@agentick/sandbox-local 0.2.1

package/dist/linux/cgroup.js

@@ -0,0 +1,80 @@
+/**
+ * cgroups v2 Resource Limit Manager
+ *
+ * Creates a cgroup under /sys/fs/cgroup/ for enforcing memory, CPU, and
+ * process limits. Degrades gracefully if the cgroup directory is not writable.
+ */
+import { mkdir, writeFile, rm, access } from "node:fs/promises";
+import { constants } from "node:fs";
+import { join } from "node:path";
+const CGROUP_BASE = "/sys/fs/cgroup";
+export class CgroupManager {
+    id;
+    cgroupPath;
+    created = false;
+    constructor(id) {
+        this.id = id;
+        this.cgroupPath = join(CGROUP_BASE, `agentick-${id}`);
+    }
+    /**
+     * Create the cgroup directory and apply resource limits.
+     * No-op if cgroups v2 is not available or not writable.
+     */
+    async create(limits) {
+        try {
+            await access(CGROUP_BASE, constants.W_OK);
+        }
+        catch {
+            // cgroups not writable — degrade gracefully
+            return;
+        }
+        try {
+            await mkdir(this.cgroupPath, { recursive: true });
+            this.created = true;
+            if (limits.memory) {
+                await writeFile(join(this.cgroupPath, "memory.max"), String(limits.memory));
+            }
+            if (limits.cpu) {
+                // cpu.max format: "quota period" (microseconds)
+                const period = 100_000; // 100ms
+                const quota = Math.round(limits.cpu * period);
+                await writeFile(join(this.cgroupPath, "cpu.max"), `${quota} ${period}`);
+            }
+            if (limits.maxProcesses) {
+                await writeFile(join(this.cgroupPath, "pids.max"), String(limits.maxProcesses));
+            }
+        }
+        catch (err) {
+            console.warn(`[sandbox-local] Failed to create cgroup ${this.cgroupPath}:`, err);
+            this.created = false;
+        }
+    }
+    /**
+     * Add a process to this cgroup.
+     */
+    async addProcess(pid) {
+        if (!this.created)
+            return;
+        try {
+            await writeFile(join(this.cgroupPath, "cgroup.procs"), String(pid));
+        }
+        catch {
+            // Process may have already exited
+        }
+    }
+    /**
+     * Destroy the cgroup directory.
+     */
+    async destroy() {
+        if (!this.created)
+            return;
+        try {
+            await rm(this.cgroupPath, { recursive: true, force: true });
+        }
+        catch {
+            // Best-effort cleanup
+        }
+        this.created = false;
+    }
+}
+//# sourceMappingURL=cgroup.js.map

package/dist/linux/cgroup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cgroup.js","sourceRoot":"","sources":["../../src/linux/cgroup.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,MAAM,WAAW,GAAG,gBAAgB,CAAC;AAErC,MAAM,OAAO,aAAa;IAIK;IAHZ,UAAU,CAAS;IAC5B,OAAO,GAAG,KAAK,CAAC;IAExB,YAA6B,EAAU;QAAV,OAAE,GAAF,EAAE,CAAQ;QACrC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,MAAsB;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,4CAA4C;YAC5C,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAClD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;YAEpB,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9E,CAAC;YAED,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;gBACf,gDAAgD;gBAChD,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,QAAQ;gBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,CAAC;gBAC9C,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,GAAG,KAAK,IAAI,MAAM,EAAE,CAAC,CAAC;YAC1E,CAAC;YAED,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;YAClF,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,2CAA2C,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;YACjF,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACvB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,GAAW;QAC1B,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAE1B,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QACtE,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAE1B,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;IACvB,CAAC;CACF"}

package/dist/linux/unshare.d.ts

@@ -0,0 +1,11 @@
+/**
+ * unshare argument builder.
+ *
+ * Lighter isolation than bubblewrap — uses Linux namespaces directly.
+ */
+import type { SpawnOptions } from "../executor/types";
+/**
+ * Build unshare argument array for a given set of spawn options.
+ */
+export declare function buildUnshareArgs(options: SpawnOptions): string[];
+//# sourceMappingURL=unshare.d.ts.map

