@agentick/sandbox-local 0.2.1

package/dist/network/proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/network/proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAGrE,MAAM,WAAW,iBAAiB;IAChC,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,4DAA4D;IAC5D,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,IAAI,CAAC;IAE1C,wCAAwC;IACxC,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,IAAI,CAAC;IAExC,iDAAiD;IACjD,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,kBAAkB;IAC7B,QAAQ,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA8B;IACrD,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAwB;IACxC,OAAO,CAAC,SAAS,CAAC,CAAS;IAC3B,OAAO,CAAC,KAAK,CAAC,CAAS;gBAEX,KAAK,EAAE,WAAW,EAAE,EAAE,MAAM,CAAC,EAAE,iBAAiB;IAU5D,8EAA8E;IAC9E,IAAI,QAAQ,IAAI,MAAM,CAGrB;IAED,8BAA8B;IACxB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAmB5B,6BAA6B;IACvB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAU3B,iDAAiD;IACjD,WAAW,IAAI,cAAc,EAAE;IAI/B,4CAA4C;IAC5C,OAAO,CAAC,iBAAiB;IAgDzB,+CAA+C;IAC/C,OAAO,CAAC,aAAa;IAmCrB,sDAAsD;IACtD,OAAO,CAAC,UAAU;CAiBnB"}

package/dist/network/proxy.js

@@ -0,0 +1,144 @@
+/**
+ * HTTP/HTTPS Proxy Server
+ *
+ * Binds an HTTP proxy server that intercepts HTTP traffic and applies
+ * network rules. HTTPS connections are handled at the CONNECT level:
+ * allowed connections get a passthrough tunnel, denied ones are rejected.
+ *
+ * No MITM/TLS termination — HTTPS content is opaque. This covers the
+ * primary use case (domain-level allow/deny) without the complexity of
+ * CA generation and TLS interception.
+ */
+import { createServer, request as httpRequest } from "node:http";
+import * as net from "node:net";
+import { matchRequest } from "./rules";
+export class NetworkProxyServer {
+    rules;
+    config;
+    server;
+    auditLog = [];
+    _proxyUrl;
+    _port;
+    constructor(rules, config) {
+        this.rules = rules;
+        this.config = {
+            port: config?.port ?? 0,
+            onRequest: config?.onRequest ?? (() => { }),
+            onBlock: config?.onBlock ?? (() => { }),
+            maxAuditEntries: config?.maxAuditEntries ?? 10000,
+        };
+    }
+    /** The proxy URL (e.g. "http://127.0.0.1:12345"). Available after start(). */
+    get proxyUrl() {
+        if (!this._proxyUrl)
+            throw new Error("Proxy not started");
+        return this._proxyUrl;
+    }
+    /** Start the proxy server. */
+    async start() {
+        this.server = createServer((req, res) => this.handleHttpRequest(req, res));
+        this.server.on("connect", (req, socket, head) => this.handleConnect(req, socket, head));
+        await new Promise((resolve, reject) => {
+            this.server.listen(this.config.port, "127.0.0.1", () => {
+                const addr = this.server.address();
+                if (typeof addr === "object" && addr) {
+                    this._port = addr.port;
+                    this._proxyUrl = `http://127.0.0.1:${addr.port}`;
+                }
+                resolve();
+            });
+            this.server.on("error", reject);
+        });
+    }
+    /** Stop the proxy server. */
+    async stop() {
+        await new Promise((resolve) => {
+            if (this.server) {
+                this.server.close(() => resolve());
+            }
+            else {
+                resolve();
+            }
+        });
+    }
+    /** Get the audit log of all proxied requests. */
+    getAuditLog() {
+        return [...this.auditLog];
+    }
+    /** Handle an HTTP request (non-CONNECT). */
+    handleHttpRequest(req, res) {
+        const url = req.url ?? "/";
+        const host = req.headers.host ?? "unknown";
+        const port = parseInt(host.split(":")[1] ?? "80", 10);
+        const entry = this.logRequest(url, req.method ?? "GET", host.split(":")[0], port);
+        const match = matchRequest({ host: host.split(":")[0], port, method: req.method ?? "GET", url }, this.rules);
+        entry.matchedRule = match.rule;
+        if (match.action === "deny") {
+            entry.blocked = true;
+            this.config.onBlock(entry);
+            res.writeHead(403, { "Content-Type": "text/plain" });
+            res.end("Blocked by sandbox network rules");
+            return;
+        }
+        this.config.onRequest(entry);
+        // Forward the request
+        const parsedUrl = new URL(url);
+        const proxyReq = httpRequest({
+            hostname: parsedUrl.hostname,
+            port: parsedUrl.port || 80,
+            path: parsedUrl.pathname + parsedUrl.search,
+            method: req.method,
+            headers: { ...req.headers, host: parsedUrl.host },
+        }, (proxyRes) => {
+            res.writeHead(proxyRes.statusCode ?? 502, proxyRes.headers);
+            proxyRes.pipe(res);
+        });
+        proxyReq.on("error", () => {
+            res.writeHead(502, { "Content-Type": "text/plain" });
+            res.end("Proxy connection error");
+        });
+        req.pipe(proxyReq);
+    }
+    /** Handle a CONNECT request (HTTPS tunnel). */
+    handleConnect(req, socket, _head) {
+        const [host, portStr] = (req.url ?? "").split(":");
+        const port = parseInt(portStr ?? "443", 10);
+        const entry = this.logRequest(`https://${host}:${port}`, "CONNECT", host, port);
+        const match = matchRequest({ host, port, method: "CONNECT", url: `https://${host}:${port}` }, this.rules);
+        entry.matchedRule = match.rule;
+        if (match.action === "deny") {
+            entry.blocked = true;
+            this.config.onBlock(entry);
+            socket.write("HTTP/1.1 403 Forbidden\r\n\r\n");
+            socket.end();
+            return;
+        }
+        this.config.onRequest(entry);
+        // Passthrough: direct tunnel to target (no TLS interception)
+        const { connect } = net;
+        const remote = connect(port, host, () => {
+            socket.write("HTTP/1.1 200 Connection Established\r\n\r\n");
+            socket.pipe(remote);
+            remote.pipe(socket);
+        });
+        remote.on("error", () => socket.destroy());
+        socket.on("error", () => remote.destroy());
+    }
+    /** Log a request and trim the audit log if needed. */
+    logRequest(url, method, host, port) {
+        const entry = {
+            url,
+            method,
+            host,
+            port,
+            timestamp: Date.now(),
+            blocked: false,
+        };
+        this.auditLog.push(entry);
+        if (this.auditLog.length > this.config.maxAuditEntries) {
+            this.auditLog = this.auditLog.slice(-this.config.maxAuditEntries);
+        }
+        return entry;
+    }
+}
+//# sourceMappingURL=proxy.js.map

