@aigne/afs-sandbox 1.11.0-beta.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +26 -0
- package/README.md +489 -0
- package/dist/index.d.mts +432 -0
- package/dist/index.d.mts.map +1 -0
- package/dist/index.mjs +1385 -0
- package/dist/index.mjs.map +1 -0
- package/package.json +57 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","names":["result","promotedAction"],"sources":["../src/capabilities/index.ts","../src/runtime/isolate.ts","../src/index.ts"],"sourcesContent":["import type { AFSRoot } from \"@aigne/afs\";\nimport type { CapabilitiesConfig } from \"../types.js\";\n\n/**\n * Capability functions that can be called from within the sandbox.\n * These are injected as `afs.*` methods.\n */\nexport type CapabilityFunctions = Record<string, (...args: unknown[]) => Promise<unknown>>;\n\n/**\n * Check if a path matches any patterns in the list.\n */\nfunction pathMatchesPatterns(path: string, patterns: string[]): boolean {\n for (const pattern of patterns) {\n // Simple glob-like matching\n if (pattern === \"*\" || pattern === \"**\") return true;\n if (pattern.endsWith(\"/**\") && path.startsWith(pattern.slice(0, -3))) {\n return true;\n }\n if (pattern.endsWith(\"/*\") && path.startsWith(pattern.slice(0, -2))) {\n // Only match direct children\n const rest = path.slice(pattern.length - 2);\n if (!rest.includes(\"/\") || rest === \"\") return true;\n }\n if (path === pattern) return true;\n if (path.startsWith(`${pattern}/`)) return true;\n }\n return false;\n}\n\n/**\n * Check if a path is allowed based on allow/deny patterns.\n */\nfunction isPathAllowed(path: string, allowPaths?: string[], denyPaths?: string[]): boolean {\n // If deny patterns exist and path matches, deny\n if (denyPaths && denyPaths.length > 0 && pathMatchesPatterns(path, denyPaths)) {\n return false;\n }\n\n // If allow patterns exist, path must match\n if (allowPaths && allowPaths.length > 0) {\n return pathMatchesPatterns(path, allowPaths);\n }\n\n // No restrictions, allow\n return true;\n}\n\n/**\n * Normalize and validate a path for security.\n * Checks for path traversal attacks, null bytes, etc.\n */\nfunction normalizePath(path: string): string {\n // Check for null bytes\n if (path.includes(\"\\x00\")) {\n throw new Error(\"Invalid path: null byte detected\");\n }\n\n // URL decode the path to catch encoded attacks\n let decoded = path;\n try {\n decoded = decodeURIComponent(path);\n } catch {\n // If decoding fails, use original\n }\n\n // Check for path traversal after decoding\n if (decoded.includes(\"..\")) {\n throw new Error(\"Path traversal not allowed\");\n }\n\n // Check for control characters (ASCII 0-31 and 127)\n for (const char of decoded) {\n const code = char.charCodeAt(0);\n if (code < 32 || code === 127) {\n throw new Error(\"Invalid path: control characters detected\");\n }\n }\n\n return decoded;\n}\n\n/**\n * Create capability functions based on configuration.\n *\n * @param afs - The AFS root for filesystem operations\n * @param config - Capabilities configuration\n * @returns Record of capability functions to inject into sandbox\n */\nexport function createCapabilities(\n afs: AFSRoot | undefined,\n config: CapabilitiesConfig,\n): CapabilityFunctions {\n const capabilities: CapabilityFunctions = {};\n\n // AFS read capability\n if (afs?.read && config.afs?.read !== false) {\n const afsRead = afs.read.bind(afs);\n capabilities.read = async (path: unknown): Promise<string | null> => {\n if (typeof path !== \"string\") {\n throw new Error(\"afs.read: path must be a string\");\n }\n\n // Check path permissions\n if (!isPathAllowed(path, config.afs?.allowPaths, config.afs?.denyPaths)) {\n throw new Error(`afs.read: access denied to path \"${path}\"`);\n }\n\n try {\n const result = await afsRead(path);\n if (!result.data) {\n return null;\n }\n\n // Return content as string\n const content = result.data.content;\n if (content === undefined || content === null) {\n return null;\n }\n\n if (typeof content === \"string\") {\n return content;\n }\n\n // For non-string content, serialize to JSON\n return JSON.stringify(content);\n } catch (error) {\n throw new Error(\n `afs.read: failed to read \"${path}\": ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n };\n }\n\n // AFS write capability (Phase 2)\n if (afs?.write && config.afs?.write === true) {\n const afsWrite = afs.write.bind(afs);\n capabilities.write = async (\n path: unknown,\n content: unknown,\n ): Promise<{ success: boolean; path: string }> => {\n // Validate path\n if (path === undefined || path === null) {\n throw new Error(\"afs.write: path is required\");\n }\n if (typeof path !== \"string\") {\n throw new Error(\"afs.write: path must be a string\");\n }\n\n // Validate content\n if (typeof content !== \"string\") {\n throw new Error(\"afs.write: content must be a string\");\n }\n if (content === \"\") {\n throw new Error(\"afs.write: content cannot be empty\");\n }\n\n // Normalize and check for path traversal attacks\n let normalizedPath: string;\n try {\n normalizedPath = normalizePath(path);\n } catch (error) {\n throw new Error(`afs.write: ${error instanceof Error ? error.message : String(error)}`);\n }\n\n // Check path permissions\n if (!isPathAllowed(normalizedPath, config.afs?.allowPaths, config.afs?.denyPaths)) {\n throw new Error(`afs.write: access denied to path \"${path}\"`);\n }\n\n try {\n await afsWrite(normalizedPath, { content });\n return { success: true, path: normalizedPath };\n } catch (error) {\n throw new Error(\n `afs.write: failed to write \"${path}\": ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n };\n } else {\n // Provide a stub that throws when write is disabled\n capabilities.write = async (): Promise<never> => {\n throw new Error(\"afs.write: write capability not enabled\");\n };\n }\n\n // AFS list capability (useful for Phase 2, but add basic support now)\n if (afs?.list && config.afs?.read !== false) {\n const afsList = afs.list.bind(afs);\n capabilities.list = async (\n path: unknown,\n options?: unknown,\n ): Promise<{ path: string; type: string }[]> => {\n if (typeof path !== \"string\") {\n throw new Error(\"afs.list: path must be a string\");\n }\n\n // Check path permissions\n if (!isPathAllowed(path, config.afs?.allowPaths, config.afs?.denyPaths)) {\n throw new Error(`afs.list: access denied to path \"${path}\"`);\n }\n\n try {\n const listOptions = typeof options === \"object\" && options !== null ? options : {};\n const result = await afsList(path, listOptions as Record<string, unknown>);\n\n // Return simplified entry info\n return result.data.map((entry: { path: string; metadata?: { type?: string } }) => ({\n path: entry.path,\n type: entry.metadata?.type ?? \"unknown\",\n }));\n } catch (error) {\n throw new Error(\n `afs.list: failed to list \"${path}\": ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n };\n }\n\n return capabilities;\n}\n","import { getQuickJS } from \"quickjs-emscripten\";\nimport type {\n ExecutionContext,\n ExecutionResult,\n LogEntry,\n LogLevel,\n RuntimeOptions,\n} from \"../types.js\";\n\nconst DEFAULT_TIMEOUT_MS = 5000;\nconst DEFAULT_MEMORY_LIMIT_MB = 128;\n\n/**\n * Sandbox runtime using QuickJS (WebAssembly) for secure JavaScript execution.\n *\n * Provides sandboxed execution with:\n * - Memory limits\n * - CPU time limits (timeout via interrupt)\n * - Capability injection for controlled AFS access\n *\n * Note: Async/await in sandbox code is limited. Capability functions return\n * Promises that can be used for type checking, but full async execution\n * requires calling capabilities synchronously for now.\n */\nexport class SandboxRuntime {\n private readonly timeout: number;\n private readonly memoryLimit: number;\n\n constructor(options: RuntimeOptions = {}) {\n this.timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;\n this.memoryLimit = options.memoryLimit ?? DEFAULT_MEMORY_LIMIT_MB;\n }\n\n /**\n * Execute JavaScript code in an isolated QuickJS sandbox.\n *\n * @param code - JavaScript source code to execute\n * @param capabilities - Capability functions to inject into sandbox\n * @param context - Execution context with args and tracking info\n * @returns Execution result with success status, return value, errors, and logs\n */\n async execute(\n code: string,\n capabilities: Record<string, (...args: unknown[]) => Promise<unknown>>,\n context: ExecutionContext = {},\n ): Promise<ExecutionResult> {\n const logs: LogEntry[] = [];\n const startTime = Date.now();\n\n // Get QuickJS instance\n const QuickJS = await getQuickJS();\n\n // Create runtime with memory limit\n const runtime = QuickJS.newRuntime();\n runtime.setMemoryLimit(this.memoryLimit * 1024 * 1024);\n\n // Set up interrupt handler for timeout\n let timedOut = false;\n const deadline = Date.now() + this.timeout;\n runtime.setInterruptHandler(() => {\n if (Date.now() > deadline) {\n timedOut = true;\n return true; // Interrupt execution\n }\n return false;\n });\n\n // Create context\n const vm = runtime.newContext();\n\n try {\n // Inject logging function\n const logFn = vm.newFunction(\"log\", (levelHandle, messageHandle) => {\n const level = vm.getString(levelHandle) as LogLevel;\n const message = vm.getString(messageHandle);\n logs.push({\n level,\n message,\n timestamp: Date.now(),\n });\n });\n vm.setProp(vm.global, \"__log\", logFn);\n logFn.dispose();\n\n // Inject args\n const argsJson = JSON.stringify(context.args ?? {});\n vm.evalCode(`const __args = ${argsJson};`);\n\n // Inject context object (timestamp, executionId, userId, sessionId)\n const contextObj = {\n timestamp: context.timestamp ?? Date.now(),\n executionId: context.executionId ?? `exec-${Date.now()}`,\n userId: context.userId,\n sessionId: context.sessionId,\n };\n const contextJson = JSON.stringify(contextObj);\n vm.evalCode(`const __context = ${contextJson};`);\n\n // Create pending promises tracker for async capabilities\n const pendingPromises: Map<\n