package/dist/linux/unshare.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"unshare.d.ts","sourceRoot":"","sources":["../../src/linux/unshare.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEtD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,YAAY,GAAG,MAAM,EAAE,CAgBhE"}

package/dist/linux/unshare.js

@@ -0,0 +1,22 @@
+/**
+ * unshare argument builder.
+ *
+ * Lighter isolation than bubblewrap — uses Linux namespaces directly.
+ */
+/**
+ * Build unshare argument array for a given set of spawn options.
+ */
+export function buildUnshareArgs(options) {
+    const args = [];
+    // PID and mount namespaces
+    args.push("--mount", "--pid", "--fork");
+    // Network namespace (only if network denied)
+    const net = options.permissions.network;
+    if (net === false) {
+        args.push("--net");
+    }
+    // User namespace for privilege isolation
+    args.push("--user", "--map-root-user");
+    return args;
+}
+//# sourceMappingURL=unshare.js.map

package/dist/linux/unshare.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unshare.js","sourceRoot":"","sources":["../../src/linux/unshare.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAqB;IACpD,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,2BAA2B;IAC3B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAExC,6CAA6C;IAC7C,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;IACxC,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrB,CAAC;IAED,yCAAyC;IACzC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IAEvC,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/local-sandbox.d.ts

@@ -0,0 +1,42 @@
+/**
+ * LocalSandbox — implements the Sandbox contract using local OS primitives.
+ */
+import type { SandboxHandle, ExecOptions, ExecResult } from "@agentick/sandbox";
+import type { Edit, EditResult } from "@agentick/sandbox";
+import type { CommandExecutor, ResolvedMount, ResolvedPermissions } from "./executor/types";
+import type { ResourceEnforcer } from "./resources";
+import type { NetworkProxyServer } from "./network/proxy";
+export interface LocalSandboxInit {
+    id: string;
+    workspacePath: string;
+    executor: CommandExecutor;
+    env: Record<string, string>;
+    mounts: ResolvedMount[];
+    permissions: ResolvedPermissions;
+    resources: ResourceEnforcer;
+    proxy?: NetworkProxyServer;
+    cleanupWorkspace: boolean;
+    destroyWorkspace: () => Promise<void>;
+}
+export declare class LocalSandbox implements SandboxHandle {
+    readonly id: string;
+    readonly workspacePath: string;
+    private readonly executor;
+    private readonly env;
+    private readonly mounts;
+    private readonly permissions;
+    private readonly resources;
+    private readonly proxy?;
+    private readonly cleanupWorkspace;
+    private readonly _destroyWorkspace;
+    private activeProcesses;
+    private destroyed;
+    constructor(init: LocalSandboxInit);
+    exec(command: string, options?: ExecOptions): Promise<ExecResult>;
+    readFile(path: string): Promise<string>;
+    writeFile(path: string, content: string): Promise<void>;
+    editFile(path: string, edits: Edit[]): Promise<EditResult>;
+    destroy(): Promise<void>;
+    private assertAlive;
+}
+//# sourceMappingURL=local-sandbox.d.ts.map

package/dist/local-sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-sandbox.d.ts","sourceRoot":"","sources":["../src/local-sandbox.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAe,MAAM,mBAAmB,CAAC;AAC7F,OAAO,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE1D,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5F,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEpD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAK1D,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,eAAe,CAAC;IAC1B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,WAAW,EAAE,mBAAmB,CAAC;IACjC,SAAS,EAAE,gBAAgB,CAAC;IAC5B,KAAK,CAAC,EAAE,kBAAkB,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,gBAAgB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACvC;AAED,qBAAa,YAAa,YAAW,aAAa;IAChD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAE/B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkB;IAC3C,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAyB;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAsB;IAClD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAmB;IAC7C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAqB;IAC5C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAU;IAC3C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAsB;IACxD,OAAO,CAAC,eAAe,CAA2B;IAClD,OAAO,CAAC,SAAS,CAAS;gBAEd,IAAI,EAAE,gBAAgB;IAa5B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAgEjE,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMvC,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAsBvD,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC;IAyB1D,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAoD9B,OAAO,CAAC,WAAW;CAKpB"}