package/dist/network/proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../../src/network/proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAIhC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAgBvC,MAAM,OAAO,kBAAkB;IACpB,KAAK,CAAgB;IACb,MAAM,CAA8B;IAC7C,MAAM,CAAU;IAChB,QAAQ,GAAqB,EAAE,CAAC;IAChC,SAAS,CAAU;IACnB,KAAK,CAAU;IAEvB,YAAY,KAAoB,EAAE,MAA0B;QAC1D,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,MAAM,GAAG;YACZ,IAAI,EAAE,MAAM,EAAE,IAAI,IAAI,CAAC;YACvB,SAAS,EAAE,MAAM,EAAE,SAAS,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YAC1C,OAAO,EAAE,MAAM,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACtC,eAAe,EAAE,MAAM,EAAE,eAAe,IAAI,KAAK;SAClD,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,IAAI,QAAQ;QACV,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,8BAA8B;IAC9B,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,CAC9C,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,MAAgB,EAAE,IAAI,CAAC,CAChD,CAAC;QAEF,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC,MAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACtD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAO,CAAC,OAAO,EAAE,CAAC;gBACpC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC;oBACrC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC;oBACvB,IAAI,CAAC,SAAS,GAAG,oBAAoB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACnD,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,KAAK,CAAC,IAAI;QACR,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,WAAW;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,4CAA4C;IACpC,iBAAiB,CAAC,GAAoB,EAAE,GAAmB;QACjE,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;QAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QAEtD,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,IAAI,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAElF,MAAM,KAAK,GAAG,YAAY,CACxB,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,KAAK,EAAE,GAAG,EAAE,EACpE,IAAI,CAAC,KAAK,CACX,CAAC;QAEF,KAAK,CAAC,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC;QAE/B,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC5B,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;YACrB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE7B,sBAAsB;QACtB,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,WAAW,CAC1B;YACE,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,IAAI,EAAE,SAAS,CAAC,IAAI,IAAI,EAAE;YAC1B,IAAI,EAAE,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,MAAM;YAC3C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,OAAO,EAAE,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE;SAClD,EACD,CAAC,QAAQ,EAAE,EAAE;YACX,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC,CACF,CAAC;QAEF,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACxB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;IAED,+CAA+C;IACvC,aAAa,CAAC,GAAoB,EAAE,MAAc,EAAE,KAAa;QACvE,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,IAAI,KAAK,EAAE,EAAE,CAAC,CAAC;QAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,IAAI,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAEhF,MAAM,KAAK,GAAG,YAAY,CACxB,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,WAAW,IAAI,IAAI,IAAI,EAAE,EAAE,EACjE,IAAI,CAAC,KAAK,CACX,CAAC;QAEF,KAAK,CAAC,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC;QAE/B,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC5B,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;YACrB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC/C,MAAM,CAAC,GAAG,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE7B,6DAA6D;QAC7D,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;YAC5D,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,sDAAsD;IAC9C,UAAU,CAAC,GAAW,EAAE,MAAc,EAAE,IAAY,EAAE,IAAY;QACxE,MAAM,KAAK,GAAmB;YAC5B,GAAG;YACH,MAAM;YACN,IAAI;YACJ,IAAI;YACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,OAAO,EAAE,KAAK;SACf,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YACvD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/network/rules.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Network Rule Matching Engine
+ *
+ * Evaluates requests against an ordered list of NetworkRules.
+ * First match wins; default action is deny.
+ */
+import type { NetworkRule } from "@agentick/sandbox";
+export interface RequestInfo {
+    host: string;
+    port: number;
+    method: string;
+    url: string;
+}
+export interface MatchResult {
+    action: "allow" | "deny";
+    rule?: NetworkRule;
+}
+/**
+ * Match a request against an ordered list of rules.
+ * First matching rule wins. Default: deny.
+ */
+export declare function matchRequest(request: RequestInfo, rules: NetworkRule[]): MatchResult;
+//# sourceMappingURL=rules.d.ts.map