number,\n {\n resolve: (value: unknown) => void;\n reject: (error: Error) => void;\n }\n > = new Map();\n let promiseId = 0;\n\n // Inject capability functions\n for (const [name, fn] of Object.entries(capabilities)) {\n // Create a sync function that returns a promise ID\n const capFn = vm.newFunction(`__cap_${name}`, (...argHandles) => {\n const args = argHandles.map((h) => {\n const type = vm.typeof(h);\n if (type === \"string\") return vm.getString(h);\n if (type === \"number\") return vm.getNumber(h);\n if (type === \"boolean\") return vm.dump(h);\n if (type === \"object\" || type === \"undefined\") return vm.dump(h);\n return vm.dump(h);\n });\n\n // Store the promise for later resolution\n const id = promiseId++;\n\n // Execute the capability async\n fn(...args)\n .then((result) => {\n pendingPromises.get(id)?.resolve(result);\n pendingPromises.delete(id);\n })\n .catch((error) => {\n pendingPromises\n .get(id)\n ?.reject(error instanceof Error ? error : new Error(String(error)));\n pendingPromises.delete(id);\n });\n\n return vm.newNumber(id);\n });\n vm.setProp(vm.global, `__cap_${name}`, capFn);\n capFn.dispose();\n }\n\n // Build the afs object and wrapper code\n const capabilitySetups = Object.keys(capabilities)\n .map(\n (name) => `\n ${name}: function(...args) {\n return new Promise((resolve, reject) => {\n const id = __cap_${name}(...args);\n __pendingResolvers[id] = { resolve, reject };\n });\n }`,\n )\n .join(\",\\n\");\n\n const wrapperCode = `\n(function() {\n // Pending promise resolvers\n const __pendingResolvers = {};\n globalThis.__pendingResolvers = __pendingResolvers;\n\n // Set up afs object with logging and capabilities\n const afs = {\n log: function(level, message) {\n __log(String(level), String(message));\n },\n ${capabilitySetups}\n };\n\n // Get arguments and context\n const args = __args;\n const context = Object.freeze(__context);\n\n // User code\n ${code}\n})();\n`;\n\n // Execute the code\n const result = vm.evalCode(wrapperCode);\n\n if (timedOut) {\n result.dispose();\n return {\n success: false,\n error: `Script execution timed out after ${this.timeout}ms`,\n logs,\n duration: Date.now() - startTime,\n timedOut: true,\n };\n }\n\n if (result.error) {\n const errorValue = vm.dump(result.error);\n result.error.dispose();\n\n const errorMessage =\n typeof errorValue === \"object\" && errorValue !== null\n ? ((errorValue as { message?: string }).message ?? String(errorValue))\n : String(errorValue);\n\n return {\n success: false,\n error: errorMessage,\n stack:\n typeof errorValue === \"object\" && errorValue !== null\n ? (errorValue as { stack?: string }).stack\n : undefined,\n logs,\n duration: Date.now() - startTime,\n };\n }\n\n // Get the result value\n const resultValue = vm.dump(result.value);\n result.value.dispose();\n\n return {\n success: true,\n result: resultValue,\n logs,\n duration: Date.now() - startTime,\n timedOut: false,\n };\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error);\n const stack = error instanceof Error ? error.stack : undefined;\n\n return {\n success: false,\n error: errorMessage,\n stack,\n logs,\n duration: Date.now() - startTime,\n };\n } finally {\n // Cleanup\n vm.dispose();\n runtime.dispose();\n }\n }\n}\n","import type {\n AFSAccessMode,\n AFSEntry,\n AFSExecOptions,\n AFSExecResult,\n AFSListOptions,\n AFSListResult,\n AFSModule,\n AFSModuleClass,\n AFSModuleLoadParams,\n AFSReadOptions,\n AFSReadResult,\n AFSRoot,\n AFSWriteEntryPayload,\n AFSWriteOptions,\n AFSWriteResult,\n} from \"@aigne/afs\";\nimport { z } from \"zod\";\nimport { type CapabilityFunctions, createCapabilities } from \"./capabilities/index.js\";\nimport { SandboxRuntime } from \"./runtime/isolate.js\";\nimport type {\n AFSSandboxOptions,\n AuditConfig,\n AuditEvent,\n ExecutionContext,\n ExecutionHistoryEntry,\n ExecutionMetrics,\n ExecutionResult,\n PromotedAction,\n RateLimitConfig,\n ScriptMetadata,\n ScriptTemplate,\n ScriptVersion,\n StoredScript,\n} from \"./types.js\";\n\nexport type {\n AFSSandboxOptions,\n AuditConfig,\n AuditEvent,\n AuditEventType,\n ExecutionMetrics,\n ExecutionResult,\n LogEntry,\n LogLevel,\n PromotedAction,\n RateLimitConfig,\n ScriptTemplate,\n} from \"./types.js\";\n\n/** Maximum number of versions to keep per script */\nconst MAX_VERSIONS = 5;\n/** Maximum number of execution history entries per script */\nconst MAX_EXEC_HISTORY = 100;\n/** Sensitive fields to redact from execution history */\nconst SENSITIVE_FIELDS = [\"password\", \"secret\", \"token\", \"key\", \"credential\", \"auth\"];\n\n/**\n * Generate a unique execution ID\n */\nfunction generateExecutionId(): string {\n return `exec-${Date.now()}-${Math.random().toString(36).slice(2, 11)}`;\n}\n\n/**\n * Sanitize args by redacting sensitive fields\n */\nfunction sanitizeArgs(args: Record<string, unknown>): Record<string, unknown> {\n const sanitized: Record<string, unknown> = {};\n for (const [key, value] of Object.entries(args)) {\n if (SENSITIVE_FIELDS.some((f) => key.toLowerCase().includes(f))) {\n sanitized[key] = \"[REDACTED]\";\n } else if (typeof value === \"object\" && value !== null) {\n sanitized[key] = sanitizeArgs(value as Record<string, unknown>);\n } else {\n sanitized[key] = value;\n }\n }\n return sanitized;\n}\n\n/**\n * Zod schema for configuration validation\n */\nconst afsSandboxOptionsSchema = z.object({\n name: z.string().optional().describe(\"Module name\"),\n description: z.string().optional().describe(\"Module description\"),\n accessMode: z.enum([\"readonly\", \"readwrite\"]).optional().describe(\"Access mode for this module\"),\n runtime: z\n .object({\n timeout: z.number().positive().optional().describe(\"Execution timeout in milliseconds\"),\n memoryLimit: z.number().positive().optional().describe(\"Memory limit in MB\"),\n })\n .optional()\n .describe(\"Runtime configuration\"),\n capabilities: z\n .object({\n afs: z\n .object({\n read: z.boolean().optional().describe(\"Enable read operations\"),\n write: z.boolean().optional().describe(\"Enable write operations\"),\n allowPaths: z.array(z.string()).optional().describe(\"Allowed path patterns\"),\n denyPaths: z.array(z.string()).optional().describe(\"Denied path patterns\"),\n })\n .optional()\n .describe(\"AFS access configuration\"),\n })\n .optional()\n .describe(\"Capabilities configuration\"),\n audit: z\n .object({\n enabled: z.boolean().describe(\"Enable audit logging\"),\n onEvent: z.function().optional().describe(\"Callback for audit events\"),\n maxEntries: z.number().positive().optional().describe(\"Max audit entries to keep\"),\n })\n .optional()\n .describe(\"Audit configuration\"),\n rateLimit: z\n .object({\n maxExecutionsPerMinute: z.number().positive().optional(),\n maxExecutionsPerMinutePerUser: z.number().positive().optional(),\n maxExecutionsPerMinutePerScript: z.number().positive().optional(),\n })\n .optional()\n .describe(\"Rate limiting configuration\"),\n});\n\n/** Reserved action names that cannot be used for promoted actions */\nconst RESERVED_ACTION_NAMES = [\"run\", \"validate\", \"rollback\", \"promote\", \"create-from-template\"];\n\n/** Built-in script templates */\nconst BUILT_IN_TEMPLATES: ScriptTemplate[] = [\n {\n name: \"basic\",\n description: \"A basic script template\",\n content: `// Basic script template\nreturn args.input;`,\n category: \"general\",\n },\n {\n name: \"data-transform\",\n description: \"Transform input data to output format\",\n content: `// Data transformation script\nconst {{inputField}} = args.{{inputField}};\nconst {{outputField}} = {{inputField}};\nreturn { {{outputField}} };`,\n variables: [\n { name: \"inputField\", description: \"Name of the input field\", required: true },\n { name: \"outputField\", description: \"Name of the output field\", required: true },\n ],\n category: \"data\",\n },\n {\n name: \"validation\",\n description: \"Validate input data against rules\",\n content: `// Validation script\nconst value = args.{{fieldName}};\nconst errors = [];\n\nif (value === undefined || value === null) {\n errors.push('{{fieldName}} is required');\n}\n\nreturn { valid: errors.length === 0, errors };`,\n variables: [\n { name: \"fieldName\", description: \"Name of the field to validate\", required: true },\n ],\n category: \"validation\",\n },\n {\n name: \"aggregation\",\n description: \"Aggregate array data\",\n content: `// Aggregation script\nconst items = args.items || [];\nconst sum = items.reduce((acc, item) => acc + (item.{{valueField}} || 0), 0);\nconst count = items.length;\nconst average = count > 0 ? sum / count : 0;\n\nreturn { sum, count, average };`,\n variables: [\n { name: \"valueField\", description: \"Field to aggregate\", required: true, default: \"value\" },\n ],\n category: \"data\",\n },\n];\n\n/**\n * AFS Sandbox Provider\n *\n * Provides a sandboxed JavaScript execution environment for LLM-generated code.\n * Scripts are stored at `/scripts/{name}.js` and executed via `exec()`.\n *\n * The sandbox provides a controlled `afs` object with capabilities:\n * - `afs.log(level, message)` - Logging\n * - `afs.read(path)` - Read from AFS\n *\n * @example\n * ```typescript\n * const sandbox = new AFSSandbox({ name: \"sandbox\" });\n * afs.mount(sandbox);\n *\n * // Write a script\n * await afs.write(\"/modules/sandbox/scripts/greet.js\", {\n * content: `\n * afs.log(\"info\", \"Hello from sandbox!