package/dist/local-sandbox.js

@@ -0,0 +1,235 @@
+/**
+ * LocalSandbox — implements the Sandbox contract using local OS primitives.
+ */
+import { readFile, writeFile, rename, unlink, mkdir } from "node:fs/promises";
+import { dirname, join } from "node:path";
+import { randomBytes } from "node:crypto";
+import { applyEdits } from "@agentick/sandbox";
+import { resolveSafePath, filterEnv } from "./paths";
+/** Maximum output per stream (stdout/stderr) — 10MB. */
+const MAX_OUTPUT_BYTES = 10 * 1024 * 1024;
+export class LocalSandbox {
+    id;
+    workspacePath;
+    executor;
+    env;
+    mounts;
+    permissions;
+    resources;
+    proxy;
+    cleanupWorkspace;
+    _destroyWorkspace;
+    activeProcesses = new Set();
+    destroyed = false;
+    constructor(init) {
+        this.id = init.id;
+        this.workspacePath = init.workspacePath;
+        this.executor = init.executor;
+        this.env = init.env;
+        this.mounts = init.mounts;
+        this.permissions = init.permissions;
+        this.resources = init.resources;
+        this.proxy = init.proxy;
+        this.cleanupWorkspace = init.cleanupWorkspace;
+        this._destroyWorkspace = init.destroyWorkspace;
+    }
+    async exec(command, options) {
+        this.assertAlive();
+        const cwd = options?.cwd
+            ? await resolveSafePath(options.cwd, this.workspacePath, "read", this.mounts)
+            : this.workspacePath;
+        // Merge environment: base + proxy vars + per-command overrides
+        const env = filterEnv({
+            ...this.env,
+            ...(options?.env ?? {}),
+        });
+        const child = this.executor.spawn(command, {
+            cwd,
+            env,
+            workspacePath: this.workspacePath,
+            mounts: this.mounts,
+            permissions: this.permissions,
+        });
+        this.activeProcesses.add(child);
+        this.resources.trackProcess(child);
+        // Set up timeout
+        const timeoutSignal = this.resources.createTimeoutSignal(options?.timeout);
+        let timedOut = false;
+        const abortHandler = () => {
+            timedOut = true;
+            try {
+                if (child.pid)
+                    process.kill(-child.pid, "SIGTERM");
+            }
+            catch {
+                child.kill("SIGTERM");
+            }
+        };
+        timeoutSignal?.addEventListener("abort", abortHandler, { once: true });
+        // Collect output with cap
+        const stdout = new OutputCollector(MAX_OUTPUT_BYTES, "stdout", options?.onOutput);
+        const stderr = new OutputCollector(MAX_OUTPUT_BYTES, "stderr", options?.onOutput);
+        child.stdout?.on("data", (chunk) => stdout.write(chunk));
+        child.stderr?.on("data", (chunk) => stderr.write(chunk));
+        const exitCode = await new Promise((resolve) => {
+            child.on("close", (code) => {
+                this.activeProcesses.delete(child);
+                resolve(code ?? (timedOut ? 124 : 1));
+            });
+            child.on("error", () => {
+                this.activeProcesses.delete(child);
+                resolve(timedOut ? 124 : 1);
+            });
+        });
+        timeoutSignal?.removeEventListener("abort", abortHandler);
+        return {
+            stdout: stdout.toString(),
+            stderr: stderr.toString() + (timedOut ? "\n[sandbox: command timed out]" : ""),
+            exitCode,
+        };
+    }
+    async readFile(path) {
+        this.assertAlive();
+        const resolved = await resolveSafePath(path, this.workspacePath, "read", this.mounts);
+        return readFile(resolved, "utf-8");
+    }
+    async writeFile(path, content) {
+        this.assertAlive();
+        const resolved = await resolveSafePath(path, this.workspacePath, "write", this.mounts);
+        // Ensure parent directory exists
+        await mkdir(dirname(resolved), { recursive: true });
+        // Atomic write: temp + rename
+        const tmp = join(dirname(resolved), `.write-${randomBytes(6).toString("hex")}.tmp`);
+        try {
+            await writeFile(tmp, content, "utf-8");