package/dist/network/rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../src/network/rules.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,WAAW,CAOpF"}

package/dist/network/rules.js

@@ -0,0 +1,64 @@
+/**
+ * Network Rule Matching Engine
+ *
+ * Evaluates requests against an ordered list of NetworkRules.
+ * First match wins; default action is deny.
+ */
+/**
+ * Match a request against an ordered list of rules.
+ * First matching rule wins. Default: deny.
+ */
+export function matchRequest(request, rules) {
+    for (const rule of rules) {
+        if (ruleMatches(request, rule)) {
+            return { action: rule.action, rule };
+        }
+    }
+    return { action: "deny" };
+}
+function ruleMatches(request, rule) {
+    // Domain check
+    if (rule.domain !== undefined) {
+        if (!matchDomain(request.host, rule.domain))
+            return false;
+    }
+    // Port check
+    if (rule.port !== undefined) {
+        if (request.port !== rule.port)
+            return false;
+    }
+    // Method check
+    if (rule.methods !== undefined && rule.methods.length > 0) {
+        const upperMethod = request.method.toUpperCase();
+        if (!rule.methods.some((m) => m.toUpperCase() === upperMethod))
+            return false;
+    }
+    // URL pattern check
+    if (rule.urlPattern !== undefined) {
+        try {
+            const regex = new RegExp(rule.urlPattern);
+            if (!regex.test(request.url))
+                return false;
+        }
+        catch {
+            // Invalid regex — treat as no match
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Match a hostname against a domain pattern.
+ * Supports wildcards: "*.example.com" matches "sub.example.com" but not "example.com".
+ * Exact match: "example.com" matches only "example.com".
+ */
+function matchDomain(hostname, pattern) {
+    const host = hostname.toLowerCase();
+    const pat = pattern.toLowerCase();
+    if (pat.startsWith("*.")) {
+        const suffix = pat.slice(1); // ".example.com"
+        return host.endsWith(suffix) && host.length > suffix.length;
+    }
+    return host === pat;
+}
+//# sourceMappingURL=rules.js.map

