@agentsh/secure-sandbox 0.1.0

package/dist/chunk-OANLKSOD.js

@@ -0,0 +1,28 @@
+// src/core/shell.ts
+var SAFE_ARG = /^[a-zA-Z0-9._\-\/=:@]+$/;
+function quoteArg(arg) {
+  if (SAFE_ARG.test(arg)) return arg;
+  return "'" + arg.replace(/'/g, "'\\''") + "'";
+}
+function shellEscape(cmd, args) {
+  if (!args || args.length === 0) return cmd;
+  const escaped = args.map(quoteArg);
+  return [cmd, ...escaped].join(" ");
+}
+var SAFE_ENV_KEY = /^[A-Za-z_][A-Za-z0-9_]*$/;
+function envPrefix(env) {
+  if (!env) return "";
+  const parts = [];
+  for (const [k, v] of Object.entries(env)) {
+    if (!SAFE_ENV_KEY.test(k)) continue;
+    parts.push(`${k}=${quoteArg(v)}`);
+  }
+  if (parts.length === 0) return "";
+  return parts.join(" ") + " ";
+}
+
+export {
+  shellEscape,
+  envPrefix
+};
+//# sourceMappingURL=chunk-OANLKSOD.js.map

package/dist/chunk-OANLKSOD.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/core/shell.ts"],"sourcesContent":["/**\n * Shell escape utility for safe command construction.\n *\n * Joins a command and its arguments into a single shell-safe string.\n * Args containing shell metacharacters or spaces are wrapped in single quotes,\n * with internal single quotes escaped as `'\\''`.\n */\n\n/** A string is \"safe\" (no quoting needed) if it matches this pattern. */\nconst SAFE_ARG = /^[a-zA-Z0-9._\\-\\/=:@]+$/;\n\nfunction quoteArg(arg: string): string {\n  if (SAFE_ARG.test(arg)) return arg;\n  return \"'\" + arg.replace(/'/g, \"'\\\\''\") + \"'\";\n}\n\nexport function shellEscape(cmd: string, args?: string[]): string {\n  if (!args || args.length === 0) return cmd;\n  const escaped = args.map(quoteArg);\n  return [cmd, ...escaped].join(' ');\n}\n\n/** Env key must be a valid shell identifier: letters, digits, underscores, starting with non-digit. */\nconst SAFE_ENV_KEY = /^[A-Za-z_][A-Za-z0-9_]*$/;\n\n/**\n * Convert env vars to inline shell assignments prefix.\n * e.g. { TRACEPARENT: '00-abc-def-01' } → \"TRACEPARENT='00-abc-def-01' \"\n * Returns empty string if env is undefined or empty.\n * Keys that don't match a strict identifier pattern are silently skipped.\n */\nexport function envPrefix(env?: Record<string, string>): string {\n  if (!env) return '';\n  const parts: string[] = [];\n  for (const [k, v] of Object.entries(env)) {\n    if (!SAFE_ENV_KEY.test(k)) continue;\n    parts.push(`${k}=${quoteArg(v)}`);\n  }\n  if (parts.length === 0) return '';\n  return parts.join(' ') + ' ';\n}\n"],"mappings":";AASA,IAAM,WAAW;AAEjB,SAAS,SAAS,KAAqB;AACrC,MAAI,SAAS,KAAK,GAAG,EAAG,QAAO;AAC/B,SAAO,MAAM,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC5C;AAEO,SAAS,YAAY,KAAa,MAAyB;AAChE,MAAI,CAAC,QAAQ,KAAK,WAAW,EAAG,QAAO;AACvC,QAAM,UAAU,KAAK,IAAI,QAAQ;AACjC,SAAO,CAAC,KAAK,GAAG,OAAO,EAAE,KAAK,GAAG;AACnC;AAGA,IAAM,eAAe;AAQd,SAAS,UAAU,KAAsC;AAC9D,MAAI,CAAC,IAAK,QAAO;AACjB,QAAM,QAAkB,CAAC;AACzB,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,GAAG,GAAG;AACxC,QAAI,CAAC,aAAa,KAAK,CAAC,EAAG;AAC3B,UAAM,KAAK,GAAG,CAAC,IAAI,SAAS,CAAC,CAAC,EAAE;AAAA,EAClC;AACA,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,SAAO,MAAM,KAAK,GAAG,IAAI;AAC3B;","names":[]}

package/dist/chunk-PZ5AY32C.js

@@ -0,0 +1,10 @@
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+export {
+  __export
+};
+//# sourceMappingURL=chunk-PZ5AY32C.js.map

package/dist/chunk-PZ5AY32C.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/chunk-UYEAO27E.js