+            await rename(tmp, resolved);
+        }
+        catch (err) {
+            try {
+                await unlink(tmp);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            throw err;
+        }
+    }
+    async editFile(path, edits) {
+        this.assertAlive();
+        const resolved = await resolveSafePath(path, this.workspacePath, "write", this.mounts);
+        const source = await readFile(resolved, "utf-8");
+        const result = applyEdits(source, edits);
+        if (result.applied === 0)
+            return result;
+        // Atomic write
+        const tmp = join(dirname(resolved), `.edit-${randomBytes(6).toString("hex")}.tmp`);
+        try {
+            await writeFile(tmp, result.content, "utf-8");
+            await rename(tmp, resolved);
+        }
+        catch (err) {
+            try {
+                await unlink(tmp);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            throw err;
+        }
+        return result;
+    }
+    async destroy() {
+        if (this.destroyed)
+            return;
+        this.destroyed = true;
+        // Kill all active processes
+        for (const child of this.activeProcesses) {
+            try {
+                if (child.pid) {
+                    process.kill(-child.pid, "SIGTERM");
+                }
+            }
+            catch {
+                child.kill("SIGTERM");
+            }
+        }
+        // Force-kill after 5s
+        if (this.activeProcesses.size > 0) {
+            await new Promise((resolve) => {
+                const timer = setTimeout(() => {
+                    for (const child of this.activeProcesses) {
+                        try {
+                            if (child.pid)
+                                process.kill(-child.pid, "SIGKILL");
+                        }
+                        catch {
+                            // Already gone
+                        }
+                    }
+                    resolve();
+                }, 5000);
+                timer.unref();
+                // Also resolve early if all processes exit
+                const check = setInterval(() => {
+                    if (this.activeProcesses.size === 0) {
+                        clearTimeout(timer);
+                        clearInterval(check);
+                        resolve();
+                    }
+                }, 100);
+                check.unref();
+            });
+        }
+        // Stop proxy
+        await this.proxy?.stop();
+        // Stop resource enforcement
+        await this.resources.stop();
+        // Remove workspace
+        await this._destroyWorkspace();
+    }
+    assertAlive() {
+        if (this.destroyed) {
+            throw new Error(`Sandbox ${this.id} has been destroyed`);
+        }
+    }
+}
+/**
+ * Collects output from a stream with a byte cap and optional streaming callback.
+ */
+class OutputCollector {
+    maxBytes;
+    stream;
+    onOutput;
+    chunks = [];
+    bytes = 0;
+    truncated = false;
+    constructor(maxBytes, stream, onOutput) {
+        this.maxBytes = maxBytes;
+        this.stream = stream;
+        this.onOutput = onOutput;
+    }
+    write(chunk) {
+        // Always stream to callback (even if we've hit the cap for collection)
+        this.onOutput?.({ stream: this.stream, data: chunk.toString() });
+        if (this.truncated)
+            return;
+        if (this.bytes + chunk.length > this.maxBytes) {
+            // Take what we can
+            const remaining = this.maxBytes - this.bytes;
+            if (remaining > 0) {
+                this.chunks.push(chunk.subarray(0, remaining));
+                this.bytes += remaining;
+            }
+            this.truncated = true;
+        }
+        else {
+            this.chunks.push(chunk);
+            this.bytes += chunk.length;
+        }
+    }
+    toString() {
+        const content = Buffer.concat(this.chunks).toString();
+        return this.truncated ? content + "\n[sandbox: output truncated at 10MB]" : content;
+    }
+}
+//# sourceMappingURL=local-sandbox.js.map

