@agentsh/secure-sandbox 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/README.md +8 -1
  2. package/dist/adapters/blaxel.d.ts +1 -1
  3. package/dist/adapters/cloudflare.d.ts +1 -1
  4. package/dist/adapters/daytona.d.ts +1 -1
  5. package/dist/adapters/e2b.d.ts +1 -1
  6. package/dist/adapters/index.d.ts +2 -1
  7. package/dist/adapters/index.js +6 -1
  8. package/dist/adapters/vercel.d.ts +1 -1
  9. package/dist/{chunk-NWHVZ3DG.js → chunk-GFPHTJLU.js} +107 -3
  10. package/dist/chunk-GFPHTJLU.js.map +1 -0
  11. package/dist/chunk-KXCR2ZML.js +129 -0
  12. package/dist/chunk-KXCR2ZML.js.map +1 -0
  13. package/dist/index-D6DG8Lpi.d.ts +28 -0
  14. package/dist/{index-D0UvBOzr.d.ts → index-Nmlhw9oj.d.ts} +113 -0
  15. package/dist/index.d.ts +5 -11
  16. package/dist/index.js +141 -5
  17. package/dist/index.js.map +1 -1
  18. package/dist/policies/index.d.ts +1 -1
  19. package/dist/policies/index.js +1 -1
  20. package/dist/testing/index.d.ts +1 -1
  21. package/dist/{types-DuXMpAuv.d.ts → types-S_fIEFHD.d.ts} +160 -1
  22. package/package.json +11 -1
  23. package/dist/chunk-L4KFLVNU.js +0 -33
  24. package/dist/chunk-L4KFLVNU.js.map +0 -1
  25. package/dist/chunk-NWHVZ3DG.js.map +0 -1
  26. package/dist/index-aQ1TVPtG.d.ts +0 -16
package/dist/{types-DuXMpAuv.d.ts → types-S_fIEFHD.d.ts} RENAMED
@@ -1,3 +1,99 @@
1
+ interface ServerConfigOpts {
2
+ watchtower?: string;
3
+ realPaths?: boolean;
4
+ threatFeeds?: false | ThreatFeedsConfig;
5
+ packageChecks?: false | PackageChecksConfig;
6
+ grpc?: {
7
+ addr: string;
8
+ };
9
+ serverTimeouts?: {
10
+ readTimeout?: string;
11
+ writeTimeout?: string;
12
+ maxRequestSize?: string;
13
+ };
14
+ logging?: {
15
+ level?: string;
16
+ format?: string;
17
+ output?: string;
18
+ };
19
+ sessions?: {
20
+ baseDir?: string;
21
+ maxSessions?: number;
22
+ defaultTimeout?: string;
23
+ idleTimeout?: string;
24
+ cleanupInterval?: string;
25
+ };
26
+ audit?: {
27
+ enabled?: boolean;
28
+ sqlitePath?: string;
29
+ };
30
+ sandboxLimits?: {
31
+ maxMemoryMb?: number;
32
+ maxCpuPercent?: number;
33
+ maxProcesses?: number;
34
+ };
35
+ fuse?: {
36
+ deferred?: boolean;
37
+ };
38
+ networkIntercept?: {
39
+ interceptMode?: string;
40
+ proxyListenAddr?: string;
41
+ };
42
+ seccompDetails?: {
43
+ execve?: boolean;
44
+ fileMonitor?: {
45
+ enabled?: boolean;
46
+ enforceWithoutFuse?: boolean;
47
+ };
48
+ };
49
+ cgroups?: {
50
+ enabled?: boolean;
51
+ };
52
+ unixSockets?: {
53
+ enabled?: boolean;
54
+ };
55
+ proxy?: {
56
+ mode?: string;
57
+ port?: number;
58
+ providers?: Record<string, string>;
59
+ };
60
+ dlp?: {
61
+ mode?: string;
62
+ patterns?: Record<string, boolean>;
63
+ customPatterns?: Array<{
64
+ name: string;
65
+ display: string;
66
+ regex: string;
67
+ }>;
68
+ };
69
+ policiesOverride?: {
70
+ dir?: string;
71
+ defaultPolicy?: string;
72
+ };
73
+ approvals?: {
74
+ enabled?: boolean;
75
+ mode?: string;
76
+ timeout?: string;
77
+ };
78
+ metrics?: {
79
+ enabled?: boolean;
80
+ path?: string;
81
+ };
82
+ health?: {
83
+ path?: string;
84
+ readinessPath?: string;
85
+ };
86
+ development?: {
87
+ disableAuth?: boolean;
88
+ verboseErrors?: boolean;
89
+ };
90
+ }
91
+ /**
92
+ * Default threat feeds: URLhaus (malware) + Phishing.Database (phishing).
93
+ * Both are free, open source, and updated frequently.
94
+ */
95
+ declare const defaultThreatFeeds: ThreatFeedsConfig;
96
+
1
97
  interface ExecResult {
2
98
  stdout: string;
3
99
  stderr: string;
@@ -178,6 +274,13 @@ interface SecureConfig {
178
274
  * Set to `false` to disable, or provide a custom ThreatFeedsConfig.
179
275
  */
180
276
  threatFeeds?: false | ThreatFeedsConfig;
277
+ /**
278
+ * Package install security checks.
279
+ * Set to `false` to disable, or provide a PackageChecksConfig.