package/dist/network/rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../src/network/rules.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAgBH;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,OAAoB,EAAE,KAAoB;IACrE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;QACvC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,WAAW,CAAC,OAAoB,EAAE,IAAiB;IAC1D,eAAe;IACf,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC;YAAE,OAAO,KAAK,CAAC;IAC5D,CAAC;IAED,aAAa;IACb,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;IAC/C,CAAC;IAED,eAAe;IACf,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACjD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,WAAW,CAAC;YAAE,OAAO,KAAK,CAAC;IAC/E,CAAC;IAED,oBAAoB;IACpB,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAe;IACpD,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAElC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB;QAC9C,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9D,CAAC;IAED,OAAO,IAAI,KAAK,GAAG,CAAC;AACtB,CAAC"}

package/dist/paths.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Path Safety
+ *
+ * Resolves paths, follows symlinks, validates bounds against workspace and mounts.
+ * Rejects path traversal, null bytes, and escape attempts.
+ */
+import type { ResolvedMount } from "./executor/types";
+/** Environment variables that must never be inherited. */
+export declare const ENV_BLOCKLIST: Set<string>;
+/**
+ * Resolve and validate a path is within the workspace or an allowed mount.
+ *
+ * IMPORTANT: workspacePath must already be realpath-resolved (done once at
+ * creation time by createWorkspace). Mount hostPaths are also pre-resolved
+ * by resolveMounts. This avoids redundant realpath calls on every file op.
+ *
+ * @param inputPath - The path to resolve (relative to workspace or absolute)
+ * @param workspacePath - The sandbox workspace root (must be pre-resolved via realpath)
+ * @param mode - Required access mode ("read" or "write")
+ * @param mounts - Resolved mounts with host paths and modes
+ * @returns The resolved absolute path
+ * @throws On null bytes, traversal, or out-of-bounds access
+ */
+export declare function resolveSafePath(inputPath: string, workspacePath: string, mode: "read" | "write", mounts?: ResolvedMount[]): Promise<string>;
+/**
+ * Filter dangerous environment variables from an env record.
+ */
+export declare function filterEnv(env: Record<string, string>): Record<string, string>;
+//# sourceMappingURL=paths.d.ts.map

package/dist/paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../src/paths.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,0DAA0D;AAC1D,eAAO,MAAM,aAAa,aAMxB,CAAC;AAEH;;;;;;;;;;;;;GAaG;AACH,wBAAsB,eAAe,CACnC,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,EACrB,IAAI,EAAE,MAAM,GAAG,OAAO,EACtB,MAAM,GAAE,aAAa,EAAO,GAC3B,OAAO,CAAC,MAAM,CAAC,CAwEjB;AAwBD;;GAEG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAQ7E"}