package/dist/local-sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-sandbox.js","sourceRoot":"","sources":["../src/local-sandbox.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAI1C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAG/C,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAGrD,wDAAwD;AACxD,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAe1C,MAAM,OAAO,YAAY;IACd,EAAE,CAAS;IACX,aAAa,CAAS;IAEd,QAAQ,CAAkB;IAC1B,GAAG,CAAyB;IAC5B,MAAM,CAAkB;IACxB,WAAW,CAAsB;IACjC,SAAS,CAAmB;IAC5B,KAAK,CAAsB;IAC3B,gBAAgB,CAAU;IAC1B,iBAAiB,CAAsB;IAChD,eAAe,GAAG,IAAI,GAAG,EAAgB,CAAC;IAC1C,SAAS,GAAG,KAAK,CAAC;IAE1B,YAAY,IAAsB;QAChC,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAClB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;QACxC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACpB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;QACpC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACxB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;QAC9C,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,gBAAgB,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,OAAqB;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;QAEnB,MAAM,GAAG,GAAG,OAAO,EAAE,GAAG;YACtB,CAAC,CAAC,MAAM,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC;YAC7E,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC;QAEvB,+DAA+D;QAC/D,MAAM,GAAG,GAAG,SAAS,CAAC;YACpB,GAAG,IAAI,CAAC,GAAG;YACX,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;SACxB,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE;YACzC,GAAG;YACH,GAAG;YACH,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC,CAAC;QAEH,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAEnC,iBAAiB;QACjB,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC3E,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,MAAM,YAAY,GAAG,GAAG,EAAE;YACxB,QAAQ,GAAG,IAAI,CAAC;YAChB,IAAI,CAAC;gBACH,IAAI,KAAK,CAAC,GAAG;oBAAE,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YACrD,CAAC;YAAC,MAAM,CAAC;gBACP,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC;QACH,CAAC,CAAC;QACF,aAAa,EAAE,gBAAgB,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAEvE,0BAA0B;QAC1B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,gBAAgB,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAClF,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,gBAAgB,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAElF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QACjE,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QAEjE,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;YACrD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACzB,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACnC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC,CAAC,CAAC;YACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACrB,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACnC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,aAAa,EAAE,mBAAmB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAE1D,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE;YACzB,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9E,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY;QACzB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACtF,OAAO,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,IAAY,EAAE,OAAe;QAC3C,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAEvF,iCAAiC;QACjC,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpD,8BAA8B;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,UAAU,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACpF,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACvC,MAAM,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY,EAAE,KAAa;QACxC,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAEvF,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACzC,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC;YAAE,OAAO,MAAM,CAAC;QAExC,eAAe;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,SAAS,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnF,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC9C,MAAM,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAC3B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QAEtB,4BAA4B;QAC5B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;gBAClC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;oBAC5B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;wBACzC,IAAI,CAAC;4BACH,IAAI,KAAK,CAAC,GAAG;gCAAE,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;wBACrD,CAAC;wBAAC,MAAM,CAAC;4BACP,eAAe;wBACjB,CAAC;oBACH,CAAC;oBACD,OAAO,EAAE,CAAC;gBACZ,CAAC,EAAE,IAAI,CAAC,CAAC;gBACT,KAAK,CAAC,KAAK,EAAE,CAAC;gBAEd,2CAA2C;gBAC3C,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;oBAC7B,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;wBACpC,YAAY,CAAC,KAAK,CAAC,CAAC;wBACpB,aAAa,CAAC,KAAK,CAAC,CAAC;wBACrB,OAAO,EAAE,CAAC;oBACZ,CAAC;gBACH,CAAC,EAAE,GAAG,CAAC,CAAC;gBACR,KAAK,CAAC,KAAK,EAAE,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC;QAED,aAAa;QACb,MAAM,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;QAEzB,4BAA4B;QAC5B,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAE5B,mBAAmB;QACnB,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;IACjC,CAAC;IAEO,WAAW;QACjB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,CAAC,EAAE,qBAAqB,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,eAAe;IAMA;IACA;IACA;IAPX,MAAM,GAAa,EAAE,CAAC;IACtB,KAAK,GAAG,CAAC,CAAC;IACV,SAAS,GAAG,KAAK,CAAC;IAE1B,YACmB,QAAgB,EAChB,MAA2B,EAC3B,QAAuC;QAFvC,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAqB;QAC3B,aAAQ,GAAR,QAAQ,CAA+B;IACvD,CAAC;IAEJ,KAAK,CAAC,KAAa;QACjB,uEAAuE;QACvE,IAAI,CAAC,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAEjE,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAE3B,IAAI,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9C,mBAAmB;YACnB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC;YAC7C,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;gBAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;gBAC/C,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC;YAC1B,CAAC;YACD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxB,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,QAAQ;QACN,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtD,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,GAAG,uCAAuC,CAAC,CAAC,CAAC,OAAO,CAAC;IACtF,CAAC;CACF"}

