GACnB,MAAM,WAAW,MAAM,UACtB,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,QAAQ,mBAAmB,MAAM,IACjF;IACC,MAAM,KAAK,UAAU,QAAQ;IAC7B,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CACD;GACD,IAAI,CAAC,SAAS,IAAI;IACjB,MAAM,YAAY,MAAM,cAAc,UAAU,gCAAgC;IAChF,MAAM,IAAI,4BAA4B;KACrC,UAAU,UAAU;KACpB,SAAS;KACT,cAAc,UAAU;KACxB,QAAQ,SAAS;KACjB,CAAC;;;EAGJ,oBAAoB,OACnB,SACA,UAC+C;GAO/C,OAAO,MAAM,iBACZ,MAPsB,UACtB,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,QAAQ,mBAAmB,MAAM,CAAC,aAClF,EACC,QAAQ,QACR,CACD,EAGA,uCACA,6BACA;;EAEF;EACA,WAAW,OAAO,YAA8C;GAE/D,OAAO,MAAM,iBAAiB,MADP,UAAU,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,OAAO,EAChD,6BAA6B,kBAAkB;;EAExF,8BAA8B,OAAO,WAA0B;GAC9D,MAAM,WAAW,MAAM,UACtB,GAAG,QAAQ,SAAS,mBAAmB,OAAO,OAAO,CAAC,2BACtD;IACC,MAAM,KAAK,UAAU,OAAO;IAC5B,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CACD;GACD,IAAI,CAAC,SAAS,IAAI;IACjB,MAAM,YAAY,MAAM,cAAc,UAAU,yCAAyC;IACzF,MAAM,IAAI,4BAA4B;KACrC,UAAU,UAAU;KACpB,SAAS;KACT,cAAc,UAAU;KACxB,QAAQ,SAAS;KACjB,CAAC;;;EAGJ,cAAc,OACb,SACA,iBAA+C,EAAE,KAC9B;GACnB,MAAM,aAAa,IAAI,IAAI,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,GAAG;GAC7E,IAAI,eAAe,UAAU,MAC5B,WAAW,aAAa,IAAI,SAAS,OAAO;GAE7C,MAAM,WAAW,MAAM,UAAU,WAAW,UAAU,EAAE,EACvD,QAAQ,UACR,CAAC;GACF,IAAI,CAAC,SAAS,IAAI;IACjB,MAAM,YAAY,MAAM,cAAc,UAAU,+BAA+B;IAC/E,MAAM,IAAI,4BAA4B;KACrC,UAAU,UAAU;KACpB,SAAS;KACT,cAAc,UAAU;KACxB,QAAQ,SAAS;KACjB,CAAC;;;EAGJ,cAAc,OAAO,YAAqC;GAczD,OAAO,MAAM,iBAAiB,MAbP,UAAU,GAAG,QAAQ,SAAS;IACpD,MAAM,KAAK,UAAU;KACpB,mBAAmB,QAAQ;KAC3B,WAAW,QAAQ;KACnB,UAAU,QAAQ;KAClB,cAAc,QAAQ;KACtB,QAAQ,QAAQ;KAChB,CAAC;IACF,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CAAC,EACsC,wBAAwB,iBAAiB;;EAElF,gBAAgB,OACf,SACA,YAC2C;GAQ3C,OAAO,MAAM,iBACZ,MARsB,UAAU,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,QAAQ;IACxF,MAAM,KAAK,UAAU,QAAQ;IAC7B,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CAAC,EAGD,mCACA,yBACA;;EAEF;;;;ACxRF,SAAgB,yBAAyB,QAAgB,MAAkC;CAC1F,IAAI,CAAC,QAAQ,KAAK,WAAW,GAC5B,OAAO;CAIR,OAAO,UADa,KAAK,KAAK,QAAQ,IAAI,IAAI,QAAQ,MAAM,QAAQ,CAAC,GAAG,CAAC,KAAK,IAClD,CAAC,IAAI;;;;ACoBlC,SAAS,cAAc,QAMZ;CACV,OAAO;EACN,OAAO;EACP,OAAO;EACP,OAAO;EACP,OAAO;EACP,OAAO;EACP,CAAC,KAAK,KAAK;;AAGb,SAAS,mBAAmB,OAAwB;CACnD,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;AAG9D,SAAS,uBAAuB,SAAuB;CACtD,QAAQ,OAAO,MAAM,8BAA8B,QAAQ,IAAI;;AAGhE,SAAS,yBAAyB,OAAyB;CAC1D,OAAO,iBAAiB,+BAA+B,MAAM,WAAW;;AAGzE,SAAS,kBAAkB,OAAyB;CACnD,OAAO,iBAAiB,+BAA+B,MAAM,WAAW;;AAYzE,SAAS,0BAA0B,OAAkD;CACpF,OACC,OAAO,UAAU,YACjB,UAAU,QACV,aAAa,SACb,OAAO,QAAQ,IAAI,OAAO,UAAU,KAAK;;AAI3C,SAAS,yBAAyB,OAAiD;CAClF,OACC,OAAO,UAAU,YACjB,UAAU,QACV,qBAAqB,SACrB,OAAO,QAAQ,IAAI,OAAO,kBAAkB,KAAK;;AAInD,SAAS,kCAAkC,gBAGhB;CAC1B,OAAO,eAAe,WACnB,cACA,eAAe,WAAW,cACzB,cACA;;AAGL,SAAgB,oCACf,SAMA,cAW2C;CAC3C,MAAM,6BAAa,IAAI,KAA+B;CAEtD,OAAO,OAAO,WAAW;EACxB,MAAM,YAAY,QAAQ,aAAa;EACvC,MAAM,WAAW,cAAc;GAC9B,mBAAmB,OAAO;GAC1B;GACA,UAAU,OAAO;GACjB,cAAc,OAAO;GACrB,QAAQ,QAAQ;GAChB,CAAC;EACF,MAAM,cACL,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC;EAClE,MAAM,cAAc,WAAW,IAAI,SAAS;EAC5C,IAAI,aACH,IAAI;GACH,MAAM,YAAY,WAAW,YAAY,MAAM,QAAQ;GACvD,OAAO,YAAY;WACX,OAAO;GACf,uBACC,gCAAgC,QAAQ,OAAO,WAAW,OAAO,SAAS,WAAW,YAAY,MAAM,QAAQ,KAAK,mBAAmB,MAAM,GAC7I;GACD,IAAI,CAAC,yBAAyB,MAAM,EACnC,MAAM;GAEP,WAAW,OAAO,SAAS;;EAM7B,MAAM,gBAAgB,QAAQ,iCAAiC;EAC/D,IAAI,iBAAiB,YAAY,8BAChC,MAAM,YAAY,6BAA6B,cAAc;EAE9D,MAAM,gBAAgB,MAAM,YAAY,aAAa;GACpD,mBAAmB,OAAO;GAC1B;GACA,UAAU,OAAO;GACjB,cAAc,OAAO;GACrB,QAAQ,QAAQ;GAChB,CAAC;EACF,IAAI,CAAC,iBAAiB,cAAc,EACnC,MAAM,IAAI,UAAU,wDAAwD;EAG7E,MAAM,QAAQ;EACd,MAAM,SAAS,2BAA2B;GACzC,KAAK,OAAO;GACZ,eAAe,QAAQ;GACvB,uBAAuB,aAAa;GACpC;GACA;GACA,sBAAsB,aAAa;GACnC,eAAe,aAAa;GAC5B,UAAU,OAAO;GACjB,YAAY,OAAO;GACnB,QAAQ,QAAQ;GAChB,CAAC;EACF,WAAW,IAAI,UAAU;GAAE;GAAQ;GAAO,CAAC;EAC3C,OAAO;;;AAIT,SAAS,2BAA2B,SAeH;CAChC,MAAM,wBAAwB,OAC7B,gBAEA,MAAM,4BAA4B;EACjC;EACA,cAAc,OAAO,OAAe,YAAsD;GACzF,MAAM,QAAQ,YAAY,aAAa,QAAQ,MAAM,SAAS,OAAO,QAAQ;;EAE9E,oBAAoB,OAAO,UAC1B,MAAM,QAAQ,YAAY,mBAAmB,QAAQ,MAAM,SAAS,MAAM;EAC3E,qBAAqB;EACrB,gBAAgB,UAAyB;GACxC,uBACC,wCAAwC,QAAQ,OAAO,WAAW,QAAQ,MAAM,QAAQ,KAAK,mBAAmB,MAAM,GACtH;;EAEF,sBAAsB,UAAyB;GAC9C,uBACC,yCAAyC,QAAQ,OAAO,WAAW,QAAQ,MAAM,QAAQ,KAAK,mBAAmB,MAAM,GACvH;;EAEF,gBAAgB,OACf,YAEA,MAAM,QAAQ,YAAY,eAAe,QAAQ,MAAM,SAAS,QAAQ;EACzE,CAAC;CAEH,MAAM,mBAAmB,OACxB,aACA,OACsB;EACtB,MAAM,kBAAkB,MAAM,sBAAsB,YAAY;EAChE,IAAI;GACH,MAAM,SAAS,MAAM,IAAI;GACzB,MAAM,gBAAgB,QAAQ,YAAY;GAC1C,OAAO;WACC,OAAO;GACf,MAAM,gBAAgB,QAAQ,SAAS,CAAC,OAAO,iBAA0B;IACxE,uBACC,8DAA8D,QAAQ,OAAO,WAAW,QAAQ,MAAM,QAAQ,KAAK,mBAAmB,aAAa,GACnJ;KACA;GACF,MAAM;;;CAIR,MAAM,4BAAkF,OACvF,gBAEA,MAAM,iBACL;EACC,YAAY,QAAQ;EACpB,UAAU;EACV,EACD,YACC,MAAM,QAAQ,qBAAqB;EAClC,GAAI,YAAY,iBAAiB,KAAA,IAC9B,EAAE,cAAc,YAAY,cAAc,GAC1C,EAAE;EACL,QAAQ,yBAAyB,YAAY,QAAQ,YAAY,KAAK;EACtE,GAAI,YAAY,WAAW,KAAA,IAAY,EAAE,QAAQ,YAAY,QAAQ,GAAG,EAAE;EAC1E,KAAK,QAAQ,MAAM;EACnB,GAAI,YAAY,UAAU,KAAA,IAAY,EAAE,OAAO,YAAY,OAAO,GAAG,EAAE;EACvE,CAAC,CACH;CAEF,MAAM,4BAA4B,OAAO,UAAkC;EAC1E,IAAI,0BAA0B,MAAM,EACnC,MAAM,MAAM,SAAS;;CAIvB,MAAM,4BAA4B,OACjC,OACA,YACmB;EACnB,IAAI;EACJ,IAAI;GACH,MAAM,0BAA0B,MAAM,WAAW;WACzC,OAAO;GACf,aAAa;;EAEd,IAAI;EACJ,IAAI;GACH,MAAM,MAAM,gBAAgB,QAAQ,QAAQ;WACpC,OAAO;GACf,iBAAiB;;EAElB,IAAI,YACH,MAAM;EAEP,IAAI,gBACH,MAAM;;CAIR,MAAM,iBAAiB,QAAQ,wBAAwB;EACtD,yBAAyB,QAAQ,MAAM;EACvC,oBAAoB,QAAQ,MAAM;EAClC,sBAAsB;EACtB,CAAC;CAEF,OAAO;EACN,GAAI,iBAAiB,EAAE,gBAAgB,GAAG,EAAE;EAC5C,GAAI,QAAQ,IAAI,QAAQ,MAAM,EAAE,KAAK,QAAQ,IAAI,OAAO,KAAK,GAAG,EAAE;EAClE,aAAa,GAAG,QAAQ,cAAc,IAAI,QAAQ,OAAO;EACzD,iBAAiB;EACjB,IAAI;EACJ,WAAW,QAAQ,MAAM;EACzB,cAAc,QAAQ,MAAM;EAC5B,SAAS,QAAQ,MAAM;EACvB,eAAe,OAAO,eAAe;GACpC,MAAM,kBAAkB,MAAM,sBAAsB;IACnD,YAAY,QAAQ;IACpB,UAAU;IACV,CAAC;GACF,IAAI;IACH,MAAM,WAAW,MAAM,QAAQ,cAAc;KAC5C,SAAS,WAAW;KACpB,KAAK,WAAW;KAChB,KAAK,QAAQ,MAAM;KACnB,QAAQ,WAAW;KACnB,SAAS,WAAW,WAAW,QAAQ,MAAM;KAC7C,CAAC;IACF,OAAO;KACN,GAAG;KACH,eAAe;MACd;MACA,GAAI,SAAS,kBAAkB,KAAA,IAAY,EAAE,YAAY,SAAS,eAAe,GAAG,EAAE;MACtF;KACD;YACO,OAAO;IACf,MAAM,gBAAgB,QAAQ,SAAS,CAAC,OAAO,iBAA0B;KACxE,uBACC,kEAAkE,QAAQ,OAAO,WAAW,QAAQ,MAAM,QAAQ,KAAK,mBAAmB,aAAa,GACvJ;MACA;IACF,MAAM;;;EAGR,cAAc,OAAO,mBAAmB;GACvC,IAAI,yBAAyB,eAAe,MAAM,EAAE;IACnD,MAAM,0BACL,eAAe,OACf,kCAAkC,eAAe,CACjD;IACD;;GAED,MAAM,0BAA0B,eAAe,MAAM;;EAEtD,iBAAiB,OAAO,kBACvB,MAAM,iBACL;GACC,YAAY,QAAQ;GACpB,UAAU;GACV,EACD,YACC,MAAM,QAAQ,qBAAqB;GAClC,QAAQ,cAAc;GACtB,KAAK,QAAQ,MAAM;GACnB,CAAC,CACH;EACF;;;;ACpWF,SAAgB,oCACf,SAIA,cAMC;CACD,OAAO;EACN,iBAAiB,OAAO,WAAW;GAClC,MAAM,cACL,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC;GAClE,IAAI;IAEH,OAAO;KAAE,kBAAkB;KAAM,SAAS,MADhB,YAAY,UAAU,OAAO,MAAM,cAAc,KACjB;KAAM;YACxD,OAAO;IACf,IAAI,EAAE,iBAAiB,gCAAgC,MAAM,WAAW,KACvE,MAAM;IAEP,OAAO;KAAE,kBAAkB;KAAO,SAAS;KAAO;;;EAGpD,eAAe,OAAO,WAAW;GAKhC,OAHC,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC,EAChD,aAAa,OAAO,MAAM,eAAe,EAAE,OAAO,MAAM,CAAC;;EAE5E;;;;AC9BF,SAAgB,4BACf,QAC+B;CAC/B,IAAI,OAAO,OAAO,kBAAkB,YAAY,OAAO,OAAO,WAAW,UACxE,MAAM,IAAI,MAAM,4DAA4D;CAG7E,OAAO;EACN,eAAe,OAAO;EACtB,GAAI,OAAO,OAAO,cAAc,WAAW,EAAE,WAAW,OAAO,WAAW,GAAG,EAAE;EAC/E,GAAI,OAAO,OAAO,iBAAiB,WAAW,EAAE,cAAc,OAAO,cAAc,GAAG,EAAE;EACxF,GAAI,OAAO,OAAO,oBAAoB,WACnC,EAAE,iBAAiB,OAAO,iBAAiB,GAC3C,EAAE;EACL,QAAQ,OAAO;EACf;;;;AChBF,SAAgB,kBAAkB,KAMhC;CACD,OAAO;EACN,eAAe,OAAO,EAAE,SAAS,KAAK,KAAK,UAAU,QAAQ,cAAc;GAC1E,MAAM,UAAU,MAAM,IAAI,oCAAoC;IAC7D,SAAS;IACT,cAAc,SAAS;IACvB,uBAAuB;IACvB,QAAQ,GAAG,SAAS,KAAK,GAAG,SAAS,KAAK,GAAG,SAAS;IACtD,gBAAgB;IAChB,eAAe;IACf,CAAC;GACF,MAAM,2BAA2B,IAAI;GACrC,OAAO;IACN,MAAM,IAAI,oBAAoB;KAC7B,eAAe,IAAI,uBAAuB;MACzC;MACA;MACA;MACA,CAAC;KACF;KACA,KAAK;KACL,CAAC;IACF,KAAK,IAAI,gBAAgB,QAAQ,IAAI,CAAC;IACtC,eAAe;KACd,SAAS,YAA2B;MACnC,IAAI,0BACH,MAAM,yBAAyB,QAAQ;;KAGzC;KACA;IACD,WAAW;IACX;;EAEF,wBACE,kBACA,WACA,IAAI,iCAAiC;GACpC,SAAS,OAAO;GAChB,SAAS;IACR,yBAAyB,aAAa;IACtC,oBAAoB,aAAa;IACjC,sBAAsB,aAAa;IACnC;GACD,CAAC;EACJ,sBAAsB,OAAO,EAAE,cAAc,QAAQ,QAAQ,KAAK,UAAU,YAAY;GACvF,MAAM,UAAU,MAAM,IAAI,oCAAoC;IAC7D,SAAS;IACT,cAAc,SAAS;IACvB,uBAAuB;IACvB,QAAQ,GAAG,SAAS,KAAK,GAAG,SAAS,KAAK,GAAG,SAAS;IACtD,gBAAgB;IAChB,eAAe;IACf,CAAC;GACF,OAAO,MAAM,IAAI,qBAAqB;IACrC,GAAI,iBAAiB,KAAA,IAAY,EAAE,cAAc,GAAG,EAAE;IACtD,eAAe,IAAI,mBAAmB;KAAC;KAAW;KAAM;KAAQ;KAAsB,CAAC;IACvF;IACA,GAAI,WAAW,KAAA,IAAY,EAAE,QAAQ,GAAG,EAAE;IAC1C,GAAI,UAAU,KAAA,IAAY,EAAE,OAAO,GAAG,EAAE;IACxC,CAAC;;EAEH;;;;AC1CF,SAAS,eAAe,OAAkD;CACzE,OAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAS,uBAAuB,QAG5B;CACH,MAAM,gBAAgB,OAAO,QAAQ,YAAY,EAAE;CACnD,MAAM,gBAAgB,OAAO,QAAQ,QAAQ,EAAE,EAC7C,OAAO,eAAe,CACtB,KAAK,aAAa,gBAAgB;EAClC,QAAQ;EACR,OACC,OAAO,YAAY,OAAO,WACvB,SAAS,YAAY,OACrB,SAAS,OAAO,WAAW;EAC/B,EAAE;CACJ,OAAO,CAAC;EAAE,QAAQ;EAAe,OAAO;EAAY,EAAE,GAAG,aAAa;;AAGvE,SAAS,sBACR,UACA,aACA,KACU;CACV,OAAO,YAAY,UAAU,QAAQ,SAAS,UAAU;;AAGzD,SAAS,mBACR,UACA,aACU;CACV,OAAO,YAAY,aAAa,SAAS;;AAG1C,SAAS,mBAAmB,SAMU;CACrC,MAAM,KAAK,QAAQ,gBAAgB,QAAQ;CAC3C,OAAO;EACN,IAAI,oBAAoB,QAAQ,UAAU,QAAQ,YAAY,IAAI,CAAC,GAAG,QAAQ,OAAO,GAAG,QAAQ;EAChG;EACA,MAAM,KACH,GAAG,QAAQ,UAAU,GAAG,QAAQ,kBAChC,OAAO,QAAQ,UAAU,OAAO,QAAQ,cAAc;EACzD;;AAGF,SAAgB,iCAAiC,SAGjB;CAC/B,MAAM,SAAgC,QAAQ;CAC9C,MAAM,WAAW,OAAO,QAAQ,YAAY,EAAE;CAC9C,OAAO;EACN,UAAU;EACV,QAAQ,QAAQ;EAChB,UAAU,uBAAuB,OAAO,CAAC,SAAS,EAAE,QAAQ,aAAa,YAAY;GACpF,MAAM,YAAY,mBAAmB,UAAU,YAAY;GAC3D,OAAO;IACN,mBAAmB;KAClB,aAAa,sBAAsB,UAAU,aAAa,UAAU;KACpE,eAAe;KACf,WAAW,UAAU,MAAM;KAC3B;KACA,QAAQ,QAAQ;KAChB,CAAC;IACF,mBAAmB;KAClB,aAAa,sBAAsB,UAAU,aAAa,OAAO;KACjE,eAAe;KACf,WAAW,UAAU,MAAM;KAC3B;KACA,QAAQ,QAAQ;KAChB,CAAC;IACF,mBAAmB;KAClB,aAAa,sBAAsB,UAAU,aAAa,QAAQ;KAClE,eAAe;KACf,WAAW,UAAU,MAAM;KAC3B;KACA,QAAQ,QAAQ;KAChB,CAAC;IACF,mBAAmB;KAClB,aAAa,sBAAsB,UAAU,aAAa,kBAAkB;KAC5E,eAAe;KACf,WAAW,UAAU,MAAM;KAC3B;KACA,QAAQ,QAAQ;KAChB,CAAC;IACF;KACC,IAAI,8BAA8B,QAAQ,OAAO,GAAG;KACpD,IAAI,cAAc;KAClB,MACC,cAAc,UACX,wFACA,OAAO,cAAc,WACpB,YACA;KACL;IACD;IACA;EACF;;;;ACpDF,SAAgB,eAAe,OAY7B;CACD,IAAI,OAAO,UAAU,YAAY,UAAU,MAC1C,MAAM,IAAI,UAAU,uCAAuC;CAG5D,KAAK,MAAM,cAAc;EACxB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,EACA,IAAI,OAAQ,MAAkC,gBAAgB,YAC7D,MAAM,IAAI,UAAU,yCAAyC,aAAa;;;;ACpG7E,MAAM,0BAA0B;AAEhC,SAAS,iBAAiB,OAAwB;CACjD,IAAI,OAAO,UAAU,YAAY,UAAU,QAAQ,EAAE,kBAAkB,QACtE,MAAM,IAAI,MAAM,uCAAuC;CAExD,MAAM,eAAe,MAAM;CAC3B,IAAI,OAAO,iBAAiB,YAAY,aAAa,WAAW,GAC/D,MAAM,IAAI,MAAM,uCAAuC;CAExD,OAAO;;AAGR,SAAS,mBAAmB,eAAuB,QAAwB;CAC1E,OAAO,GAAG,cAAc,QAAQ,QAAQ,GAAG,CAAC,SAAS,mBAAmB,OAAO,CAAC;;AAGjF,eAAe,iBAAiB,UAAqC;CACpE,IAAI;EACH,OAAO,MAAM,SAAS,MAAM;UACpB,OAAO;EACf,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;;AAI/D,