280
+ */
281
+ packageChecks?: false | PackageChecksConfig;
282
+ /** Extended server config options (gRPC, logging, sessions, audit, DLP, proxy, etc.). */
283
+ serverConfig?: Omit<ServerConfigOpts, 'watchtower' | 'realPaths' | 'threatFeeds' | 'packageChecks'>;
181
284
  }
182
285
  interface ThreatFeed {
183
286
  /** Display name for this feed. */
@@ -197,5 +300,61 @@ interface ThreatFeedsConfig {
197
300
  /** Domains to exclude from blocking (e.g. legitimate services that may appear in feeds). */
198
301
  allowlist?: string[];
199
302
  }
303
+ interface ProviderConfig {
304
+ /** Whether this provider is enabled. */
305
+ enabled?: boolean;
306
+ /** Priority order (lower = higher priority). */
307
+ priority?: number;
308
+ /** Timeout duration string (e.g. '30s', '2m'). */
309
+ timeout?: string;
310
+ /** Action on provider failure. */
311
+ onFailure?: 'warn' | 'deny' | 'allow' | 'approve';
312
+ /** Environment variable name holding the API key. */
313
+ apiKeyEnv?: string;
314
+ /** Provider type. */
315
+ type?: 'exec';
316
+ /** Command to execute (for 'exec' type providers). */
317
+ command?: string;
318
+ /** Additional provider-specific options. */
319
+ options?: Record<string, unknown>;
320
+ }
321
+ interface PackageChecksConfig {
322
+ /** Whether to check only new packages or all installs. */
323
+ scope?: 'new_packages_only' | 'all_installs';
324
+ /** Map of provider name to provider configuration (or boolean shorthand). */
325
+ providers?: Record<string, boolean | ProviderConfig>;
326
+ }
327
+ interface LicenseSpdxMatch {
328
+ /** Allowed SPDX license identifiers. */
329
+ allow?: string[];
330
+ /** Denied SPDX license identifiers. */
331
+ deny?: string[];
332
+ }
333
+ interface PackageMatch {
334
+ /** Exact package names to match. */
335
+ packages?: string[];
336
+ /** Glob/regex patterns for package names. */
337
+ namePatterns?: string[];
338
+ /** Type of finding to match (e.g. 'malware', 'vulnerability'). */
339
+ findingType?: string;
340
+ /** Severity level to match. */
341
+ severity?: string | string[];
342
+ /** Reasons to match. */
343
+ reasons?: string[];
344
+ /** SPDX license matching criteria. */
345
+ licenseSpdx?: LicenseSpdxMatch;
346
+ /** Package ecosystem (e.g. 'npm', 'pip'). */
347
+ ecosystem?: string;
348
+ /** Additional match options. */
349
+ options?: Record<string, unknown>;
350
+ }
351
+ interface PackageRule {
352
+ /** Matching criteria for the rule. */
353
+ match: PackageMatch;
354
+ /** Action to take when the rule matches. */
355
+ action: 'allow' | 'warn' | 'approve' | 'block';
356
+ /** Human-readable reason for the rule. */
357
+ reason?: string;
358
+ }
200
359
 
201
- export type { ExecResult as E, InstallStrategy as I, ReadFileResult as R, SandboxAdapter as S, ThreatFeedsConfig as T, WriteFileResult as W, SecureConfig as a, SecuredSandbox as b, SecurityMode as c, ThreatFeed as d };
360
+ export { type ExecResult as E, type InstallStrategy as I, type LicenseSpdxMatch as L, type PackageChecksConfig as P, type ReadFileResult as R, type SandboxAdapter as S, type ThreatFeed as T, type WriteFileResult as W, type SecureConfig as a, type SecuredSandbox as b, type PackageMatch as c, type PackageRule as d, type ProviderConfig as e, type SecurityMode as f, type ThreatFeedsConfig as g, defaultThreatFeeds as h };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agentsh/secure-sandbox",
3
- "version": "0.1.4",
3
+ "version": "0.1.6",
4
4
  "license": "Apache-2.0",
5
5
  "repository": {
6
6
  "type": "git",
@@ -37,6 +37,10 @@
37
37
  "types": "./dist/adapters/blaxel.d.ts",
38
38
  "import": "./dist/adapters/blaxel.js"
39
39
  },
40
+ "./adapters/sprites": {
41
+ "types": "./dist/adapters/sprites.d.ts",
42
+ "import": "./dist/adapters/sprites.js"
43
+ },
40
44
  "./policies": {
41
45
  "types": "./dist/policies/index.d.ts",
42
46
  "import": "./dist/policies/index.js"
@@ -56,6 +60,7 @@
56
60
  "build": "tsup",
57
61
  "test": "vitest run",
58
62
  "test:e2e": "E2E=1 vitest run --config vitest.e2e.config.ts",
63
+ "test:e2e:sprites": "npx tsx src/e2e/sprites-e2e-runner.ts",
59
64
  "test:watch": "vitest",
60
65
  "typecheck": "tsc --noEmit",
61
66
  "prepublishOnly": "npm run build"
@@ -68,6 +73,7 @@
68
73
  "@blaxel/core": "^0.2.71",
69
74
  "@cloudflare/sandbox": "^0.7.13",
70
75
  "@daytonaio/sdk": "^0.149.0",
76
+ "@fly/sprites": "^0.0.1-rc37",
71
77
  "@types/js-yaml": "^4.0.9",
72
78
  "@types/node": "^25.3.5",
73
79
  "@vercel/sandbox": "^1.8.0",
@@ -83,6 +89,7 @@
83
89
  "@cloudflare/sandbox": "^0.1.0",
84
90
  "@daytonaio/sdk": "^0.12.0 || ^1.0.0",
85
91
  "@e2b/code-interpreter": "^1.2.0",
92
+ "@fly/sprites": "^1.0.0",
86
93
  "@vercel/sandbox": "^1.0.0"
87
94
  },
88
95
  "peerDependenciesMeta": {
@@ -100,6 +107,9 @@
100
107
  },
101
108
  "@daytonaio/sdk": {
102
109
  "optional": true
110
+ },
111
+ "@fly/sprites": {
112
+ "optional": true
103
113
  }
104
114
  }
105
115
  }
package/dist/chunk-L4KFLVNU.js DELETED
@@ -1,33 +0,0 @@
1
- import {
2
- blaxel
3
- } from "./chunk-UYEAO27E.js";
4
- import {
5
- cloudflare
6
- } from "./chunk-LMN3KM53.js";
7
- import {
8
- daytona
9
- } from "./chunk-45FKFVMC.js";
10
- import {
11
- e2b
12
- } from "./chunk-2P37YGN7.js";
13
- import {
14
- vercel
15
- } from "./chunk-JY5ERJTX.js";
16
- import {
17
- __export
18
- } from "./chunk-PZ5AY32C.js";
19
-
20
- // src/adapters/index.ts
21
- var adapters_exports = {};
22
- __export(adapters_exports, {
23
- blaxel: () => blaxel,
24
- cloudflare: () => cloudflare,
25
- daytona: () => daytona,
26
- e2b: () => e2b,
27