package/dist/paths.js

@@ -0,0 +1,129 @@
+/**
+ * Path Safety
+ *
+ * Resolves paths, follows symlinks, validates bounds against workspace and mounts.
+ * Rejects path traversal, null bytes, and escape attempts.
+ */
+import { realpath } from "node:fs/promises";
+import { resolve, isAbsolute } from "node:path";
+/** Environment variables that must never be inherited. */
+export const ENV_BLOCKLIST = new Set([
+    "LD_PRELOAD",
+    "LD_LIBRARY_PATH",
+    "DYLD_INSERT_LIBRARIES",
+    "DYLD_LIBRARY_PATH",
+    "DYLD_FRAMEWORK_PATH",
+]);
+/**
+ * Resolve and validate a path is within the workspace or an allowed mount.
+ *
+ * IMPORTANT: workspacePath must already be realpath-resolved (done once at
+ * creation time by createWorkspace). Mount hostPaths are also pre-resolved
+ * by resolveMounts. This avoids redundant realpath calls on every file op.
+ *
+ * @param inputPath - The path to resolve (relative to workspace or absolute)
+ * @param workspacePath - The sandbox workspace root (must be pre-resolved via realpath)
+ * @param mode - Required access mode ("read" or "write")
+ * @param mounts - Resolved mounts with host paths and modes
+ * @returns The resolved absolute path
+ * @throws On null bytes, traversal, or out-of-bounds access
+ */
+export async function resolveSafePath(inputPath, workspacePath, mode, mounts = []) {
+    // Reject null bytes
+    if (inputPath.includes("\0")) {
+        throw new Error("Path contains null bytes");
+    }
+    // workspacePath is pre-resolved via realpath by createWorkspace()
+    const realWorkspace = workspacePath;
+    // Resolve to absolute (relative paths are relative to workspace)
+    const absolute = isAbsolute(inputPath) ? inputPath : resolve(realWorkspace, inputPath);
+    // Try to follow symlinks to the real path. If the file doesn't exist yet
+    // (write mode), resolve the parent directory instead.
+    let resolved;
+    try {
+        resolved = await realpath(absolute);
+    }
+    catch (err) {
+        if (err.code === "ENOENT") {
+            if (mode === "write") {
+                // File (or parent dirs) don't exist yet — walk up to find the
+                // closest existing ancestor, then verify it's within bounds
+                resolved = await resolveNonExistentPath(absolute);
+            }
+            else {
+                // For reads, if the file doesn't exist, resolve what we can and
+                // check bounds using path manipulation (to catch traversal attempts
+                // even when target doesn't exist)
+                resolved = resolve(absolute);
+                // Normalize out .. components
+                if (!resolved.startsWith(realWorkspace + "/") && resolved !== realWorkspace) {
+                    // Check mounts (hostPaths are pre-resolved by resolveMounts)
+                    let inMount = false;
+                    for (const mount of mounts) {
+                        if (resolved === mount.hostPath || resolved.startsWith(mount.hostPath + "/")) {
+                            inMount = true;
+                            break;
+                        }
+                    }
+                    if (!inMount) {
+                        throw new Error(`Path escapes sandbox: ${inputPath} resolves to ${resolved} (workspace: ${realWorkspace})`);
+                    }
+                }
+                return resolved;
+            }
+        }
+        else {
+            throw err;
+        }
+    }
+    // Check workspace bounds
+    if (resolved === realWorkspace || resolved.startsWith(realWorkspace + "/")) {
+        return resolved;
+    }
+    // Check mounts (hostPaths are pre-resolved by resolveMounts)
+    for (const mount of mounts) {
+        const inMount = resolved === mount.hostPath || resolved.startsWith(mount.hostPath + "/");
+        if (inMount) {
+            if (mode === "write" && mount.mode === "ro") {
+                throw new Error(`Write access denied: ${inputPath} resolves to read-only mount ${mount.sandboxPath}`);
+            }
+            return resolved;
+        }
+    }
+    throw new Error(`Path escapes sandbox: ${inputPath} resolves to ${resolved} (workspace: ${realWorkspace})`);
+}
+/**
+ * Walk up the path tree to find the closest existing ancestor,
+ * then append the remaining segments. Used for write mode when
+ * the target file (and potentially parent dirs) don't exist yet.
+ */
+async function resolveNonExistentPath(absolute) {
+    let ancestor = absolute;
+    let suffix = "";
+    while (ancestor !== "/" && ancestor !== ".") {
+        const parent = resolve(ancestor, "..");
+        suffix = ancestor.slice(parent.length) + suffix;
+        ancestor = parent;
+        try {
+            const resolvedAncestor = await realpath(ancestor);
+            return resolvedAncestor + suffix;
+        }
+        catch {
+            // Keep walking up
+        }
+    }
+    throw new Error(`No accessible ancestor for path: ${absolute}`);
+}
+/**
+ * Filter dangerous environment variables from an env record.
+ */
+export function filterEnv(env) {
+    const filtered = {};
+    for (const [key, value] of Object.entries(env)) {
+        if (!ENV_BLOCKLIST.has(key)) {
+            filtered[key] = value;
+        }
+    }
+    return filtered;
+}
+//# sourceMappingURL=paths.js.map