@@ -0,0 +1,65 @@
+import {
+  envPrefix,
+  shellEscape
+} from "./chunk-OANLKSOD.js";
+
+// src/adapters/blaxel.ts
+function blaxel(sandbox) {
+  return {
+    async exec(cmd, args, opts) {
+      let command = `${envPrefix(opts?.env)}${shellEscape(cmd, args)}`;
+      if (opts?.sudo) command = `sudo ${command}`;
+      const execOpts = {
+        command,
+        waitForCompletion: !opts?.detached,
+        timeout: 60
+      };
+      if (opts?.cwd) execOpts.workingDir = opts.cwd;
+      if (opts?.detached) {
+        execOpts.command = `nohup ${command} > /dev/null 2>&1 &`;
+        sandbox.process.exec(execOpts).catch(() => {
+        });
+        return { stdout: "", stderr: "", exitCode: 0 };
+      }
+      const result = await sandbox.process.exec(execOpts);
+      return {
+        stdout: result.stdout ?? "",
+        stderr: result.stderr ?? "",
+        exitCode: result.exitCode ?? 0
+      };
+    },
+    async writeFile(path, content) {
+      const buf = Buffer.isBuffer(content) ? content : Buffer.from(content);
+      const b64 = buf.toString("base64");
+      const command = shellEscape("sh", ["-c", 'printf "%s" "$1" | base64 -d > "$2"', "_", b64, path]);
+      const result = await sandbox.process.exec({
+        command,
+        waitForCompletion: true,
+        timeout: 60
+      });
+      if ((result.exitCode ?? 0) !== 0) {
+        throw new Error(`writeFile failed (exit ${result.exitCode}): ${result.stderr ?? ""}`);
+      }
+    },
+    async readFile(path) {
+      const command = shellEscape("cat", [path]);
+      const result = await sandbox.process.exec({
+        command,
+        waitForCompletion: true,
+        timeout: 60
+      });
+      if ((result.exitCode ?? 0) !== 0) {
+        throw new Error(`readFile failed (exit ${result.exitCode}): ${result.stderr ?? ""}`);
+      }
+      return result.stdout ?? "";
+    },
+    async stop() {
+      await sandbox.delete();
+    }
+  };
+}
+
+export {
+  blaxel
+};
+//# sourceMappingURL=chunk-UYEAO27E.js.map