SAAS,iBAAiB,cAA+B;CACxD,IAAI;EACH,OAAO,KAAK,MAAM,aAAa;UACvB,OAAO;EACf,MAAM,IAAI,MAAM,6CAA6C,aAAa,MAAM,GAAG,IAAI,IAAI,EAC1F,OAAO,OACP,CAAC;;;AAIJ,SAAgB,oBAAoB,SAA2C;CAC9E,QAAQ,IAAI,aACX;EACC,MAAM;EACN,aACC;EACD,YAAY;GACX,MAAM;GACN,sBAAsB;GACtB,YAAY,EACX,cAAc,EAAE,MAAM,UAAU,EAChC;GACD,UAAU,CAAC,eAAe;GAC1B;EACD,SAAS,OAAO,aAAqB,UAAmB;GACvD,MAAM,eAAe,iBAAiB,MAAM;GAC5C,MAAM,WAAW,OAAO,QAAQ,aAAa,OAC5C,mBAAmB,QAAQ,eAAe,QAAQ,OAAO,EACzD;IACC,MAAM,KAAK,UAAU,EAAE,cAAc,CAAC;IACtC,SAAS;KACR,gBAAgB;KAChB,GAAI,QAAQ,eAAe,GAAG,0BAA0B,QAAQ,cAAc,GAAG,EAAE;KACnF;IACD,QAAQ;IACR,CACD;GACD,MAAM,eAAe,MAAM,iBAAiB,SAAS;GACrD,IAAI,CAAC,SAAS,IACb,MAAM,IAAI,MAAM,yBAAyB,SAAS,OAAO,GAAG,aAAa,MAAM,GAAG,IAAI,GAAG;GAE1F,MAAM,UAAU,iBAAiB,aAAa;GAC9C,OAAO;IACN,SAAS,KAAK,UAAU,QAAQ;IAChC,SAAS;IACT;;EAEF,EACD;EAAE,MAAM;EAAiB,UAAU;EAAM,CACzC;;;;ACxEF,MAAM,SAAS;CACd,IAAI;CACJ,MAAM;CACN,aAAa;CAEb,SAAS,KAUA;EACR,MAAM,eAAe,IAAI;EACzB,IAAI,OAAO,iBAAiB,YAAY;GACvC,IAAI,IAAI,qBAAqB,QAC5B,MAAM,IAAI,MAAM,6DAA6D;GAE9E;;EAED,MAAM,eAAe,4BAA4B,IAAI,aAAa;EAClE,MAAM,eACL,aAAa,iBACZ,aAAa,kBAAkB,QAAQ,IAAI,aAAa,mBAAmB,KAAA;EAC7E,oBAAoB;GACnB,KAAK,EAAE,cAAc;GACrB,eAAe,aAAa;GAC5B,GAAI,eAAe,EAAE,cAAc,GAAG,EAAE;GACxC,QAAQ,aAAa;GACrB,CAAC;EACF,IAAI,IAAI,qBAAqB,QAC5B;EAED,MAAM,2BAEU;GACf,MAAM,gBAAgB,IAAI,SAAS,QAAQ,WAAW,IAAI,IAAI;GAC9D,OAAO,gBACJ,iCAAiC;IACjC,QAAQ;IACR,QAAQ,aAAa;IACrB,CAAC,GACD,KAAA;;EAEJ,MAAM,uBAAuB,oBAAoB;EACjD,IAAI,sBAEH,kBADsC,EAAE,eAAe,aAAa,eAAe,CACnE,CACd,+BAA+B,qBAAqB,EACnD,OAAO,UAAmB;GAC3B,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,KAAK,UAAU,MAAM;GAC9E,QAAQ,OAAO,MACd,yDAAyD,QAAQ,IACjE;IACA;EAqCJ,OAjC0B,gCAAS,MAAM,WAAoC;GAC5E,eAAe,OAAO;GAmBtB,MAAM,sBAAsB,kBAAkB;IAhB7C,wBAAwB,OAAO;IAC/B,oBAAoB,OAAO;IAC3B,qBAAqB,OAAO;IAC5B,kCAAkC,OAAO;IACzC,qCAAqC,OAAO;IAC5C,GAAI,OAAO,OAAO,6BAA6B,aAC5C,EACA,0BAA0B,OAAO,0BAGjC,GACA,EAAE;IACL,sBAAsB,OAAO;IAC7B,iBAAiB,OAAO;IAG+B,CAAC;GACzD,OAAO,uBAAuB,YAAY;IACzC,SAAS,oCACR;KACC,GAAG;KACH,+BAA+B;KAC/B,EACD,oBACA;IACD,SAAS,oCAAoC,cAAc,oBAAoB;IAC/E,CAAC;IAGO,CAAC,OAAO,UAAmB;GACpC,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,KAAK,UAAU,MAAM;GAC9E,QAAQ,OAAO,MAAM,2CAA2C,QAAQ,IAAI;IAC3E;;CAEH;;;AC7GD,MAAa,wCAAwC"}
|
|
1
|
+
{"version":3,"file":"index.js","names":["formatUnknownError"],"sources":["../src/controller-lease-client.ts","../src/openclaw-gondolin-contract.ts","../src/sandbox-backend/sandbox-shell-script.ts","../src/sandbox-backend/sandbox-backend-handle-factory.ts","../src/sandbox-backend/sandbox-backend-manager.ts","../src/gondolin-plugin-config.ts","../src/openclaw-backend-dependencies.ts","../src/openclaw-runtime-status.ts","../src/openclaw-sandbox-sdk-contract.ts","../src/zone-git-tool.ts","../src/openclaw-plugin-registration.ts","../src/index.ts"],"sourcesContent":["import {\n\tisToolVmLeasePeek,\n\tisToolVmSshLease,\n\ttype ToolVmLeasePeek,\n\ttype ToolVmSshLease,\n} from '@agent-vm/gateway-interface';\nimport type {\n\tEndToolVmActiveUseRequest,\n\tHeartbeatToolVmActiveUseResponse,\n\tStartToolVmActiveUseRequest,\n\tStartToolVmActiveUseResponse,\n} from '@agent-vm/gateway-interface';\nimport { z } from 'zod';\n\nexport type JsonValue =\n\t| boolean\n\t| null\n\t| number\n\t| string\n\t| { readonly [key: string]: JsonValue }\n\t| readonly JsonValue[];\n\nexport interface OpenClawRuntimeStatusReport {\n\treadonly findings: readonly {\n\t\treadonly hint: string;\n\t\treadonly id: string;\n\t\treadonly ok: boolean;\n\t}[];\n\treadonly pluginId: 'gondolin';\n\treadonly zoneId: string;\n}\n\nexport interface OpenClawGondolinLeaseSandboxSnapshot {\n\treadonly backend: unknown;\n\treadonly mode: unknown;\n\treadonly scope: unknown;\n\treadonly workspaceAccess: unknown;\n}\n\nexport interface OpenClawGondolinLeaseRequest {\n\treadonly agentId: string;\n\treadonly agentWorkspaceDir: string;\n\treadonly profileId: string;\n\treadonly sandbox: OpenClawGondolinLeaseSandboxSnapshot;\n\treadonly scopeKey: string;\n\treadonly sessionKey: string;\n\treadonly workMountDir: string;\n\treadonly zoneId: string;\n}\n\nexport interface LeaseClient {\n\t// Cached handles use renewLease; read-only runtime probes use peekLease.\n\tendActiveUse(leaseId: string, useId: string, request: EndToolVmActiveUseRequest): Promise<void>;\n\theartbeatActiveUse(leaseId: string, useId: string): Promise<HeartbeatToolVmActiveUseResponse>;\n\tpeekLease(leaseId: string): Promise<ToolVmLeasePeek>;\n\tpublishOpenClawRuntimeStatus?(report: OpenClawRuntimeStatusReport): Promise<void>;\n\treleaseLease(leaseId: string, options?: { readonly force?: boolean }): Promise<void>;\n\trenewLease(leaseId: string): Promise<ToolVmSshLease>;\n\trequestLease(request: OpenClawGondolinLeaseRequest): Promise<ToolVmSshLease>;\n\tstartActiveUse(\n\t\tleaseId: string,\n\t\trequest: StartToolVmActiveUseRequest,\n\t): Promise<StartToolVmActiveUseResponse>;\n}\n\nexport type ControllerLeaseRequestErrorKind = 'client-error' | 'server-error';\n\nexport class ControllerLeaseRequestError extends Error {\n\treadonly bodyText: string;\n\treadonly kind: ControllerLeaseRequestErrorKind;\n\treadonly responseBody: JsonValue | undefined;\n\treadonly status: number;\n\n\tconstructor(options: {\n\t\treadonly bodyText: string;\n\t\treadonly context: string;\n\t\treadonly responseBody: JsonValue | undefined;\n\t\treadonly status: number;\n\t}) {\n\t\tconst kind: ControllerLeaseRequestErrorKind =\n\t\t\toptions.status >= 400 && options.status < 500 ? 'client-error' : 'server-error';\n\t\tsuper(\n\t\t\t`${options.context} returned HTTP ${String(options.status)} (${kind})${formatStructuredErrorSuffix(\n\t\t\t\toptions.responseBody,\n\t\t\t)}`,\n\t\t);\n\t\tthis.bodyText = options.bodyText;\n\t\tthis.kind = kind;\n\t\tthis.responseBody = options.responseBody;\n\t\tthis.status = options.status;\n\t}\n}\n\nconst structuredControllerErrorSchema = z.object({\n\tguidance: z.string().trim().min(1).optional(),\n\tmessage: z.string().trim().min(1).optional(),\n});\n\nfunction isJsonObjectRecord(value: unknown): value is { readonly [key: string]: JsonValue } {\n\treturn (\n\t\ttypeof value === 'object' &&\n\t\tvalue !== null &&\n\t\t!Array.isArray(value) &&\n\t\tObject.values(value).every(isJsonValue)\n\t);\n}\n\nfunction isJsonValue(value: unknown): value is JsonValue {\n\tif (\n\t\tvalue === null ||\n\t\ttypeof value === 'string' ||\n\t\ttypeof value === 'boolean' ||\n\t\ttypeof value === 'number'\n\t) {\n\t\treturn true;\n\t}\n\tif (Array.isArray(value)) {\n\t\treturn value.every(isJsonValue);\n\t}\n\treturn isJsonObjectRecord(value);\n}\n\nconst jsonValueSchema = z.custom<JsonValue>(isJsonValue);\n\nfunction objectValue(value: unknown): object | undefined {\n\treturn typeof value === 'object' && value !== null ? value : undefined;\n}\n\nfunction formatStructuredErrorSuffix(responseBody: JsonValue | undefined): string {\n\tconst parsedError = structuredControllerErrorSchema.safeParse(responseBody);\n\tif (!parsedError.success) {\n\t\treturn '';\n\t}\n\tconst { guidance, message } = parsedError.data;\n\tconst parts = [message, guidance ? `Guidance: ${guidance}` : undefined].filter(\n\t\t(part): part is string => part !== undefined,\n\t);\n\treturn parts.length > 0 ? `: ${parts.join(' ')}` : '';\n}\n\nfunction isStartActiveUseResponse(value: unknown): value is StartToolVmActiveUseResponse {\n\tconst record = objectValue(value);\n\treturn (\n\t\trecord !== undefined &&\n\t\ttypeof Reflect.get(record, 'expiresAt') === 'number' &&\n\t\ttypeof Reflect.get(record, 'heartbeatAfterMs') === 'number' &&\n\t\ttypeof Reflect.get(record, 'useId') === 'string'\n\t);\n}\n\nfunction isHeartbeatActiveUseResponse(value: unknown): value is HeartbeatToolVmActiveUseResponse {\n\tconst record = objectValue(value);\n\treturn (\n\t\trecord !== undefined &&\n\t\ttypeof Reflect.get(record, 'expiresAt') === 'number' &&\n\t\ttypeof Reflect.get(record, 'heartbeatAfterMs') === 'number'\n\t);\n}\n\nfunction formatUnknownError(error: unknown): string {\n\treturn error instanceof Error ? error.message : String(error);\n}\n\nfunction writeLeaseClientLog(message: string): void {\n\tprocess.stderr.write(`[openclaw-agent-vm-plugin] ${message}\\n`);\n}\n\nfunction parseJsonBody(bodyText: string, context: string): JsonValue | undefined {\n\ttry {\n\t\tconst parsedJson: unknown = JSON.parse(bodyText);\n\t\tconst parsedBody = jsonValueSchema.safeParse(parsedJson);\n\t\treturn parsedBody.success ? parsedBody.data : undefined;\n\t} catch (error) {\n\t\twriteLeaseClientLog(`${context} returned a non-JSON error body: ${formatUnknownError(error)}`);\n\t\treturn undefined;\n\t}\n}\n\nasync function readErrorBody(\n\tresponse: Response,\n\tcontext: string,\n): Promise<{\n\treadonly bodyText: string;\n\treadonly responseBody: JsonValue | undefined;\n}> {\n\tconst bodyText = await response.text().catch(() => '(unreadable)');\n\treturn {\n\t\tbodyText,\n\t\tresponseBody: bodyText === '(unreadable)' ? undefined : parseJsonBody(bodyText, context),\n\t};\n}\n\nasync function readJsonResponse<TValue>(\n\tresponse: Response,\n\tcontext: string,\n\tisExpectedResponse: (value: unknown) => value is TValue,\n): Promise<TValue> {\n\tif (!response.ok) {\n\t\tconst errorBody = await readErrorBody(response, context);\n\t\tthrow new ControllerLeaseRequestError({\n\t\t\tbodyText: errorBody.bodyText,\n\t\t\tcontext,\n\t\t\tresponseBody: errorBody.responseBody,\n\t\t\tstatus: response.status,\n\t\t});\n\t}\n\tconst payload = await response.json();\n\tif (!isExpectedResponse(payload)) {\n\t\tthrow new TypeError(\n\t\t\t`${context} returned an invalid response: ${JSON.stringify(payload).slice(0, 200)}`,\n\t\t);\n\t}\n\treturn payload;\n}\n\nexport function createLeaseClient(options: {\n\treadonly controllerUrl: string;\n\treadonly fetchImpl?: (input: string | URL | Request, init?: RequestInit) => Promise<Response>;\n}): LeaseClient {\n\tconst fetchImpl = options.fetchImpl ?? fetch;\n\tconst baseUrl = options.controllerUrl.replace(/\\/$/u, '');\n\tconst renewLease = async (leaseId: string): Promise<ToolVmSshLease> => {\n\t\tconst response = await fetchImpl(`${baseUrl}/lease/${encodeURIComponent(leaseId)}/renew`, {\n\t\t\tmethod: 'POST',\n\t\t});\n\t\treturn await readJsonResponse(response, 'Controller lease renew API', isToolVmSshLease);\n\t};\n\n\treturn {\n\t\tendActiveUse: async (\n\t\t\tleaseId: string,\n\t\t\tuseId: string,\n\t\t\trequest: EndToolVmActiveUseRequest,\n\t\t): Promise<void> => {\n\t\t\tconst