\");\n * return \"Hello, \" + args.name;\n * `\n * });\n *\n * // Execute the script\n * const result = await afs.exec(\"/modules/sandbox/@exec/greet\", { name: \"World\" });\n * // result.data = { success: true, result: \"Hello, World\", logs: [...] }\n * ```\n */\nexport class AFSSandbox implements AFSModule {\n readonly name: string;\n readonly description?: string;\n readonly accessMode: AFSAccessMode;\n\n private readonly runtime: SandboxRuntime;\n private readonly options: AFSSandboxOptions;\n private readonly scripts: Map<string, StoredScript> = new Map();\n private capabilities: CapabilityFunctions = {};\n\n // Phase 3: Promoted actions storage\n private readonly promotedActions: Map<string, PromotedAction> = new Map();\n\n // Phase 3: Audit logging\n private readonly auditLog: AuditEvent[] = [];\n private readonly auditConfig?: AuditConfig;\n\n // Phase 3: Rate limiting\n private readonly rateLimitConfig?: RateLimitConfig;\n private readonly executionTimestamps: number[] = [];\n private readonly userExecutionTimestamps: Map<string, number[]> = new Map();\n private readonly scriptExecutionTimestamps: Map<string, number[]> = new Map();\n\n // Phase 3: Metrics\n private metrics: ExecutionMetrics = {\n totalExecutions: 0,\n successCount: 0,\n failureCount: 0,\n timeoutCount: 0,\n averageDuration: 0,\n totalDuration: 0,\n };\n private readonly scriptMetrics: Map<string, ExecutionMetrics> = new Map();\n\n constructor(options: AFSSandboxOptions = {}) {\n this.options = afsSandboxOptionsSchema.parse(options);\n this.name = options.name ?? \"sandbox\";\n this.description = options.description ?? \"JavaScript sandbox for LLM code execution\";\n this.accessMode = options.accessMode ?? \"readwrite\";\n this.runtime = new SandboxRuntime(options.runtime);\n this.auditConfig = options.audit;\n this.rateLimitConfig = options.rateLimit;\n // Initialize capabilities with undefined AFS (stubs only)\n this.capabilities = createCapabilities(undefined, this.options.capabilities ?? {});\n }\n\n /**\n * Returns the Zod schema for configuration validation\n */\n static schema() {\n return afsSandboxOptionsSchema;\n }\n\n /**\n * Loads a module instance from configuration\n */\n static async load({ parsed }: AFSModuleLoadParams): Promise<AFSSandbox> {\n const validated = afsSandboxOptionsSchema.parse(parsed);\n return new AFSSandbox(validated);\n }\n\n /**\n * Called when the module is mounted to AFS\n */\n onMount(afs: AFSRoot): void {\n this.capabilities = createCapabilities(afs, this.options.capabilities ?? {});\n }\n\n /**\n * Normalize a path to remove leading/trailing slashes\n */\n private normalizePath(path: string): string {\n let normalized = path;\n if (normalized.startsWith(\"/\")) normalized = normalized.slice(1);\n if (normalized.endsWith(\"/\")) normalized = normalized.slice(0, -1);\n return normalized;\n }\n\n /**\n * Log an audit event\n */\n private logAudit(event: Omit<AuditEvent, \"timestamp\">): void {\n if (!this.auditConfig?.enabled) return;\n\n const fullEvent: AuditEvent = {\n ...event,\n timestamp: Date.now(),\n };\n\n // Store in memory\n this.auditLog.push(fullEvent);\n const maxEntries = this.auditConfig.maxEntries ?? 1000;\n while (this.auditLog.length > maxEntries) {\n this.auditLog.shift();\n }\n\n // Call callback if provided\n if (this.auditConfig.onEvent) {\n try {\n this.auditConfig.onEvent(fullEvent);\n } catch {\n // Ignore callback errors\n }\n }\n }\n\n /**\n * Check if execution is rate limited\n */\n private checkRateLimit(\n userId?: string,\n scriptName?: string,\n ): { limited: boolean; reason?: string } {\n if (!this.rateLimitConfig) return { limited: false };\n\n const now = Date.now();\n const oneMinuteAgo = now - 60000;\n\n // Clean old timestamps\n const cleanTimestamps = (arr: number[]) => arr.filter((t) => t > oneMinuteAgo);\n\n // Check global limit\n if (this.rateLimitConfig.maxExecutionsPerMinute) {\n const recentExecutions = cleanTimestamps(this.executionTimestamps);\n this.executionTimestamps.length = 0;\n this.executionTimestamps.push(...recentExecutions);\n\n if (recentExecutions.length >= this.rateLimitConfig.maxExecutionsPerMinute) {\n return { limited: true, reason: \"Global rate limit exceeded\" };\n }\n }\n\n // Check per-user limit\n if (userId && this.rateLimitConfig.maxExecutionsPerMinutePerUser) {\n const userTimestamps = cleanTimestamps(this.userExecutionTimestamps.get(userId) ?? []);\n this.userExecutionTimestamps.set(userId, userTimestamps);\n\n if (userTimestamps.length >= this.rateLimitConfig.maxExecutionsPerMinutePerUser) {\n return { limited: true, reason: \"Per-user rate limit exceeded\" };\n }\n }\n\n // Check per-script limit\n if (scriptName && this.rateLimitConfig.maxExecutionsPerMinutePerScript) {\n const scriptTimestamps = cleanTimestamps(\n this.scriptExecutionTimestamps.get(scriptName) ?? [],\n );\n this.scriptExecutionTimestamps.set(scriptName, scriptTimestamps);\n\n if (scriptTimestamps.length >= this.rateLimitConfig.maxExecutionsPerMinutePerScript) {\n return { limited: true, reason: \"Per-script rate limit exceeded\" };\n }\n }\n\n return { limited: false };\n }\n\n /**\n * Record execution for rate limiting\n */\n private recordExecution(userId?: string, scriptName?: string): void {\n const now = Date.now();\n this.executionTimestamps.push(now);\n\n if (userId) {\n const userTimestamps = this.userExecutionTimestamps.get(userId) ?? [];\n userTimestamps.push(now);\n this.userExecutionTimestamps.set(userId, userTimestamps);\n }\n\n if (scriptName) {\n const scriptTimestamps = this.scriptExecutionTimestamps.get(scriptName) ?? [];\n scriptTimestamps.push(now);\n this.scriptExecutionTimestamps.set(scriptName, scriptTimestamps);\n }\n }\n\n /**\n * Update execution metrics\n */\n private updateMetrics(scriptName: string | undefined, result: ExecutionResult): void {\n // Update global metrics\n this.metrics.totalExecutions++;\n this.metrics.totalDuration += result.duration;\n this.metrics.averageDuration = this.metrics.totalDuration / this.metrics.totalExecutions;\n\n if (result.success) {\n this.metrics.successCount++;\n } else {\n this.metrics.failureCount++;\n }\n\n if (result.timedOut) {\n this.metrics.timeoutCount++;\n }\n\n // Update per-script metrics\n if (scriptName) {\n let scriptMetrics = this.scriptMetrics.get(scriptName);\n if (!scriptMetrics) {\n scriptMetrics = {\n totalExecutions: 0,\n successCount: 0,\n failureCount: 0,\n timeoutCount: 0,\n averageDuration: 0,\n totalDuration: 0,\n };\n this.scriptMetrics.set(scriptName, scriptMetrics);\n }\n\n scriptMetrics.totalExecutions++;\n scriptMetrics.totalDuration += result.duration;\n scriptMetrics.averageDuration = scriptMetrics.totalDuration / scriptMetrics.totalExecutions;\n\n if (result.success) {\n scriptMetrics.successCount++;\n } else {\n scriptMetrics.failureCount++;\n }\n\n if (result.timedOut) {\n scriptMetrics.timeoutCount++;\n }\n }\n }\n\n /**\n * Validate action name\n */\n private isValidActionName(name: string): { valid: boolean; error?: string } {\n if (!name || typeof name !== \"string\") {\n return { valid: false, error: \"Action name is required\" };\n }\n\n // Check for reserved names\n if (RESERVED_ACTION_NAMES.includes(name)) {\n return { valid: false, error: `Action name \"${name}\" is reserved` };\n }\n\n // Check for valid characters (alphanumeric, hyphen, underscore)\n if (!/^[a-zA-Z][a-zA-Z0-9_-]*$/.test(name)) {\n return {\n valid: false,\n error:\n \"Action name must start with a letter and contain only letters, numbers, hyphens, and underscores\",\n };\n }\n\n // Check for path traversal\n if (name.includes(\"..\") || name.includes(\"/\") || name.includes(\"\\\\\")) {\n return { valid: false, error: \"Action name cannot contain path separators\" };\n }\n\n return { valid: true };\n }\n\n /**\n * Apply template variables to content\n */\n private applyTemplate(content: string, variables: Record<string, string>): string {\n let result = content;\n for (const [key, value] of Object.entries(variables)) {\n result = result.replace(new RegExp(`\\\\{\\\\{${key}\\\\}\\\\}`, \"g\"), value);\n }\n return result;\n }\n\n /**\n * Parse a path into its components\n */\n private parsePath(path: string): {\n type:\n | \"root\"\n | \"scripts\"\n | \"script\"\n | \"script-history\"\n | \"script-exec-history\"\n | \"exec\"\n | \"actions\"\n | \"templates\"\n | \"template\"\n | \"metrics\"\n | \"script-metrics\"\n | \"audit\"\n | \"unknown\";\n scriptName?: string;\n actionName?: string;\n templateName?: string;\n version?: number;\n } {\n const normalized = this.normalizePath(path);\n const parts = normalized.split(\"/\");\n\n if (normalized === \"\" || normalized === \"/\") {\n return { type: \"root\" };\n }\n\n if (parts[0] === \"scripts\") {\n if (parts.length === 1) {\n return { type: \"scripts\" };\n }\n const scriptName = parts[1]?.replace(/\\.js$/, \"\");\n\n // Check for @history or @execHistory\n if (parts.length >= 3 && parts[2] === \"@history\") {\n const version = parts[3] ? Number.parseInt(parts[3], 10) : undefined;\n return { type: \"script-history\", scriptName, version };\n }\n if (parts.length >= 3 && parts[2] === \"@execHistory\") {\n return { type: \"script-exec-history\", scriptName };\n }\n\n return { type: \"script\", scriptName };\n }\n\n if (parts[0] === \"@exec\") {\n const scriptName = parts[1]?.replace(/\\.js$/, \"\");\n return { type: \"exec\", scriptName };\n }\n\n if (parts[0] === \"@templates\") {\n if (parts.length === 1) {\n return { type: \"templates\" };\n }\n return { type: \"template\", templateName: parts[1] };\n }\n\n if (parts[0] === \"@metrics\") {\n if (parts.length === 1) {\n return { type: \"metrics\" };\n }\n if (parts[1] === \"scripts\" && parts[2]) {\n return { type: \"script-metrics\", scriptName: parts[2] };\n }\n return { type: \"metrics\" };\n }\n\n if (parts[0] === \"@audit\") {\n return { type: \"audit\" };\n }\n\n if (parts[0] === \"@actions\") {\n return { type: \"actions\", actionName: parts[1] };\n }\n\n return { type: \"unknown\" };\n }\n\n /**\n * Build AFSEntry for a stored script\n */\n private buildScriptEntry(name: string, script: StoredScript): AFSEntry {\n return {\n id: `/scripts/${name}.js`,\n path: `/scripts/${name}.js`,\n content: script.content,\n createdAt: script.metadata.createdAt,\n updatedAt: script.metadata.updatedAt,\n metadata: {\n type: \"file\",\n scriptName: name,\n lastRun: script.metadata.lastRun,\n runCount: script.metadata.runCount,\n },\n };\n }\n\n /**\n * List entries at a path\n */\n async