package/dist/paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../src/paths.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGhD,0DAA0D;AAC1D,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IACnC,YAAY;IACZ,iBAAiB;IACjB,uBAAuB;IACvB,mBAAmB;IACnB,qBAAqB;CACtB,CAAC,CAAC;AAEH;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,SAAiB,EACjB,aAAqB,EACrB,IAAsB,EACtB,SAA0B,EAAE;IAE5B,oBAAoB;IACpB,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IAED,kEAAkE;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC;IAEpC,iEAAiE;IACjE,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IAEvF,yEAAyE;IACzE,sDAAsD;IACtD,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBACrB,8DAA8D;gBAC9D,4DAA4D;gBAC5D,QAAQ,GAAG,MAAM,sBAAsB,CAAC,QAAQ,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,gEAAgE;gBAChE,oEAAoE;gBACpE,kCAAkC;gBAClC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC7B,8BAA8B;gBAC9B,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,GAAG,GAAG,CAAC,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;oBAC5E,6DAA6D;oBAC7D,IAAI,OAAO,GAAG,KAAK,CAAC;oBACpB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;wBAC3B,IAAI,QAAQ,KAAK,KAAK,CAAC,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,GAAG,GAAG,CAAC,EAAE,CAAC;4BAC7E,OAAO,GAAG,IAAI,CAAC;4BACf,MAAM;wBACR,CAAC;oBACH,CAAC;oBACD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,MAAM,IAAI,KAAK,CACb,yBAAyB,SAAS,gBAAgB,QAAQ,gBAAgB,aAAa,GAAG,CAC3F,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,IAAI,QAAQ,KAAK,aAAa,IAAI,QAAQ,CAAC,UAAU,CAAC,aAAa,GAAG,GAAG,CAAC,EAAE,CAAC;QAC3E,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,6DAA6D;IAC7D,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,QAAQ,KAAK,KAAK,CAAC,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC;QACzF,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CACb,wBAAwB,SAAS,gCAAgC,KAAK,CAAC,WAAW,EAAE,CACrF,CAAC;YACJ,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,yBAAyB,SAAS,gBAAgB,QAAQ,gBAAgB,aAAa,GAAG,CAC3F,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,sBAAsB,CAAC,QAAgB;IACpD,IAAI,QAAQ,GAAG,QAAQ,CAAC;IACxB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,OAAO,QAAQ,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACvC,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;QAChD,QAAQ,GAAG,MAAM,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,gBAAgB,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAClD,OAAO,gBAAgB,GAAG,MAAM,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,GAA2B;IACnD,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/platform/detect.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Platform capability detection.
+ *
+ * Probes the OS for sandbox features: macOS sandbox-exec, Linux bubblewrap/unshare,
+ * cgroups v2, user namespaces. Result is cached after first call.
+ */
+import type { PlatformCapabilities, SandboxStrategy } from "./types";
+/**
+ * Detect platform sandbox capabilities.
+ * Result is cached — safe to call multiple times.
+ */
+export declare function detectCapabilities(): Promise<PlatformCapabilities>;
+/** Select the best strategy given capabilities and optional override. */
+export declare function selectStrategy(caps: PlatformCapabilities, override?: SandboxStrategy | "auto"): SandboxStrategy;
+/** Reset the capability cache (for testing). */
+export declare function resetCapabilitiesCache(): void;
+//# sourceMappingURL=detect.d.ts.map

package/dist/platform/detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/platform/detect.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AA0BrE;;;GAGG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,oBAAoB,CAAC,CA6CxE;AAED,yEAAyE;AACzE,wBAAgB,cAAc,CAC5B,IAAI,EAAE,oBAAoB,EAC1B,QAAQ,CAAC,EAAE,eAAe,GAAG,MAAM,GAClC,eAAe,CA0BjB;AAED,gDAAgD;AAChD,wBAAgB,sBAAsB,IAAI,IAAI,CAE7C"}