- vercel: () => vercel
28
- });
29
-
30
- export {
31
- adapters_exports
32
- };
33
- //# sourceMappingURL=chunk-L4KFLVNU.js.map
package/dist/chunk-L4KFLVNU.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/adapters/index.ts"],"sourcesContent":["export { vercel } from './vercel.js';\nexport { e2b } from './e2b.js';\nexport { daytona } from './daytona.js';\nexport { cloudflare } from './cloudflare.js';\nexport { blaxel } from './blaxel.js';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;","names":[]}
package/dist/chunk-NWHVZ3DG.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/policies/index.ts","../src/policies/schema.ts","../src/core/errors.ts","../src/policies/merge.ts","../src/policies/presets.ts","../src/policies/serialize.ts"],"sourcesContent":["export { PolicyDefinitionSchema, validatePolicy } from './schema.js';\nexport type { PolicyDefinition, FileRule, NetworkRule, CommandRule, EnvRule, DnsRedirect, ConnectRedirect } from './schema.js';\nexport { agentDefault, devSafe, ciStrict, agentSandbox } from './presets.js';\nexport { merge, mergePrepend } from './merge.js';\nexport { serializePolicy, systemPolicyYaml } from './serialize.js';\n","import { z, ZodError } from 'zod';\nimport { PolicyValidationError } from '../core/errors.js';\n\n// ─── Shared helpers ─────────────────────────────────────────\n\nconst stringOrArray = z.union([z.string(), z.array(z.string())]);\n\n// ─── File rules ─────────────────────────────────────────────\n\nexport const FileOpSchema = z.enum(['read', 'write', 'create', 'delete']);\n\nconst FileAllowRule = z\n .object({ allow: stringOrArray, ops: z.array(FileOpSchema).optional() })\n .strict();\n\nconst FileDenyRule = z\n .object({ deny: stringOrArray, ops: z.array(FileOpSchema).optional() })\n .strict();\n\nconst FileRedirectRule = z\n .object({\n redirect: stringOrArray,\n to: z.string(),\n ops: z.array(FileOpSchema).optional(),\n })\n .strict();\n\nconst FileAuditRule = z\n .object({ audit: stringOrArray, ops: z.array(FileOpSchema).optional() })\n .strict();\n\nconst FileSoftDeleteRule = z.object({ softDelete: stringOrArray }).strict();\n\nexport const FileRuleSchema = z.union([\n FileAllowRule,\n FileDenyRule,\n FileRedirectRule,\n FileAuditRule,\n FileSoftDeleteRule,\n]);\n\n// ─── Network rules ──────────────────────────────────────────\n\nconst NetworkAllowRule = z\n .object({\n allow: stringOrArray,\n ports: z.array(z.number().int().min(1).max(65535)).optional(),\n })\n .strict();\n\nconst NetworkDenyRule = z.object({ deny: stringOrArray }).strict();\n\nconst NetworkRedirectRule = z\n .object({ redirect: z.string(), to: z.string() })\n .strict();\n\nexport const NetworkRuleSchema = z.union([\n NetworkAllowRule,\n NetworkDenyRule,\n NetworkRedirectRule,\n]);\n\n// ─── Command rules ──────────────────────────────────────────\n\nconst CommandRedirectTarget = z.union([\n z.string(),\n z.object({ cmd: z.string(), args: z.array(z.string()) }).strict(),\n]);\n\nconst CommandAllowRule = z.object({ allow: stringOrArray }).strict();\n\nconst CommandDenyRule = z.object({ deny: stringOrArray }).strict();\n\nconst CommandRedirectRule = z\n .object({ redirect: stringOrArray, to: CommandRedirectTarget })\n .strict();\n\nexport const CommandRuleSchema = z.union([\n CommandAllowRule,\n CommandDenyRule,\n CommandRedirectRule,\n]);\n\n// ─── Env rules ──────────────────────────────────────────────\n\nexport const EnvRuleSchema = z\n .object({\n commands: z.array(z.string()),\n allow: z.array(z.string()).optional(),\n deny: z.array(z.string()).optional(),\n })\n .strict();\n\n// ─── DNS / Connect redirects ────────────────────────────────\n\nexport const DnsRedirectSchema = z\n .object({\n match: z.string(),\n resolveTo: z.string(),\n })\n .strict();\n\nexport const ConnectRedirectSchema = z\n .object({\n match: z.string(),\n redirectTo: z.string(),\n })\n .strict();\n\n// ─── PolicyDefinition ───────────────────────────────────────\n\nexport const PolicyDefinitionSchema = z\n .object({\n file: z.array(FileRuleSchema).optional(),\n network: z.array(NetworkRuleSchema).optional(),\n commands: z.array(CommandRuleSchema).optional(),\n env: z.array(EnvRuleSchema).optional(),\n dns: z.array(DnsRedirectSchema).optional(),\n connect: z.array(ConnectRedirectSchema).optional(),\n })\n .strict();\n\n// ─── Inferred types ─────────────────────────────────────────\n\nexport type PolicyDefinition = z.infer<typeof PolicyDefinitionSchema>;\nexport type FileOp = z.infer<typeof FileOpSchema>;\nexport type FileRule = z.infer<typeof FileRuleSchema>;\nexport type NetworkRule = z.infer<typeof NetworkRuleSchema>;\nexport type CommandRule = z.infer<typeof CommandRuleSchema>;\nexport type EnvRule = z.infer<typeof EnvRuleSchema>;\nexport type DnsRedirect = z.infer<typeof DnsRedirectSchema>;\nexport type ConnectRedirect = z.infer<typeof ConnectRedirectSchema>;\n\n// ─── Validation ─────────────────────────────────────────────\n\nexport function validatePolicy(policy: unknown): PolicyDefinition {\n try {\n return PolicyDefinitionSchema.parse(policy);\n } catch (err) {\n if (err instanceof ZodError) {\n throw new PolicyValidationError({ issues: err.issues });\n }\n throw err;\n }\n}\n","import type { ZodIssue } from 'zod';\n\nexport class AgentSHError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'AgentSHError';\n }\n}\n\nexport class PolicyValidationError extends AgentSHError {\n readonly issues: ZodIssue[];\n\n constructor({ issues }: { issues: ZodIssue[] }) {\n const summaries = issues\n .map((issue) => `${issue.path.join('.')