package/dist/chunk-UYEAO27E.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/adapters/blaxel.ts"],"sourcesContent":["import type { SandboxAdapter } from '../core/types.js';\nimport { shellEscape, envPrefix } from '../core/shell.js';\n\nexport function blaxel(sandbox: any): SandboxAdapter {\n  return {\n    async exec(cmd, args, opts) {\n      let command = `${envPrefix(opts?.env)}${shellEscape(cmd, args)}`;\n      if (opts?.sudo) command = `sudo ${command}`;\n\n      const execOpts: Record<string, unknown> = {\n        command,\n        waitForCompletion: !opts?.detached,\n        timeout: 60,\n      };\n      if (opts?.cwd) execOpts.workingDir = opts.cwd;\n\n      if (opts?.detached) {\n        execOpts.command = `nohup ${command} > /dev/null 2>&1 &`;\n        sandbox.process.exec(execOpts).catch(() => {});\n        return { stdout: '', stderr: '', exitCode: 0 };\n      }\n\n      const result = await sandbox.process.exec(execOpts);\n      return {\n        stdout: result.stdout ?? '',\n        stderr: result.stderr ?? '',\n        exitCode: result.exitCode ?? 0,\n      };\n    },\n    async writeFile(path, content) {\n      const buf = Buffer.isBuffer(content) ? content : Buffer.from(content);\n      const b64 = buf.toString('base64');\n      const command = shellEscape('sh', ['-c', 'printf \"%s\" \"$1\" | base64 -d > \"$2\"', '_', b64, path]);\n      const result = await sandbox.process.exec({\n        command,\n        waitForCompletion: true,\n        timeout: 60,\n      });\n      if ((result.exitCode ?? 0) !== 0) {\n        throw new Error(`writeFile failed (exit ${result.exitCode}): ${result.stderr ?? ''}`);\n      }\n    },\n    async readFile(path) {\n      const command = shellEscape('cat', [path]);\n      const result = await sandbox.process.exec({\n        command,\n        waitForCompletion: true,\n        timeout: 60,\n      });\n      if ((result.exitCode ?? 0) !== 0) {\n        throw new Error(`readFile failed (exit ${result.exitCode}): ${result.stderr ?? ''}`);\n      }\n      return result.stdout ?? '';\n    },\n    async stop() {\n      await sandbox.delete();\n    },\n  };\n}\n"],"mappings":";;;;;;AAGO,SAAS,OAAO,SAA8B;AACnD,SAAO;AAAA,IACL,MAAM,KAAK,KAAK,MAAM,MAAM;AAC1B,UAAI,UAAU,GAAG,UAAU,MAAM,GAAG,CAAC,GAAG,YAAY,KAAK,IAAI,CAAC;AAC9D,UAAI,MAAM,KAAM,WAAU,QAAQ,OAAO;AAEzC,YAAM,WAAoC;AAAA,QACxC;AAAA,QACA,mBAAmB,CAAC,MAAM;AAAA,QAC1B,SAAS;AAAA,MACX;AACA,UAAI,MAAM,IAAK,UAAS,aAAa,KAAK;AAE1C,UAAI,MAAM,UAAU;AAClB,iBAAS,UAAU,SAAS,OAAO;AACnC,gBAAQ,QAAQ,KAAK,QAAQ,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAC7C,eAAO,EAAE,QAAQ,IAAI,QAAQ,IAAI,UAAU,EAAE;AAAA,MAC/C;AAEA,YAAM,SAAS,MAAM,QAAQ,QAAQ,KAAK,QAAQ;AAClD,aAAO;AAAA,QACL,QAAQ,OAAO,UAAU;AAAA,QACzB,QAAQ,OAAO,UAAU;AAAA,QACzB,UAAU,OAAO,YAAY;AAAA,MAC/B;AAAA,IACF;AAAA,IACA,MAAM,UAAU,MAAM,SAAS;AAC7B,YAAM,MAAM,OAAO,SAAS,OAAO,IAAI,UAAU,OAAO,KAAK,OAAO;AACpE,YAAM,MAAM,IAAI,SAAS,QAAQ;AACjC,YAAM,UAAU,YAAY,MAAM,CAAC,MAAM,uCAAuC,KAAK,KAAK,IAAI,CAAC;AAC/F,YAAM,SAAS,MAAM,QAAQ,QAAQ,KAAK;AAAA,QACxC;AAAA,QACA,mBAAmB;AAAA,QACnB,SAAS;AAAA,MACX,CAAC;AACD,WAAK,OAAO,YAAY,OAAO,GAAG;AAChC,cAAM,IAAI,MAAM,0BAA0B,OAAO,QAAQ,MAAM,OAAO,UAAU,EAAE,EAAE;AAAA,MACtF;AAAA,IACF;AAAA,IACA,MAAM,SAAS,MAAM;AACnB,YAAM,UAAU,YAAY,OAAO,CAAC,IAAI,CAAC;AACzC,YAAM,SAAS,MAAM,QAAQ,QAAQ,KAAK;AAAA,QACxC;AAAA,QACA,mBAAmB;AAAA,QACnB,SAAS;AAAA,MACX,CAAC;AACD,WAAK,OAAO,YAAY,OAAO,GAAG;AAChC,cAAM,IAAI,MAAM,yBAAyB,OAAO,QAAQ,MAAM,OAAO,UAAU,EAAE,EAAE;AAAA,MACrF;AACA,aAAO,OAAO,UAAU;AAAA,IAC1B;AAAA,IACA,MAAM,OAAO;AACX,YAAM,QAAQ,OAAO;AAAA,IACvB;AAAA,EACF;AACF;","names":[]}