package/dist/network/ca.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Ephemeral CA Certificate Generation
+ *
+ * Uses the openssl CLI to generate a short-lived CA certificate and
+ * per-host certificates for HTTPS interception.
+ *
+ * Currently used only by tests. When full HTTPS MITM proxy support is
+ * added (allowing body-level inspection and URL pattern matching for
+ * HTTPS traffic), this will be wired into NetworkProxyServer to
+ * generate per-host certs on CONNECT and terminate TLS.
+ */
+export interface CACertPaths {
+    certPath: string;
+    keyPath: string;
+}
+export interface HostCertPaths {
+    certPath: string;
+    keyPath: string;
+}
+export declare class EphemeralCA {
+    private readonly dir;
+    private ca?;
+    private hostCerts;
+    private destroyed;
+    constructor();
+    /** Get the CA certificate path (generates on first call). */
+    get caCertPath(): string | undefined;
+    /** Initialize the ephemeral CA. */
+    init(): Promise<void>;
+    /**
+     * Get or generate a certificate for a specific hostname.
+     * Caches per-host certs in memory.
+     */
+    certForHost(hostname: string): Promise<HostCertPaths>;
+    /** Clean up all generated certificate files. */
+    cleanup(): Promise<void>;
+}
+//# sourceMappingURL=ca.d.ts.map