}: ${issue.message}`)\n .join('; ');\n super(`Policy validation failed: ${summaries}`);\n this.name = 'PolicyValidationError';\n this.issues = issues;\n }\n}\n\nexport class MissingPeerDependencyError extends AgentSHError {\n readonly packageName: string;\n readonly versionRange: string;\n\n constructor({\n packageName,\n versionRange,\n }: {\n packageName: string;\n versionRange: string;\n }) {\n super(\n `${packageName} is required but not installed. Run: npm install ${packageName}@\"${versionRange}\"`,\n );\n this.name = 'MissingPeerDependencyError';\n this.packageName = packageName;\n this.versionRange = versionRange;\n }\n}\n\nexport class IncompatibleProviderVersionError extends AgentSHError {\n readonly installed: string;\n readonly required: string;\n readonly packageName: string;\n\n constructor({\n installed,\n required,\n packageName,\n }: {\n installed: string;\n required: string;\n packageName: string;\n }) {\n super(\n `${packageName} version ${installed} is not supported. @agentsh/secure-sandbox requires ${packageName} ${required}. Please upgrade: npm install ${packageName}@latest`,\n );\n this.name = 'IncompatibleProviderVersionError';\n this.installed = installed;\n this.required = required;\n this.packageName = packageName;\n }\n}\n\nexport class ProvisioningError extends AgentSHError {\n readonly phase: string;\n readonly command: string;\n readonly stderr: string;\n\n constructor({\n phase,\n command,\n stderr,\n }: {\n phase: string;\n command: string;\n stderr: string;\n }) {\n super(`Provisioning failed at phase: ${phase}`);\n this.name = 'ProvisioningError';\n this.phase = phase;\n this.command = command;\n this.stderr = stderr;\n }\n}\n\nexport class IntegrityError extends AgentSHError {\n readonly expected: string;\n readonly actual: string;\n\n constructor({\n expected,\n actual,\n message,\n }: {\n expected: string;\n actual: string;\n message?: string;\n }) {\n super(message ?? `Checksum mismatch: expected ${expected}, got ${actual}`);\n this.name = 'IntegrityError';\n this.expected = expected;\n this.actual = actual;\n }\n}\n\nexport class RuntimeError extends AgentSHError {\n readonly sessionId: string;\n readonly command: string;\n readonly stderr: string;\n\n constructor({\n sessionId,\n command,\n stderr,\n }: {\n sessionId: string;\n command: string;\n stderr: string;\n }) {\n super(`agentsh exec failed (session ${sessionId})`);\n this.name = 'RuntimeError';\n this.sessionId = sessionId;\n this.command = command;\n this.stderr = stderr;\n }\n}\n","import type { PolicyDefinition } from './schema.js';\nimport { validatePolicy } from './schema.js';\n\nconst CATEGORIES = ['file', 'network', 'commands', 'env', 'dns', 'connect'] as const;\n\n/**\n * Merge policy overrides AFTER base rules for each category.\n * Since agentsh evaluates first-match-wins, appended rules only apply\n * to paths not already matched by base.\n */\nexport function merge(base: PolicyDefinition, ...overrides: Partial<PolicyDefinition>[]): PolicyDefinition {\n return validatePolicy(mergeInternal(base, overrides, 'append'));\n}\n\n/**\n * Merge policy overrides BEFORE base rules for each category,\n * making overrides take priority in first-match-wins evaluation.\n */\nexport function mergePrepend(base: PolicyDefinition, ...overrides: Partial<PolicyDefinition>[]): PolicyDefinition {\n return validatePolicy(mergeInternal(base, overrides, 'prepend'));\n}\n\nfunction mergeInternal(\n base: PolicyDefinition,\n overrides: Partial<PolicyDefinition>[],\n mode: 'append' | 'prepend',\n): PolicyDefinition {\n const result: any = { ...base };\n for (const override of overrides) {\n for (const key of CATEGORIES) {\n if (override[key] != null) {\n const baseRules = result[key] ?? [];\n result[key] = mode === 'append'\n ? [...baseRules, ...override[key]!]\n : [...override[key]!, ...baseRules];\n }\n }\n }\n return result;\n}\n","import type { PolicyDefinition } from './schema.js';\nimport { merge } from './merge.js';\n\n// ─── agentDefault ──────────────────────────────────────────\n\n/**\n * Comprehensive policy for AI coding agents. This is the DEFAULT policy\n * used when no policy is specified. Based on agentsh v0.13's agent-default\n * policy.\n */\nexport function agentDefault(\n extensions?: Partial<PolicyDefinition>,\n): PolicyDefinition {\n const base: PolicyDefinition = {\n file: [\n { allow: '/workspace/**', ops: ['read', 'write', 'create'] },\n // Git/version-control credentials\n { deny: ['/workspace/.git/config', '/workspace/.netrc'] },\n // Secrets and credentials\n { deny: ['**/.env', '**/.env.*', '**/credentials*', '**/*.pem', '**/*.key'] },\n { deny: ['~/.ssh/**', '/proc/*/environ'] },\n // Cloud provider credentials\n { deny: ['~/.aws/**', '~/.gcp/**', '~/.azure/**', '~/.config/gcloud/**'] },\n // Shell config injection (persistence)\n { deny: ['~/.bashrc', '~/.zshrc', '~/.profile', '~/.bash_profile'] },\n // Credential stores\n { deny: ['~/.gitconfig', '~/.netrc', '~/.curlrc', '~/.wgetrc'] },\n // PATH hijacking\n { deny: '~/.local/bin/**' },\n // Agent config files — allow reads (project context), deny writes (prompt injection persistence)\n { deny: ['**/.cursorrules', '**/CLAUDE.md', '**/copilot-instructions.md'], ops: ['write', 'create', 'delete'] },\n ],\n network: [\n {\n allow: [\n 'registry.npmjs.org',\n 'registry.yarnpkg.com',\n 'pypi.org',\n 'files.pythonhosted.org',\n 'crates.io',\n 'static.crates.io',\n 'index.crates.io',\n 'proxy.golang.org',\n 'sum.golang.org',\n 'github.com',\n 'raw.githubusercontent.com',\n ],\n ports: [443],\n },\n { deny: '*' },\n ],\n commands: [\n // Allow safe