response = await fetchImpl(\n\t\t\t\t`${baseUrl}/lease/${encodeURIComponent(leaseId)}/uses/${encodeURIComponent(useId)}`,\n\t\t\t\t{\n\t\t\t\t\tbody: JSON.stringify(request),\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t\t},\n\t\t\t\t\tmethod: 'DELETE',\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (!response.ok) {\n\t\t\t\tconst errorBody = await readErrorBody(response, 'Controller active-use end API');\n\t\t\t\tthrow new ControllerLeaseRequestError({\n\t\t\t\t\tbodyText: errorBody.bodyText,\n\t\t\t\t\tcontext: 'Controller active-use end API',\n\t\t\t\t\tresponseBody: errorBody.responseBody,\n\t\t\t\t\tstatus: response.status,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t\theartbeatActiveUse: async (\n\t\t\tleaseId: string,\n\t\t\tuseId: string,\n\t\t): Promise<HeartbeatToolVmActiveUseResponse> => {\n\t\t\tconst response = await fetchImpl(\n\t\t\t\t`${baseUrl}/lease/${encodeURIComponent(leaseId)}/uses/${encodeURIComponent(useId)}/heartbeat`,\n\t\t\t\t{\n\t\t\t\t\tmethod: 'POST',\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn await readJsonResponse(\n\t\t\t\tresponse,\n\t\t\t\t'Controller active-use heartbeat API',\n\t\t\t\tisHeartbeatActiveUseResponse,\n\t\t\t);\n\t\t},\n\t\trenewLease,\n\t\tpeekLease: async (leaseId: string): Promise<ToolVmLeasePeek> => {\n\t\t\tconst response = await fetchImpl(`${baseUrl}/lease/${encodeURIComponent(leaseId)}/peek`);\n\t\t\treturn await readJsonResponse(response, 'Controller lease peek API', isToolVmLeasePeek);\n\t\t},\n\t\tpublishOpenClawRuntimeStatus: async (report): Promise<void> => {\n\t\t\tconst response = await fetchImpl(\n\t\t\t\t`${baseUrl}/zones/${encodeURIComponent(report.zoneId)}/openclaw-runtime-status`,\n\t\t\t\t{\n\t\t\t\t\tbody: JSON.stringify(report),\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t\t},\n\t\t\t\t\tmethod: 'POST',\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (!response.ok) {\n\t\t\t\tconst errorBody = await readErrorBody(response, 'Controller OpenClaw runtime status API');\n\t\t\t\tthrow new ControllerLeaseRequestError({\n\t\t\t\t\tbodyText: errorBody.bodyText,\n\t\t\t\t\tcontext: 'Controller OpenClaw runtime status API',\n\t\t\t\t\tresponseBody: errorBody.responseBody,\n\t\t\t\t\tstatus: response.status,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t\treleaseLease: async (\n\t\t\tleaseId: string,\n\t\t\treleaseOptions: { readonly force?: boolean } = {},\n\t\t): Promise<void> => {\n\t\t\tconst releaseUrl = new URL(`${baseUrl}/lease/${encodeURIComponent(leaseId)}`);\n\t\t\tif (releaseOptions.force === true) {\n\t\t\t\treleaseUrl.searchParams.set('force', 'true');\n\t\t\t}\n\t\t\tconst response = await fetchImpl(releaseUrl.toString(), {\n\t\t\t\tmethod: 'DELETE',\n\t\t\t});\n\t\t\tif (!response.ok) {\n\t\t\t\tconst errorBody = await readErrorBody(response, 'Controller lease release API');\n\t\t\t\tthrow new ControllerLeaseRequestError({\n\t\t\t\t\tbodyText: errorBody.bodyText,\n\t\t\t\t\tcontext: 'Controller lease release API',\n\t\t\t\t\tresponseBody: errorBody.responseBody,\n\t\t\t\t\tstatus: response.status,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t\trequestLease: async (request): Promise<ToolVmSshLease> => {\n\t\t\tconst response = await fetchImpl(`${baseUrl}/lease`, {\n\t\t\t\tbody: JSON.stringify({\n\t\t\t\t\tagentId: request.agentId,\n\t\t\t\t\tagentWorkspaceDir: request.agentWorkspaceDir,\n\t\t\t\t\tprofileId: request.profileId,\n\t\t\t\t\tsandbox: request.sandbox,\n\t\t\t\t\tscopeKey: request.scopeKey,\n\t\t\t\t\tsessionKey: request.sessionKey,\n\t\t\t\t\tworkMountDir: request.workMountDir,\n\t\t\t\t\tzoneId: request.zoneId,\n\t\t\t\t}),\n\t\t\t\theaders: {\n\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t},\n\t\t\t\tmethod: 'POST',\n\t\t\t});\n\t\t\treturn await readJsonResponse(response, 'Controller lease API', isToolVmSshLease);\n\t\t},\n\t\tstartActiveUse: async (\n\t\t\tleaseId: string,\n\t\t\trequest: StartToolVmActiveUseRequest,\n\t\t): Promise<StartToolVmActiveUseResponse> => {\n\t\t\tconst response = await fetchImpl(`${baseUrl}/lease/${encodeURIComponent(leaseId)}/uses`, {\n\t\t\t\tbody: JSON.stringify(request),\n\t\t\t\theaders: {\n\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t},\n\t\t\t\tmethod: 'POST',\n\t\t\t});\n\t\t\treturn await readJsonResponse(\n\t\t\t\tresponse,\n\t\t\t\t'Controller active-use start API',\n\t\t\t\tisStartActiveUseResponse,\n\t\t\t);\n\t\t},\n\t};\n}\n","const agentIdPattern = /^[a-z0-9][a-z0-9_-]{0,63}$/iu;\n\nexport const OPENCLAW_DEFAULT_AGENT_ID = 'main';\n\nexport const OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS = [\n\t{ expectedValue: 'gondolin', key: 'backend' },\n\t{ expectedValue: 'all', key: 'mode' },\n\t{ expectedValue: 'agent', key: 'scope' },\n\t{ expectedValue: 'rw', key: 'workspaceAccess' },\n] as const;\n\nexport const OPENCLAW_GONDOLIN_LEASE_SCOPE_GUIDANCE =\n\t'Managed OpenClaw/Gondolin requires agents.*.sandbox.scope=\"agent\"; the lease scopeKey must be agent:<agentId>, not a raw channel, session, or subagent key.';\n\nexport type OpenClawGondolinSandboxRequirement =\n\t(typeof OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS)[number];\n\nexport type OpenClawGondolinSandboxRequirementKey = OpenClawGondolinSandboxRequirement['key'];\n\nexport interface OpenClawGondolinSandboxSnapshot {\n\treadonly backend?: unknown;\n\treadonly mode?: unknown;\n\treadonly scope?: unknown;\n\treadonly workspaceAccess?: unknown;\n}\n\nexport interface OpenClawGondolinAgentConfig {\n\treadonly id?: unknown;\n\treadonly sandbox?: OpenClawGondolinSandboxSnapshot;\n\treadonly workspace?: unknown;\n}\n\nexport function isOpenClawAgentId(value: string): boolean {\n\treturn agentIdPattern.test(value.trim());\n}\n\nexport function effectiveOpenClawGondolinSandboxValue(\n\tdefaults: OpenClawGondolinAgentConfig,\n\tagentConfig: OpenClawGondolinAgentConfig,\n\tkey: OpenClawGondolinSandboxRequirementKey,\n): unknown {\n\treturn agentConfig.sandbox?.[key] ?? defaults.sandbox?.[key];\n}\n\nexport function formatOpenClawGondolinRequirementFieldPath(\n\tlabel: string,\n\tkey: OpenClawGondolinSandboxRequirementKey,\n): string {\n\treturn `agents.${label}.sandbox.${key}`;\n}\n\nexport function formatOpenClawGondolinRequirementFindingId(options: {\n\treadonly fieldPath: string;\n\treadonly label: string;\n\treadonly zoneId: string;\n}): string {\n\treturn `openclaw-tool-vm-${options.fieldPath.replace(/[.[\\]]/gu, '-')}-${options.zoneId}-${options.label}`;\n}\n\nexport function formatOpenClawGondolinRequirementHint(options: {\n\treadonly expectedValue: string;\n\treadonly fieldPath: string;\n\treadonly ok: boolean;\n}): string {\n\treturn options.ok\n\t\t? `${options.fieldPath}=${options.expectedValue}`\n\t\t: `Set ${options.fieldPath} to \"${options.expectedValue}\" for OpenClaw Tool VM mediation.`;\n}\n\nexport function normalizeOpenClawAgentId(value: string | undefined | null): string {\n\tconst trimmed = (value ?? '').trim().toLowerCase();\n\treturn isOpenClawAgentId(trimmed) ? trimmed : OPENCLAW_DEFAULT_AGENT_ID;\n}\n\nexport function resolveOpenClawAgentIdFromSessionKey(sessionKey: string): string {\n\tconst parts = sessionKey.trim().split(':');\n\tif (parts[0] !== 'agent' || !parts[1]) {\n\t\treturn OPENCLAW_DEFAULT_AGENT_ID;\n\t}\n\treturn normalizeOpenClawAgentId(parts[1]);\n}\n\nexport function isOpenClawAgentSessionKey(sessionKey: string): boolean {\n\tconst parts = sessionKey.trim().split(':');\n\treturn parts[0] === 'agent' && parts[1] !== undefined && isOpenClawAgentId(parts[1]);\n}\n\nexport function expectedOpenClawGondolinScopeKey(agentId: string): string {\n\treturn `agent:${agentId}`;\n}\n\nexport function snapshotOpenClawGondolinSandboxConfig(cfg: OpenClawGondolinSandboxSnapshot): {\n\treadonly backend: unknown;\n\treadonly mode: unknown;\n\treadonly scope: unknown;\n\treadonly workspaceAccess: unknown;\n} {\n\treturn {\n\t\tbackend: cfg.backend,\n\t\tmode: cfg.mode,\n\t\tscope: cfg.scope,\n\t\tworkspaceAccess: cfg.workspaceAccess,\n\t};\n}\n\nexport function findOpenClawGondolinSandboxMismatch(\n\tsandbox: OpenClawGondolinSandboxSnapshot,\n): OpenClawGondolinSandboxRequirement | undefined {\n\treturn OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS.find(\n\t\t(requirement) => sandbox[requirement.key] !== requirement.expectedValue,\n\t);\n}\n","export function buildShellScriptWithArgs(script: string, args?: readonly string[]): string {\n\tif (!args || args.length === 0) {\n\t\treturn script;\n\t}\n\n\tconst escapedArgs = args.map((arg) => `'${arg.replace(/'/g, \"'\\\\''\")}'`).join(' ');\n\treturn `set -- ${escapedArgs}; ${script}`;\n}\n","import {\n\tcreateToolVmActiveUseHandle,\n\ttype ToolVmActiveUseHandle,\n\ttype ToolVmActiveUseOutcome,\n\ttype ToolVmActiveUseCorrelation,\n\ttype StartToolVmActiveUseRequest,\n\ttype StartToolVmActiveUseResponse,\n\ttype HeartbeatToolVmActiveUseResponse,\n\ttype EndToolVmActiveUseRequest,\n\tisToolVmSshLease,\n} from '@agent-vm/gateway-interface';\n\nimport {\n\tControllerLeaseRequestError,\n\tcreateLeaseClient,\n\ttype LeaseClient,\n\ttype OpenClawRuntimeStatusReport,\n} from '../controller-lease-client.js';\nimport {\n\texpectedOpenClawGondolinScopeKey,\n\tfindOpenClawGondolinSandboxMismatch,\n\tOPENCLAW_GONDOLIN_LEASE_SCOPE_GUIDANCE,\n\tresolveOpenClawAgentIdFromSessionKey,\n\tsnapshotOpenClawGondolinSandboxConfig,\n\ttype OpenClawGondolinSandboxSnapshot,\n} from '../openclaw-gondolin-contract.js';\nimport {\n\ttype CachedScopeEntry,\n\ttype CreateBackendDependencies,\n\ttype OpenClawFsBridgeLeaseContext,\n\ttype OpenClawSandboxBackendHandle,\n} from './sandbox-backend-contract.js';\nimport { buildShellScriptWithArgs } from './sandbox-shell-script.js';\n\nfunction scopeCacheKey(params: {\n\treadonly agentWorkspaceDir: string;\n\treadonly profileId: string;\n\treadonly scopeKey: string;\n\treadonly workspaceDir: string;\n\treadonly zoneId: string;\n}): string {\n\treturn [\n\t\tparams.zoneId,\n\t\tparams.scopeKey,\n\t\tparams.profileId,\n\t\tparams.agentWorkspaceDir,\n\t\tparams.workspaceDir,\n\t].join('\\0');\n}\n\nfunction formatControllerLeaseRequestError(error: ControllerLeaseRequestError): string {\n\tconst responseBody =\n\t\terror.responseBody === undefined ? error.bodyText : JSON.stringify(error.responseBody);\n\treturn `${error.message}; response=${responseBody}`;\n}\n\nfunction formatUnknownError(error: unknown): string {\n\tif (error instanceof ControllerLeaseRequestError) {\n\t\treturn formatControllerLeaseRequestError(error);\n\t}\n\treturn error instanceof Error ? error.message : String(error);\n}\n\nfunction writeSandboxBackendLog(message: string): void {\n\tprocess.stderr.write(`[openclaw-agent-vm-plugin] ${message}\\n`);\n}\n\nfunction shouldRefreshCachedLease(error: unknown): boolean {\n\treturn error instanceof ControllerLeaseRequestError && error.status === 404;\n}\n\nfunction isCleanupNotFound(error: unknown): boolean {\n\treturn error instanceof ControllerLeaseRequestError && error.status === 404;\n}\n\ninterface DisposableFinalizeToken {\n\tdispose(): Promise<void>;\n}\n\ninterface ActiveUseFinalizeToken {\n\treadonly activeUseHandle: ToolVmActiveUseHandle;\n\treadonly innerToken?: unknown;\n}\n\nfunction isDisposableFinalizeToken(value: unknown): value is DisposableFinalizeToken {\n\treturn (\n\t\ttypeof value === 'object' &&\n\t\tvalue !