package/dist/network/ca.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ca.d.ts","sourceRoot":"","sources":["../../src/network/ca.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAWH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,EAAE,CAAC,CAAc;IACzB,OAAO,CAAC,SAAS,CAAoC;IACrD,OAAO,CAAC,SAAS,CAAS;;IAM1B,6DAA6D;IAC7D,IAAI,UAAU,IAAI,MAAM,GAAG,SAAS,CAEnC;IAED,mCAAmC;IAC7B,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IA0B3B;;;OAGG;IACG,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IA0D3D,gDAAgD;IAC1C,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAuB/B"}

package/dist/network/ca.js

@@ -0,0 +1,143 @@
+/**
+ * Ephemeral CA Certificate Generation
+ *
+ * Uses the openssl CLI to generate a short-lived CA certificate and
+ * per-host certificates for HTTPS interception.
+ *
+ * Currently used only by tests. When full HTTPS MITM proxy support is
+ * added (allowing body-level inspection and URL pattern matching for
+ * HTTPS traffic), this will be wired into NetworkProxyServer to
+ * generate per-host certs on CONNECT and terminate TLS.
+ */
+import { execFile } from "node:child_process";
+import { writeFile, unlink, mkdir } from "node:fs/promises";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { randomBytes } from "node:crypto";
+import { promisify } from "node:util";
+const execFileAsync = promisify(execFile);
+export class EphemeralCA {
+    dir;
+    ca;
+    hostCerts = new Map();
+    destroyed = false;
+    constructor() {
+        this.dir = join(tmpdir(), `agentick-ca-${randomBytes(6).toString("hex")}`);
+    }
+    /** Get the CA certificate path (generates on first call). */
+    get caCertPath() {
+        return this.ca?.certPath;
+    }
+    /** Initialize the ephemeral CA. */
+    async init() {
+        await mkdir(this.dir, { recursive: true, mode: 0o700 });
+        const keyPath = join(this.dir, "ca-key.pem");
+        const certPath = join(this.dir, "ca-cert.pem");
+        // Generate CA key + self-signed cert (1 day validity)
+        await execFileAsync("openssl", [
+            "req",
+            "-x509",
+            "-newkey",
+            "rsa:2048",
+            "-nodes",
+            "-days",
+            "1",
+            "-subj",
+            "/CN=Agentick Sandbox CA",
+            "-keyout",
+            keyPath,
+            "-out",
+            certPath,
+        ]);
+        this.ca = { certPath, keyPath };
+    }
+    /**
+     * Get or generate a certificate for a specific hostname.
+     * Caches per-host certs in memory.
+     */
+    async certForHost(hostname) {
+        if (this.destroyed)
+            throw new Error("CA has been destroyed");
+        if (!this.ca)
+            throw new Error("CA not initialized");
+        const cached = this.hostCerts.get(hostname);
+        if (cached)
+            return cached;
+        const hostKeyPath = join(this.dir, `${hostname}-key.pem`);
+        const hostCsrPath = join(this.dir, `${hostname}.csr`);
+        const hostCertPath = join(this.dir, `${hostname}-cert.pem`);
+        const serial = randomBytes(8).toString("hex");
+        // Generate host key + CSR
+        await execFileAsync("openssl", [
+            "req",
+            "-newkey",
+            "rsa:2048",
+            "-nodes",
+            "-subj",
+            `/CN=${hostname}`,
+            "-keyout",
+            hostKeyPath,
+            "-out",
+            hostCsrPath,
+        ]);
+        // Create SAN extension config for the host cert
+        const extPath = join(this.dir, `${hostname}-ext.cnf`);
+        await writeFile(extPath, `subjectAltName=DNS:${hostname}\nbasicConstraints=CA:FALSE\n`);
+        // Sign with CA
+        await execFileAsync("openssl", [
+            "x509",
+            "-req",
+            "-in",
+            hostCsrPath,
+            "-CA",
+            this.ca.certPath,
+            "-CAkey",
+            this.ca.keyPath,
+            "-set_serial",
+            `0x${serial}`,
+            "-days",
+            "1",
+            "-extfile",
+            extPath,
+            "-out",
+            hostCertPath,
+        ]);
+        // Clean up CSR and ext file
+        await Promise.all([safeUnlink(hostCsrPath), safeUnlink(extPath)]);
+        const paths = { certPath: hostCertPath, keyPath: hostKeyPath };
+        this.hostCerts.set(hostname, paths);
+        return paths;
+    }
+    /** Clean up all generated certificate files. */
+    async cleanup() {
+        if (this.destroyed)
+            return;
+        this.destroyed = true;
+        const files = [];
+        if (this.ca) {
+            files.push(this.ca.certPath, this.ca.keyPath);
+        }
+        for (const cert of this.hostCerts.values()) {
+            files.push(cert.certPath, cert.keyPath);
+        }
+        await Promise.allSettled(files.map(safeUnlink));
+        this.hostCerts.clear();
+        // Try to remove the directory itself
+        try {
+            const { rm } = await import("node:fs/promises");
+            await rm(this.dir, { recursive: true, force: true });
+        }
+        catch {
+            // Best-effort
+        }
+    }
+}
+async function safeUnlink(path) {
+    try {
+        await unlink(path);
+    }
+    catch {
+        // Ignore
+    }
+}
+//# sourceMappingURL=ca.js.map