commands (order matters — first match wins)\n {\n allow: [\n 'bash', 'sh', 'echo', 'cat', 'head', 'tail', 'grep', 'find',\n 'ls', 'wc', 'sort', 'uniq', 'diff', 'pwd', 'date', 'which',\n 'whoami', 'id', 'uname', 'printf', 'test', 'true', 'false',\n 'mkdir', 'cp', 'mv', 'rm', 'touch', 'chmod', 'tr', 'cut',\n 'sed', 'awk', 'tee', 'xargs', 'basename', 'dirname', 'realpath',\n 'base64', 'md5sum', 'sha256sum', 'tar', 'gzip', 'gunzip',\n ],\n },\n // Allow dev tools\n {\n allow: [\n 'git', 'node', 'npm', 'npx', 'yarn', 'pnpm', 'bun',\n 'python', 'python3', 'pip', 'pip3',\n 'cargo', 'rustc', 'go', 'make', 'cmake',\n ],\n },\n // Deny dangerous commands\n { deny: ['env', 'printenv', 'sudo', 'su', 'doas'] },\n { deny: ['shutdown', 'reboot', 'halt', 'poweroff'] },\n { deny: ['nc', 'ncat', 'netcat', 'socat', 'telnet'] },\n { deny: ['git push --force', 'git reset --hard'] },\n {\n redirect: ['curl', 'wget'],\n to: { cmd: 'agentsh-fetch', args: ['--audit'] },\n },\n ],\n };\n return extensions ? merge(base, extensions) : base;\n}\n\n// ─── devSafe ───────────────────────────────────────────────\n\n/**\n * Permissive defaults for local development. Not recommended for production.\n */\nexport function devSafe(\n extensions?: Partial<PolicyDefinition>,\n): PolicyDefinition {\n const base: PolicyDefinition = {\n file: [\n { allow: '/workspace/**', ops: ['read', 'write', 'create'] },\n { deny: ['**/.env', '**/.env.*', '**/credentials*', '**/*.pem', '**/*.key'] },\n { deny: ['~/.ssh/**', '/proc/*/environ'] },\n { deny: ['~/.aws/**', '~/.gcp/**', '~/.azure/**', '~/.config/gcloud/**'] },\n { deny: ['~/.bashrc', '~/.zshrc', '~/.profile', '~/.bash_profile'] },\n { deny: ['~/.gitconfig', '~/.netrc', '~/.curlrc', '~/.wgetrc'] },\n ],\n network: [\n {\n allow: ['registry.npmjs.org', 'registry.yarnpkg.com'],\n ports: [443],\n },\n ],\n commands: [{ deny: ['env', 'printenv', 'shutdown', 'reboot'] }],\n };\n return extensions ? merge(base, extensions) : base;\n}\n\n// ─── ciStrict ──────────────────────────────────────────────\n\n/**\n * Locked down for CI/CD runners.\n */\nexport function ciStrict(\n extensions?: Partial<PolicyDefinition>,\n): PolicyDefinition {\n const base: PolicyDefinition = {\n file: [\n { allow: '/workspace/**' },\n { deny: ['**/.env', '**/.env.*', '**/credentials*', '**/*.pem', '**/*.key'] },\n { deny: ['~/.aws/**', '~/.gcp/**', '~/.azure/**', '~/.config/gcloud/**'] },\n { deny: '/**' },\n ],\n network: [\n {\n allow: [\n 'registry.npmjs.org',\n 'registry.yarnpkg.com',\n 'pypi.org',\n 'files.pythonhosted.org',\n 'crates.io',\n 'static.crates.io',\n 'index.crates.io',\n 'proxy.golang.org',\n 'sum.golang.org',\n ],\n ports: [443],\n },\n { deny: '*' },\n ],\n commands: [\n { deny: ['env', 'printenv', 'shutdown', 'reboot', 'sudo'] },\n ],\n };\n return extensions ? merge(base, extensions) : base;\n}\n\n// ─── agentSandbox ──────────────────────────────────────────\n\n/**\n * Maximum restriction for untrusted code. Read-only workspace, no network.\n */\nexport function agentSandbox(\n extensions?: Partial<PolicyDefinition>,\n): PolicyDefinition {\n const base: PolicyDefinition = {\n file: [\n { allow: '/workspace/**', ops: ['read'] },\n { deny: '/**' },\n ],\n network: [{ deny: '*' }],\n commands: [\n { deny: ['env', 'printenv', 'sudo', 'su', 'shutdown', 'reboot'] },\n ],\n };\n return extensions ? merge(base, extensions) : base;\n}\n","import yaml from 'js-yaml';\nimport type {\n PolicyDefinition,\n FileRule,\n NetworkRule,\n CommandRule,\n EnvRule,\n DnsRedirect,\n ConnectRedirect,\n} from './schema.js';\n\n// ─── Helpers ────────────────────────────────────────────────\n\n/** Normalize a string-or-array value to always be an array. */\nfunction toArray(value: string | string[]): string[] {\n return Array.isArray(value) ? value : [value];\n}\n\n/** Detect the decision key from a rule object. */\ntype DecisionKey = 'allow' | 'deny' | 'redirect' | 'audit' | 'softDelete';\n\nconst FILE_DECISION_KEYS: DecisionKey[] = [\n 'allow',\n 'deny',\n 'redirect',\n 'audit',\n 'softDelete',\n];\n\nconst SIMPLE_DECISION_KEYS: DecisionKey[] = ['allow', 'deny', 'redirect'];\n\nfunction findDecision(\n rule: Record<string, unknown>,\n keys: DecisionKey[],\n): { key: DecisionKey; value: unknown } {\n for (const k of keys) {\n if (k in rule) {\n return { key: k, value: rule[k] };\n }\n }\n throw new Error(`No decision key found in rule: ${JSON.stringify(rule)}`);\n}\n\n/** Map softDelete → soft_delete for YAML output. */\nfunction yamlDecision(key: DecisionKey): string {\n return key === 'softDelete' ? 'soft_delete' : key;\n}\n\n// ─── File rules ─────────────────────────────────────────────\n\nfunction serializeFileRules(rules: FileRule[]): Record<string, unknown>[] {\n return rules.map((rule, i) => {\n const r = rule as Record<string, unknown>;\n const { key, value } = findDecision(r, FILE_DECISION_KEYS);\n const paths = toArray(value as string | string[]);\n\n const out: Record<string, unknown> = {\n name: `file-rule-${i}`,\n paths,\n };\n\n if ('ops' in r && r.ops) {\n out.operations = r.ops;\n }\n\n out.decision = yamlDecision(key);\n\n if (key === 'redirect' && 'to' in r) {\n out.redirect_to = r.to;\n }\n\n return out;\n });\n}\n\n// ─── Network rules ──────────────────────────────────────────\n\nfunction serializeNetworkRules(\n rules: NetworkRule[],\n): Record<string, unknown>[] {\n return rules.map((rule, i) => {\n const r = rule as Record<string, unknown>;\n const { key, value } = findDecision(r, SIMPLE_DECISION_KEYS);\n const domains = toArray(value as string | string[]);\n\n const out: Record<string, unknown> = {\n name: `network-rule-${i}`,\n domains,\n decision: key,\n };\n\n if ('ports' in r && r.ports) {\n out.ports = r.ports;\n }\n\n if (key === 'redirect' && 'to' in r) {\n out.redirect_to = r.to;\n }\n\n return out;\n });\n}\n\n// ─── Command rules ──────────────────────────────────────────\n\nfunction serializeCommandRules(\n rules: CommandRule[],\n): Record<string, unknown>[] {\n return rules.map((rule, i) => {\n const r = rule as Record<string, unknown>;\n const { key, value } = findDecision(r, SIMPLE_DECISION_KEYS);\n const commands = toArray(value as string | string[]);\n\n const out: Record<string, unknown> = {\n name: `command-rule-${i}`,\n commands,\n decision: key,\n };\n\n if (key === 'redirect' && 'to' in r) {\n const to = r.to;\n if (typeof to === 'string') {\n out.redirect_to = to;\n } else if (typeof to === 'object' && to !== null) {\n const target = to as { cmd: string; args: string[] };\n out.redirect_to = { command: target.cmd, args: target.args };\n }\n }\n\n return out;\n });\n}\n\n// ─── Env rules ──────────────────────────────────────────────\n\nfunction serializeEnvRules(rules: EnvRule[]): Record<string, unknown>[] {\n return rules.map((rule, i) => {\n const out: Record<string, unknown> = {\n name: `env-rule-${i}`,\n commands: rule.commands,\n };\n if (rule.allow) {\n out.allow = rule.allow;\n }\n if (rule.deny) {\n out.deny = rule.deny;\n }\n return out;\n });\n}\n\n// ─── DNS redirects ──────────────────────────────────────────\n\nfunction serializeDnsRedirects(\n redirects: DnsRedirect[],\n): Record<string, unknown>[] {\n return redirects.map((r) => ({\n match: r.match,\n resolve_to: r.resolveTo,\n }));\n}\n\n// ─── Connect redirects ──────────────────────────────────────\n\nfunction serializeConnectRedirects(\n redirects: ConnectRedirect[],\n): Record<string, unknown>[] {\n return redirects.map((r) => ({\n match: r.match,\n redirect_to: r.redirectTo,\n }));\n}\n\n// ─── Public API ─────────────────────────────────────────────\n\n/**\n * Converts a PolicyDefinition to agentsh YAML format.\n *\n * Omits empty categories from output.\n */\nexport function serializePolicy(policy: PolicyDefinition): string {\n const doc: Record<string, unknown> = {\n version: 1,\n name: 'secure-sandbox-policy',\n };\n\n if (policy.file && policy.file.length > 0) {\n doc.file_rules = serializeFileRules(policy.file);\n }\n\n if (policy.network && policy.network.length > 0) {\n doc.network_rules = serializeNetworkRules(policy.network);\n }\n\n if (policy.commands && policy.commands.length > 0) {\n doc.command_rules = serializeCommandRules(policy.commands);\n }\n\n if (policy.env && policy.env.length > 0) {\n doc.env_rules = serializeEnvRules(policy.env);\n }\n\n if (policy.dns && policy.dns.length > 0) {\n doc.dns_redirects = serializeDnsRedirects(policy.dns);\n }\n\n if (policy.connect && policy.connect.length > 0) {\n doc.connect_redirects = serializeConnectRedirects(policy.connect);\n }\n\n return yaml.dump(doc, { lineWidth: -1 });\n}\n\n/**\n * Returns the fixed system policy YAML from the spec (Section 9.4).\n *\n * This static set of rules protects agentsh's own configuration, binaries,\n * and processes from tampering by the agent. These rules are written to a\n * separate system policy directory evaluated before user policy.\n */\nexport function systemPolicyYaml(): string {\n const doc = {\n version: 1,\n name: '_system-protection',\n file_rules: [\n {\n name: '_system-protect-config',\n paths: ['/etc/agentsh/**'],\n operations: ['write', 'create', 'delete'],\n decision: 'deny',\n message: 'Policy files are immutable during agent execution',\n },\n {\n name: '_system-protect-binary',\n paths: ['/usr/local/bin/agentsh*', '/usr/bin/agentsh*'],\n operations: ['write', 'create', 'delete'],\n decision: 'deny',\n message: 'agentsh binary is immutable during agent execution',\n },\n {\n name: '_system-protect-shim-files',\n paths: ['/usr/bin/agentsh-shell-shim', '/bin/bash', '/bin/sh'],\n operations: ['write', 'create', 'delete'],\n decision: 'deny',\n message: 'Shell and shim binaries are immutable during agent execution',\n },\n ],\n command_rules: [\n {\n name: '_system-protect-process',\n commands: ['kill', 'killall', 'pkill'],\n args_match: ['agentsh'],\n decision: 'deny',\n message: 'Cannot terminate agentsh processes',\n },\n ],\n };\n\n return yaml.dump(doc, { lineWidth: -1 });\n}\n"],"mappings":";;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,SAAS,GAAG,gBAAgB;;;ACErB,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,wBAAN,cAAoC,aAAa;AAAA,EAC7C;AAAA,EAET,YAAY,EAAE,OAAO,GAA2B;AAC9C,UAAM,YAAY,OACf,IAAI,CAAC,UAAU,GAAG,MAAM,KAAK,KAAK,GAAG,CAAC,KAAK,MAAM,OAAO,EAAE,EAC1D,KAAK,IAAI;AACZ,UAAM,6BAA6B,SAAS,EAAE;AAC9C,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,IAAM,6BAAN,cAAyC,aAAa;AAAA,EAClD;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,EACF,GAGG;AACD;AAAA,MACE,GAAG,WAAW,oDAAoD,WAAW,KAAK,YAAY;AAAA,IAChG;AACA,SAAK,OAAO;AACZ,SAAK,cAAc;AACnB,SAAK,eAAe;AAAA,EACtB;AACF;AAEO,IAAM,mCAAN,cAA+C,aAAa;AAAA,EACxD;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD;AAAA,MACE,GAAG,WAAW,YAAY,SAAS,uDAAuD,WAAW,IAAI,QAAQ,iCAAiC,WAAW;AAAA,IAC/J;AACA,SAAK,OAAO;AACZ,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,cAAc;AAAA,EACrB;AACF;AAEO,IAAM,oBAAN,cAAgC,aAAa;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD,UAAM,iCAAiC,KAAK,EAAE;AAC9C,SAAK,OAAO;AACZ,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,IAAM,iBAAN,cAA6B,aAAa;AAAA,EACtC;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD,UAAM,WAAW,+BAA+B,QAAQ,SAAS,MAAM,EAAE;AACzE,SAAK,OAAO;AACZ,SAAK,WAAW;AAChB,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,IAAM,eAAN,cAA2B,aAAa;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD,UAAM,gCAAgC,SAAS,GAAG;AAClD,SAAK,OAAO;AACZ,SAAK,YAAY;AACjB,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAChB;AACF;;;AD3HA,IAAM,gBAAgB,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAIxD,IAAM,eAAe,EAAE,KAAK,CAAC,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAExE,IAAM,gBAAgB,EACnB,OAAO,EAAE,OAAO,eAAe,KAAK,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,CAAC,EACtE,OAAO;AAEV,IAAM,eAAe,EAClB,OAAO,EAAE,MAAM,eAAe,KAAK,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,CAAC,EACrE,OAAO;AAEV,IAAM,mBAAmB,EACtB,OAAO;AAAA,EACN,UAAU;AAAA,EACV,IAAI,EAAE,OAAO;AAAA,EACb,KAAK,EAAE,MAAM,YAAY,EAAE,SAAS;AACtC,CAAC,EACA,OAAO;AAEV,IAAM,gBAAgB,EACnB,OAAO,EAAE,OAAO,eAAe,KAAK,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,CAAC,EACtE,OAAO;AAEV,IAAM,qBAAqB,EAAE,OAAO,EAAE,YAAY,cAAc,CAAC,EAAE,OAAO;AAEnE,IAAM,iBAAiB,EAAE,MAAM;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAID,IAAM,mBAAmB,EACtB,OAAO;AAAA,EACN,OAAO;AAAA,EACP,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK,CAAC,EAAE,SAAS;AAC9D,CAAC,EACA,OAAO;AAEV,IAAM,kBAAkB,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC,EAAE,OAAO;AAEjE,IAAM,sBAAsB,EACzB,OAAO,EAAE,UAAU,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,EAC/C,OAAO;AAEH,IAAM,oBAAoB,EAAE,MAAM;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAID,IAAM,wBAAwB,EAAE,MAAM;AAAA,EACpC,EAAE,OAAO;AAAA,EACT,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,EAAE,OAAO;AAClE,CAAC;AAED,IAAM,mBAAmB,EAAE,OAAO,EAAE,OAAO,cAAc,CAAC,EAAE,OAAO;AAEnE,IAAM,kBAAkB,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC,EAAE,OAAO;AAEjE,IAAM,sBAAsB,EACzB,OAAO,EAAE,UAAU,eAAe,IAAI,sBAAsB,CAAC,EAC7D,OAAO;AAEH,IAAM,oBAAoB,EAAE,MAAM;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAIM,IAAM,gBAAgB,EAC1B,OAAO;AAAA,EACN,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC5B,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACpC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACrC,CAAC,EACA,OAAO;AAIH,IAAM,oBAAoB,EAC9B,OAAO;AAAA,EACN,OAAO,EAAE,OAAO;AAAA,EAChB,WAAW,EAAE,OAAO;AACtB,CAAC,EACA,OAAO;AAEH,IAAM,wBAAwB,EAClC,OAAO;AAAA,EACN,OAAO,EAAE,OAAO;AAAA,EAChB,YAAY,EAAE,OAAO;AACvB,CAAC,EACA,OAAO;AAIH,IAAM,yBAAyB,EACnC,OAAO;AAAA,EACN,MAAM,EAAE,MAAM,cAAc,EAAE,SAAS;AAAA,EACvC,SAAS,EAAE,MAAM,iBAAiB,EAAE,SAAS;AAAA,EAC7C,UAAU,EAAE,MAAM,iBAAiB,EAAE,SAAS;AAAA,EAC9C,KAAK,EAAE,MAAM,aAAa,EAAE,SAAS;AAAA,EACrC,KAAK,EAAE,MAAM,iBAAiB,EAAE,SAAS;AAAA,EACzC,SAAS,EAAE,MAAM,qBAAqB,EAAE,SAAS;AACnD,CAAC,EACA,OAAO;AAeH,SAAS,eAAe,QAAmC;AAChE,MAAI;AACF,WAAO,uBAAuB,MAAM,MAAM;AAAA,EAC5C,SAAS,KAAK;AACZ,QAAI,eAAe,UAAU;AAC3B,YAAM,IAAI,sBAAsB,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,IACxD;AACA,UAAM;AAAA,EACR;AACF;;;AE7IA,IAAM,aAAa,CAAC,QAAQ,WAAW,YAAY,OAAO,OAAO,SAAS;AAOnE,SAAS,MAAM,SAA2B,WAA0D;AACzG,SAAO,eAAe,cAAc,MAAM,WAAW,QAAQ,CAAC;AAChE;AAMO,SAAS,aAAa,SAA2B,WAA0D;AAChH,SAAO,eAAe,cAAc,MAAM,WAAW,SAAS,CAAC;AACjE;AAEA,SAAS,cACP,MACA,WACA,MACkB;AAClB,QAAM,SAAc,EAAE,GAAG,KAAK;AAC9B,aAAW,YAAY,WAAW;AAChC,eAAW,OAAO,YAAY;AAC5B,UAAI,SAAS,GAAG,KAAK,MAAM;AACzB,cAAM,YAAY,OAAO,GAAG,KAAK,CAAC;AAClC,eAAO,GAAG,IAAI,SAAS,WACnB,CAAC,GAAG,WAAW,GAAG,SAAS,GAAG,CAAE,IAChC,CAAC,GAAG,SAAS,GAAG,GAAI,GAAG,SAAS;AAAA,MACtC;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC7BO,SAAS,aACd,YACkB;AAClB,QAAM,OAAyB;AAAA,IAC7B,MAAM;AAAA,MACJ,EAAE,OAAO,iBAAiB,KAAK,CAAC,QAAQ,SAAS,QAAQ,EAAE;AAAA;AAAA,MAE3D,EAAE,MAAM,CAAC,0BAA0B,mBAAmB,EAAE;AAAA;AAAA,MAExD,EAAE,MAAM,CAAC,WAAW,aAAa,mBAAmB,YAAY,UAAU,EAAE;AAAA,MAC5E,EAAE,MAAM,CAAC,aAAa,iBAAiB,EAAE;AAAA;AAAA,MAEzC,EAAE,MAAM,CAAC,aAAa,aAAa,eAAe,qBAAqB,EAAE;AAAA;AAAA,MAEzE,EAAE,MAAM,CAAC,aAAa,YAAY,cAAc,iBAAiB,EAAE;AAAA;AAAA,MAEnE,EAAE,MAAM,CAAC,gBAAgB,YAAY,aAAa,WAAW,EAAE;AAAA;AAAA,MAE/D,EAAE,MAAM,kBAAkB;AAAA;AAAA,MAE1B,EAAE,MAAM,CAAC,mBAAmB,gBAAgB,4BAA4B,GAAG,KAAK,CAAC,SAAS,UAAU,QAAQ,EAAE;AAAA,IAChH;AAAA,IACA,SAAS;AAAA,MACP;AAAA,QACE,OAAO;AAAA,UACL;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,OAAO,CAAC,GAAG;AAAA,MACb;AAAA,MACA,EAAE,MAAM,IAAI;AAAA,IACd;AAAA,IACA,UAAU;AAAA;AAAA,MAER;AAAA,QACE,OAAO;AAAA,UACL;AAAA,UAAQ;AAAA,UAAM;AAAA,UAAQ;AAAA,UAAO;AAAA,UAAQ;AAAA,UAAQ;AAAA,UAAQ;AAAA,UACrD;AAAA,UAAM;AAAA,UAAM;AAAA,UAAQ;AAAA,UAAQ;AAAA,UAAQ;AAAA,UAAO;AAAA,UAAQ;AAAA,UACnD;AAAA,UAAU;AAAA,UAAM;AAAA,UAAS;AAAA,UAAU;AAAA,UAAQ;AAAA,UAAQ;AAAA,UACnD;AAAA,UAAS;AAAA,UAAM;AAAA,UAAM;AAAA,UAAM;AAAA,UAAS;AAAA,UAAS;AAAA,UAAM;AAAA,UACnD;AAAA,UAAO;AAAA,UAAO;AAAA,UAAO;AAAA,UAAS;AAAA,UAAY;AAAA,UAAW;AAAA,UACrD;AAAA,UAAU;AAAA,UAAU;AAAA,UAAa;AAAA,UAAO;AAAA,UAAQ;AAAA,QAClD;AAAA,MACF;AAAA;AAAA,MAEA;AAAA,QACE,OAAO;AAAA,UACL;AAAA,UAAO;AAAA,UAAQ;AAAA,UAAO;AAAA,UAAO;AAAA,UAAQ;AAAA,UAAQ;AAAA,UAC7C;AAAA,UAAU;AAAA,UAAW;AAAA,UAAO;AAAA,UAC5B;AAAA,UAAS;AAAA,UAAS;AAAA,UAAM;AAAA,UAAQ;AAAA,QAClC;AAAA,MACF;AAAA;AAAA,MAEA,EAAE,MAAM,CAAC,OAAO,YAAY,QAAQ,MAAM,MAAM,EAAE;AAAA,MAClD,EAAE,MAAM,CAAC,YAAY,UAAU,QAAQ,UAAU,EAAE;AAAA,MACnD,EAAE,MAAM,CAAC,MAAM,QAAQ,UAAU,SAAS,QAAQ,EAAE;AAAA,MACpD,EAAE,MAAM,CAAC,oBAAoB,kBAAkB,EAAE;AAAA,MACjD;AAAA,QACE,UAAU,CAAC,QAAQ,MAAM;AAAA,QACzB,IAAI,EAAE,KAAK,iBAAiB,MAAM,CAAC,SAAS,EAAE;AAAA,MAChD;AAAA,IACF;AAAA,EACF;AACA,SAAO,aAAa,MAAM,MAAM,UAAU,IAAI;AAChD;AAOO,SAAS,QACd,YACkB;AAClB,QAAM,OAAyB;AAAA,IAC7B,MAAM;AAAA,MACJ,EAAE,OAAO,iBAAiB,KAAK,CAAC,QAAQ,SAAS,QAAQ,EAAE;AAAA,MAC3D,EAAE,MAAM,CAAC,WAAW,aAAa,mBAAmB,YAAY,UAAU,EAAE;AAAA,MAC5E,EAAE,MAAM,CAAC,aAAa,iBAAiB,EAAE;AAAA,MACzC,EAAE,MAAM,CAAC,aAAa,aAAa,eAAe,qBAAqB,EAAE;AAAA,MACzE,EAAE,MAAM,CAAC,aAAa,YAAY,cAAc,iBAAiB,EAAE;AAAA,MACnE,EAAE,MAAM,CAAC,gBAAgB,YAAY,aAAa,WAAW,EAAE;AAAA,IACjE;AAAA,IACA,SAAS;AAAA,MACP;AAAA,QACE,OAAO,CAAC,sBAAsB,sBAAsB;AAAA,QACpD,OAAO,CAAC,GAAG;AAAA,MACb;AAAA,IACF;AAAA,IACA,UAAU,CAAC,EAAE,MAAM,CAAC,OAAO,YAAY,YAAY,QAAQ,EAAE,CAAC;AAAA,EAChE;AACA,SAAO,aAAa,MAAM,MAAM,UAAU,IAAI;AAChD;AAOO,SAAS,SACd,YACkB;AAClB,QAAM,OAAyB;AAAA,IAC7B,MAAM;AAAA,MACJ,EAAE,OAAO,gBAAgB;AAAA,MACzB,EAAE,MAAM,CAAC,WAAW,aAAa,mBAAmB,YAAY,UAAU,EAAE;AAAA,MAC5E,EAAE,MAAM,CAAC,aAAa,aAAa,eAAe,qBAAqB,EAAE;AAAA,MACzE,EAAE,MAAM,MAAM;AAAA,IAChB;AAAA,IACA,SAAS;AAAA,MACP;AAAA,QACE,OAAO;AAAA,UACL;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,OAAO,CAAC,GAAG;AAAA,MACb;AAAA,MACA,EAAE,MAAM,IAAI;AAAA,IACd;AAAA,IACA,UAAU;AAAA,MACR,EAAE,MAAM,CAAC,OAAO,YAAY,YAAY,UAAU,MAAM,EAAE;AAAA,IAC5D;AAAA,EACF;AACA,SAAO,aAAa,MAAM,MAAM,UAAU,IAAI;AAChD;AAOO,SAAS,aACd,YACkB;AAClB,QAAM,OAAyB;AAAA,IAC7B,MAAM;AAAA,MACJ,EAAE,OAAO,iBAAiB,KAAK,CAAC,MAAM,EAAE;AAAA,MACxC,EAAE,MAAM,MAAM;AAAA,IAChB;AAAA,IACA,SAAS,CAAC,EAAE,MAAM,IAAI,CAAC;AAAA,IACvB,UAAU;AAAA,MACR,EAAE,MAAM,CAAC,OAAO,YAAY,QAAQ,MAAM,YAAY,QAAQ,EAAE;AAAA,IAClE;AAAA,EACF;AACA,SAAO,aAAa,MAAM,MAAM,UAAU,IAAI;AAChD;;;AC3KA,OAAO,UAAU;AAcjB,SAAS,QAAQ,OAAoC;AACnD,SAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAC9C;AAKA,IAAM,qBAAoC;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,uBAAsC,CAAC,SAAS,QAAQ,UAAU;AAExE,SAAS,aACP,MACA,MACsC;AACtC,aAAW,KAAK,MAAM;AACpB,QAAI,KAAK,MAAM;AACb,aAAO,EAAE,KAAK,GAAG,OAAO,KAAK,CAAC,EAAE;AAAA,IAClC;AAAA,EACF;AACA,QAAM,IAAI,MAAM,kCAAkC,KAAK,UAAU,IAAI,CAAC,EAAE;AAC1E;AAGA,SAAS,aAAa,KAA0B;AAC9C,SAAO,QAAQ,eAAe,gBAAgB;AAChD;AAIA,SAAS,mBAAmB,OAA8C;AACxE,SAAO,MAAM,IAAI,CAAC,MAAM,MAAM;AAC5B,UAAM,IAAI;AACV,UAAM,EAAE,KAAK,MAAM,IAAI,aAAa,GAAG,kBAAkB;AACzD,UAAM,QAAQ,QAAQ,KAA0B;AAEhD,UAAM,MAA+B;AAAA,MACnC,MAAM,aAAa,CAAC;AAAA,MACpB;AAAA,IACF;AAEA,QAAI,SAAS,KAAK,EAAE,KAAK;AACvB,UAAI,aAAa,EAAE;AAAA,IACrB;AAEA,QAAI,WAAW,aAAa,GAAG;AAE/B,QAAI,QAAQ,cAAc,QAAQ,GAAG;AACnC,UAAI,cAAc,EAAE;AAAA,IACtB;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AAIA,SAAS,sBACP,OAC2B;AAC3B,SAAO,MAAM,IAAI,CAAC,MAAM,MAAM;AAC5B,UAAM,IAAI;AACV,UAAM,EAAE,KAAK,MAAM,IAAI,aAAa,GAAG,oBAAoB;AAC3D,UAAM,UAAU,QAAQ,KAA0B;AAElD,UAAM,MAA+B;AAAA,MACnC,MAAM,gBAAgB,CAAC;AAAA,MACvB;AAAA,MACA,UAAU;AAAA,IACZ;AAEA,QAAI,WAAW,KAAK,EAAE,OAAO;AAC3B,UAAI,QAAQ,EAAE;AAAA,IAChB;AAEA,QAAI,QAAQ,cAAc,QAAQ,GAAG;AACnC,UAAI,cAAc,EAAE;AAAA,IACtB;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AAIA,SAAS,sBACP,OAC2B;AAC3B,SAAO,MAAM,IAAI,CAAC,MAAM,MAAM;AAC5B,UAAM,IAAI;AACV,UAAM,EAAE,KAAK,MAAM,IAAI,aAAa,GAAG,oBAAoB;AAC3D,UAAM,WAAW,QAAQ,KAA0B;AAEnD,UAAM,MAA+B;AAAA,MACnC,MAAM,gBAAgB,CAAC;AAAA,MACvB;AAAA,MACA,UAAU;AAAA,IACZ;AAEA,QAAI,QAAQ,cAAc,QAAQ,GAAG;AACnC,YAAM,KAAK,EAAE;AACb,UAAI,OAAO,OAAO,UAAU;AAC1B,YAAI,cAAc;AAAA,MACpB,WAAW,OAAO,OAAO,YAAY,OAAO,MAAM;AAChD,cAAM,SAAS;AACf,YAAI,cAAc,EAAE,SAAS,OAAO,KAAK,MAAM,OAAO,KAAK;AAAA,MAC7D;AAAA,IACF;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AAIA,SAAS,kBAAkB,OAA6C;AACtE,SAAO,MAAM,IAAI,CAAC,MAAM,MAAM;AAC5B,UAAM,MAA+B;AAAA,MACnC,MAAM,YAAY,CAAC;AAAA,MACnB,UAAU,KAAK;AAAA,IACjB;AACA,QAAI,KAAK,OAAO;AACd,UAAI,QAAQ,KAAK;AAAA,IACnB;AACA,QAAI,KAAK,MAAM;AACb,UAAI,OAAO,KAAK;AAAA,IAClB;AACA,WAAO;AAAA,EACT,CAAC;AACH;AAIA,SAAS,sBACP,WAC2B;AAC3B,SAAO,UAAU,IAAI,CAAC,OAAO;AAAA,IAC3B,OAAO,EAAE;AAAA,IACT,YAAY,EAAE;AAAA,EAChB,EAAE;AACJ;AAIA,SAAS,0BACP,WAC2B;AAC3B,SAAO,UAAU,IAAI,CAAC,OAAO;AAAA,IAC3B,OAAO,EAAE;AAAA,IACT,aAAa,EAAE;AAAA,EACjB,EAAE;AACJ;AASO,SAAS,gBAAgB,QAAkC;AAChE,QAAM,MAA+B;AAAA,IACnC,SAAS;AAAA,IACT,MAAM;AAAA,EACR;AAEA,MAAI,OAAO,QAAQ,OAAO,KAAK,SAAS,GAAG;AACzC,QAAI,aAAa,mBAAmB,OAAO,IAAI;AAAA,EACjD;AAEA,MAAI,OAAO,WAAW,OAAO,QAAQ,SAAS,GAAG;AAC/C,QAAI,gBAAgB,sBAAsB,OAAO,OAAO;AAAA,EAC1D;AAEA,MAAI,OAAO,YAAY,OAAO,SAAS,SAAS,GAAG;AACjD,QAAI,gBAAgB,sBAAsB,OAAO,QAAQ;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,OAAO,IAAI,SAAS,GAAG;AACvC,QAAI,YAAY,kBAAkB,OAAO,GAAG;AAAA,EAC9C;AAEA,MAAI,OAAO,OAAO,OAAO,IAAI,SAAS,GAAG;AACvC,QAAI,gBAAgB,sBAAsB,OAAO,GAAG;AAAA,EACtD;AAEA,MAAI,OAAO,WAAW,OAAO,QAAQ,SAAS,GAAG;AAC/C,QAAI,oBAAoB,0BAA0B,OAAO,OAAO;AAAA,EAClE;AAEA,SAAO,KAAK,KAAK,KAAK,EAAE,WAAW,GAAG,CAAC;AACzC;AASO,SAAS,mBAA2B;AACzC,QAAM,MAAM;AAAA,IACV,SAAS;AAAA,IACT,MAAM;AAAA,IACN,YAAY;AAAA,MACV;AAAA,QACE,MAAM;AAAA,QACN,OAAO,CAAC,iBAAiB;AAAA,QACzB,YAAY,CAAC,SAAS,UAAU,QAAQ;AAAA,QACxC,UAAU;AAAA,QACV,SAAS;AAAA,MACX;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,OAAO,CAAC,2BAA2B,mBAAmB;AAAA,QACtD,YAAY,CAAC,SAAS,UAAU,QAAQ;AAAA,QACxC,UAAU;AAAA,QACV,SAAS;AAAA,MACX;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,OAAO,CAAC,+BAA+B,aAAa,SAAS;AAAA,QAC7D,YAAY,CAAC,SAAS,UAAU,QAAQ;AAAA,QACxC,UAAU;AAAA,QACV,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb;AAAA,QACE,MAAM;AAAA,QACN,UAAU,CAAC,QAAQ,WAAW,OAAO;AAAA,QACrC,YAAY,CAAC,SAAS;AAAA,QACtB,UAAU;AAAA,QACV,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAEA,SAAO,KAAK,KAAK,KAAK,EAAE,WAAW,GAAG,CAAC;AACzC;","names":[]}
package/dist/index-aQ1TVPtG.d.ts DELETED
@@ -1,16 +0,0 @@
1
- import { vercel } from './adapters/vercel.js';
2
- import { e2b } from './adapters/e2b.js';
3
- import { daytona } from './adapters/daytona.js';
4
- import { cloudflare } from './adapters/cloudflare.js';
5
- import { blaxel } from './adapters/blaxel.js';
6
-
7
- declare const index_blaxel: typeof blaxel;
8
- declare const index_cloudflare: typeof cloudflare;
9
- declare const index_daytona: typeof daytona;
10
- declare const index_e2b: typeof e2b;
11
- declare const index_vercel: typeof vercel;
12
- declare namespace index {
13
- export { index_blaxel as blaxel, index_cloudflare as cloudflare, index_daytona as daytona, index_e2b as e2b, index_vercel as vercel };
14
- }
15
-
16
- export { index as i };