== null &&\n\t\t'dispose' in value &&\n\t\ttypeof Reflect.get(value, 'dispose') === 'function'\n\t);\n}\n\nfunction isActiveUseFinalizeToken(value: unknown): value is ActiveUseFinalizeToken {\n\treturn (\n\t\ttypeof value === 'object' &&\n\t\tvalue !== null &&\n\t\t'activeUseHandle' in value &&\n\t\ttypeof Reflect.get(value, 'activeUseHandle') === 'object'\n\t);\n}\n\nfunction activeUseOutcomeForFinalizeParams(finalizeParams: {\n\treadonly status: 'completed' | 'failed';\n\treadonly timedOut: boolean;\n}): ToolVmActiveUseOutcome {\n\treturn finalizeParams.timedOut\n\t\t? 'timed-out'\n\t\t: finalizeParams.status === 'completed'\n\t\t\t? 'completed'\n\t\t\t: 'failed';\n}\n\nfunction resolveLeaseRequestAgentId(sessionKey: string): string {\n\treturn resolveOpenClawAgentIdFromSessionKey(sessionKey);\n}\n\nfunction assertPluginLeaseContract(params: {\n\treadonly agentId: string;\n\treadonly cfg: OpenClawGondolinSandboxSnapshot;\n\treadonly scopeKey: string;\n}): void {\n\tconst mismatch = findOpenClawGondolinSandboxMismatch(params.cfg);\n\tif (mismatch) {\n\t\tthrow new Error(\n\t\t\t`OpenClaw Gondolin sandbox requires ${mismatch.key}=${mismatch.expectedValue}; received ${String(params.cfg[mismatch.key])}.`,\n\t\t);\n\t}\n\tconst expectedScopeKey = expectedOpenClawGondolinScopeKey(params.agentId);\n\tif (params.scopeKey !== expectedScopeKey) {\n\t\tthrow new Error(\n\t\t\t`OpenClaw Gondolin sandbox requires scopeKey '${expectedScopeKey}' for agent '${params.agentId}'; received '${params.scopeKey}'. ${OPENCLAW_GONDOLIN_LEASE_SCOPE_GUIDANCE}`,\n\t\t);\n\t}\n}\n\nexport function createGondolinSandboxBackendFactory(\n\toptions: {\n\t\treadonly controllerUrl: string;\n\t\treadonly openClawRuntimeStatusProvider?: () => OpenClawRuntimeStatusReport | undefined;\n\t\treadonly profileId?: string;\n\t\treadonly zoneId: string;\n\t},\n\tdependencies: CreateBackendDependencies,\n): (params: {\n\treadonly agentWorkspaceDir: string;\n\treadonly cfg: OpenClawGondolinSandboxSnapshot & {\n\t\treadonly docker?: {\n\t\t\treadonly env?: Record<string, string>;\n\t\t};\n\t};\n\treadonly scopeKey: string;\n\treadonly sessionKey: string;\n\treadonly workspaceDir: string;\n}) => Promise<OpenClawSandboxBackendHandle> {\n\tconst scopeCache = new Map<string, CachedScopeEntry>();\n\n\treturn async (params) => {\n\t\tconst profileId = options.profileId ?? 'standard';\n\t\tconst agentId = resolveLeaseRequestAgentId(params.sessionKey);\n\t\tassertPluginLeaseContract({\n\t\t\tagentId,\n\t\t\tcfg: params.cfg,\n\t\t\tscopeKey: params.scopeKey,\n\t\t});\n\t\tconst cacheKey = scopeCacheKey({\n\t\t\tagentWorkspaceDir: params.agentWorkspaceDir,\n\t\t\tprofileId,\n\t\t\tscopeKey: params.scopeKey,\n\t\t\tworkspaceDir: params.workspaceDir,\n\t\t\tzoneId: options.zoneId,\n\t\t});\n\t\tconst leaseClient =\n\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\tconst cachedEntry = scopeCache.get(cacheKey);\n\t\tif (cachedEntry) {\n\t\t\ttry {\n\t\t\t\tawait leaseClient.renewLease(cachedEntry.lease.leaseId);\n\t\t\t\treturn cachedEntry.handle;\n\t\t\t} catch (error) {\n\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t`lease renew failed for zone '${options.zoneId}' scope '${params.scopeKey}' lease '${cachedEntry.lease.leaseId}': ${formatUnknownError(error)}`,\n\t\t\t\t);\n\t\t\t\tif (!shouldRefreshCachedLease(error)) {\n\t\t\t\t\tthrow error;\n\t\t\t\t}\n\t\t\t\tscopeCache.delete(cacheKey);\n\t\t\t}\n\t\t}\n\t\t// OpenClaw SDK still names the selected sandbox path `workspaceDir`.\n\t\t// agent-vm's controller calls the same value `workMountDir` because it\n\t\t// selects the host path exposed at the lease response `workdir`.\n\t\tconst runtimeStatus = options.openClawRuntimeStatusProvider?.();\n\t\tif (runtimeStatus && leaseClient.publishOpenClawRuntimeStatus) {\n\t\t\tawait leaseClient.publishOpenClawRuntimeStatus(runtimeStatus);\n\t\t}\n\t\tconst leaseResponse = await leaseClient.requestLease({\n\t\t\tagentId,\n\t\t\tagentWorkspaceDir: params.agentWorkspaceDir,\n\t\t\tprofileId,\n\t\t\tsandbox: snapshotOpenClawGondolinSandboxConfig(params.cfg),\n\t\t\tscopeKey: params.scopeKey,\n\t\t\tsessionKey: params.sessionKey,\n\t\t\tworkMountDir: params.workspaceDir,\n\t\t\tzoneId: options.zoneId,\n\t\t});\n\t\tif (!isToolVmSshLease(leaseResponse)) {\n\t\t\tthrow new TypeError('Controller lease API returned an unexpected response.');\n\t\t}\n\n\t\tconst lease = leaseResponse;\n\t\tconst handle = createSandboxBackendHandle({\n\t\t\tcfg: params.cfg,\n\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\tcreateFsBridgeBuilder: dependencies.createFsBridgeBuilder,\n\t\t\tlease,\n\t\t\tleaseClient,\n\t\t\trunRemoteShellScript: dependencies.runRemoteShellScript,\n\t\t\tbuildExecSpec: dependencies.buildExecSpec,\n\t\t\tscopeKey: params.scopeKey,\n\t\t\tsessionKey: params.sessionKey,\n\t\t\tzoneId: options.zoneId,\n\t\t});\n\t\tscopeCache.set(cacheKey, { handle, lease });\n\t\treturn handle;\n\t};\n}\n\nfunction createSandboxBackendHandle(options: {\n\treadonly buildExecSpec: CreateBackendDependencies['buildExecSpec'];\n\treadonly cfg: {\n\t\treadonly docker?: {\n\t\t\treadonly env?: Record<string, string>;\n\t\t};\n\t};\n\treadonly controllerUrl: string;\n\treadonly createFsBridgeBuilder?: CreateBackendDependencies['createFsBridgeBuilder'];\n\treadonly lease: CachedScopeEntry['lease'];\n\treadonly leaseClient: LeaseClient;\n\treadonly runRemoteShellScript: CreateBackendDependencies['runRemoteShellScript'];\n\treadonly scopeKey: string;\n\treadonly sessionKey: string;\n\treadonly zoneId: string;\n}): OpenClawSandboxBackendHandle {\n\tconst createActiveUseHandle = async (\n\t\tcorrelation: ToolVmActiveUseCorrelation,\n\t): Promise<ToolVmActiveUseHandle> =>\n\t\tawait createToolVmActiveUseHandle({\n\t\t\tcorrelation,\n\t\t\tendActiveUse: async (useId: string, request: EndToolVmActiveUseRequest): Promise<void> => {\n\t\t\t\tawait options.leaseClient.endActiveUse(options.lease.leaseId, useId, request);\n\t\t\t},\n\t\t\theartbeatActiveUse: async (useId: string): Promise<HeartbeatToolVmActiveUseResponse> =>\n\t\t\t\tawait options.leaseClient.heartbeatActiveUse(options.lease.leaseId, useId),\n\t\t\tisEndErrorTolerable: isCleanupNotFound,\n\t\t\tlogEndFailure: (error: unknown): void => {\n\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t`active-use cleanup ignored for zone '${options.zoneId}' lease '${options.lease.leaseId}': ${formatUnknownError(error)}`,\n\t\t\t\t);\n\t\t\t},\n\t\t\tlogHeartbeatFailure: (error: unknown): void => {\n\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t`active-use heartbeat failed for zone '${options.zoneId}' lease '${options.lease.leaseId}': ${formatUnknownError(error)}`,\n\t\t\t\t);\n\t\t\t},\n\t\t\tstartActiveUse: async (\n\t\t\t\trequest: StartToolVmActiveUseRequest,\n\t\t\t): Promise<StartToolVmActiveUseResponse> =>\n\t\t\t\tawait options.leaseClient.startActiveUse(options.lease.leaseId, request),\n\t\t});\n\n\tconst runWithActiveUse = async <TResult>(\n\t\tcorrelation: ToolVmActiveUseCorrelation,\n\t\tfn: () => Promise<TResult>,\n\t): Promise<TResult> => {\n\t\tconst activeUseHandle = await createActiveUseHandle(correlation);\n\t\ttry {\n\t\t\tconst result = await fn();\n\t\t\tawait activeUseHandle.dispose('completed');\n\t\t\treturn result;\n\t\t} catch (error) {\n\t\t\tawait activeUseHandle.dispose('failed').catch((cleanupError: unknown) => {\n\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t`failed to end active use after operation failure for zone '${options.zoneId}' lease '${options.lease.leaseId}': ${formatUnknownError(cleanupError)}`,\n\t\t\t\t);\n\t\t\t});\n\t\t\tthrow error;\n\t\t}\n\t};\n\n\tconst boundRunRemoteShellScript: OpenClawFsBridgeLeaseContext['runRemoteShellScript'] = async (\n\t\tshellParams,\n\t) =>\n\t\tawait runWithActiveUse(\n\t\t\t{\n\t\t\t\tsessionKey: options.sessionKey,\n\t\t\t\ttoolName: 'fs-bridge',\n\t\t\t},\n\t\t\tasync () =>\n\t\t\t\tawait options.runRemoteShellScript({\n\t\t\t\t\t...(shellParams.allowFailure !== undefined\n\t\t\t\t\t\t? { allowFailure: shellParams.allowFailure }\n\t\t\t\t\t\t: {}),\n\t\t\t\t\tscript: buildShellScriptWithArgs(shellParams.script, shellParams.args),\n\t\t\t\t\t...(shellParams.signal !== undefined ? { signal: shellParams.signal } : {}),\n\t\t\t\t\tssh: options.lease.ssh,\n\t\t\t\t\t...(shellParams.stdin !== undefined ? { stdin: shellParams.stdin } : {}),\n\t\t\t\t}),\n\t\t);\n\n\tconst disposeInnerFinalizeToken = async (token: unknown): Promise<void> => {\n\t\tif (isDisposableFinalizeToken(token)) {\n\t\t\tawait token.dispose();\n\t\t}\n\t};\n\n\tconst endActiveUseFinalizeToken = async (\n\t\ttoken: ActiveUseFinalizeToken,\n\t\toutcome: ToolVmActiveUseOutcome,\n\t): Promise<void> => {\n\t\tlet innerError: unknown;\n\t\ttry {\n\t\t\tawait disposeInnerFinalizeToken(token.innerToken);\n\t\t} catch (error) {\n\t\t\tinnerError = error;\n\t\t}\n\t\tlet activeUseError: unknown;\n\t\ttry {\n\t\t\tawait token.activeUseHandle.dispose(outcome);\n\t\t} catch (error) {\n\t\t\tactiveUseError = error;\n\t\t}\n\t\tif (innerError) {\n\t\t\tthrow innerError;\n\t\t}\n\t\tif (activeUseError) {\n\t\t\tthrow activeUseError;\n\t\t}\n\t};\n\n\tconst createFsBridge = options.createFsBridgeBuilder?.({\n\t\tremoteAgentWorkspaceDir: options.lease.workdir,\n\t\tremoteWorkspaceDir: options.lease.workdir,\n\t\trunRemoteShellScript: boundRunRemoteShellScript,\n\t});\n\n\treturn {\n\t\t...