package/dist/platform/detect.js

@@ -0,0 +1,114 @@
+/**
+ * Platform capability detection.
+ *
+ * Probes the OS for sandbox features: macOS sandbox-exec, Linux bubblewrap/unshare,
+ * cgroups v2, user namespaces. Result is cached after first call.
+ */
+import { execFile } from "node:child_process";
+import { access, readFile } from "node:fs/promises";
+import { constants } from "node:fs";
+import { promisify } from "node:util";
+const execFileAsync = promisify(execFile);
+let cached;
+/** Check if a binary exists on PATH. */
+async function which(name) {
+    try {
+        await execFileAsync("which", [name]);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/** Check if a file exists and is readable. */
+async function readable(path) {
+    try {
+        await access(path, constants.R_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Detect platform sandbox capabilities.
+ * Result is cached — safe to call multiple times.
+ */
+export async function detectCapabilities() {
+    if (cached)
+        return cached;
+    const rawPlatform = process.platform;
+    const platform = rawPlatform === "darwin" || rawPlatform === "linux" || rawPlatform === "win32"
+        ? rawPlatform
+        : "unknown";
+    const base = {
+        platform,
+        arch: process.arch,
+        hasSandboxExec: false,
+        hasBwrap: false,
+        hasUnshare: false,
+        hasCgroupsV2: false,
+        userNamespaces: false,
+        uid: process.getuid?.() ?? -1,
+        recommended: "none",
+    };
+    if (platform === "darwin") {
+        base.hasSandboxExec = await readable("/usr/bin/sandbox-exec");
+        base.recommended = base.hasSandboxExec ? "seatbelt" : "none";
+    }
+    else if (platform === "linux") {
+        const [hasBwrap, hasUnshare, hasCgroups, userNs] = await Promise.all([
+            which("bwrap"),
+            which("unshare"),
+            readable("/sys/fs/cgroup/cgroup.controllers"),
+            readFile("/proc/sys/kernel/unprivileged_userns_clone", "utf-8")
+                .then((v) => v.trim() === "1")
+                .catch(() => false),
+        ]);
+        base.hasBwrap = hasBwrap;
+        base.hasUnshare = hasUnshare;
+        base.hasCgroupsV2 = hasCgroups;
+        base.userNamespaces = userNs;
+        if (hasBwrap)
+            base.recommended = "bwrap";
+        else if (hasUnshare && userNs)
+            base.recommended = "unshare";
+        else
+            base.recommended = "none";
+    }
+    cached = base;
+    return base;
+}
+/** Select the best strategy given capabilities and optional override. */
+export function selectStrategy(caps, override) {
+    if (!override || override === "auto")
+        return caps.recommended;
+    // Validate the override is available
+    switch (override) {
+        case "seatbelt":
+            if (!caps.hasSandboxExec) {
+                throw new Error("sandbox-exec not available on this platform");
+            }
+            return "seatbelt";
+        case "bwrap":
+            if (!caps.hasBwrap) {
+                throw new Error("bubblewrap (bwrap) not found on PATH");
+            }
+            return "bwrap";
+        case "unshare":
+            if (!caps.hasUnshare) {
+                throw new Error("unshare not found on PATH");
+            }
+            if (!caps.userNamespaces) {
+                throw new Error("user namespaces not available");
+            }
+            return "unshare";
+        case "none":
+            return "none";
+    }
+}
+/** Reset the capability cache (for testing). */
+export function resetCapabilitiesCache() {
+    cached = undefined;
+}
+//# sourceMappingURL=detect.js.map