list(path: string, _options?: AFSListOptions): Promise<AFSListResult> {\n const parsed = this.parsePath(path);\n\n if (parsed.type === \"root\") {\n // List top-level virtual directories\n return {\n data: [\n {\n id: \"/\",\n path: \"/\",\n metadata: { type: \"directory\", childrenCount: 5 },\n },\n {\n id: \"/scripts\",\n path: \"/scripts\",\n summary: \"Stored JavaScript scripts\",\n metadata: { type: \"directory\", childrenCount: this.scripts.size },\n },\n {\n id: \"/@actions\",\n path: \"/@actions\",\n summary: \"Available actions\",\n metadata: {\n type: \"directory\",\n childrenCount: RESERVED_ACTION_NAMES.length + this.promotedActions.size,\n execute: {\n name: \"actions\",\n description: \"Available sandbox actions\",\n },\n },\n },\n {\n id: \"/@templates\",\n path: \"/@templates\",\n summary: \"Script templates\",\n metadata: { type: \"directory\", childrenCount: BUILT_IN_TEMPLATES.length },\n },\n {\n id: \"/@metrics\",\n path: \"/@metrics\",\n summary: \"Execution metrics\",\n metadata: { type: \"directory\" },\n },\n {\n id: \"/@audit\",\n path: \"/@audit\",\n summary: \"Audit log\",\n metadata: { type: \"directory\", childrenCount: this.auditLog.length },\n },\n ],\n };\n }\n\n if (parsed.type === \"templates\") {\n // List available templates\n return {\n data: [\n {\n id: \"/@templates\",\n path: \"/@templates\",\n metadata: { type: \"directory\", childrenCount: BUILT_IN_TEMPLATES.length },\n },\n ...BUILT_IN_TEMPLATES.map((t) => ({\n id: `/@templates/${t.name}`,\n path: `/@templates/${t.name}`,\n summary: t.description,\n metadata: {\n type: \"template\",\n category: t.category,\n variables: t.variables,\n },\n })),\n ],\n };\n }\n\n if (parsed.type === \"scripts\") {\n // List all scripts\n const entries: AFSEntry[] = [\n {\n id: \"/scripts\",\n path: \"/scripts\",\n metadata: { type: \"directory\", childrenCount: this.scripts.size },\n },\n ];\n\n for (const [name, script] of this.scripts) {\n entries.push(this.buildScriptEntry(name, script));\n }\n\n return { data: entries };\n }\n\n if (parsed.type === \"actions\") {\n // List available actions\n const entries: AFSEntry[] = [\n {\n id: \"/@actions\",\n path: \"/@actions\",\n metadata: {\n type: \"directory\",\n childrenCount: RESERVED_ACTION_NAMES.length + this.promotedActions.size,\n },\n },\n {\n id: \"/@actions/run\",\n path: \"/@actions/run\",\n summary: \"Run inline JavaScript code\",\n metadata: {\n type: \"action\",\n execute: {\n name: \"run\",\n description: \"Execute inline JavaScript code\",\n inputSchema: {\n type: \"object\",\n properties: {\n code: { type: \"string\", description: \"JavaScript code to execute\" },\n args: { type: \"object\", description: \"Arguments to pass to the code\" },\n },\n required: [\"code\"],\n },\n },\n },\n },\n {\n id: \"/@actions/validate\",\n path: \"/@actions/validate\",\n summary: \"Validate JavaScript syntax\",\n metadata: {\n type: \"action\",\n execute: {\n name: \"validate\",\n description: \"Check JavaScript code for syntax errors\",\n inputSchema: {\n type: \"object\",\n properties: {\n code: { type: \"string\", description: \"JavaScript code to validate\" },\n },\n required: [\"code\"],\n },\n },\n },\n },\n {\n id: \"/@actions/promote\",\n path: \"/@actions/promote\",\n summary: \"Promote a script to a formal action\",\n metadata: {\n type: \"action\",\n execute: {\n name: \"promote\",\n description: \"Promote a tested script to a formal action\",\n inputSchema: {\n type: \"object\",\n properties: {\n script: { type: \"string\", description: \"Script name to promote\" },\n name: { type: \"string\", description: \"Action name\" },\n description: { type: \"string\", description: \"Action description\" },\n inputSchema: { type: \"object\", description: \"JSON schema for inputs\" },\n outputSchema: { type: \"object\", description: \"JSON schema for outputs\" },\n },\n required: [\"script\", \"name\"],\n },\n },\n },\n },\n {\n id: \"/@actions/create-from-template\",\n path: \"/@actions/create-from-template\",\n summary: \"Create a script from a template\",\n metadata: {\n type: \"action\",\n execute: {\n name: \"create-from-template\",\n description: \"Create a new script from a template\",\n inputSchema: {\n type: \"object\",\n properties: {\n template: { type: \"string\", description: \"Template name\" },\n name: { type: \"string\", description: \"Script name to create\" },\n variables: { type: \"object\", description: \"Template variables\" },\n },\n required: [\"template\", \"name\"],\n },\n },\n },\n },\n ];\n\n // Add promoted actions\n for (const [name, action] of this.promotedActions) {\n entries.push({\n id: `/@actions/${name}`,\n path: `/@actions/${name}`,\n summary: action.description ?? `Promoted action: ${name}`,\n metadata: {\n type: \"action\",\n execute: {\n name,\n description: action.description ?? `Execute ${name}`,\n inputSchema: action.inputSchema,\n outputSchema: action.outputSchema,\n },\n },\n });\n }\n\n return { data: entries };\n }\n\n return { data: [] };\n }\n\n /**\n * Read a script or action\n */\n async read(path: string, _options?: AFSReadOptions): Promise<AFSReadResult> {\n const parsed = this.parsePath(path);\n\n if (parsed.type === \"script\" && parsed.scriptName) {\n const script = this.scripts.get(parsed.scriptName);\n if (!script) {\n return { message: `Script not found: ${parsed.scriptName}` };\n }\n return { data: this.buildScriptEntry(parsed.scriptName, script) };\n }\n\n // Read version history\n if (parsed.type === \"script-history\" && parsed.scriptName) {\n const script = this.scripts.get(parsed.scriptName);\n if (!script) {\n return { message: `Script not found: ${parsed.scriptName}` };\n }\n\n const versions = script.versions ?? [];\n\n // If specific version requested\n if (parsed.version !== undefined) {\n if (Number.isNaN(parsed.version) || parsed.version < 0) {\n return { message: \"Invalid version number\" };\n }\n const version = versions.find((v) => v.version === parsed.version);\n if (!version) {\n return { message: `Version ${parsed.version} not found` };\n }\n return {\n data: {\n id: `/scripts/${parsed.scriptName}.js/@history/${parsed.version}`,\n path: `/scripts/${parsed.scriptName}.js/@history/${parsed.version}`,\n content: version.content,\n metadata: {\n type: \"version\",\n version: version.version,\n timestamp: version.timestamp,\n size: version.size,\n },\n },\n };\n }\n\n // Return all versions\n return {\n data: {\n id: `/scripts/${parsed.scriptName}.js/@history`,\n path: `/scripts/${parsed.scriptName}.js/@history`,\n content: versions,\n metadata: {\n type: \"history\",\n count: versions.length,\n },\n },\n };\n }\n\n // Read execution history\n if (parsed.type === \"script-exec-history\" && parsed.scriptName) {\n const script = this.scripts.get(parsed.scriptName);\n if (!script) {\n return { message: `Script not found: ${parsed.scriptName}` };\n }\n\n const execHistory = script.execHistory ?? [];\n return {\n data: {\n id: `/scripts/${parsed.scriptName}.js/@execHistory`,\n path: `/scripts/${parsed.scriptName}.js/@execHistory`,\n content: execHistory,\n metadata: {\n type: \"execHistory\",\n count: execHistory.length,\n },\n },\n };\n }\n\n if (parsed.type === \"actions\" && parsed.actionName) {\n // Return action metadata\n const actions = await this.list(\"/@actions\");\n const action = actions.data.find((e) => e.path === `/@actions/${parsed.actionName}`);\n if (action) {\n return { data: action };\n }\n return { message: `Action not found: ${parsed.actionName}` };\n }\n\n // Read template\n if (parsed.type === \"template\" && parsed.templateName) {\n const template = BUILT_IN_TEMPLATES.find((t) => t.name === parsed.templateName);\n if (!template) {\n return { message: `Template not found: ${parsed.templateName}` };\n }\n return {\n data: {\n id: `/@templates/${template.name}`,\n path: `/@templates/${template.name}`,\n content: template.content,\n metadata: {\n type: \"template\",\n description: template.description,\n category: template.category,\n variables: template.variables,\n },\n },\n };\n }\n\n // Read global metrics\n if (parsed.type === \"metrics\") {\n return {\n data: {\n id: \"/@metrics\",\n path: \"/@metrics\",\n content: this.metrics,\n metadata: {\n type: \"metrics\",\n },\n },\n };\n }\n\n // Read per-script metrics\n if (parsed.type === \"script-metrics\" && parsed.scriptName) {\n const scriptMetrics = this.scriptMetrics.get(parsed.scriptName);\n if (!scriptMetrics) {\n return { message: `Script metrics not found: ${parsed.scriptName}` };\n }\n return {\n data: {\n id: `/@metrics/scripts/${parsed.scriptName}`,\n path: `/@metrics/scripts/${parsed.scriptName}`,\n content: { executionCount: scriptMetrics.totalExecutions, ...scriptMetrics },\n metadata: {\n type: \"script-metrics\",\n scriptName: parsed.scriptName,\n },\n },\n };\n }\n\n // Read audit log\n if (parsed.type === \"audit\") {\n return {\n data: {\n id: \"/@audit\",\n path: \"/@audit\",\n content: this.auditLog,\n metadata: {\n type: \"audit\",\n count: this.auditLog.length,\n },\n },\n };\n }\n\n return { message: `Invalid read path: ${path}` };\n }\n\n /**\n * Write (create or update) a script\n */\n async write(\n path: string,\n entry: AFSWriteEntryPayload,\n _options?: AFSWriteOptions,\n ): Promise<AFSWriteResult> {\n const parsed = this.parsePath(path);\n\n // Reject writes to @history paths\n if (parsed.type === \"script-history\") {\n throw new Error(\"Cannot write to history directly\");\n }\n\n if (parsed.type !