(createFsBridge ? { createFsBridge } : {}),\n\t\t...(options.cfg.docker?.env ? { env: options.cfg.docker.env } : {}),\n\t\tconfigLabel: `${options.controllerUrl} (${options.zoneId})`,\n\t\tconfigLabelKind: 'VM',\n\t\tid: 'gondolin',\n\t\truntimeId: options.lease.leaseId,\n\t\truntimeLabel: options.lease.leaseId,\n\t\tworkdir: options.lease.workdir,\n\t\tbuildExecSpec: async (execParams) => {\n\t\t\tconst activeUseHandle = await createActiveUseHandle({\n\t\t\t\tsessionKey: options.sessionKey,\n\t\t\t\ttoolName: 'shell',\n\t\t\t});\n\t\t\ttry {\n\t\t\t\tconst execSpec = await options.buildExecSpec({\n\t\t\t\t\tcommand: execParams.command,\n\t\t\t\t\tenv: execParams.env,\n\t\t\t\t\tssh: options.lease.ssh,\n\t\t\t\t\tusePty: execParams.usePty,\n\t\t\t\t\tworkdir: execParams.workdir ?? options.lease.workdir,\n\t\t\t\t});\n\t\t\t\treturn {\n\t\t\t\t\t...execSpec,\n\t\t\t\t\tfinalizeToken: {\n\t\t\t\t\t\tactiveUseHandle,\n\t\t\t\t\t\t...(execSpec.finalizeToken !== undefined ? { innerToken: execSpec.finalizeToken } : {}),\n\t\t\t\t\t} satisfies ActiveUseFinalizeToken,\n\t\t\t\t};\n\t\t\t} catch (error) {\n\t\t\t\tawait activeUseHandle.dispose('failed').catch((cleanupError: unknown) => {\n\t\t\t\t\twriteSandboxBackendLog(\n\t\t\t\t\t\t`failed to end active use after buildExecSpec failure for zone '${options.zoneId}' lease '${options.lease.leaseId}': ${formatUnknownError(cleanupError)}`,\n\t\t\t\t\t);\n\t\t\t\t});\n\t\t\t\tthrow error;\n\t\t\t}\n\t\t},\n\t\tfinalizeExec: async (finalizeParams) => {\n\t\t\tif (isActiveUseFinalizeToken(finalizeParams.token)) {\n\t\t\t\tawait endActiveUseFinalizeToken(\n\t\t\t\t\tfinalizeParams.token,\n\t\t\t\t\tactiveUseOutcomeForFinalizeParams(finalizeParams),\n\t\t\t\t);\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tawait disposeInnerFinalizeToken(finalizeParams.token);\n\t\t},\n\t\trunShellCommand: async (commandParams) =>\n\t\t\tawait runWithActiveUse(\n\t\t\t\t{\n\t\t\t\t\tsessionKey: options.sessionKey,\n\t\t\t\t\ttoolName: 'runShellCommand',\n\t\t\t\t},\n\t\t\t\tasync () =>\n\t\t\t\t\tawait options.runRemoteShellScript({\n\t\t\t\t\t\tscript: commandParams.script,\n\t\t\t\t\t\tssh: options.lease.ssh,\n\t\t\t\t\t}),\n\t\t\t),\n\t} satisfies OpenClawSandboxBackendHandle;\n}\n","import { ControllerLeaseRequestError, createLeaseClient } from '../controller-lease-client.js';\nimport type { CreateBackendDependencies } from './sandbox-backend-contract.js';\n\nexport function createGondolinSandboxBackendManager(\n\toptions: {\n\t\treadonly controllerUrl: string;\n\t\treadonly zoneId: string;\n\t},\n\tdependencies: CreateBackendDependencies,\n): {\n\tdescribeRuntime: (params: {\n\t\treadonly entry: { readonly containerName: string };\n\t}) => Promise<{ readonly configLabelMatch: boolean; readonly running: boolean }>;\n\tremoveRuntime: (params: { readonly entry: { readonly containerName: string } }) => Promise<void>;\n} {\n\treturn {\n\t\tdescribeRuntime: async (params) => {\n\t\t\tconst leaseClient =\n\t\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\t\ttry {\n\t\t\t\tconst leaseStatus = await leaseClient.peekLease(params.entry.containerName);\n\t\t\t\treturn { configLabelMatch: true, running: leaseStatus !== null };\n\t\t\t} catch (error) {\n\t\t\t\tif (!(error instanceof ControllerLeaseRequestError) || error.status !== 404) {\n\t\t\t\t\tthrow error;\n\t\t\t\t}\n\t\t\t\treturn { configLabelMatch: false, running: false };\n\t\t\t}\n\t\t},\n\t\tremoveRuntime: async (params) => {\n\t\t\tconst leaseClient =\n\t\t\t\tdependencies.createLeaseClient?.({\n\t\t\t\t\tcontrollerUrl: options.controllerUrl,\n\t\t\t\t}) ?? createLeaseClient({ controllerUrl: options.controllerUrl });\n\t\t\tawait leaseClient.releaseLease(params.entry.containerName, { force: true });\n\t\t},\n\t};\n}\n","export interface ResolvedGondolinPluginConfig {\n\treadonly controllerUrl: string;\n\treadonly profileId?: string;\n\treadonly zoneGitToken?: string;\n\treadonly zoneGitTokenEnv?: string;\n\treadonly zoneId: string;\n}\n\nexport function resolveGondolinPluginConfig(\n\tconfig: Record<string, unknown>,\n): ResolvedGondolinPluginConfig {\n\tif (typeof config.controllerUrl !== 'string' || typeof config.zoneId !== 'string') {\n\t\tthrow new Error('Gondolin plugin config requires controllerUrl and zoneId.');\n\t}\n\n\treturn {\n\t\tcontrollerUrl: config.controllerUrl,\n\t\t...(typeof config.profileId === 'string' ? { profileId: config.profileId } : {}),\n\t\t...(typeof config.zoneGitToken === 'string' ? { zoneGitToken: config.zoneGitToken } : {}),\n\t\t...(typeof config.zoneGitTokenEnv === 'string'\n\t\t\t? { zoneGitTokenEnv: config.zoneGitTokenEnv }\n\t\t\t: {}),\n\t\tzoneId: config.zoneId,\n\t};\n}\n","import type { SshHelpers, SshSandboxSession } from './openclaw-sandbox-sdk-contract.js';\nimport type {\n\tCreateBackendDependencies,\n\tOpenClawFsBridgeLeaseContext,\n\tOpenClawSandboxFsBridge,\n} from './sandbox-backend-factory.js';\n\nexport const OPENCLAW_SSH_SESSION_SCRATCH_ROOT = '/work';\n\nexport function createBackendDeps(ssh: SshHelpers): {\n\treadonly buildExecSpec: CreateBackendDependencies['buildExecSpec'];\n\treadonly createFsBridgeBuilder: (\n\t\tleaseContext: OpenClawFsBridgeLeaseContext,\n\t) => (params: { readonly sandbox: unknown }) => OpenClawSandboxFsBridge;\n\treadonly runRemoteShellScript: CreateBackendDependencies['runRemoteShellScript'];\n} {\n\treturn {\n\t\tbuildExecSpec: async ({ command, env, ssh: sshCreds, usePty, workdir }) => {\n\t\t\tconst session = await ssh.createSshSandboxSessionFromSettings({\n\t\t\t\tcommand: 'ssh',\n\t\t\t\tidentityData: sshCreds.identityPem,\n\t\t\t\tstrictHostKeyChecking: false,\n\t\t\t\ttarget: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,\n\t\t\t\tupdateHostKeys: false,\n\t\t\t\tworkspaceRoot: OPENCLAW_SSH_SESSION_SCRATCH_ROOT,\n\t\t\t});\n\t\t\tconst disposeSshSandboxSession = ssh.disposeSshSandboxSession;\n\t\t\treturn {\n\t\t\t\targv: ssh.buildSshSandboxArgv({\n\t\t\t\t\tremoteCommand: ssh.buildExecRemoteCommand({\n\t\t\t\t\t\tcommand,\n\t\t\t\t\t\tenv,\n\t\t\t\t\t\tworkdir,\n\t\t\t\t\t}),\n\t\t\t\t\tsession,\n\t\t\t\t\ttty: usePty,\n\t\t\t\t}),\n\t\t\t\tenv: ssh.sanitizeEnvVars(process.env).allowed,\n\t\t\t\tfinalizeToken: {\n\t\t\t\t\tdispose: async (): Promise<void> => {\n\t\t\t\t\t\tif (disposeSshSandboxSession) {\n\t\t\t\t\t\t\tawait disposeSshSandboxSession(session);\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t\tsession,\n\t\t\t\t},\n\t\t\t\tstdinMode: 'pipe-open' as const,\n\t\t\t};\n\t\t},\n\t\tcreateFsBridgeBuilder:\n\t\t\t(leaseContext: OpenClawFsBridgeLeaseContext) =>\n\t\t\t(params: { readonly sandbox: unknown }): OpenClawSandboxFsBridge =>\n\t\t\t\tssh.createRemoteShellSandboxFsBridge({\n\t\t\t\t\tsandbox: params.sandbox,\n\t\t\t\t\truntime: {\n\t\t\t\t\t\tremoteAgentWorkspaceDir: leaseContext.remoteAgentWorkspaceDir,\n\t\t\t\t\t\tremoteWorkspaceDir: leaseContext.remoteWorkspaceDir,\n\t\t\t\t\t\trunRemoteShellScript: leaseContext.runRemoteShellScript,\n\t\t\t\t\t},\n\t\t\t\t}),\n\t\trunRemoteShellScript: async ({ allowFailure, script, signal, ssh: sshCreds, stdin }) => {\n\t\t\tconst session = await ssh.createSshSandboxSessionFromSettings({\n\t\t\t\tcommand: 'ssh',\n\t\t\t\tidentityData: sshCreds.identityPem,\n\t\t\t\tstrictHostKeyChecking: false,\n\t\t\t\ttarget: `${sshCreds.user}@${sshCreds.host}:${sshCreds.port}`,\n\t\t\t\tupdateHostKeys: false,\n\t\t\t\tworkspaceRoot: OPENCLAW_SSH_SESSION_SCRATCH_ROOT,\n\t\t\t});\n\t\t\treturn await ssh.runSshSandboxCommand({\n\t\t\t\t...(allowFailure !== undefined ? { allowFailure } : {}),\n\t\t\t\tremoteCommand: ssh.buildRemoteCommand(['/bin/sh', '-c', script, 'gondolin-sandbox-fs']),\n\t\t\t\tsession,\n\t\t\t\t...(signal !== undefined ? { signal } : {}),\n\t\t\t\t...(stdin !== undefined ? { stdin } : {}),\n\t\t\t});\n\t\t},\n\t};\n}\n\nexport type { SshHelpers, SshSandboxSession };\n","import {\n\teffectiveOpenClawGondolinSandboxValue,\n\tformatOpenClawGondolinRequirementFieldPath,\n\tformatOpenClawGondolinRequirementFindingId,\n\tformatOpenClawGondolinRequirementHint,\n\tOPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS,\n\ttype OpenClawGondolinAgentConfig,\n} from './openclaw-gondolin-contract.js';\n\ninterface OpenClawRuntimeConfig {\n\treadonly [key: string]: unknown;\n\treadonly agents?: {\n\t\treadonly defaults?: OpenClawGondolinAgentConfig;\n\t\treadonly list?: readonly unknown[];\n\t};\n}\n\nexport interface OpenClawRuntimeRequirementFinding {\n\treadonly hint: string;\n\treadonly id: string;\n\treadonly ok: boolean;\n}\n\nexport interface OpenClawRuntimeStatusReport {\n\treadonly findings: readonly OpenClawRuntimeRequirementFinding[];\n\treadonly pluginId: 'gondolin';\n\treadonly zoneId: string;\n}\n\nfunction isObjectRecord(value: unknown): value is Record<string, unknown> {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nfunction readAgentConfigEntries(config: OpenClawRuntimeConfig): readonly {\n\treadonly config: OpenClawGondolinAgentConfig;\n\treadonly label: string;\n}[] {\n\tconst defaultConfig = config.agents?.defaults ?? {};\n\tconst agentConfigs = (config.agents?.list ?? [])\n\t\t.filter(isObjectRecord)\n\t\t.map((agentConfig, agentIndex) => ({\n\t\t\tconfig: agentConfig,\n\t\t\tlabel:\n\t\t\t\ttypeof agentConfig.id === 'string'\n\t\t\t\t\t? `agent-${agentConfig.id}`\n\t\t\t\t\t: `agent-${String(agentIndex)}`,\n\t\t}));\n\treturn [{ config: defaultConfig, label: 'defaults' }, ...agentConfigs];\n}\n\nfunction effectiveWorkspace(\n\tdefaults: OpenClawGondolinAgentConfig,\n\tagentConfig: OpenClawGondolinAgentConfig,\n): unknown {\n\treturn agentConfig.workspace ?? defaults.workspace;\n}\n\nfunction requirementFinding(options: {\n\treadonly actualValue: unknown;\n\treadonly expectedValue: string;\n\treadonly fieldPath: string;\n\treadonly label: string;\n\treadonly zoneId: string;\n}): OpenClawRuntimeRequirementFinding {\n\tconst ok = options.actualValue === options.expectedValue;\n\treturn {\n\t\tid: formatOpenClawGondolinRequirementFindingId({\n\t\t\tfieldPath: options.fieldPath,\n\t\t\tlabel: options.label,\n\t\t\tzoneId: options.zoneId,\n\t\t}),\n\t\tok,\n\t\thint: formatOpenClawGondolinRequirementHint({\n\t\t\texpectedValue: options.expectedValue,\n\t\t\tfieldPath: options.fieldPath,\n\t\t\tok,\n\t\t}),\n\t};\n}\n\nexport function buildOpenClawRuntimeStatusReport(options: {\n\treadonly config: Record<string, unknown>;\n\treadonly zoneId: string;\n}): OpenClawRuntimeStatusReport {\n\tconst config: OpenClawRuntimeConfig = options.config;\n\tconst defaults = config.agents?.defaults ?? {};\n\treturn {\n\t\tpluginId: 'gondolin',\n\t\tzoneId: options.zoneId,\n\t\tfindings: readAgentConfigEntries(config).flatMap(({ config: agentConfig, label }) => {\n\t\t\tconst workspace = effectiveWorkspace(defaults, agentConfig);\n\t\t\tconst requirementFindings = OPENCLAW_GONDOLIN_SANDBOX_REQUIREMENTS.map((requirement) =>\n\t\t\t\trequirementFinding({\n\t\t\t\t\tactualValue: effectiveOpenClawGondolinSandboxValue(\n\t\t\t\t\t\tdefaults,\n\t\t\t\t\t\tagentConfig,\n\t\t\t\t\t\trequirement.key,\n\t\t\t\t\t),\n\t\t\t\t\texpectedValue: requirement.expectedValue,\n\t\t\t\t\tfieldPath: formatOpenClawGondolinRequirementFieldPath(label, requirement.key),\n\t\t\t\t\tlabel,\n\t\t\t\t\tzoneId: options.zoneId,\n\t\t\t\t}),\n\t\t\t);\n\t\t\tconst workspaceFinding = {\n\t\t\t\tid: `openclaw-tool-vm-workspace-${options.zoneId}-${label}`,\n\t\t\t\tok: workspace !