package/dist/platform/detect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.js","sourceRoot":"","sources":["../../src/platform/detect.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,IAAI,MAAwC,CAAC;AAE7C,wCAAwC;AACxC,KAAK,UAAU,KAAK,CAAC,IAAY;IAC/B,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,KAAK,UAAU,QAAQ,CAAC,IAAY;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,MAAM,QAAQ,GACZ,WAAW,KAAK,QAAQ,IAAI,WAAW,KAAK,OAAO,IAAI,WAAW,KAAK,OAAO;QAC5E,CAAC,CAAC,WAAW;QACb,CAAC,CAAE,SAAmB,CAAC;IAE3B,MAAM,IAAI,GAAyB;QACjC,QAAQ;QACR,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc,EAAE,KAAK;QACrB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,KAAK;QACjB,YAAY,EAAE,KAAK;QACnB,cAAc,EAAE,KAAK;QACrB,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;QAC7B,WAAW,EAAE,MAAM;KACpB,CAAC;IAEF,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC,cAAc,GAAG,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAC9D,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;IAC/D,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACnE,KAAK,CAAC,OAAO,CAAC;YACd,KAAK,CAAC,SAAS,CAAC;YAChB,QAAQ,CAAC,mCAAmC,CAAC;YAC7C,QAAQ,CAAC,4CAA4C,EAAE,OAAO,CAAC;iBAC5D,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC;iBAC7B,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC;SACtB,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC;QAC/B,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC;QAE7B,IAAI,QAAQ;YAAE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC;aACpC,IAAI,UAAU,IAAI,MAAM;YAAE,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;;YACvD,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC;IACjC,CAAC;IAED,MAAM,GAAG,IAAI,CAAC;IACd,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,cAAc,CAC5B,IAA0B,EAC1B,QAAmC;IAEnC,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,WAAW,CAAC;IAE9D,qCAAqC;IACrC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,KAAK,OAAO;YACV,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC1D,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,KAAK,SAAS;YACZ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,sBAAsB;IACpC,MAAM,GAAG,SAAS,CAAC;AACrB,CAAC"}

package/dist/platform/types.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Platform detection types.
+ */
+export type SandboxStrategy = "seatbelt" | "bwrap" | "unshare" | "none";
+export interface PlatformCapabilities {
+    platform: "darwin" | "linux" | "win32" | "unknown";
+    arch: string;
+    hasSandboxExec: boolean;
+    hasBwrap: boolean;
+    hasUnshare: boolean;
+    hasCgroupsV2: boolean;
+    userNamespaces: boolean;
+    uid: number;
+    recommended: SandboxStrategy;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/platform/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/platform/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;AAExE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,CAAC;IACnD,IAAI,EAAE,MAAM,CAAC;IAGb,cAAc,EAAE,OAAO,CAAC;IAGxB,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;IAGxB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,eAAe,CAAC;CAC9B"}

package/dist/platform/types.js

@@ -0,0 +1,4 @@
+/**
+ * Platform detection types.
+ */
+//# sourceMappingURL=types.js.map

package/dist/platform/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/platform/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/provider.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Local Sandbox Provider
+ *
+ * Factory function that creates a SandboxProvider backed by OS-level sandboxing.
+ */
+import type { SandboxProvider } from "@agentick/sandbox";
+import type { SandboxStrategy } from "./platform/types";
+import type { ProxyServerConfig } from "./network/proxy";
+export interface LocalProviderConfig {
+    /** Sandbox strategy. "auto" detects the best available. Default: "auto". */
+    strategy?: SandboxStrategy | "auto";
+    /** Network proxy configuration. */
+    network?: ProxyServerConfig;
+    /** Base directory for temp workspaces. Default: os.tmpdir(). */
+    tmpBase?: string;
+    /** Whether to clean up auto-created workspaces on destroy. Default: true. */
+    cleanupWorkspace?: boolean;
+}
+/**
+ * Create a local sandbox provider.
+ *
+ * @example
+ * ```typescript
+ * import { localProvider } from "@agentick/sandbox-local";
+ *
+ * const provider = localProvider();
+ * const sandbox = await provider.create({ workspace: true });
+ * const result = await sandbox.exec("echo hello");
+ * await sandbox.destroy();
+ * ```
+ */
+export declare function localProvider(config?: LocalProviderConfig): SandboxProvider;
+//# sourceMappingURL=provider.d.ts.map

package/dist/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../src/provider.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EACV,eAAe,EAKhB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AASxD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEzD,MAAM,WAAW,mBAAmB;IAClC,4EAA4E;IAC5E,QAAQ,CAAC,EAAE,eAAe,GAAG,MAAM,CAAC;IAEpC,mCAAmC;IACnC,OAAO,CAAC,EAAE,iBAAiB,CAAC;IAE5B,gEAAgE;IAChE,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,6EAA6E;IAC7E,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,MAAM,CAAC,EAAE,mBAAmB,GAAG,eAAe,CAmH3E"}