== \"script\" || !parsed.scriptName) {\n throw new Error(`Invalid write path: ${path}. Use /scripts/{name}.js`);\n }\n\n const content =\n typeof entry.content === \"string\" ? entry.content : JSON.stringify(entry.content);\n\n const now = new Date();\n const existing = this.scripts.get(parsed.scriptName);\n\n // Build version history\n const versions: ScriptVersion[] = existing?.versions ? [...existing.versions] : [];\n // Version number is max existing version + 1 (not versions.length + 1)\n const maxVersion = versions.length > 0 ? Math.max(...versions.map((v) => v.version)) : 0;\n const newVersion: ScriptVersion = {\n version: maxVersion + 1,\n content,\n timestamp: now,\n size: new TextEncoder().encode(content).length,\n };\n versions.push(newVersion);\n\n // Keep only last MAX_VERSIONS\n while (versions.length > MAX_VERSIONS) {\n versions.shift();\n }\n\n const metadata: ScriptMetadata = {\n name: parsed.scriptName,\n createdAt: existing?.metadata.createdAt ?? now,\n updatedAt: now,\n lastRun: existing?.metadata.lastRun,\n runCount: existing?.metadata.runCount ?? 0,\n };\n\n const storedScript: StoredScript = {\n content,\n metadata,\n versions,\n execHistory: existing?.execHistory ?? [],\n };\n this.scripts.set(parsed.scriptName, storedScript);\n\n return {\n data: this.buildScriptEntry(parsed.scriptName, storedScript),\n message: existing ? \"Script updated\" : \"Script created\",\n };\n }\n\n /**\n * Execute a script or action\n */\n async exec(\n path: string,\n args: Record<string, unknown>,\n options: AFSExecOptions,\n ): Promise<AFSExecResult> {\n const parsed = this.parsePath(path);\n\n // Execute stored script via @exec path\n if (parsed.type === \"exec\" && parsed.scriptName) {\n const script = this.scripts.get(parsed.scriptName);\n if (!script) {\n return {\n success: false,\n data: {\n error: `Script not found: ${parsed.scriptName}`,\n logs: [],\n duration: 0,\n },\n };\n }\n\n // Check rate limit\n const rateCheck = this.checkRateLimit(options.context?.userId, parsed.scriptName);\n if (rateCheck.limited) {\n return {\n success: false,\n data: {\n error: `Rate limit exceeded: ${rateCheck.reason}`,\n logs: [],\n duration: 0,\n rateLimited: true,\n },\n };\n }\n\n // Record execution for rate limiting\n this.recordExecution(options.context?.userId, parsed.scriptName);\n\n // Update metadata\n script.metadata.lastRun = new Date();\n script.metadata.runCount++;\n\n // Generate execution context with timestamp and executionId\n const executionId = generateExecutionId();\n const timestamp = Date.now();\n\n const context: ExecutionContext = {\n args,\n userId: options.context?.userId,\n sessionId: options.context?.sessionId,\n timestamp,\n executionId,\n };\n\n // Log audit event\n this.logAudit({\n type: \"execution\",\n userId: options.context?.userId,\n sessionId: options.context?.sessionId,\n scriptName: parsed.scriptName,\n details: { args: sanitizeArgs(args) },\n });\n\n const result = await this.runtime.execute(script.content, this.capabilities, context);\n const scriptExecResult = result as ExecutionResult;\n\n // Update metrics\n this.updateMetrics(parsed.scriptName, scriptExecResult);\n\n // Record execution history\n const historyEntry: ExecutionHistoryEntry = {\n executionId,\n timestamp: new Date(timestamp),\n success: scriptExecResult.success,\n duration: scriptExecResult.duration,\n error: scriptExecResult.error,\n timedOut: scriptExecResult.timedOut,\n userId: options.context?.userId,\n sessionId: options.context?.sessionId,\n args: sanitizeArgs(args),\n };\n\n script.execHistory = script.execHistory ?? [];\n script.execHistory.push(historyEntry);\n\n // Keep only last MAX_EXEC_HISTORY entries\n while (script.execHistory.length > MAX_EXEC_HISTORY) {\n script.execHistory.shift();\n }\n\n const { success, ...data } = result as unknown as {\n success: boolean;\n [key: string]: unknown;\n };\n return { success, data: data as Record<string, unknown> };\n }\n\n // Execute action\n if (parsed.type === \"actions\" && parsed.actionName) {\n return this.executeAction(parsed.actionName, args, options);\n }\n\n throw new Error(`Invalid exec path: ${path}`);\n }\n\n /**\n * Execute a built-in action\n */\n private async executeAction(\n actionName: string,\n args: Record<string, unknown>,\n options: AFSExecOptions,\n ): Promise<AFSExecResult> {\n if (actionName === \"run\") {\n // Run inline code\n const code = args.code;\n if (typeof code !== \"string\") {\n throw new Error(\"action 'run' requires 'code' parameter as string\");\n }\n\n // Check rate limit\n const rateCheck = this.checkRateLimit(options.context?.userId, undefined);\n if (rateCheck.limited) {\n return {\n success: false,\n data: {\n error: `Rate limit exceeded: ${rateCheck.reason}`,\n logs: [],\n duration: 0,\n rateLimited: true,\n },\n };\n }\n\n // Record execution for rate limiting\n this.recordExecution(options.context?.userId, undefined);\n\n // Generate execution context with timestamp and executionId\n const executionId = generateExecutionId();\n const timestamp = Date.now();\n\n const context: ExecutionContext = {\n args: (args.args as Record<string, unknown>) ?? {},\n userId: options.context?.userId,\n sessionId: options.context?.sessionId,\n timestamp,\n executionId,\n };\n\n // Log audit event\n this.logAudit({\n type: \"execution\",\n userId: options.context?.userId,\n sessionId: options.context?.sessionId,\n actionName: \"run\",\n details: { codeLength: code.length },\n });\n\n const result = await this.runtime.execute(code, this.capabilities, context);\n const runExecResult = result as ExecutionResult;\n\n // Update metrics\n this.updateMetrics(undefined, runExecResult);\n\n const { success: runSuccess, ...runData } = result as unknown as {\n success: boolean;\n [key: string]: unknown;\n };\n return { success: runSuccess, data: runData as Record<string, unknown> };\n }\n\n if (actionName === \"validate\") {\n // Validate code syntax\n const code = args.code;\n if (typeof code !== \"string\") {\n throw new Error(\"action 'validate' requires 'code' parameter as string\");\n }\n\n try {\n // Use Function constructor to check syntax (not the same as eval)\n new Function(`\"use strict\"; return async () => { ${code} }`);\n return {\n success: true,\n data: {\n valid: true,\n message: \"Syntax is valid\",\n },\n };\n } catch (error) {\n return {\n success: true,\n data: {\n valid: false,\n error: error instanceof Error ? error.message : String(error),\n },\n };\n }\n }\n\n if (actionName === \"rollback\") {\n // Rollback to a previous version\n const scriptName = args.script;\n const version = args.version;\n\n if (typeof scriptName !== \"string\") {\n throw new Error(\"action 'rollback' requires 'script' parameter as string\");\n }\n if (typeof version !== \"number\" || version < 1) {\n throw new Error(\"action 'rollback' requires 'version' parameter as positive number\");\n }\n\n const script = this.scripts.get(scriptName);\n if (!script) {\n return {\n success: false,\n data: {\n error: `Script not found: ${scriptName}`,\n },\n };\n }\n\n const versions = script.versions ?? [];\n const targetVersion = versions.find((v) => v.version === version);\n if (!targetVersion) {\n return {\n success: false,\n data: {\n error: `Version ${version} not found`,\n },\n };\n }\n\n // Rollback by writing the old content (creates a new version)\n await this.write(`/scripts/${scriptName}.js`, { content: targetVersion.content });\n\n return {\n success: true,\n data: {\n message: `Rolled back to version ${version}`,\n newVersion: script.versions?.length ?? 0,\n },\n };\n }\n\n if (actionName === \"promote\") {\n // Promote a script to a formal action\n const scriptName = args.script as string | undefined;\n const actionNameArg = args.name as string | undefined;\n\n if (!scriptName || typeof scriptName !== \"string\") {\n return {\n success: false,\n data: {\n error: \"action 'promote' requires 'script' parameter as string\",\n },\n };\n }\n\n if (!actionNameArg || typeof actionNameArg !== \"string\") {\n return {\n success: false,\n data: {\n error: \"action 'promote' requires 'name' parameter as string\",\n },\n };\n }\n\n // Validate action name\n const nameValidation = this.isValidActionName(actionNameArg);\n if (!nameValidation.valid) {\n return {\n success: false,\n data: {\n error: nameValidation.error,\n },\n };\n }\n\n // Get the script\n const script = this.scripts.get(scriptName);\n if (!script) {\n return {\n success: false,\n data: {\n error: `Script not found: ${scriptName}`,\n },\n };\n }\n\n // Validate syntax before promoting\n try {\n new Function(`\"use strict\"; return async () => { ${script.content} }`);\n } catch (error) {\n return {\n success: false,\n data: {\n error: `Script has syntax error: ${error instanceof Error ? error.message : String(error)}`,\n },\n };\n }\n\n // Get current version\n const currentVersion = script.versions?.length\n ? Math.max(...script.versions.map((v) => v.version))\n : 1;\n\n // Create or update promoted action\n const existing = this.promotedActions.get(actionNameArg);\n const promotedAction: PromotedAction = {\n name: actionNameArg,\n description: (args.description as string) ?? existing?.description,\n sourceScript: scriptName,\n sourceVersion: currentVersion,\n inputSchema: (args.inputSchema as Record<string, unknown>) ?? existing?.inputSchema,\n outputSchema: (args.outputSchema as Record<string, unknown>) ?? existing?.outputSchema,\n promotedAt: new Date(),\n version: (existing?.version ?? 0) + 1,\n };\n\n this.promotedActions.set(actionNameArg, promotedAction);\n\n // Log audit event\n this.logAudit({\n type: \"action_promote\",\n actionName: actionNameArg,\n scriptName,\n details: { version: promotedAction.version },\n });\n\n return {\n success: true,\n data: {\n message: `Script '${scriptName}' promoted to action '${actionNameArg}' (version ${promotedAction.version})`,\n action: promotedAction,\n },\n };\n }\n\n if (actionName === \"create-from-template\") {\n // Create a script from a template\n const templateName = args.template as string | undefined;\n const scriptName = args.name as string | undefined;\n const variables = (args.variables as Record<string, string>) ?? {};\n\n if (!templateName || typeof templateName !== \"string\") {\n return {\n success: false,\n data: {\n error: \"action 'create-from-template' requires 'template' parameter as string\",\n },\n };\n }\n\n if (!scriptName || typeof scriptName !