== '/zone',\n\t\t\t\thint:\n\t\t\t\t\tworkspace === '/zone'\n\t\t\t\t\t\t? 'Use /zone/agents/default or per-agent workspaces; keep /zone for shared zone files.'\n\t\t\t\t\t\t: typeof workspace === 'string'\n\t\t\t\t\t\t\t? workspace\n\t\t\t\t\t\t\t: 'agents workspace is unset',\n\t\t\t} satisfies OpenClawRuntimeRequirementFinding;\n\t\t\treturn requirementFindings.concat(workspaceFinding);\n\t\t}),\n\t};\n}\n","export interface SshSandboxSession {\n\treadonly command: string;\n\treadonly configPath: string;\n\treadonly host: string;\n}\n\nexport interface SshHelpers {\n\treadonly buildExecRemoteCommand: (params: {\n\t\treadonly command: string;\n\t\treadonly env: Record<string, string>;\n\t\treadonly workdir?: string;\n\t}) => string;\n\treadonly buildRemoteCommand: (argv: readonly string[]) => string;\n\treadonly buildSshSandboxArgv: (params: {\n\t\treadonly remoteCommand: string;\n\t\treadonly session: SshSandboxSession;\n\t\treadonly tty?: boolean;\n\t}) => string[];\n\treadonly createRemoteShellSandboxFsBridge: (params: {\n\t\treadonly runtime: {\n\t\t\treadonly remoteAgentWorkspaceDir: string;\n\t\t\treadonly remoteWorkspaceDir: string;\n\t\t\treadonly runRemoteShellScript: (shellParams: {\n\t\t\t\treadonly allowFailure?: boolean;\n\t\t\t\treadonly args?: string[];\n\t\t\t\treadonly script: string;\n\t\t\t\treadonly signal?: AbortSignal;\n\t\t\t\treadonly stdin?: Buffer | string;\n\t\t\t}) => Promise<{\n\t\t\t\treadonly code: number;\n\t\t\t\treadonly stderr: Buffer;\n\t\t\t\treadonly stdout: Buffer;\n\t\t\t}>;\n\t\t};\n\t\treadonly sandbox: unknown;\n\t}) => import('./sandbox-backend-factory.js').OpenClawSandboxFsBridge;\n\treadonly createSshSandboxSessionFromSettings: (settings: {\n\t\treadonly command: string;\n\t\treadonly identityData?: string;\n\t\treadonly strictHostKeyChecking: boolean;\n\t\treadonly target: string;\n\t\treadonly updateHostKeys: boolean;\n\t\treadonly workspaceRoot: string;\n\t}) => Promise<SshSandboxSession>;\n\treadonly disposeSshSandboxSession?: (session: SshSandboxSession) => Promise<void>;\n\treadonly runSshSandboxCommand: (params: {\n\t\treadonly allowFailure?: boolean;\n\t\treadonly remoteCommand: string;\n\t\treadonly session: SshSandboxSession;\n\t\treadonly signal?: AbortSignal;\n\t\treadonly stdin?: Buffer | string;\n\t}) => Promise<{\n\t\treadonly code: number;\n\t\treadonly stderr: Buffer;\n\t\treadonly stdout: Buffer;\n\t}>;\n\treadonly sanitizeEnvVars: (env: NodeJS.ProcessEnv) => {\n\t\treadonly allowed: Record<string, string>;\n\t};\n}\n\nexport interface OpenClawToolRegistration {\n\treadonly description: string;\n\treadonly execute: (toolCallId: string, params: unknown) => Promise<OpenClawToolResult>;\n\treadonly name: string;\n\treadonly parameters: Record<string, unknown>;\n}\n\nexport interface OpenClawToolRegistrationOptions {\n\treadonly name?: string;\n\treadonly names?: readonly string[];\n\treadonly optional?: boolean;\n}\n\nexport interface OpenClawToolResult {\n\treadonly content: string;\n\treadonly details?: unknown;\n}\n\nexport interface OpenClawToolRegistrationApi {\n\treadonly registerTool?: (\n\t\ttool: OpenClawToolRegistration,\n\t\toptions?: OpenClawToolRegistrationOptions,\n\t) => void;\n}\n\nexport function assertSdkShape(value: unknown): asserts value is SshHelpers & {\n\tregisterSandboxBackend: (\n\t\tid: string,\n\t\tregistration: {\n\t\t\tfactory: ReturnType<\n\t\t\t\ttypeof import('./sandbox-backend-factory.js').createGondolinSandboxBackendFactory\n\t\t\t>;\n\t\t\tmanager?: ReturnType<\n\t\t\t\ttypeof import('./sandbox-backend-factory.js').createGondolinSandboxBackendManager\n\t\t\t>;\n\t\t},\n\t) => void;\n} {\n\tif (typeof value !== 'object' || value === null) {\n\t\tthrow new TypeError('OpenClaw SDK module is not an object');\n\t}\n\n\tfor (const exportName of [\n\t\t'buildExecRemoteCommand',\n\t\t'buildRemoteCommand',\n\t\t'buildSshSandboxArgv',\n\t\t'createRemoteShellSandboxFsBridge',\n\t\t'createSshSandboxSessionFromSettings',\n\t\t'runSshSandboxCommand',\n\t\t'sanitizeEnvVars',\n\t\t'registerSandboxBackend',\n\t] as const) {\n\t\tif (typeof (value as Record<string, unknown>)[exportName] !== 'function') {\n\t\t\tthrow new TypeError(`OpenClaw SDK missing required export: ${exportName}`);\n\t\t}\n\t}\n}\n","import type { OpenClawToolRegistrationApi } from './openclaw-sandbox-sdk-contract.js';\n\ntype RequiredOpenClawToolRegistrationApi = OpenClawToolRegistrationApi & {\n\treadonly registerTool: NonNullable<OpenClawToolRegistrationApi['registerTool']>;\n};\n\nexport interface RegisterZoneGitToolOptions {\n\treadonly api: RequiredOpenClawToolRegistrationApi;\n\treadonly controllerUrl: string;\n\treadonly fetchImpl?: typeof fetch;\n\treadonly zoneGitToken?: string;\n\treadonly zoneId: string;\n}\n\nconst zoneGitCapabilityHeader = 'x-agent-vm-zone-git-token';\n\nfunction readExpectedHead(input: unknown): string {\n\tif (typeof input !== 'object' || input === null || !('expectedHead' in input)) {\n\t\tthrow new Error('zone_git_push requires expectedHead.');\n\t}\n\tconst expectedHead = input.expectedHead;\n\tif (typeof expectedHead !== 'string' || expectedHead.length === 0) {\n\t\tthrow new Error('zone_git_push requires expectedHead.');\n\t}\n\treturn expectedHead;\n}\n\nfunction buildControllerUrl(controllerUrl: string, zoneId: string): string {\n\treturn `${controllerUrl.replace(/\\/$/u, '')}/zones/${encodeURIComponent(zoneId)}/zone-git/push`;\n}\n\nasync function readResponseText(response: Response): Promise<string> {\n\ttry {\n\t\treturn await response.text();\n\t} catch (error) {\n\t\treturn error instanceof Error ? error.message : String(error);\n\t}\n}\n\nfunction parseJsonPayload(responseText: string): unknown {\n\ttry {\n\t\treturn JSON.parse(responseText);\n\t} catch (error) {\n\t\tthrow new Error(`zone_git_push returned non-JSON response: ${responseText.slice(0, 500)}`, {\n\t\t\tcause: error,\n\t\t});\n\t}\n}\n\nexport function registerZoneGitTool(options: RegisterZoneGitToolOptions): void {\n\toptions.api.registerTool(\n\t\t{\n\t\t\tname: 'zone_git_push',\n\t\t\tdescription:\n\t\t\t\t'Push committed OpenClaw zone workspace changes through the agent-vm controller. Use after git commit; do not run raw git push.',\n\t\t\tparameters: {\n\t\t\t\ttype: 'object',\n\t\t\t\tadditionalProperties: false,\n\t\t\t\tproperties: {\n\t\t\t\t\texpectedHead: { type: 'string' },\n\t\t\t\t},\n\t\t\t\trequired: ['expectedHead'],\n\t\t\t},\n\t\t\texecute: async (_toolCallId: string, input: unknown) => {\n\t\t\t\tconst expectedHead = readExpectedHead(input);\n\t\t\t\tconst response = await (options.fetchImpl ?? fetch)(\n\t\t\t\t\tbuildControllerUrl(options.controllerUrl, options.zoneId),\n\t\t\t\t\t{\n\t\t\t\t\t\tbody: JSON.stringify({ expectedHead }),\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t'content-type': 'application/json',\n\t\t\t\t\t\t\t...(options.zoneGitToken ? { [zoneGitCapabilityHeader]: options.zoneGitToken } : {}),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmethod: 'POST',\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tconst responseText = await readResponseText(response);\n\t\t\t\tif (!response.ok) {\n\t\t\t\t\tthrow new Error(`zone_git_push failed: ${response.status} ${responseText.slice(0, 500)}`);\n\t\t\t\t}\n\t\t\t\tconst payload = parseJsonPayload(responseText);\n\t\t\t\treturn {\n\t\t\t\t\tcontent: JSON.stringify(payload),\n\t\t\t\t\tdetails: payload,\n\t\t\t\t};\n\t\t\t},\n\t\t},\n\t\t{ name: 'zone_git_push', optional: true },\n\t);\n}\n","import { createLeaseClient } from './controller-lease-client.js';\nimport { resolveGondolinPluginConfig } from './gondolin-plugin-config.js';\nimport {\n\tOPENCLAW_SSH_SESSION_SCRATCH_ROOT,\n\tcreateBackendDeps,\n} from './openclaw-backend-dependencies.js';\nimport { buildOpenClawRuntimeStatusReport } from './openclaw-runtime-status.js';\nimport {\n\tassertSdkShape,\n\ttype OpenClawToolRegistrationApi,\n\ttype SshHelpers,\n\ttype SshSandboxSession,\n} from './openclaw-sandbox-sdk-contract.js';\nimport {\n\tcreateGondolinSandboxBackendFactory,\n\tcreateGondolinSandboxBackendManager,\n} from './sandbox-backend-factory.js';\nimport { registerZoneGitTool } from './zone-git-tool.js';\n\nconst plugin = {\n\tid: 'gondolin',\n\tname: 'Gondolin VM Sandbox',\n\tdescription: 'Sandbox backend powered by Gondolin micro-VMs.',\n\n\tregister(api: {\n\t\treadonly config?: Record<string, unknown>;\n\t\treadonly pluginConfig: Record<string, unknown>;\n\t\treadonly registerTool?: OpenClawToolRegistrationApi['registerTool'];\n\t\treadonly registrationMode: string;\n\t\treadonly runtime?: {\n\t\t\treadonly config?: {\n\t\t\t\treadonly current?: () => Record<string, unknown>;\n\t\t\t};\n\t\t};\n\t}): void {\n\t\tconst registerTool = api.registerTool;\n\t\tif (typeof registerTool !== 'function') {\n\t\t\tif (api.registrationMode === 'full') {\n\t\t\t\tthrow new Error('Gondolin full registration requires OpenClaw registerTool.');\n\t\t\t}\n\t\t\treturn;\n\t\t}\n\t\tconst pluginConfig = resolveGondolinPluginConfig(api.pluginConfig);\n\t\tconst zoneGitToken =\n\t\t\tpluginConfig.zoneGitToken ??\n\t\t\t(pluginConfig.zoneGitTokenEnv ? process.env[pluginConfig.zoneGitTokenEnv] : undefined);\n\t\tregisterZoneGitTool({\n\t\t\tapi: { registerTool },\n\t\t\tcontrollerUrl: pluginConfig.controllerUrl,\n\t\t\t...