package/dist/network/ca.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ca.js","sourceRoot":"","sources":["../../src/network/ca.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAY1C,MAAM,OAAO,WAAW;IACL,GAAG,CAAS;IACrB,EAAE,CAAe;IACjB,SAAS,GAAG,IAAI,GAAG,EAAyB,CAAC;IAC7C,SAAS,GAAG,KAAK,CAAC;IAE1B;QACE,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,EAAE,eAAe,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,6DAA6D;IAC7D,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC;IAC3B,CAAC;IAED,mCAAmC;IACnC,KAAK,CAAC,IAAI;QACR,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAExD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAE/C,sDAAsD;QACtD,MAAM,aAAa,CAAC,SAAS,EAAE;YAC7B,KAAK;YACL,OAAO;YACP,SAAS;YACT,UAAU;YACV,QAAQ;YACR,OAAO;YACP,GAAG;YACH,OAAO;YACP,yBAAyB;YACzB,SAAS;YACT,OAAO;YACP,MAAM;YACN,QAAQ;SACT,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAClC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,QAAgB;QAChC,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,UAAU,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;QACtD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,WAAW,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE9C,0BAA0B;QAC1B,MAAM,aAAa,CAAC,SAAS,EAAE;YAC7B,KAAK;YACL,SAAS;YACT,UAAU;YACV,QAAQ;YACR,OAAO;YACP,OAAO,QAAQ,EAAE;YACjB,SAAS;YACT,WAAW;YACX,MAAM;YACN,WAAW;SACZ,CAAC,CAAC;QAEH,gDAAgD;QAChD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,UAAU,CAAC,CAAC;QACtD,MAAM,SAAS,CAAC,OAAO,EAAE,sBAAsB,QAAQ,+BAA+B,CAAC,CAAC;QAExF,eAAe;QACf,MAAM,aAAa,CAAC,SAAS,EAAE;YAC7B,MAAM;YACN,MAAM;YACN,KAAK;YACL,WAAW;YACX,KAAK;YACL,IAAI,CAAC,EAAE,CAAC,QAAQ;YAChB,QAAQ;YACR,IAAI,CAAC,EAAE,CAAC,OAAO;YACf,aAAa;YACb,KAAK,MAAM,EAAE;YACb,OAAO;YACP,GAAG;YACH,UAAU;YACV,OAAO;YACP,MAAM;YACN,YAAY;SACb,CAAC,CAAC;QAEH,4BAA4B;QAC5B,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAElE,MAAM,KAAK,GAAkB,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QAC9E,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAC3B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QAEtB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QAChD,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QAEvB,qCAAqC;QACrC,IAAI,CAAC;YACH,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;YAChD,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC;CACF;AAED,KAAK,UAAU,UAAU,CAAC,IAAY;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;AACH,CAAC"}

package/dist/network/proxy.d.ts

@@ -0,0 +1,46 @@
+/**
+ * HTTP/HTTPS Proxy Server
+ *
+ * Binds an HTTP proxy server that intercepts HTTP traffic and applies
+ * network rules. HTTPS connections are handled at the CONNECT level:
+ * allowed connections get a passthrough tunnel, denied ones are rejected.
+ *
+ * No MITM/TLS termination — HTTPS content is opaque. This covers the
+ * primary use case (domain-level allow/deny) without the complexity of
+ * CA generation and TLS interception.
+ */
+import type { NetworkRule, ProxiedRequest } from "@agentick/sandbox";
+export interface ProxyServerConfig {
+    /** Port to bind. 0 = auto-assign. */
+    port?: number;
+    /** Called for each request (before forwarding/blocking). */
+    onRequest?: (req: ProxiedRequest) => void;
+    /** Called when a request is blocked. */
+    onBlock?: (req: ProxiedRequest) => void;
+    /** Maximum audit log entries. Default: 10000. */
+    maxAuditEntries?: number;
+}
+export declare class NetworkProxyServer {
+    readonly rules: NetworkRule[];
+    private readonly config;
+    private server?;
+    private auditLog;
+    private _proxyUrl?;
+    private _port?;
+    constructor(rules: NetworkRule[], config?: ProxyServerConfig);
+    /** The proxy URL (e.g. "http://127.0.0.1:12345"). Available after start(). */
+    get proxyUrl(): string;
+    /** Start the proxy server. */
+    start(): Promise<void>;
+    /** Stop the proxy server. */
+    stop(): Promise<void>;
+    /** Get the audit log of all proxied requests. */
+    getAuditLog(): ProxiedRequest[];
+    /** Handle an HTTP request (non-CONNECT). */
+    private handleHttpRequest;
+    /** Handle a CONNECT request (HTTPS tunnel). */
+    private handleConnect;
+    /** Log a request and trim the audit log if needed. */
+    private logRequest;
+}
+//# sourceMappingURL=proxy.d.ts.map