== \"string\") {\n return {\n success: false,\n data: {\n error: \"action 'create-from-template' requires 'name' parameter as string\",\n },\n };\n }\n\n // Validate template name (no path traversal)\n if (\n templateName.includes(\"..\") ||\n templateName.includes(\"/\") ||\n templateName.includes(\"\\\\\")\n ) {\n return {\n success: false,\n data: {\n error: \"Invalid template name\",\n },\n };\n }\n\n // Find template\n const template = BUILT_IN_TEMPLATES.find((t) => t.name === templateName);\n if (!template) {\n return {\n success: false,\n data: {\n error: `Template not found: ${templateName}`,\n },\n };\n }\n\n // Check required variables\n if (template.variables) {\n for (const v of template.variables) {\n if (v.required && variables[v.name] === undefined && v.default === undefined) {\n return {\n success: false,\n data: {\n error: `Missing required variable: ${v.name}`,\n },\n };\n }\n }\n\n // Apply defaults\n for (const v of template.variables) {\n if (variables[v.name] === undefined && v.default !== undefined) {\n variables[v.name] = v.default;\n }\n }\n }\n\n // Apply variables to template\n const content = this.applyTemplate(template.content, variables);\n\n // Write the script\n await this.write(`/scripts/${scriptName}.js`, { content });\n\n return {\n success: true,\n data: {\n message: `Script '${scriptName}' created from template '${templateName}'`,\n path: `/scripts/${scriptName}.js`,\n },\n };\n }\n\n // Check if it's a promoted action\n const promotedAction = this.promotedActions.get(actionName);\n if (promotedAction) {\n // Execute the promoted action's source script\n const script = this.scripts.get(promotedAction.sourceScript);\n if (!script) {\n return {\n success: false,\n data: {\n error: `Source script not found: ${promotedAction.sourceScript}`,\n logs: [],\n duration: 0,\n },\n };\n }\n\n // Check rate limit\n const rateCheck = this.checkRateLimit(options.context?.userId, promotedAction.sourceScript);\n if (rateCheck.limited) {\n return {\n success: false,\n data: {\n error: `Rate limit exceeded: ${rateCheck.reason}`,\n logs: [],\n duration: 0,\n rateLimited: true,\n },\n };\n }\n\n // Record execution for rate limiting\n this.recordExecution(options.context?.userId, promotedAction.sourceScript);\n\n // Generate execution context\n const executionId = generateExecutionId();\n const timestamp = Date.now();\n\n const context: ExecutionContext = {\n args,\n userId: options.context?.userId,\n sessionId: options.context?.sessionId,\n timestamp,\n executionId,\n };\n\n // Log audit event\n this.logAudit({\n type: \"execution\",\n userId: options.context?.userId,\n sessionId: options.context?.sessionId,\n actionName,\n scriptName: promotedAction.sourceScript,\n details: { args: sanitizeArgs(args) },\n });\n\n const result = await this.runtime.execute(script.content, this.capabilities, context);\n const promotedExecResult = result as ExecutionResult;\n\n // Update metrics\n this.updateMetrics(promotedAction.sourceScript, promotedExecResult);\n\n const { success: promotedSuccess, ...promotedData } = result as unknown as {\n success: boolean;\n [key: string]: unknown;\n };\n return { success: promotedSuccess, data: promotedData as Record<string, unknown> };\n }\n\n throw new Error(`Unknown action: ${actionName}`);\n }\n}\n\n// Type check to ensure AFSSandbox implements AFSModuleClass\nconst _typeCheck: AFSModuleClass<AFSSandbox, AFSSandboxOptions> = AFSSandbox;\n"],"mappings":";;;;;;;AAYA,SAAS,oBAAoB,MAAc,UAA6B;AACtE,MAAK,MAAM,WAAW,UAAU;AAE9B,MAAI,YAAY,OAAO,YAAY,KAAM,QAAO;AAChD,MAAI,QAAQ,SAAS,MAAM,IAAI,KAAK,WAAW,QAAQ,MAAM,GAAG,GAAG,CAAC,CAClE,QAAO;AAET,MAAI,QAAQ,SAAS,KAAK,IAAI,KAAK,WAAW,QAAQ,MAAM,GAAG,GAAG,CAAC,EAAE;GAEnE,MAAM,OAAO,KAAK,MAAM,QAAQ,SAAS,EAAE;AAC3C,OAAI,CAAC,KAAK,SAAS,IAAI,IAAI,SAAS,GAAI,QAAO;;AAEjD,MAAI,SAAS,QAAS,QAAO;AAC7B,MAAI,KAAK,WAAW,GAAG,QAAQ,GAAG,CAAE,QAAO;;AAE7C,QAAO;;;;;AAMT,SAAS,cAAc,MAAc,YAAuB,WAA+B;AAEzF,KAAI,aAAa,UAAU,SAAS,KAAK,oBAAoB,MAAM,UAAU,CAC3E,QAAO;AAIT,KAAI,cAAc,WAAW,SAAS,EACpC,QAAO,oBAAoB,MAAM,WAAW;AAI9C,QAAO;;;;;;AAOT,SAAS,cAAc,MAAsB;AAE3C,KAAI,KAAK,SAAS,KAAO,CACvB,OAAM,IAAI,MAAM,mCAAmC;CAIrD,IAAI,UAAU;AACd,KAAI;AACF,YAAU,mBAAmB,KAAK;SAC5B;AAKR,KAAI,QAAQ,SAAS,KAAK,CACxB,OAAM,IAAI,MAAM,6BAA6B;AAI/C,MAAK,MAAM,QAAQ,SAAS;EAC1B,MAAM,OAAO,KAAK,WAAW,EAAE;AAC/B,MAAI,OAAO,MAAM,SAAS,IACxB,OAAM,IAAI,MAAM,4CAA4C;;AAIhE,QAAO;;;;;;;;;AAUT,SAAgB,mBACd,KACA,QACqB;CACrB,MAAM,eAAoC,EAAE;AAG5C,KAAI,KAAK,QAAQ,OAAO,KAAK,SAAS,OAAO;EAC3C,MAAM,UAAU,IAAI,KAAK,KAAK,IAAI;AAClC,eAAa,OAAO,OAAO,SAA0C;AACnE,OAAI,OAAO,SAAS,SAClB,OAAM,IAAI,MAAM,kCAAkC;AAIpD,OAAI,CAAC,cAAc,MAAM,OAAO,KAAK,YAAY,OAAO,KAAK,UAAU,CACrE,OAAM,IAAI,MAAM,oCAAoC,KAAK,GAAG;AAG9D,OAAI;IACF,MAAM,SAAS,MAAM,QAAQ,KAAK;AAClC,QAAI,CAAC,OAAO,KACV,QAAO;IAIT,MAAM,UAAU,OAAO,KAAK;AAC5B,QAAI,YAAY,UAAa,YAAY,KACvC,QAAO;AAGT,QAAI,OAAO,YAAY,SACrB,QAAO;AAIT,WAAO,KAAK,UAAU,QAAQ;YACvB,OAAO;AACd,UAAM,IAAI,MACR,6BAA6B,KAAK,KAAK,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,GAC9F;;;;AAMP,KAAI,KAAK,SAAS,OAAO,KAAK,UAAU,MAAM;EAC5C,MAAM,WAAW,IAAI,MAAM,KAAK,IAAI;AACpC,eAAa,QAAQ,OACnB,MACA,YACgD;AAEhD,OAAI,SAAS,UAAa,SAAS,KACjC,OAAM,IAAI,MAAM,8BAA8B;AAEhD,OAAI,OAAO,SAAS,SAClB,OAAM,IAAI,MAAM,mCAAmC;AAIrD,OAAI,OAAO,YAAY,SACrB,OAAM,IAAI,MAAM,sCAAsC;AAExD,OAAI,YAAY,GACd,OAAM,IAAI,MAAM,qCAAqC;GAIvD,IAAI;AACJ,OAAI;AACF,qBAAiB,cAAc,KAAK;YAC7B,OAAO;AACd,UAAM,IAAI,MAAM,cAAc,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,GAAG;;AAIzF,OAAI,CAAC,cAAc,gBAAgB,OAAO,KAAK,YAAY,OAAO,KAAK,UAAU,CAC/E,OAAM,IAAI,MAAM,qCAAqC,KAAK,GAAG;AAG/D,OAAI;AACF,UAAM,SAAS,gBAAgB,EAAE,SAAS,CAAC;AAC3C,WAAO;KAAE,SAAS;KAAM,MAAM;KAAgB;YACvC,OAAO;AACd,UAAM,IAAI,MACR,+BAA+B,KAAK,KAAK,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,GAChG;;;OAKL,cAAa,QAAQ,YAA4B;AAC/C,QAAM,IAAI,MAAM,0CAA0C;;AAK9D,KAAI,KAAK,QAAQ,OAAO,KAAK,SAAS,OAAO;EAC3C,MAAM,UAAU,IAAI,KAAK,KAAK,IAAI;AAClC,eAAa,OAAO,OAClB,MACA,YAC8C;AAC9C,OAAI,OAAO,SAAS,SAClB,OAAM,IAAI,MAAM,kCAAkC;AAIpD,OAAI,CAAC,cAAc,MAAM,OAAO,KAAK,YAAY,OAAO,KAAK,UAAU,CACrE,OAAM,IAAI,MAAM,oCAAoC,KAAK,GAAG;AAG9D,OAAI;AAKF,YAHe,MAAM,QAAQ,MADT,OAAO,YAAY,YAAY,YAAY,OAAO,UAAU,EAAE,CACR,EAG5D,KAAK,KAAK,WAA2D;KACjF,MAAM,MAAM;KACZ,MAAM,MAAM,UAAU,QAAQ;KAC/B,EAAE;YACI,OAAO;AACd,UAAM,IAAI,MACR,6BAA6B,KAAK,KAAK,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,GAC9F;;;;AAKP,QAAO;;;;;AClNT,MAAM,qBAAqB;AAC3B,MAAM,0BAA0B;;;;;;;;;;;;;AAchC,IAAa,iBAAb,MAA4B;CAC1B,AAAiB;CACjB,AAAiB;CAEjB,YAAY,UAA0B,EAAE,EAAE;AACxC,OAAK,UAAU,QAAQ,WAAW;AAClC,OAAK,cAAc,QAAQ,eAAe;;;;;;;;;;CAW5C,MAAM,QACJ,MACA,cACA,UAA4B,EAAE,EACJ;EAC1B,MAAM,OAAmB,EAAE;EAC3B,MAAM,YAAY,KAAK,KAAK;EAM5B,MAAM,WAHU,MAAM,YAAY,EAGV,YAAY;AACpC,UAAQ,eAAe,KAAK,cAAc,OAAO,KAAK;EAGtD,IAAI,WAAW;EACf,MAAM,WAAW,KAAK,KAAK,GAAG,KAAK;AACnC,UAAQ,0BAA0B;AAChC,OAAI,KAAK,KAAK,GAAG,UAAU;AACzB,eAAW;AACX,WAAO;;AAET,UAAO;IACP;EAGF,MAAM,KAAK,QAAQ,YAAY;AAE/B,MAAI;GAEF,MAAM,QAAQ,GAAG,YAAY,QAAQ,aAAa,kBAAkB;IAClE,MAAM,QAAQ,GAAG,UAAU,YAAY;IACvC,MAAM,UAAU,GAAG,UAAU,cAAc;AAC3C,SAAK,KAAK;KACR;KACA;KACA,WAAW,KAAK,KAAK;KACtB,CAAC;KACF;AACF,MAAG,QAAQ,GAAG,QAAQ,SAAS,MAAM;AACrC,SAAM,SAAS;GAGf,MAAM,WAAW,KAAK,UAAU,QAAQ,QAAQ,EAAE,CAAC;AACnD,MAAG,SAAS,kBAAkB,SAAS,GAAG;GAG1C,MAAM,aAAa;IACjB,WAAW,QAAQ,aAAa,KAAK,KAAK;IAC1C,aAAa,QAAQ,eAAe,QAAQ,KAAK,KAAK;IACtD,QAAQ,QAAQ;IAChB,WAAW,QAAQ;IACpB;GACD,MAAM,cAAc,KAAK,UAAU,WAAW;AAC9C,MAAG,SAAS,qBAAqB,YAAY,GAAG;GAGhD,MAAM,kCAMF,IAAI,KAAK;GACb,IAAI,YAAY;AAGhB,QAAK,MAAM,CAAC,MAAM,OAAO,OAAO,QAAQ,aAAa,EAAE;IAErD,MAAM,QAAQ,GAAG,YAAY,SAAS,SAAS,GAAG,eAAe;KAC/D,MAAM,OAAO,WAAW,KAAK,MAAM;MACjC,MAAM,OAAO,GAAG,OAAO,EAAE;AACzB,UAAI,SAAS,SAAU,QAAO,GAAG,UAAU,EAAE;AAC7C,UAAI,SAAS,SAAU,QAAO,GAAG,UAAU,EAAE;AAC7C,UAAI,SAAS,UAAW,QAAO,GAAG,KAAK,EAAE;AACzC,UAAI,SAAS,YAAY,SAAS,YAAa,QAAO,GAAG,KAAK,EAAE;AAChE,aAAO,GAAG,KAAK,EAAE;OACjB;KAGF,MAAM,KAAK;AAGX,QAAG,GAAG,KAAK,CACR,MAAM,aAAW;AAChB,sBAAgB,IAAI,GAAG,EAAE,QAAQA,SAAO;AACxC,sBAAgB,OAAO,GAAG;OAC1B,CACD,OAAO,UAAU;AAChB,sBACG,IAAI,GAAG,EACN,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,MAAM,CAAC,CAAC;AACrE,sBAAgB,OAAO,GAAG;OAC1B;AAEJ,YAAO,GAAG,UAAU,GAAG;MACvB;AACF,OAAG,QAAQ,GAAG,QAAQ,SAAS,QAAQ,MAAM;AAC7C,UAAM,SAAS;;GAgBjB,MAAM,cAAc;;;;;;;;;;;MAZK,OAAO,KAAK,aAAa,CAC/C,KACE,SAAS;MACd,KAAK;;2BAEgB,KAAK;;;OAIvB,CACA,KAAK,MAAM,CAaG;;;;;;;;IAQnB,KAAK;;;GAKH,MAAM,SAAS,GAAG,SAAS,YAAY;AAEvC,OAAI,UAAU;AACZ,WAAO,SAAS;AAChB,WAAO;KACL,SAAS;KACT,OAAO,oCAAoC,KAAK,QAAQ;KACxD;KACA,UAAU,KAAK,KAAK,GAAG;KACvB,UAAU;KACX;;AAGH,OAAI,OAAO,OAAO;IAChB,MAAM,aAAa,GAAG,KAAK,OAAO,MAAM;AACxC,WAAO,MAAM,SAAS;AAOtB,WAAO;KACL,SAAS;KACT,OANA,OAAO,eAAe,YAAY,eAAe,OAC3C,WAAoC,WAAW,OAAO,WAAW,GACnE,OAAO,WAAW;KAKtB,OACE,OAAO,eAAe,YAAY,eAAe,OAC5C,WAAkC,QACnC;KACN;KACA,UAAU,KAAK,KAAK,GAAG;KACxB;;GAIH,MAAM,cAAc,GAAG,KAAK,OAAO,MAAM;AACzC,UAAO,MAAM,SAAS;AAEtB,UAAO;IACL,SAAS;IACT,QAAQ;IACR;IACA,UAAU,KAAK,KAAK,GAAG;IACvB,UAAU;IACX;WACM,OAAO;AAId,UAAO;IACL,SAAS;IACT,OALmB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;IAMzE,OALY,iBAAiB,QAAQ,MAAM,QAAQ;IAMnD;IACA,UAAU,KAAK,KAAK,GAAG;IACxB;YACO;AAER,MAAG,SAAS;AACZ,WAAQ,SAAS;;;;;;;;AC5LvB,MAAM,eAAe;;AAErB,MAAM,mBAAmB;;AAEzB,MAAM,mBAAmB;CAAC;CAAY;CAAU;CAAS;CAAO;CAAc;CAAO;;;;AAKrF,SAAS,sBAA8B;AACrC,QAAO,QAAQ,KAAK,KAAK,CAAC,GAAG,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,MAAM,GAAG,GAAG;;;;;AAMtE,SAAS,aAAa,MAAwD;CAC5E,MAAM,YAAqC,EAAE;AAC7C,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,CAC7C,KAAI,iBAAiB,MAAM,MAAM,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC,CAC7D,WAAU,OAAO;UACR,OAAO,UAAU,YAAY,UAAU,KAChD,WAAU,OAAO,aAAa,MAAiC;KAE/D,WAAU,OAAO;AAGrB,QAAO;;;;;AAMT,MAAM,0BAA0B,EAAE,OAAO;CACvC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,SAAS,cAAc;CACnD,aAAa,EAAE,QAAQ,CAAC,UAAU,CAAC,SAAS,qBAAqB;CACjE,YAAY,EAAE,KAAK,CAAC,YAAY,YAAY,CAAC,CAAC,UAAU,CAAC,SAAS,8BAA8B;CAChG,SAAS,EACN,OAAO;EACN,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,oCAAoC;EACvF,aAAa,EAAE,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,qBAAqB;EAC7E,CAAC,CACD,UAAU,CACV,SAAS,wBAAwB;CACpC,cAAc,EACX,OAAO,EACN,KAAK,EACF,OAAO;EACN,MAAM,EAAE,SAAS,CAAC,UAAU,CAAC,SAAS,yBAAyB;EAC/D,OAAO,EAAE,SAAS,CAAC,UAAU,CAAC,SAAS,0BAA0B;EACjE,YAAY,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,UAAU,CAAC,SAAS,wBAAwB;EAC5E,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,UAAU,CAAC,SAAS,uBAAuB;EAC3E,CAAC,CACD,UAAU,CACV,SAAS,2BAA2B,EACxC,CAAC,CACD,UAAU,CACV,SAAS,6BAA6B;CACzC,OAAO,EACJ,OAAO;EACN,SAAS,EAAE,SAAS,CAAC,SAAS,uBAAuB;EACrD,SAAS,EAAE,UAAU,CAAC,UAAU,CAAC,SAAS,4BAA4B;EACtE,YAAY,EAAE,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,4BAA4B;EACnF,CAAC,CACD,UAAU,CACV,SAAS,sBAAsB;CAClC,WAAW,EACR,OAAO;EACN,wBAAwB,EAAE,QAAQ,CAAC,UAAU,CAAC,UAAU;EACxD,+BAA+B,EAAE,QAAQ,CAAC,UAAU,CAAC,UAAU;EAC/D,iCAAiC,EAAE,QAAQ,CAAC,UAAU,CAAC,UAAU;EAClE,CAAC,CACD,UAAU,CACV,SAAS,8BAA8B;CAC3C,CAAC;;AAGF,MAAM,wBAAwB;CAAC;CAAO;CAAY;CAAY;CAAW;CAAuB;;AAGhG,MAAM,qBAAuC;CAC3C;EACE,MAAM;EACN,aAAa;EACb,SAAS;;EAET,UAAU;EACX;CACD;EACE,MAAM;EACN,aAAa;EACb,SAAS;;;;EAIT,WAAW,CACT;GAAE,MAAM;GAAc,aAAa;GAA2B,UAAU;GAAM,EAC9E;GAAE,MAAM;GAAe,aAAa;GAA4B,UAAU;GAAM,CACjF;EACD,UAAU;EACX;CACD;EACE,MAAM;EACN,aAAa;EACb,SAAS;;;;;;;;;EAST,WAAW,CACT;GAAE,MAAM;GAAa,aAAa;GAAiC,UAAU;GAAM,CACpF;EACD,UAAU;EACX;CACD;EACE,MAAM;EACN,aAAa;EACb,SAAS;;;;;;;EAOT,WAAW,CACT;GAAE,MAAM;GAAc,aAAa;GAAsB,UAAU;GAAM,SAAS;GAAS,CAC5F;EACD,UAAU;EACX;CACF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BD,IAAa,aAAb,MAAa,WAAgC;CAC3C,AAAS;CACT,AAAS;CACT,AAAS;CAET,AAAiB;CACjB,AAAiB;CACjB,AAAiB,0BAAqC,IAAI,KAAK;CAC/D,AAAQ,eAAoC,EAAE;CAG9C,AAAiB,kCAA+C,IAAI,KAAK;CAGzE,AAAiB,WAAyB,EAAE;CAC5C,AAAiB;CAGjB,AAAiB;CACjB,AAAiB,sBAAgC,EAAE;CACnD,AAAiB,0CAAiD,IAAI,KAAK;CAC3E,AAAiB,4CAAmD,IAAI,KAAK;CAG7E,AAAQ,UAA4B;EAClC,iBAAiB;EACjB,cAAc;EACd,cAAc;EACd,cAAc;EACd,iBAAiB;EACjB,eAAe;EAChB;CACD,AAAiB,gCAA+C,IAAI,KAAK;CAEzE,YAAY,UAA6B,EAAE,EAAE;AAC3C,OAAK,UAAU,wBAAwB,MAAM,QAAQ;AACrD,OAAK,OAAO,QAAQ,QAAQ;AAC5B,OAAK,cAAc,QAAQ,eAAe;AAC1C,OAAK,aAAa,QAAQ,cAAc;AACxC,OAAK,UAAU,IAAI,eAAe,QAAQ,QAAQ;AAClD,OAAK,cAAc,QAAQ;AAC3B,OAAK,kBAAkB,QAAQ;AAE/B,OAAK,eAAe,mBAAmB,QAAW,KAAK,QAAQ,gBAAgB,EAAE,CAAC;;;;;CAMpF,OAAO,SAAS;AACd,SAAO;;;;;CAMT,aAAa,KAAK,EAAE,UAAoD;AAEtE,SAAO,IAAI,WADO,wBAAwB,MAAM,OAAO,CACvB;;;;;CAMlC,QAAQ,KAAoB;AAC1B,OAAK,eAAe,mBAAmB,KAAK,KAAK,QAAQ,gBAAgB,EAAE,CAAC;;;;;CAM9E,AAAQ,cAAc,MAAsB;EAC1C,IAAI,aAAa;AACjB,MAAI,WAAW,WAAW,IAAI,CAAE,cAAa,WAAW,MAAM,EAAE;AAChE,MAAI,WAAW,SAAS,IAAI,CAAE,cAAa,WAAW,MAAM,GAAG,GAAG;AAClE,SAAO;;;;;CAMT,AAAQ,SAAS,OAA4C;AAC3D,MAAI,CAAC,KAAK,aAAa,QAAS;EAEhC,MAAM,YAAwB;GAC5B,GAAG;GACH,WAAW,KAAK,KAAK;GACtB;AAGD,OAAK,SAAS,KAAK,UAAU;EAC7B,MAAM,aAAa,KAAK,YAAY,cAAc;AAClD,SAAO,KAAK,SAAS,SAAS,WAC5B,MAAK,SAAS,OAAO;AAIvB,MAAI,KAAK,YAAY,QACnB,KAAI;AACF,QAAK,YAAY,QAAQ,UAAU;UAC7B;;;;;CASZ,AAAQ,eACN,QACA,YACuC;AACvC,MAAI,CAAC,KAAK,gBAAiB,QAAO,EAAE,SAAS,OAAO;EAGpD,MAAM,eADM,KAAK,KAAK,GACK;EAG3B,MAAM,mBAAmB,QAAkB,IAAI,QAAQ,MAAM,IAAI,aAAa;AAG9E,MAAI,KAAK,gBAAgB,wBAAwB;GAC/C,MAAM,mBAAmB,gBAAgB,KAAK,oBAAoB;AAClE,QAAK,oBAAoB,SAAS;AAClC,QAAK,oBAAoB,KAAK,GAAG,iBAAiB;AAElD,OAAI,iBAAiB,UAAU,KAAK,gBAAgB,uBAClD,QAAO;IAAE,SAAS;IAAM,QAAQ;IAA8B;;AAKlE,MAAI,UAAU,KAAK,gBAAgB,+BAA+B;GAChE,MAAM,iBAAiB,gBAAgB,KAAK,wBAAwB,IAAI,OAAO,IAAI,EAAE,CAAC;AACtF,QAAK,wBAAwB,IAAI,QAAQ,eAAe;AAExD,OAAI,eAAe,UAAU,KAAK,gBAAgB,8BAChD,QAAO;IAAE,SAAS;IAAM,QAAQ;IAAgC;;AAKpE,MAAI,cAAc,KAAK,gBAAgB,iCAAiC;GACtE,MAAM,mBAAmB,gBACvB,KAAK,0BAA0B,IAAI,WAAW,IAAI,EAAE,CACrD;AACD,QAAK,0BAA0B,IAAI,YAAY,iBAAiB;AAEhE,OAAI,iBAAiB,UAAU,KAAK,gBAAgB,gCAClD,QAAO;IAAE,SAAS;IAAM,QAAQ;IAAkC;;AAItE,SAAO,EAAE,SAAS,OAAO;;;;;CAM3B,AAAQ,gBAAgB,QAAiB,YAA2B;EAClE,MAAM,MAAM,KAAK,KAAK;AACtB,OAAK,oBAAoB,KAAK,IAAI;AAElC,MAAI,QAAQ;GACV,MAAM,iBAAiB,KAAK,wBAAwB,IAAI,OAAO,IAAI,EAAE;AACrE,kBAAe,KAAK,IAAI;AACxB,QAAK,wBAAwB,IAAI,QAAQ,eAAe;;AAG1D,MAAI,YAAY;GACd,MAAM,mBAAmB,KAAK,0BAA0B,IAAI,WAAW,IAAI,EAAE;AAC7E,oBAAiB,KAAK,IAAI;AAC1B,QAAK,0BAA0B,IAAI,YAAY,iBAAiB;;;;;;CAOpE,AAAQ,cAAc,YAAgC,QAA+B;AAEnF,OAAK,QAAQ;AACb,OAAK,QAAQ,iBAAiB,OAAO;AACrC,OAAK,QAAQ,kBAAkB,KAAK,QAAQ,gBAAgB,KAAK,QAAQ;AAEzE,MAAI,OAAO,QACT,MAAK,QAAQ;MAEb,MAAK,QAAQ;AAGf,MAAI,OAAO,SACT,MAAK,QAAQ;AAIf,MAAI,YAAY;GACd,IAAI,gBAAgB,KAAK,cAAc,IAAI,WAAW;AACtD,OAAI,CAAC,eAAe;AAClB,oBAAgB;KACd,iBAAiB;KACjB,cAAc;KACd,cAAc;KACd,cAAc;KACd,iBAAiB;KACjB,eAAe;KAChB;AACD,SAAK,cAAc,IAAI,YAAY,cAAc;;AAGnD,iBAAc;AACd,iBAAc,iBAAiB,OAAO;AACtC,iBAAc,kBAAkB,cAAc,gBAAgB,cAAc;AAE5E,OAAI,OAAO,QACT,eAAc;OAEd,eAAc;AAGhB,OAAI,OAAO,SACT,eAAc;;;;;;CAQpB,AAAQ,kBAAkB,MAAkD;AAC1E,MAAI,CAAC,QAAQ,OAAO,SAAS,SAC3B,QAAO;GAAE,OAAO;GAAO,OAAO;GAA2B;AAI3D,MAAI,sBAAsB,SAAS,KAAK,CACtC,QAAO;GAAE,OAAO;GAAO,OAAO,gBAAgB,KAAK;GAAgB;AAIrE,MAAI,CAAC,2BAA2B,KAAK,KAAK,CACxC,QAAO;GACL,OAAO;GACP,OACE;GACH;AAIH,MAAI,KAAK,SAAS,KAAK,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,KAAK,CAClE,QAAO;GAAE,OAAO;GAAO,OAAO;GAA8C;AAG9E,SAAO,EAAE,OAAO,MAAM;;;;;CAMxB,AAAQ,cAAc,SAAiB,WAA2C;EAChF,IAAI,SAAS;AACb,OAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,UAAU,CAClD,UAAS,OAAO,QAAQ,IAAI,OAAO,SAAS,IAAI,SAAS,IAAI,EAAE,MAAM;AAEvE,SAAO;;;;;CAMT,AAAQ,UAAU,MAmBhB;EACA,MAAM,aAAa,KAAK,cAAc,KAAK;EAC3C,MAAM,QAAQ,WAAW,MAAM,IAAI;AAEnC,MAAI,eAAe,MAAM,eAAe,IACtC,QAAO,EAAE,MAAM,QAAQ;AAGzB,MAAI,MAAM,OAAO,WAAW;AAC1B,OAAI,MAAM,WAAW,EACnB,QAAO,EAAE,MAAM,WAAW;GAE5B,MAAM,aAAa,MAAM,IAAI,QAAQ,SAAS,GAAG;AAGjD,OAAI,MAAM,UAAU,KAAK,MAAM,OAAO,WAEpC,QAAO;IAAE,MAAM;IAAkB;IAAY,SAD7B,MAAM,KAAK,OAAO,SAAS,MAAM,IAAI,GAAG,GAAG;IACL;AAExD,OAAI,MAAM,UAAU,KAAK,MAAM,OAAO,eACpC,QAAO;IAAE,MAAM;IAAuB;IAAY;AAGpD,UAAO;IAAE,MAAM;IAAU;IAAY;;AAGvC,MAAI,MAAM,OAAO,QAEf,QAAO;GAAE,MAAM;GAAQ,YADJ,MAAM,IAAI,QAAQ,SAAS,GAAG;GACd;AAGrC,MAAI,MAAM,OAAO,cAAc;AAC7B,OAAI,MAAM,WAAW,EACnB,QAAO,EAAE,MAAM,aAAa;AAE9B,UAAO;IAAE,MAAM;IAAY,cAAc,MAAM;IAAI;;AAGrD,MAAI,MAAM,OAAO,YAAY;AAC3B,OAAI,MAAM,WAAW,EACnB,QAAO,EAAE,MAAM,WAAW;AAE5B,OAAI,MAAM,OAAO,aAAa,MAAM,GAClC,QAAO;IAAE,MAAM;IAAkB,YAAY,MAAM;IAAI;AAEzD,UAAO,EAAE,MAAM,WAAW;;AAG5B,MAAI,MAAM,OAAO,SACf,QAAO,EAAE,MAAM,SAAS;AAG1B,MAAI,MAAM,OAAO,WACf,QAAO;GAAE,MAAM;GAAW,YAAY,MAAM;GAAI;AAGlD,SAAO,EAAE,MAAM,WAAW;;;;;CAM5B,AAAQ,iBAAiB,MAAc,QAAgC;AACrE,SAAO;GACL,IAAI,YAAY,KAAK;GACrB,MAAM,YAAY,KAAK;GACvB,SAAS,OAAO;GAChB,WAAW,OAAO,SAAS;GAC3B,WAAW,OAAO,SAAS;GAC3B,UAAU;IACR,MAAM;IACN,YAAY;IACZ,SAAS,OAAO,SAAS;IACzB,UAAU,OAAO,SAAS;IAC3B;GACF;;;;;CAMH,MAAM,KAAK,MAAc,UAAmD;EAC1E,MAAM,SAAS,KAAK,UAAU,KAAK;AAEnC,MAAI,OAAO,SAAS,OAElB,QAAO,EACL,MAAM;GACJ;IACE,IAAI;IACJ,MAAM;IACN,UAAU;KAAE,MAAM;KAAa,eAAe;KAAG;IAClD;GACD;IACE,IAAI;IACJ,MAAM;IACN,SAAS;IACT,UAAU;KAAE,MAAM;KAAa,eAAe,KAAK,QAAQ;KAAM;IAClE;GACD;IACE,IAAI;IACJ,MAAM;IACN,SAAS;IACT,UAAU;KACR,MAAM;KACN,eAAe,sBAAsB,SAAS,KAAK,gBAAgB;KACnE,SAAS;MACP,MAAM;MACN,aAAa;MACd;KACF;IACF;GACD;IACE,IAAI;IACJ,MAAM;IACN,SAAS;IACT,UAAU;KAAE,MAAM;KAAa,eAAe,mBAAmB;KAAQ;IAC1E;GACD;IACE,IAAI;IACJ,MAAM;IACN,SAAS;IACT,UAAU,EAAE,MAAM,aAAa;IAChC;GACD;IACE,IAAI;IACJ,MAAM;IACN,SAAS;IACT,UAAU;KAAE,MAAM;KAAa,eAAe,KAAK,SAAS;KAAQ;IACrE;GACF,EACF;AAGH,MAAI,OAAO,SAAS,YAElB,QAAO,EACL,MAAM,CACJ;GACE,IAAI;GACJ,MAAM;GACN,UAAU;IAAE,MAAM;IAAa,eAAe,mBAAmB;IAAQ;GAC1E,EACD,GAAG,mBAAmB,KAAK,OAAO;GAChC,IAAI,eAAe,EAAE;GACrB,MAAM,eAAe,EAAE;GACvB,SAAS,EAAE;GACX,UAAU;IACR,MAAM;IACN,UAAU,EAAE;IACZ,WAAW,EAAE;IACd;GACF,EAAE,CACJ,EACF;AAGH,MAAI,OAAO,SAAS,WAAW;GAE7B,MAAM,UAAsB,CAC1B;IACE,IAAI;IACJ,MAAM;IACN,UAAU;KAAE,MAAM;KAAa,eAAe,KAAK,QAAQ;KAAM;IAClE,CACF;AAED,QAAK,MAAM,CAAC,MAAM,WAAW,KAAK,QAChC,SAAQ,KAAK,KAAK,iBAAiB,MAAM,OAAO,CAAC;AAGnD,UAAO,EAAE,MAAM,SAAS;;AAG1B,MAAI,OAAO,SAAS,WAAW;GAE7B,MAAM,UAAsB;IAC1B;KACE,IAAI;KACJ,MAAM;KACN,UAAU;MACR,MAAM;MACN,eAAe,sBAAsB,SAAS,KAAK,gBAAgB;MACpE;KACF;IACD;KACE,IAAI;KACJ,MAAM;KACN,SAAS;KACT,UAAU;MACR,MAAM;MACN,SAAS;OACP,MAAM;OACN,aAAa;OACb,aAAa;QACX,MAAM;QACN,YAAY;SACV,MAAM;UAAE,MAAM;UAAU,aAAa;UAA8B;SACnE,MAAM;UAAE,MAAM;UAAU,aAAa;UAAiC;SACvE;QACD,UAAU,CAAC,OAAO;QACnB;OACF;MACF;KACF;IACD;KACE,IAAI;KACJ,MAAM;KACN,SAAS;KACT,UAAU;MACR,MAAM;MACN,SAAS;OACP,MAAM;OACN,aAAa;OACb,aAAa;QACX,MAAM;QACN,YAAY,EACV,MAAM;SAAE,MAAM;SAAU,aAAa;SAA+B,EACrE;QACD,UAAU,CAAC,OAAO;QACnB;OACF;MACF;KACF;IACD;KACE,IAAI;KACJ,MAAM;KACN,SAAS;KACT,UAAU;MACR,MAAM;MACN,SAAS;OACP,MAAM;OACN,aAAa;OACb,aAAa;QACX,MAAM;QACN,YAAY;SACV,QAAQ;UAAE,MAAM;UAAU,aAAa;UAA0B;SACjE,MAAM;UAAE,MAAM;UAAU,aAAa;UAAe;SACpD,aAAa;UAAE,MAAM;UAAU,aAAa;UAAsB;SAClE,aAAa;UAAE,MAAM;UAAU,aAAa;UAA0B;SACtE,cAAc;UAAE,MAAM;UAAU,aAAa;UAA2B;SACzE;QACD,UAAU,CAAC,UAAU,OAAO;QAC7B;OACF;MACF;KACF;IACD;KACE,IAAI;KACJ,MAAM;KACN,SAAS;KACT,UAAU;MACR,MAAM;MACN,SAAS;OACP,MAAM;OACN,aAAa;OACb,aAAa;QACX,MAAM;QACN,YAAY;SACV,UAAU;UAAE,MAAM;UAAU,aAAa;UAAiB;SAC1D,MAAM;UAAE,MAAM;UAAU,aAAa;UAAyB;SAC9D,WAAW;UAAE,MAAM;UAAU,aAAa;UAAsB;SACjE;QACD,UAAU,CAAC,YAAY,OAAO;QAC/B;OACF;MACF;KACF;IACF;AAGD,QAAK,MAAM,CAAC,MAAM,WAAW,KAAK,gBAChC,SAAQ,KAAK;IACX,IAAI,aAAa;IACjB,MAAM,aAAa;IACnB,SAAS,OAAO,eAAe,oBAAoB;IACnD,UAAU;KACR,MAAM;KACN,SAAS;MACP;MACA,aAAa,OAAO,eAAe,WAAW;MAC9C,aAAa,OAAO;MACpB,cAAc,OAAO;MACtB;KACF;IACF,CAAC;AAGJ,UAAO,EAAE,MAAM,SAAS;;AAG1B,SAAO,EAAE,MAAM,EAAE,EAAE;;;;;CAMrB,MAAM,KAAK,MAAc,UAAmD;EAC1E,MAAM,SAAS,KAAK,UAAU,KAAK;AAEnC,MAAI,OAAO,SAAS,YAAY,OAAO,YAAY;GACjD,MAAM,SAAS,KAAK,QAAQ,IAAI,OAAO,WAAW;AAClD,OAAI,CAAC,OACH,QAAO,EAAE,SAAS,qBAAqB,OAAO,cAAc;AAE9D,UAAO,EAAE,MAAM,KAAK,iBAAiB,OAAO,YAAY,OAAO,EAAE;;AAInE,MAAI,OAAO,SAAS,oBAAoB,OAAO,YAAY;GACzD,MAAM,SAAS,KAAK,QAAQ,IAAI,OAAO,WAAW;AAClD,OAAI,CAAC,OACH,QAAO,EAAE,SAAS,qBAAqB,OAAO,cAAc;GAG9D,MAAM,WAAW,OAAO,YAAY,EAAE;AAGtC,OAAI,OAAO,YAAY,QAAW;AAChC,QAAI,OAAO,MAAM,OAAO,QAAQ,IAAI,OAAO,UAAU,EACnD,QAAO,EAAE,SAAS,0BAA0B;IAE9C,MAAM,UAAU,SAAS,MAAM,MAAM,EAAE,YAAY,OAAO,QAAQ;AAClE,QAAI,CAAC,QACH,QAAO,EAAE,SAAS,WAAW,OAAO,QAAQ,aAAa;AAE3D,WAAO,EACL,MAAM;KACJ,IAAI,YAAY,OAAO,WAAW,eAAe,OAAO;KACxD,MAAM,YAAY,OAAO,WAAW,eAAe,OAAO;KAC1D,SAAS,QAAQ;KACjB,UAAU;MACR,MAAM;MACN,SAAS,QAAQ;MACjB,WAAW,QAAQ;MACnB,MAAM,QAAQ;MACf;KACF,EACF;;AAIH,UAAO,EACL,MAAM;IACJ,IAAI,YAAY,OAAO,WAAW;IAClC,MAAM,YAAY,OAAO,WAAW;IACpC,SAAS;IACT,UAAU;KACR,MAAM;KACN,OAAO,SAAS;KACjB;IACF,EACF;;AAIH,MAAI,OAAO,SAAS,yBAAyB,OAAO,YAAY;GAC9D,MAAM,SAAS,KAAK,QAAQ,IAAI,OAAO,WAAW;AAClD,OAAI,CAAC,OACH,QAAO,EAAE,SAAS,qBAAqB,OAAO,cAAc;GAG9D,MAAM,cAAc,OAAO,eAAe,EAAE;AAC5C,UAAO,EACL,MAAM;IACJ,IAAI,YAAY,OAAO,WAAW;IAClC,MAAM,YAAY,OAAO,WAAW;IACpC,SAAS;IACT,UAAU;KACR,MAAM;KACN,OAAO,YAAY;KACpB;IACF,EACF;;AAGH,MAAI,OAAO,SAAS,aAAa,OAAO,YAAY;GAGlD,MAAM,UADU,MAAM,KAAK,KAAK,YAAY,EACrB,KAAK,MAAM,MAAM,EAAE,SAAS,aAAa,OAAO,aAAa;AACpF,OAAI,OACF,QAAO,EAAE,MAAM,QAAQ;AAEzB,UAAO,EAAE,SAAS,qBAAqB,OAAO,cAAc;;AAI9D,MAAI,OAAO,SAAS,cAAc,OAAO,cAAc;GACrD,MAAM,WAAW,mBAAmB,MAAM,MAAM,EAAE,SAAS,OAAO,aAAa;AAC/E,OAAI,CAAC,SACH,QAAO,EAAE,SAAS,uBAAuB,OAAO,gBAAgB;AAElE,UAAO,EACL,MAAM;IACJ,IAAI,eAAe,SAAS;IAC5B,MAAM,eAAe,SAAS;IAC9B,SAAS,SAAS;IAClB,UAAU;KACR,MAAM;KACN,aAAa,SAAS;KACtB,UAAU,SAAS;KACnB,WAAW,SAAS;KACrB;IACF,EACF;;AAIH,MAAI,OAAO,SAAS,UAClB,QAAO,EACL,MAAM;GACJ,IAAI;GACJ,MAAM;GACN,SAAS,KAAK;GACd,UAAU,EACR,MAAM,WACP;GACF,EACF;AAIH,MAAI,OAAO,SAAS,oBAAoB,OAAO,YAAY;GACzD,MAAM,gBAAgB,KAAK,cAAc,IAAI,OAAO,WAAW;AAC/D,OAAI,CAAC,cACH,QAAO,EAAE,SAAS,6BAA6B,OAAO,cAAc;AAEtE,UAAO,EACL,MAAM;IACJ,IAAI,qBAAqB,OAAO;IAChC,MAAM,qBAAqB,OAAO;IAClC,SAAS;KAAE,gBAAgB,cAAc;KAAiB,GAAG;KAAe;IAC5E,UAAU;KACR,MAAM;KACN,YAAY,OAAO;KACpB;IACF,EACF;;AAIH,MAAI,OAAO,SAAS,QAClB,QAAO,EACL,MAAM;GACJ,IAAI;GACJ,MAAM;GACN,SAAS,KAAK;GACd,UAAU;IACR,MAAM;IACN,OAAO,KAAK,SAAS;IACtB;GACF,EACF;AAGH,SAAO,EAAE,SAAS,sBAAsB,QAAQ;;;;;CAMlD,MAAM,MACJ,MACA,OACA,UACyB;EACzB,MAAM,SAAS,KAAK,UAAU,KAAK;AAGnC,MAAI,OAAO,SAAS,iBAClB,OAAM,IAAI,MAAM,mCAAmC;AAGrD,MAAI,OAAO,SAAS,YAAY,CAAC,OAAO,WACtC,OAAM,IAAI,MAAM,uBAAuB,KAAK,0BAA0B;EAGxE,MAAM,UACJ,OAAO,MAAM,YAAY,WAAW,MAAM,UAAU,KAAK,UAAU,MAAM,QAAQ;EAEnF,MAAM,sBAAM,IAAI,MAAM;EACtB,MAAM,WAAW,KAAK,QAAQ,IAAI,OAAO,WAAW;EAGpD,MAAM,WAA4B,UAAU,WAAW,CAAC,GAAG,SAAS,SAAS,GAAG,EAAE;EAGlF,MAAM,aAA4B;GAChC,UAFiB,SAAS,SAAS,IAAI,KAAK,IAAI,GAAG,SAAS,KAAK,MAAM,EAAE,QAAQ,CAAC,GAAG,KAE/D;GACtB;GACA,WAAW;GACX,MAAM,IAAI,aAAa,CAAC,OAAO,QAAQ,CAAC;GACzC;AACD,WAAS,KAAK,WAAW;AAGzB,SAAO,SAAS,SAAS,aACvB,UAAS,OAAO;EAWlB,MAAM,eAA6B;GACjC;GACA,UAV+B;IAC/B,MAAM,OAAO;IACb,WAAW,UAAU,SAAS,aAAa;IAC3C,WAAW;IACX,SAAS,UAAU,SAAS;IAC5B,UAAU,UAAU,SAAS,YAAY;IAC1C;GAKC;GACA,aAAa,UAAU,eAAe,EAAE;GACzC;AACD,OAAK,QAAQ,IAAI,OAAO,YAAY,aAAa;AAEjD,SAAO;GACL,MAAM,KAAK,iBAAiB,OAAO,YAAY,aAAa;GAC5D,SAAS,WAAW,mBAAmB;GACxC;;;;;CAMH,MAAM,KACJ,MACA,MACA,SACwB;EACxB,MAAM,SAAS,KAAK,UAAU,KAAK;AAGnC,MAAI,OAAO,SAAS,UAAU,OAAO,YAAY;GAC/C,MAAM,SAAS,KAAK,QAAQ,IAAI,OAAO,WAAW;AAClD,OAAI,CAAC,OACH,QAAO;IACL,SAAS;IACT,MAAM;KACJ,OAAO,qBAAqB,OAAO;KACnC,MAAM,EAAE;KACR,UAAU;KACX;IACF;GAIH,MAAM,YAAY,KAAK,eAAe,QAAQ,SAAS,QAAQ,OAAO,WAAW;AACjF,OAAI,UAAU,QACZ,QAAO;IACL,SAAS;IACT,MAAM;KACJ,OAAO,wBAAwB,UAAU;KACzC,MAAM,EAAE;KACR,UAAU;KACV,aAAa;KACd;IACF;AAIH,QAAK,gBAAgB,QAAQ,SAAS,QAAQ,OAAO,WAAW;AAGhE,UAAO,SAAS,0BAAU,IAAI,MAAM;AACpC,UAAO,SAAS;GAGhB,MAAM,cAAc,qBAAqB;GACzC,MAAM,YAAY,KAAK,KAAK;GAE5B,MAAM,UAA4B;IAChC;IACA,QAAQ,QAAQ,SAAS;IACzB,WAAW,QAAQ,SAAS;IAC5B;IACA;IACD;AAGD,QAAK,SAAS;IACZ,MAAM;IACN,QAAQ,QAAQ,SAAS;IACzB,WAAW,QAAQ,SAAS;IAC5B,YAAY,OAAO;IACnB,SAAS,EAAE,MAAM,aAAa,KAAK,EAAE;IACtC,CAAC;GAEF,MAAM,SAAS,MAAM,KAAK,QAAQ,QAAQ,OAAO,SAAS,KAAK,cAAc,QAAQ;GACrF,MAAM,mBAAmB;AAGzB,QAAK,cAAc,OAAO,YAAY,iBAAiB;GAGvD,MAAM,eAAsC;IAC1C;IACA,WAAW,IAAI,KAAK,UAAU;IAC9B,SAAS,iBAAiB;IAC1B,UAAU,iBAAiB;IAC3B,OAAO,iBAAiB;IACxB,UAAU,iBAAiB;IAC3B,QAAQ,QAAQ,SAAS;IACzB,WAAW,QAAQ,SAAS;IAC5B,MAAM,aAAa,KAAK;IACzB;AAED,UAAO,cAAc,OAAO,eAAe,EAAE;AAC7C,UAAO,YAAY,KAAK,aAAa;AAGrC,UAAO,OAAO,YAAY,SAAS,iBACjC,QAAO,YAAY,OAAO;GAG5B,MAAM,EAAE,SAAS,GAAG,SAAS;AAI7B,UAAO;IAAE;IAAe;IAAiC;;AAI3D,MAAI,OAAO,SAAS,aAAa,OAAO,WACtC,QAAO,KAAK,cAAc,OAAO,YAAY,MAAM,QAAQ;AAG7D,QAAM,IAAI,MAAM,sBAAsB,OAAO;;;;;CAM/C,MAAc,cACZ,YACA,MACA,SACwB;AACxB,MAAI,eAAe,OAAO;GAExB,MAAM,OAAO,KAAK;AAClB,OAAI,OAAO,SAAS,SAClB,OAAM,IAAI,MAAM,mDAAmD;GAIrE,MAAM,YAAY,KAAK,eAAe,QAAQ,SAAS,QAAQ,OAAU;AACzE,OAAI,UAAU,QACZ,QAAO;IACL,SAAS;IACT,MAAM;KACJ,OAAO,wBAAwB,UAAU;KACzC,MAAM,EAAE;KACR,UAAU;KACV,aAAa;KACd;IACF;AAIH,QAAK,gBAAgB,QAAQ,SAAS,QAAQ,OAAU;GAGxD,MAAM,cAAc,qBAAqB;GACzC,MAAM,YAAY,KAAK,KAAK;GAE5B,MAAM,UAA4B;IAChC,MAAO,KAAK,QAAoC,EAAE;IAClD,QAAQ,QAAQ,SAAS;IACzB,WAAW,QAAQ,SAAS;IAC5B;IACA;IACD;AAGD,QAAK,SAAS;IACZ,MAAM;IACN,QAAQ,QAAQ,SAAS;IACzB,WAAW,QAAQ,SAAS;IAC5B,YAAY;IACZ,SAAS,EAAE,YAAY,KAAK,QAAQ;IACrC,CAAC;GAEF,MAAM,SAAS,MAAM,KAAK,QAAQ,QAAQ,MAAM,KAAK,cAAc,QAAQ;GAC3E,MAAM,gBAAgB;AAGtB,QAAK,cAAc,QAAW,cAAc;GAE5C,MAAM,EAAE,SAAS,YAAY,GAAG,YAAY;AAI5C,UAAO;IAAE,SAAS;IAAY,MAAM;IAAoC;;AAG1E,MAAI,eAAe,YAAY;GAE7B,MAAM,OAAO,KAAK;AAClB,OAAI,OAAO,SAAS,SAClB,OAAM,IAAI,MAAM,wDAAwD;AAG1E,OAAI;AAEF,QAAI,SAAS,sCAAsC,KAAK,IAAI;AAC5D,WAAO;KACL,SAAS;KACT,MAAM;MACJ,OAAO;MACP,SAAS;MACV;KACF;YACM,OAAO;AACd,WAAO;KACL,SAAS;KACT,MAAM;MACJ,OAAO;MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;MAC9D;KACF;;;AAIL,MAAI,eAAe,YAAY;GAE7B,MAAM,aAAa,KAAK;GACxB,MAAM,UAAU,KAAK;AAErB,OAAI,OAAO,eAAe,SACxB,OAAM,IAAI,MAAM,0DAA0D;AAE5E,OAAI,OAAO,YAAY,YAAY,UAAU,EAC3C,OAAM,IAAI,MAAM,oEAAoE;GAGtF,MAAM,SAAS,KAAK,QAAQ,IAAI,WAAW;AAC3C,OAAI,CAAC,OACH,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,qBAAqB,cAC7B;IACF;GAIH,MAAM,iBADW,OAAO,YAAY,EAAE,EACP,MAAM,MAAM,EAAE,YAAY,QAAQ;AACjE,OAAI,CAAC,cACH,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,WAAW,QAAQ,aAC3B;IACF;AAIH,SAAM,KAAK,MAAM,YAAY,WAAW,MAAM,EAAE,SAAS,cAAc,SAAS,CAAC;AAEjF,UAAO;IACL,SAAS;IACT,MAAM;KACJ,SAAS,0BAA0B;KACnC,YAAY,OAAO,UAAU,UAAU;KACxC;IACF;;AAGH,MAAI,eAAe,WAAW;GAE5B,MAAM,aAAa,KAAK;GACxB,MAAM,gBAAgB,KAAK;AAE3B,OAAI,CAAC,cAAc,OAAO,eAAe,SACvC,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,0DACR;IACF;AAGH,OAAI,CAAC,iBAAiB,OAAO,kBAAkB,SAC7C,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,wDACR;IACF;GAIH,MAAM,iBAAiB,KAAK,kBAAkB,cAAc;AAC5D,OAAI,CAAC,eAAe,MAClB,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,eAAe,OACvB;IACF;GAIH,MAAM,SAAS,KAAK,QAAQ,IAAI,WAAW;AAC3C,OAAI,CAAC,OACH,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,qBAAqB,cAC7B;IACF;AAIH,OAAI;AACF,QAAI,SAAS,sCAAsC,OAAO,QAAQ,IAAI;YAC/D,OAAO;AACd,WAAO;KACL,SAAS;KACT,MAAM,EACJ,OAAO,4BAA4B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,IAC1F;KACF;;GAIH,MAAM,iBAAiB,OAAO,UAAU,SACpC,KAAK,IAAI,GAAG,OAAO,SAAS,KAAK,MAAM,EAAE,QAAQ,CAAC,GAClD;GAGJ,MAAM,WAAW,KAAK,gBAAgB,IAAI,cAAc;GACxD,MAAMC,mBAAiC;IACrC,MAAM;IACN,aAAc,KAAK,eAA0B,UAAU;IACvD,cAAc;IACd,eAAe;IACf,aAAc,KAAK,eAA2C,UAAU;IACxE,cAAe,KAAK,gBAA4C,UAAU;IAC1E,4BAAY,IAAI,MAAM;IACtB,UAAU,UAAU,WAAW,KAAK;IACrC;AAED,QAAK,gBAAgB,IAAI,eAAeA,iBAAe;AAGvD,QAAK,SAAS;IACZ,MAAM;IACN,YAAY;IACZ;IACA,SAAS,EAAE,SAASA,iBAAe,SAAS;IAC7C,CAAC;AAEF,UAAO;IACL,SAAS;IACT,MAAM;KACJ,SAAS,WAAW,WAAW,wBAAwB,cAAc,aAAaA,iBAAe,QAAQ;KACzG,QAAQA;KACT;IACF;;AAGH,MAAI,eAAe,wBAAwB;GAEzC,MAAM,eAAe,KAAK;GAC1B,MAAM,aAAa,KAAK;GACxB,MAAM,YAAa,KAAK,aAAwC,EAAE;AAElE,OAAI,CAAC,gBAAgB,OAAO,iBAAiB,SAC3C,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,yEACR;IACF;AAGH,OAAI,CAAC,cAAc,OAAO,eAAe,SACvC,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,qEACR;IACF;AAIH,OACE,aAAa,SAAS,KAAK,IAC3B,aAAa,SAAS,IAAI,IAC1B,aAAa,SAAS,KAAK,CAE3B,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,yBACR;IACF;GAIH,MAAM,WAAW,mBAAmB,MAAM,MAAM,EAAE,SAAS,aAAa;AACxE,OAAI,CAAC,SACH,QAAO;IACL,SAAS;IACT,MAAM,EACJ,OAAO,uBAAuB,gBAC/B;IACF;AAIH,OAAI,SAAS,WAAW;AACtB,SAAK,MAAM,KAAK,SAAS,UACvB,KAAI,EAAE,YAAY,UAAU,EAAE,UAAU,UAAa,EAAE,YAAY,OACjE,QAAO;KACL,SAAS;KACT,MAAM,EACJ,OAAO,8BAA8B,EAAE,QACxC;KACF;AAKL,SAAK,MAAM,KAAK,SAAS,UACvB,KAAI,UAAU,EAAE,UAAU,UAAa,EAAE,YAAY,OACnD,WAAU,EAAE,QAAQ,EAAE;;GAM5B,MAAM,UAAU,KAAK,cAAc,SAAS,SAAS,UAAU;AAG/D,SAAM,KAAK,MAAM,YAAY,WAAW,MAAM,EAAE,SAAS,CAAC;AAE1D,UAAO;IACL,SAAS;IACT,MAAM;KACJ,SAAS,WAAW,WAAW,2BAA2B,aAAa;KACvE,MAAM,YAAY,WAAW;KAC9B;IACF;;EAIH,MAAM,iBAAiB,KAAK,gBAAgB,IAAI,WAAW;AAC3D,MAAI,gBAAgB;GAElB,MAAM,SAAS,KAAK,QAAQ,IAAI,eAAe,aAAa;AAC5D,OAAI,CAAC,OACH,QAAO;IACL,SAAS;IACT,MAAM;KACJ,OAAO,4BAA4B,eAAe;KAClD,MAAM,EAAE;KACR,UAAU;KACX;IACF;GAIH,MAAM,YAAY,KAAK,eAAe,QAAQ,SAAS,QAAQ,eAAe,aAAa;AAC3F,OAAI,UAAU,QACZ,QAAO;IACL,SAAS;IACT,MAAM;KACJ,OAAO,wBAAwB,UAAU;KACzC,MAAM,EAAE;KACR,UAAU;KACV,aAAa;KACd;IACF;AAIH,QAAK,gBAAgB,QAAQ,SAAS,QAAQ,eAAe,aAAa;GAG1E,MAAM,cAAc,qBAAqB;GACzC,MAAM,YAAY,KAAK,KAAK;GAE5B,MAAM,UAA4B;IAChC;IACA,QAAQ,QAAQ,SAAS;IACzB,WAAW,QAAQ,SAAS;IAC5B;IACA;IACD;AAGD,QAAK,SAAS;IACZ,MAAM;IACN,QAAQ,QAAQ,SAAS;IACzB,WAAW,QAAQ,SAAS;IAC5B;IACA,YAAY,eAAe;IAC3B,SAAS,EAAE,MAAM,aAAa,KAAK,EAAE;IACtC,CAAC;GAEF,MAAM,SAAS,MAAM,KAAK,QAAQ,QAAQ,OAAO,SAAS,KAAK,cAAc,QAAQ;GACrF,MAAM,qBAAqB;AAG3B,QAAK,cAAc,eAAe,cAAc,mBAAmB;GAEnE,MAAM,EAAE,SAAS,iBAAiB,GAAG,iBAAiB;AAItD,UAAO;IAAE,SAAS;IAAiB,MAAM;IAAyC;;AAGpF,QAAM,IAAI,MAAM,mBAAmB,aAAa"}
|
package/package.json
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@aigne/afs-sandbox",
|
|
3
|
+
"version": "1.11.0-beta.6",
|
|
4
|
+
"description": "AIGNE AFS sandbox provider for executing JavaScript code in isolated environments",
|
|
5
|
+
"license": "UNLICENSED",
|
|
6
|
+
"publishConfig": {
|
|
7
|
+
"access": "public"
|
|
8
|
+
},
|
|
9
|
+
"author": "Arcblock <blocklet@arcblock.io> https://github.com/arcblock",
|
|
10
|
+
"homepage": "https://github.com/arcblock/afs",
|
|
11
|
+
"repository": {
|
|
12
|
+
"type": "git",
|
|
13
|
+
"url": "git+https://github.com/arcblock/afs"
|
|
14
|
+
},
|
|
15
|
+
"bugs": {
|
|
16
|
+
"url": "https://github.com/arcblock/afs/issues"
|
|
17
|
+
},
|
|
18
|
+
"type": "module",
|
|
19
|
+
"main": "./dist/index.cjs",
|
|
20
|
+
"module": "./dist/index.mjs",
|
|
21
|
+
"types": "./dist/index.d.cts",
|
|
22
|
+
"exports": {
|
|
23
|
+
".": {
|
|
24
|
+
"require": "./dist/index.cjs",
|
|
25
|
+
"import": "./dist/index.mjs"
|
|
26
|
+
},
|
|
27
|
+
"./*": "./*"
|
|
28
|
+
},
|
|
29
|
+
"files": [
|
|
30
|
+
"dist",
|
|
31
|
+
"LICENSE",
|
|
32
|
+
"README.md",
|
|
33
|
+
"CHANGELOG.md"
|
|
34
|
+
],
|
|
35
|
+
"dependencies": {
|
|
36
|
+
"quickjs-emscripten": "^0.31.0",
|
|
37
|
+
"zod": "^3.25.67",
|
|
38
|
+
"@aigne/afs": "^1.11.0-beta.6"
|
|
39
|
+
},
|
|
40
|
+
"devDependencies": {
|
|
41
|
+
"@types/bun": "^1.3.6",
|
|
42
|
+
"npm-run-all": "^4.1.5",
|
|
43
|
+
"rimraf": "^6.1.2",
|
|
44
|
+
"tsdown": "0.20.0-beta.3",
|
|
45
|
+
"typescript": "5.9.2",
|
|
46
|
+
"@aigne/afs-json": "1.11.0-beta.6",
|
|
47
|
+
"@aigne/scripts": "0.0.0",
|
|
48
|
+
"@aigne/typescript-config": "0.0.0"
|
|
49
|
+
},
|
|
50
|
+
"scripts": {
|
|
51
|
+
"build": "tsdown",
|
|
52
|
+
"check-types": "tsc --noEmit",
|
|
53
|
+
"clean": "rimraf dist coverage",
|
|
54
|
+
"test": "bun test",
|
|
55
|
+
"test:coverage": "bun test --coverage --coverage-reporter=lcov --coverage-reporter=text"
|
|
56
|
+
}
|
|
57
|
+
}
|