(zoneGitToken ? { zoneGitToken } : {}),\n\t\t\tzoneId: pluginConfig.zoneId,\n\t\t});\n\t\tif (api.registrationMode !== 'full') {\n\t\t\treturn;\n\t\t}\n\t\tconst buildRuntimeStatus = ():\n\t\t\t| ReturnType<typeof buildOpenClawRuntimeStatusReport>\n\t\t\t| undefined => {\n\t\t\tconst runtimeConfig = api.runtime?.config?.current?.() ?? api.config;\n\t\t\treturn runtimeConfig\n\t\t\t\t? buildOpenClawRuntimeStatusReport({\n\t\t\t\t\t\tconfig: runtimeConfig,\n\t\t\t\t\t\tzoneId: pluginConfig.zoneId,\n\t\t\t\t\t})\n\t\t\t\t: undefined;\n\t\t};\n\t\tconst initialRuntimeStatus = buildRuntimeStatus();\n\t\tif (initialRuntimeStatus) {\n\t\t\tconst leaseClient = createLeaseClient({ controllerUrl: pluginConfig.controllerUrl });\n\t\t\tvoid leaseClient\n\t\t\t\t.publishOpenClawRuntimeStatus?.(initialRuntimeStatus)\n\t\t\t\t?.catch((error: unknown) => {\n\t\t\t\t\tconst message = error instanceof Error ? error.message : JSON.stringify(error);\n\t\t\t\t\tprocess.stderr.write(\n\t\t\t\t\t\t`[gondolin] failed to publish OpenClaw runtime status: ${message}\\n`,\n\t\t\t\t\t);\n\t\t\t\t});\n\t\t}\n\n\t\tconst sdkPath = '/opt/openclaw-sdk/sandbox.js';\n\t\tconst sdkPromise = import(sdkPath).then((sdkRaw: Record<string, unknown>) => {\n\t\t\tassertSdkShape(sdkRaw);\n\n\t\t\tconst sshHelpers: SshHelpers = {\n\t\t\t\tbuildExecRemoteCommand: sdkRaw.buildExecRemoteCommand,\n\t\t\t\tbuildRemoteCommand: sdkRaw.buildRemoteCommand,\n\t\t\t\tbuildSshSandboxArgv: sdkRaw.buildSshSandboxArgv,\n\t\t\t\tcreateRemoteShellSandboxFsBridge: sdkRaw.createRemoteShellSandboxFsBridge,\n\t\t\t\tcreateSshSandboxSessionFromSettings: sdkRaw.createSshSandboxSessionFromSettings,\n\t\t\t\t...(typeof sdkRaw.disposeSshSandboxSession === 'function'\n\t\t\t\t\t? {\n\t\t\t\t\t\t\tdisposeSshSandboxSession: sdkRaw.disposeSshSandboxSession as (\n\t\t\t\t\t\t\t\tsession: SshSandboxSession,\n\t\t\t\t\t\t\t) => Promise<void>,\n\t\t\t\t\t\t}\n\t\t\t\t\t: {}),\n\t\t\t\trunSshSandboxCommand: sdkRaw.runSshSandboxCommand,\n\t\t\t\tsanitizeEnvVars: sdkRaw.sanitizeEnvVars,\n\t\t\t};\n\n\t\t\tconst backendDependencies = createBackendDeps(sshHelpers);\n\t\t\tsdkRaw.registerSandboxBackend('gondolin', {\n\t\t\t\tfactory: createGondolinSandboxBackendFactory(\n\t\t\t\t\t{\n\t\t\t\t\t\t...pluginConfig,\n\t\t\t\t\t\topenClawRuntimeStatusProvider: buildRuntimeStatus,\n\t\t\t\t\t},\n\t\t\t\t\tbackendDependencies,\n\t\t\t\t),\n\t\t\t\tmanager: createGondolinSandboxBackendManager(pluginConfig, backendDependencies),\n\t\t\t});\n\t\t});\n\n\t\tsdkPromise.catch((error: unknown) => {\n\t\t\tconst message = error instanceof Error ? error.message : JSON.stringify(error);\n\t\t\tprocess.stderr.write(`[gondolin] failed to load OpenClaw SDK: ${message}\\n`);\n\t\t});\n\t},\n};\n\nexport default plugin;\n\nexport { OPENCLAW_SSH_SESSION_SCRATCH_ROOT, createBackendDeps };\nexport type { SshHelpers };\n","export * from './sandbox-backend-factory.js';\nexport * from './gondolin-plugin-config.js';\nexport * from './controller-lease-client.js';\nexport * from './openclaw-plugin-registration.js';\nexport * from './openclaw-gondolin-contract.js';\nexport { default } from './openclaw-plugin-registration.js';\n\nexport const OPENCLAW_GONDOLIN_PLUGIN_PACKAGE_NAME = '@agent-vm/openclaw-agent-vm-plugin';\n"],"mappings":";;;AAmEA,IAAa,8BAAb,cAAiD,MAAM;CACtD;CACA;CACA;CACA;CAEA,YAAY,SAKT;EACF,MAAM,OACL,QAAQ,UAAU,OAAO,QAAQ,SAAS,MAAM,iBAAiB;EAClE,MACC,GAAG,QAAQ,QAAQ,iBAAiB,OAAO,QAAQ,OAAO,CAAC,IAAI,KAAK,GAAG,4BACtE,QAAQ,aACR,GACD;EACD,KAAK,WAAW,QAAQ;EACxB,KAAK,OAAO;EACZ,KAAK,eAAe,QAAQ;EAC5B,KAAK,SAAS,QAAQ;;;AAIxB,MAAM,kCAAkC,EAAE,OAAO;CAChD,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,UAAU;CAC7C,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,UAAU;CAC5C,CAAC;AAEF,SAAS,mBAAmB,OAAgE;CAC3F,OACC,OAAO,UAAU,YACjB,UAAU,QACV,CAAC,MAAM,QAAQ,MAAM,IACrB,OAAO,OAAO,MAAM,CAAC,MAAM,YAAY;;AAIzC,SAAS,YAAY,OAAoC;CACxD,IACC,UAAU,QACV,OAAO,UAAU,YACjB,OAAO,UAAU,aACjB,OAAO,UAAU,UAEjB,OAAO;CAER,IAAI,MAAM,QAAQ,MAAM,EACvB,OAAO,MAAM,MAAM,YAAY;CAEhC,OAAO,mBAAmB,MAAM;;AAGjC,MAAM,kBAAkB,EAAE,OAAkB,YAAY;AAExD,SAAS,YAAY,OAAoC;CACxD,OAAO,OAAO,UAAU,YAAY,UAAU,OAAO,QAAQ,KAAA;;AAG9D,SAAS,4BAA4B,cAA6C;CACjF,MAAM,cAAc,gCAAgC,UAAU,aAAa;CAC3E,IAAI,CAAC,YAAY,SAChB,OAAO;CAER,MAAM,EAAE,UAAU,YAAY,YAAY;CAC1C,MAAM,QAAQ,CAAC,SAAS,WAAW,aAAa,aAAa,KAAA,EAAU,CAAC,QACtE,SAAyB,SAAS,KAAA,EACnC;CACD,OAAO,MAAM,SAAS,IAAI,KAAK,MAAM,KAAK,IAAI,KAAK;;AAGpD,SAAS,yBAAyB,OAAuD;CACxF,MAAM,SAAS,YAAY,MAAM;CACjC,OACC,WAAW,KAAA,KACX,OAAO,QAAQ,IAAI,QAAQ,YAAY,KAAK,YAC5C,OAAO,QAAQ,IAAI,QAAQ,mBAAmB,KAAK,YACnD,OAAO,QAAQ,IAAI,QAAQ,QAAQ,KAAK;;AAI1C,SAAS,6BAA6B,OAA2D;CAChG,MAAM,SAAS,YAAY,MAAM;CACjC,OACC,WAAW,KAAA,KACX,OAAO,QAAQ,IAAI,QAAQ,YAAY,KAAK,YAC5C,OAAO,QAAQ,IAAI,QAAQ,mBAAmB,KAAK;;AAIrD,SAASA,qBAAmB,OAAwB;CACnD,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;AAG9D,SAAS,oBAAoB,SAAuB;CACnD,QAAQ,OAAO,MAAM,8BAA8B,QAAQ,IAAI;;AAGhE,SAAS,cAAc,UAAkB,SAAwC;CAChF,IAAI;EACH,MAAM,aAAsB,KAAK,MAAM,SAAS;EAChD,MAAM,aAAa,gBAAgB,UAAU,WAAW;EACxD,OAAO,WAAW,UAAU,WAAW,OAAO,KAAA;UACtC,OAAO;EACf,oBAAoB,GAAG,QAAQ,mCAAmCA,qBAAmB,MAAM,GAAG;EAC9F;;;AAIF,eAAe,cACd,UACA,SAIE;CACF,MAAM,WAAW,MAAM,SAAS,MAAM,CAAC,YAAY,eAAe;CAClE,OAAO;EACN;EACA,cAAc,aAAa,iBAAiB,KAAA,IAAY,cAAc,UAAU,QAAQ;EACxF;;AAGF,eAAe,iBACd,UACA,SACA,oBACkB;CAClB,IAAI,CAAC,SAAS,IAAI;EACjB,MAAM,YAAY,MAAM,cAAc,UAAU,QAAQ;EACxD,MAAM,IAAI,4BAA4B;GACrC,UAAU,UAAU;GACpB;GACA,cAAc,UAAU;GACxB,QAAQ,SAAS;GACjB,CAAC;;CAEH,MAAM,UAAU,MAAM,SAAS,MAAM;CACrC,IAAI,CAAC,mBAAmB,QAAQ,EAC/B,MAAM,IAAI,UACT,GAAG,QAAQ,iCAAiC,KAAK,UAAU,QAAQ,CAAC,MAAM,GAAG,IAAI,GACjF;CAEF,OAAO;;AAGR,SAAgB,kBAAkB,SAGlB;CACf,MAAM,YAAY,QAAQ,aAAa;CACvC,MAAM,UAAU,QAAQ,cAAc,QAAQ,QAAQ,GAAG;CACzD,MAAM,aAAa,OAAO,YAA6C;EAItE,OAAO,MAAM,iBAAiB,MAHP,UAAU,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,SAAS,EACzF,QAAQ,QACR,CAAC,EACsC,8BAA8B,iBAAiB;;CAGxF,OAAO;EACN,cAAc,OACb,SACA,OACA,YACmB;GACnB,MAAM,WAAW,MAAM,UACtB,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,QAAQ,mBAAmB,MAAM,IACjF;IACC,MAAM,KAAK,UAAU,QAAQ;IAC7B,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CACD;GACD,IAAI,CAAC,SAAS,IAAI;IACjB,MAAM,YAAY,MAAM,cAAc,UAAU,gCAAgC;IAChF,MAAM,IAAI,4BAA4B;KACrC,UAAU,UAAU;KACpB,SAAS;KACT,cAAc,UAAU;KACxB,QAAQ,SAAS;KACjB,CAAC;;;EAGJ,oBAAoB,OACnB,SACA,UAC+C;GAO/C,OAAO,MAAM,iBACZ,MAPsB,UACtB,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,QAAQ,mBAAmB,MAAM,CAAC,aAClF,EACC,QAAQ,QACR,CACD,EAGA,uCACA,6BACA;;EAEF;EACA,WAAW,OAAO,YAA8C;GAE/D,OAAO,MAAM,iBAAiB,MADP,UAAU,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,OAAO,EAChD,6BAA6B,kBAAkB;;EAExF,8BAA8B,OAAO,WAA0B;GAC9D,MAAM,WAAW,MAAM,UACtB,GAAG,QAAQ,SAAS,mBAAmB,OAAO,OAAO,CAAC,2BACtD;IACC,MAAM,KAAK,UAAU,OAAO;IAC5B,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CACD;GACD,IAAI,CAAC,SAAS,IAAI;IACjB,MAAM,YAAY,MAAM,cAAc,UAAU,yCAAyC;IACzF,MAAM,IAAI,4BAA4B;KACrC,UAAU,UAAU;KACpB,SAAS;KACT,cAAc,UAAU;KACxB,QAAQ,SAAS;KACjB,CAAC;;;EAGJ,cAAc,OACb,SACA,iBAA+C,EAAE,KAC9B;GACnB,MAAM,aAAa,IAAI,IAAI,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,GAAG;GAC7E,IAAI,eAAe,UAAU,MAC5B,WAAW,aAAa,IAAI,SAAS,OAAO;GAE7C,MAAM,WAAW,MAAM,UAAU,WAAW,UAAU,EAAE,EACvD,QAAQ,UACR,CAAC;GACF,IAAI,CAAC,SAAS,IAAI;IACjB,MAAM,YAAY,MAAM,cAAc,UAAU,+BAA+B;IAC/E,MAAM,IAAI,4BAA4B;KACrC,UAAU,UAAU;KACpB,SAAS;KACT,cAAc,UAAU;KACxB,QAAQ,SAAS;KACjB,CAAC;;;EAGJ,cAAc,OAAO,YAAqC;GAiBzD,OAAO,MAAM,iBAAiB,MAhBP,UAAU,GAAG,QAAQ,SAAS;IACpD,MAAM,KAAK,UAAU;KACpB,SAAS,QAAQ;KACjB,mBAAmB,QAAQ;KAC3B,WAAW,QAAQ;KACnB,SAAS,QAAQ;KACjB,UAAU,QAAQ;KAClB,YAAY,QAAQ;KACpB,cAAc,QAAQ;KACtB,QAAQ,QAAQ;KAChB,CAAC;IACF,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CAAC,EACsC,wBAAwB,iBAAiB;;EAElF,gBAAgB,OACf,SACA,YAC2C;GAQ3C,OAAO,MAAM,iBACZ,MARsB,UAAU,GAAG,QAAQ,SAAS,mBAAmB,QAAQ,CAAC,QAAQ;IACxF,MAAM,KAAK,UAAU,QAAQ;IAC7B,SAAS,EACR,gBAAgB,oBAChB;IACD,QAAQ;IACR,CAAC,EAGD,mCACA,yBACA;;EAEF;;;;ACjWF,MAAM,iBAAiB;AAEvB,MAAa,4BAA4B;AAEzC,MAAa,yCAAyC;CACrD;EAAE,eAAe;EAAY,KAAK;EAAW;CAC7C;EAAE,eAAe;EAAO,KAAK;EAAQ;CACrC;EAAE,eAAe;EAAS,KAAK;EAAS;CACxC;EAAE,eAAe;EAAM,KAAK;EAAmB;CAC/C;AAED,MAAa,yCACZ;AAoBD,SAAgB,kBAAkB,OAAwB;CACzD,OAAO,eAAe,KAAK,MAAM,MAAM,CAAC;;AAGzC,SAAgB,sCACf,UACA,aACA,KACU;CACV,OAAO,YAAY,UAAU,QAAQ,SAAS,UAAU;;AAGzD,SAAgB,2CACf,OACA,KACS;CACT,OAAO,UAAU,MAAM,WAAW;;AAGnC,SAAgB,2CAA2C,SAIhD;CACV,OAAO,oBAAoB,QAAQ,UAAU,QAAQ,YAAY,IAAI,CAAC,GAAG,QAAQ,OAAO,GAAG,QAAQ;;AAGpG,SAAgB,sCAAsC,SAI3C;CACV,OAAO,QAAQ,KACZ,GAAG,QAAQ,UAAU,GAAG,QAAQ,kBAChC,OAAO,QAAQ,UAAU,OAAO,QAAQ,cAAc;;AAG1D,SAAgB,yBAAyB,OAA0C;CAClF,MAAM,WAAW,SAAS,IAAI,MAAM,CAAC,aAAa;CAClD,OAAO,kBAAkB,QAAQ,GAAG,UAAU;;AAG/C,SAAgB,qCAAqC,YAA4B;CAChF,MAAM,QAAQ,WAAW,MAAM,CAAC,MAAM,IAAI;CAC1C,IAAI,MAAM,OAAO,WAAW,CAAC,MAAM,IAClC,OAAO;CAER,OAAO,yBAAyB,MAAM,GAAG;;AAG1C,SAAgB,0BAA0B,YAA6B;CACtE,MAAM,QAAQ,WAAW,MAAM,CAAC,MAAM,IAAI;CAC1C,OAAO,MAAM,OAAO,WAAW,MAAM,OAAO,KAAA,KAAa,kBAAkB,MAAM,GAAG;;AAGrF,SAAgB,iCAAiC,SAAyB;CACzE,OAAO,SAAS;;AAGjB,SAAgB,sCAAsC,KAKpD;CACD,OAAO;EACN,SAAS,IAAI;EACb,MAAM,IAAI;EACV,OAAO,IAAI;EACX,iBAAiB,IAAI;EACrB;;AAGF,SAAgB,oCACf,SACiD;CACjD,OAAO,uCAAuC,MAC5C,gBAAgB,QAAQ,YAAY,SAAS,YAAY,cAC1D;;;;AC9GF,SAAgB,yBAAyB,QAAgB,MAAkC;CAC1F,IAAI,CAAC,QAAQ,KAAK,WAAW,GAC5B,OAAO;CAIR,OAAO,UADa,KAAK,KAAK,QAAQ,IAAI,IAAI,QAAQ,MAAM,QAAQ,CAAC,GAAG,CAAC,KAAK,IAClD,CAAC,IAAI;;;;AC4BlC,SAAS,cAAc,QAMZ;CACV,OAAO;EACN,OAAO;EACP,OAAO;EACP,OAAO;EACP,OAAO;EACP,OAAO;EACP,CAAC,KAAK,KAAK;;AAGb,SAAS,kCAAkC,OAA4C;CACtF,MAAM,eACL,MAAM,iBAAiB,KAAA,IAAY,MAAM,WAAW,KAAK,UAAU,MAAM,aAAa;CACvF,OAAO,GAAG,MAAM,QAAQ,aAAa;;AAGtC,SAAS,mBAAmB,OAAwB;CACnD,IAAI,iBAAiB,6BACpB,OAAO,kCAAkC,MAAM;CAEhD,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;AAG9D,SAAS,uBAAuB,SAAuB;CACtD,QAAQ,OAAO,MAAM,8BAA8B,QAAQ,IAAI;;AAGhE,SAAS,yBAAyB,OAAyB;CAC1D,OAAO,iBAAiB,+BAA+B,MAAM,WAAW;;AAGzE,SAAS,kBAAkB,OAAyB;CACnD,OAAO,iBAAiB,+BAA+B,MAAM,WAAW;;AAYzE,SAAS,0BAA0B,OAAkD;CACpF,OACC,OAAO,UAAU,YACjB,UAAU,QACV,aAAa,SACb,OAAO,QAAQ,IAAI,OAAO,UAAU,KAAK;;AAI3C,SAAS,yBAAyB,OAAiD;CAClF,OACC,OAAO,UAAU,YACjB,UAAU,QACV,qBAAqB,SACrB,OAAO,QAAQ,IAAI,OAAO,kBAAkB,KAAK;;AAInD,SAAS,kCAAkC,gBAGhB;CAC1B,OAAO,eAAe,WACnB,cACA,eAAe,WAAW,cACzB,cACA;;AAGL,SAAS,2BAA2B,YAA4B;CAC/D,OAAO,qCAAqC,WAAW;;AAGxD,SAAS,0BAA0B,QAI1B;CACR,MAAM,WAAW,oCAAoC,OAAO,IAAI;CAChE,IAAI,UACH,MAAM,IAAI,MACT,sCAAsC,SAAS,IAAI,GAAG,SAAS,cAAc,aAAa,OAAO,OAAO,IAAI,SAAS,KAAK,CAAC,GAC3H;CAEF,MAAM,mBAAmB,iCAAiC,OAAO,QAAQ;CACzE,IAAI,OAAO,aAAa,kBACvB,MAAM,IAAI,MACT,gDAAgD,iBAAiB,eAAe,OAAO,QAAQ,eAAe,OAAO,SAAS,KAAK,yCACnI;;AAIH,SAAgB,oCACf,SAMA,cAW2C;CAC3C,MAAM,6BAAa,IAAI,KAA+B;CAEtD,OAAO,OAAO,WAAW;EACxB,MAAM,YAAY,QAAQ,aAAa;EACvC,MAAM,UAAU,2BAA2B,OAAO,WAAW;EAC7D,0BAA0B;GACzB;GACA,KAAK,OAAO;GACZ,UAAU,OAAO;GACjB,CAAC;EACF,MAAM,WAAW,cAAc;GAC9B,mBAAmB,OAAO;GAC1B;GACA,UAAU,OAAO;GACjB,cAAc,OAAO;GACrB,QAAQ,QAAQ;GAChB,CAAC;EACF,MAAM,cACL,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC;EAClE,MAAM,cAAc,WAAW,IAAI,SAAS;EAC5C,IAAI,aACH,IAAI;GACH,MAAM,YAAY,WAAW,YAAY,MAAM,QAAQ;GACvD,OAAO,YAAY;WACX,OAAO;GACf,uBACC,gCAAgC,QAAQ,OAAO,WAAW,OAAO,SAAS,WAAW,YAAY,MAAM,QAAQ,KAAK,mBAAmB,MAAM,GAC7I;GACD,IAAI,CAAC,yBAAyB,MAAM,EACnC,MAAM;GAEP,WAAW,OAAO,SAAS;;EAM7B,MAAM,gBAAgB,QAAQ,iCAAiC;EAC/D,IAAI,iBAAiB,YAAY,8BAChC,MAAM,YAAY,6BAA6B,cAAc;EAE9D,MAAM,gBAAgB,MAAM,YAAY,aAAa;GACpD;GACA,mBAAmB,OAAO;GAC1B;GACA,SAAS,sCAAsC,OAAO,IAAI;GAC1D,UAAU,OAAO;GACjB,YAAY,OAAO;GACnB,cAAc,OAAO;GACrB,QAAQ,QAAQ;GAChB,CAAC;EACF,IAAI,CAAC,iBAAiB,cAAc,EACnC,MAAM,IAAI,UAAU,wDAAwD;EAG7E,MAAM,QAAQ;EACd,MAAM,SAAS,2BAA2B;GACzC,KAAK,OAAO;GACZ,eAAe,QAAQ;GACvB,uBAAuB,aAAa;GACpC;GACA;GACA,sBAAsB,aAAa;GACnC,eAAe,aAAa;GAC5B,UAAU,OAAO;GACjB,YAAY,OAAO;GACnB,QAAQ,QAAQ;GAChB,CAAC;EACF,WAAW,IAAI,UAAU;GAAE;GAAQ;GAAO,CAAC;EAC3C,OAAO;;;AAIT,SAAS,2BAA2B,SAeH;CAChC,MAAM,wBAAwB,OAC7B,gBAEA,MAAM,4BAA4B;EACjC;EACA,cAAc,OAAO,OAAe,YAAsD;GACzF,MAAM,QAAQ,YAAY,aAAa,QAAQ,MAAM,SAAS,OAAO,QAAQ;;EAE9E,oBAAoB,OAAO,UAC1B,MAAM,QAAQ,YAAY,mBAAmB,QAAQ,MAAM,SAAS,MAAM;EAC3E,qBAAqB;EACrB,gBAAgB,UAAyB;GACxC,uBACC,wCAAwC,QAAQ,OAAO,WAAW,QAAQ,MAAM,QAAQ,KAAK,mBAAmB,MAAM,GACtH;;EAEF,sBAAsB,UAAyB;GAC9C,uBACC,yCAAyC,QAAQ,OAAO,WAAW,QAAQ,MAAM,QAAQ,KAAK,mBAAmB,MAAM,GACvH;;EAEF,gBAAgB,OACf,YAEA,MAAM,QAAQ,YAAY,eAAe,QAAQ,MAAM,SAAS,QAAQ;EACzE,CAAC;CAEH,MAAM,mBAAmB,OACxB,aACA,OACsB;EACtB,MAAM,kBAAkB,MAAM,sBAAsB,YAAY;EAChE,IAAI;GACH,MAAM,SAAS,MAAM,IAAI;GACzB,MAAM,gBAAgB,QAAQ,YAAY;GAC1C,OAAO;WACC,OAAO;GACf,MAAM,gBAAgB,QAAQ,SAAS,CAAC,OAAO,iBAA0B;IACxE,uBACC,8DAA8D,QAAQ,OAAO,WAAW,QAAQ,MAAM,QAAQ,KAAK,mBAAmB,aAAa,GACnJ;KACA;GACF,MAAM;;;CAIR,MAAM,4BAAkF,OACvF,gBAEA,MAAM,iBACL;EACC,YAAY,QAAQ;EACpB,UAAU;EACV,EACD,YACC,MAAM,QAAQ,qBAAqB;EAClC,GAAI,YAAY,iBAAiB,KAAA,IAC9B,EAAE,cAAc,YAAY,cAAc,GAC1C,EAAE;EACL,QAAQ,yBAAyB,YAAY,QAAQ,YAAY,KAAK;EACtE,GAAI,YAAY,WAAW,KAAA,IAAY,EAAE,QAAQ,YAAY,QAAQ,GAAG,EAAE;EAC1E,KAAK,QAAQ,MAAM;EACnB,GAAI,YAAY,UAAU,KAAA,IAAY,EAAE,OAAO,YAAY,OAAO,GAAG,EAAE;EACvE,CAAC,CACH;CAEF,MAAM,4BAA4B,OAAO,UAAkC;EAC1E,IAAI,0BAA0B,MAAM,EACnC,MAAM,MAAM,SAAS;;CAIvB,MAAM,4BAA4B,OACjC,OACA,YACmB;EACnB,IAAI;EACJ,IAAI;GACH,MAAM,0BAA0B,MAAM,WAAW;WACzC,OAAO;GACf,aAAa;;EAEd,IAAI;EACJ,IAAI;GACH,MAAM,MAAM,gBAAgB,QAAQ,QAAQ;WACpC,OAAO;GACf,iBAAiB;;EAElB,IAAI,YACH,MAAM;EAEP,IAAI,gBACH,MAAM;;CAIR,MAAM,iBAAiB,QAAQ,wBAAwB;EACtD,yBAAyB,QAAQ,MAAM;EACvC,oBAAoB,QAAQ,MAAM;EAClC,sBAAsB;EACtB,CAAC;CAEF,OAAO;EACN,GAAI,iBAAiB,EAAE,gBAAgB,GAAG,EAAE;EAC5C,GAAI,QAAQ,IAAI,QAAQ,MAAM,EAAE,KAAK,QAAQ,IAAI,OAAO,KAAK,GAAG,EAAE;EAClE,aAAa,GAAG,QAAQ,cAAc,IAAI,QAAQ,OAAO;EACzD,iBAAiB;EACjB,IAAI;EACJ,WAAW,QAAQ,MAAM;EACzB,cAAc,QAAQ,MAAM;EAC5B,SAAS,QAAQ,MAAM;EACvB,eAAe,OAAO,eAAe;GACpC,MAAM,kBAAkB,MAAM,sBAAsB;IACnD,YAAY,QAAQ;IACpB,UAAU;IACV,CAAC;GACF,IAAI;IACH,MAAM,WAAW,MAAM,QAAQ,cAAc;KAC5C,SAAS,WAAW;KACpB,KAAK,WAAW;KAChB,KAAK,QAAQ,MAAM;KACnB,QAAQ,WAAW;KACnB,SAAS,WAAW,WAAW,QAAQ,MAAM;KAC7C,CAAC;IACF,OAAO;KACN,GAAG;KACH,eAAe;MACd;MACA,GAAI,SAAS,kBAAkB,KAAA,IAAY,EAAE,YAAY,SAAS,eAAe,GAAG,EAAE;MACtF;KACD;YACO,OAAO;IACf,MAAM,gBAAgB,QAAQ,SAAS,CAAC,OAAO,iBAA0B;KACxE,uBACC,kEAAkE,QAAQ,OAAO,WAAW,QAAQ,MAAM,QAAQ,KAAK,mBAAmB,aAAa,GACvJ;MACA;IACF,MAAM;;;EAGR,cAAc,OAAO,mBAAmB;GACvC,IAAI,yBAAyB,eAAe,MAAM,EAAE;IACnD,MAAM,0BACL,eAAe,OACf,kCAAkC,eAAe,CACjD;IACD;;GAED,MAAM,0BAA0B,eAAe,MAAM;;EAEtD,iBAAiB,OAAO,kBACvB,MAAM,iBACL;GACC,YAAY,QAAQ;GACpB,UAAU;GACV,EACD,YACC,MAAM,QAAQ,qBAAqB;GAClC,QAAQ,cAAc;GACtB,KAAK,QAAQ,MAAM;GACnB,CAAC,CACH;EACF;;;;ACrZF,SAAgB,oCACf,SAIA,cAMC;CACD,OAAO;EACN,iBAAiB,OAAO,WAAW;GAClC,MAAM,cACL,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC;GAClE,IAAI;IAEH,OAAO;KAAE,kBAAkB;KAAM,SAAS,MADhB,YAAY,UAAU,OAAO,MAAM,cAAc,KACjB;KAAM;YACxD,OAAO;IACf,IAAI,EAAE,iBAAiB,gCAAgC,MAAM,WAAW,KACvE,MAAM;IAEP,OAAO;KAAE,kBAAkB;KAAO,SAAS;KAAO;;;EAGpD,eAAe,OAAO,WAAW;GAKhC,OAHC,aAAa,oBAAoB,EAChC,eAAe,QAAQ,eACvB,CAAC,IAAI,kBAAkB,EAAE,eAAe,QAAQ,eAAe,CAAC,EAChD,aAAa,OAAO,MAAM,eAAe,EAAE,OAAO,MAAM,CAAC;;EAE5E;;;;AC9BF,SAAgB,4BACf,QAC+B;CAC/B,IAAI,OAAO,OAAO,kBAAkB,YAAY,OAAO,OAAO,WAAW,UACxE,MAAM,IAAI,MAAM,4DAA4D;CAG7E,OAAO;EACN,eAAe,OAAO;EACtB,GAAI,OAAO,OAAO,cAAc,WAAW,EAAE,WAAW,OAAO,WAAW,GAAG,EAAE;EAC/E,GAAI,OAAO,OAAO,iBAAiB,WAAW,EAAE,cAAc,OAAO,cAAc,GAAG,EAAE;EACxF,GAAI,OAAO,OAAO,oBAAoB,WACnC,EAAE,iBAAiB,OAAO,iBAAiB,GAC3C,EAAE;EACL,QAAQ,OAAO;EACf;;;;AChBF,MAAa,oCAAoC;AAEjD,SAAgB,kBAAkB,KAMhC;CACD,OAAO;EACN,eAAe,OAAO,EAAE,SAAS,KAAK,KAAK,UAAU,QAAQ,cAAc;GAC1E,MAAM,UAAU,MAAM,IAAI,oCAAoC;IAC7D,SAAS;IACT,cAAc,SAAS;IACvB,uBAAuB;IACvB,QAAQ,GAAG,SAAS,KAAK,GAAG,SAAS,KAAK,GAAG,SAAS;IACtD,gBAAgB;IAChB,eAAe;IACf,CAAC;GACF,MAAM,2BAA2B,IAAI;GACrC,OAAO;IACN,MAAM,IAAI,oBAAoB;KAC7B,eAAe,IAAI,uBAAuB;MACzC;MACA;MACA;MACA,CAAC;KACF;KACA,KAAK;KACL,CAAC;IACF,KAAK,IAAI,gBAAgB,QAAQ,IAAI,CAAC;IACtC,eAAe;KACd,SAAS,YAA2B;MACnC,IAAI,0BACH,MAAM,yBAAyB,QAAQ;;KAGzC;KACA;IACD,WAAW;IACX;;EAEF,wBACE,kBACA,WACA,IAAI,iCAAiC;GACpC,SAAS,OAAO;GAChB,SAAS;IACR,yBAAyB,aAAa;IACtC,oBAAoB,aAAa;IACjC,sBAAsB,aAAa;IACnC;GACD,CAAC;EACJ,sBAAsB,OAAO,EAAE,cAAc,QAAQ,QAAQ,KAAK,UAAU,YAAY;GACvF,MAAM,UAAU,MAAM,IAAI,oCAAoC;IAC7D,SAAS;IACT,cAAc,SAAS;IACvB,uBAAuB;IACvB,QAAQ,GAAG,SAAS,KAAK,GAAG,SAAS,KAAK,GAAG,SAAS;IACtD,gBAAgB;IAChB,eAAe;IACf,CAAC;GACF,OAAO,MAAM,IAAI,qBAAqB;IACrC,GAAI,iBAAiB,KAAA,IAAY,EAAE,cAAc,GAAG,EAAE;IACtD,eAAe,IAAI,mBAAmB;KAAC;KAAW;KAAM;KAAQ;KAAsB,CAAC;IACvF;IACA,GAAI,WAAW,KAAA,IAAY,EAAE,QAAQ,GAAG,EAAE;IAC1C,GAAI,UAAU,KAAA,IAAY,EAAE,OAAO,GAAG,EAAE;IACxC,CAAC;;EAEH;;;;AChDF,SAAS,eAAe,OAAkD;CACzE,OAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAS,uBAAuB,QAG5B;CACH,MAAM,gBAAgB,OAAO,QAAQ,YAAY,EAAE;CACnD,MAAM,gBAAgB,OAAO,QAAQ,QAAQ,EAAE,EAC7C,OAAO,eAAe,CACtB,KAAK,aAAa,gBAAgB;EAClC,QAAQ;EACR,OACC,OAAO,YAAY,OAAO,WACvB,SAAS,YAAY,OACrB,SAAS,OAAO,WAAW;EAC/B,EAAE;CACJ,OAAO,CAAC;EAAE,QAAQ;EAAe,OAAO;EAAY,EAAE,GAAG,aAAa;;AAGvE,SAAS,mBACR,UACA,aACU;CACV,OAAO,YAAY,aAAa,SAAS;;AAG1C,SAAS,mBAAmB,SAMU;CACrC,MAAM,KAAK,QAAQ,gBAAgB,QAAQ;CAC3C,OAAO;EACN,IAAI,2CAA2C;GAC9C,WAAW,QAAQ;GACnB,OAAO,QAAQ;GACf,QAAQ,QAAQ;GAChB,CAAC;EACF;EACA,MAAM,sCAAsC;GAC3C,eAAe,QAAQ;GACvB,WAAW,QAAQ;GACnB;GACA,CAAC;EACF;;AAGF,SAAgB,iCAAiC,SAGjB;CAC/B,MAAM,SAAgC,QAAQ;CAC9C,MAAM,WAAW,OAAO,QAAQ,YAAY,EAAE;CAC9C,OAAO;EACN,UAAU;EACV,QAAQ,QAAQ;EAChB,UAAU,uBAAuB,OAAO,CAAC,SAAS,EAAE,QAAQ,aAAa,YAAY;GACpF,MAAM,YAAY,mBAAmB,UAAU,YAAY;GAC3D,MAAM,sBAAsB,uCAAuC,KAAK,gBACvE,mBAAmB;IAClB,aAAa,sCACZ,UACA,aACA,YAAY,IACZ;IACD,eAAe,YAAY;IAC3B,WAAW,2CAA2C,OAAO,YAAY,IAAI;IAC7E;IACA,QAAQ,QAAQ;IAChB,CAAC,CACF;GACD,MAAM,mBAAmB;IACxB,IAAI,8BAA8B,QAAQ,OAAO,GAAG;IACpD,IAAI,cAAc;IAClB,MACC,cAAc,UACX,wFACA,OAAO,cAAc,WACpB,YACA;IACL;GACD,OAAO,oBAAoB,OAAO,iBAAiB;IAClD;EACF;;;;AC9BF,SAAgB,eAAe,OAY7B;CACD,IAAI,OAAO,UAAU,YAAY,UAAU,MAC1C,MAAM,IAAI,UAAU,uCAAuC;CAG5D,KAAK,MAAM,cAAc;EACxB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,EACA,IAAI,OAAQ,MAAkC,gBAAgB,YAC7D,MAAM,IAAI,UAAU,yCAAyC,aAAa;;;;ACpG7E,MAAM,0BAA0B;AAEhC,SAAS,iBAAiB,OAAwB;CACjD,IAAI,OAAO,UAAU,YAAY,UAAU,QAAQ,EAAE,kBAAkB,QACtE,MAAM,IAAI,MAAM,uCAAuC;CAExD,MAAM,eAAe,MAAM;CAC3B,IAAI,OAAO,iBAAiB,YAAY,aAAa,WAAW,GAC/D,MAAM,IAAI,MAAM,uCAAuC;CAExD,OAAO;;AAGR,SAAS,mBAAmB,eAAuB,QAAwB;CAC1E,OAAO,GAAG,cAAc,QAAQ,QAAQ,GAAG,CAAC,SAAS,mBAAmB,OAAO,CAAC;;AAGjF,eAAe,iBAAiB,UAAqC;CACpE,IAAI;EACH,OAAO,MAAM,SAAS,MAAM;UACpB,OAAO;EACf,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;;AAI/D,SAAS,iBAAiB,cAA+B;CACxD,IAAI;EACH,OAAO,KAAK,MAAM,aAAa;UACvB,OAAO;EACf,MAAM,IAAI,MAAM,6CAA6C,aAAa,MAAM,GAAG,IAAI,IAAI,EAC1F,OAAO,OACP,CAAC;;;AAIJ,SAAgB,oBAAoB,SAA2C;CAC9E,QAAQ,IAAI,aACX;EACC,MAAM;EACN,aACC;EACD,YAAY;GACX,MAAM;GACN,sBAAsB;GACtB,YAAY,EACX,cAAc,EAAE,MAAM,UAAU,EAChC;GACD,UAAU,CAAC,eAAe;GAC1B;EACD,SAAS,OAAO,aAAqB,UAAmB;GACvD,MAAM,eAAe,iBAAiB,MAAM;GAC5C,MAAM,WAAW,OAAO,QAAQ,aAAa,OAC5C,mBAAmB,QAAQ,eAAe,QAAQ,OAAO,EACzD;IACC,MAAM,KAAK,UAAU,EAAE,cAAc,CAAC;IACtC,SAAS;KACR,gBAAgB;KAChB,GAAI,QAAQ,eAAe,GAAG,0BAA0B,QAAQ,cAAc,GAAG,EAAE;KACnF;IACD,QAAQ;IACR,CACD;GACD,MAAM,eAAe,MAAM,iBAAiB,SAAS;GACrD,IAAI,CAAC,SAAS,IACb,MAAM,IAAI,MAAM,yBAAyB,SAAS,OAAO,GAAG,aAAa,MAAM,GAAG,IAAI,GAAG;GAE1F,MAAM,UAAU,iBAAiB,aAAa;GAC9C,OAAO;IACN,SAAS,KAAK,UAAU,QAAQ;IAChC,SAAS;IACT;;EAEF,EACD;EAAE,MAAM;EAAiB,UAAU;EAAM,CACzC;;;;ACrEF,MAAM,SAAS;CACd,IAAI;CACJ,MAAM;CACN,aAAa;CAEb,SAAS,KAUA;EACR,MAAM,eAAe,IAAI;EACzB,IAAI,OAAO,iBAAiB,YAAY;GACvC,IAAI,IAAI,qBAAqB,QAC5B,MAAM,IAAI,MAAM,6DAA6D;GAE9E;;EAED,MAAM,eAAe,4BAA4B,IAAI,aAAa;EAClE,MAAM,eACL,aAAa,iBACZ,aAAa,kBAAkB,QAAQ,IAAI,aAAa,mBAAmB,KAAA;EAC7E,oBAAoB;GACnB,KAAK,EAAE,cAAc;GACrB,eAAe,aAAa;GAC5B,GAAI,eAAe,EAAE,cAAc,GAAG,EAAE;GACxC,QAAQ,aAAa;GACrB,CAAC;EACF,IAAI,IAAI,qBAAqB,QAC5B;EAED,MAAM,2BAEU;GACf,MAAM,gBAAgB,IAAI,SAAS,QAAQ,WAAW,IAAI,IAAI;GAC9D,OAAO,gBACJ,iCAAiC;IACjC,QAAQ;IACR,QAAQ,aAAa;IACrB,CAAC,GACD,KAAA;;EAEJ,MAAM,uBAAuB,oBAAoB;EACjD,IAAI,sBAEH,kBADsC,EAAE,eAAe,aAAa,eAAe,CACnE,CACd,+BAA+B,qBAAqB,EACnD,OAAO,UAAmB;GAC3B,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,KAAK,UAAU,MAAM;GAC9E,QAAQ,OAAO,MACd,yDAAyD,QAAQ,IACjE;IACA;EAqCJ,OAjC0B,gCAAS,MAAM,WAAoC;GAC5E,eAAe,OAAO;GAmBtB,MAAM,sBAAsB,kBAAkB;IAhB7C,wBAAwB,OAAO;IAC/B,oBAAoB,OAAO;IAC3B,qBAAqB,OAAO;IAC5B,kCAAkC,OAAO;IACzC,qCAAqC,OAAO;IAC5C,GAAI,OAAO,OAAO,6BAA6B,aAC5C,EACA,0BAA0B,OAAO,0BAGjC,GACA,EAAE;IACL,sBAAsB,OAAO;IAC7B,iBAAiB,OAAO;IAG+B,CAAC;GACzD,OAAO,uBAAuB,YAAY;IACzC,SAAS,oCACR;KACC,GAAG;KACH,+BAA+B;KAC/B,EACD,oBACA;IACD,SAAS,oCAAoC,cAAc,oBAAoB;IAC/E,CAAC;IAGO,CAAC,OAAO,UAAmB;GACpC,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,KAAK,UAAU,MAAM;GAC9E,QAAQ,OAAO,MAAM,2CAA2C,QAAQ,IAAI;IAC3E;;CAEH;;;AC/GD,MAAa,wCAAwC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agent-vm/openclaw-agent-vm-plugin",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.74",
|
|
4
4
|
"description": "OpenClaw sandbox-backend plugin that delegates execution to a Gondolin-managed VM.",
|
|
5
5
|
"homepage": "https://github.com/ShravanSunder/agent-vm#readme",
|
|
6
6
|
"bugs": {
|
|
@@ -29,8 +29,9 @@
|
|
|
29
29
|
"access": "public"
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"
|
|
33
|
-
"@agent-vm/
|
|
32
|
+
"zod": "^4.4.3",
|
|
33
|
+
"@agent-vm/gateway-interface": "0.0.74",
|
|
34
|
+
"@agent-vm/gondolin-adapter": "0.0.74"
|
|
34
35
|
},
|
|
35
36
|
"scripts": {
|
|
36
37
|
"build": "tsdown && cp openclaw.plugin.json sdk-validate.mjs dist/",
|