@anthropic-ai/sandbox-runtime 0.0.1

package/dist/sandbox/sandbox-schemas.d.ts

@@ -0,0 +1,93 @@
+import { z } from 'zod';
+export interface FsReadRestrictionConfig {
+    denyOnly: string[];
+}
+export interface FsWriteRestrictionConfig {
+    allowOnly: string[];
+    denyWithinAllow: string[];
+}
+export interface NetworkRestrictionConfig {
+    allowedHosts?: string[];
+    deniedHosts?: string[];
+}
+export type NetworkHostPattern = {
+    host: string;
+    port: number | undefined;
+};
+export type SandboxAskCallback = (params: NetworkHostPattern) => Promise<boolean>;
+export declare function generateHostListSchema(allowedOrDenied: 'allowed' | 'denied'): z.ZodEffects<z.ZodArray<z.ZodString, "many">, string[], string[]>;
+/**
+ * Safely parse a network restriction pattern.
+ * Returns the parsed pattern or an Error.
+ */
+export declare function safeParseRestrictionPattern(pattern: string): NetworkHostPattern | Error;
+/**
+ * Schema for command-specific sandbox violation ignore patterns.
+ * Maps command patterns to lists of filesystem paths to ignore violations for.
+ * The special key "*" matches all commands.
+ *
+ * Example:
+ * {
+ *   "*": ["/usr/bin", "/System"],           // Ignore for all commands
+ *   "git push": ["/usr/bin/nc"],            // Ignore nc errors when running git push
+ *   "npm": ["/private/tmp"],                // Ignore tmp access for npm commands
+ * }
+ */
+export declare const IgnoreViolationsSchema: z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>;
+export type IgnoreViolationsConfig = z.infer<typeof IgnoreViolationsSchema>;
+export declare const NetworkConfigSchema: z.ZodOptional<z.ZodObject<{
+    allowUnixSockets: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    allowLocalBinding: z.ZodOptional<z.ZodBoolean>;
+    httpProxyPort: z.ZodOptional<z.ZodNumber>;
+    socksProxyPort: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    allowUnixSockets?: string[] | undefined;
+    allowLocalBinding?: boolean | undefined;
+    httpProxyPort?: number | undefined;
+    socksProxyPort?: number | undefined;
+}, {
+    allowUnixSockets?: string[] | undefined;
+    allowLocalBinding?: boolean | undefined;
+    httpProxyPort?: number | undefined;
+    socksProxyPort?: number | undefined;
+}>>;
+export declare const SandboxConfigSchema: z.ZodObject<{
+    network: z.ZodOptional<z.ZodObject<{
+        allowUnixSockets: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        allowLocalBinding: z.ZodOptional<z.ZodBoolean>;
+        httpProxyPort: z.ZodOptional<z.ZodNumber>;
+        socksProxyPort: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        allowUnixSockets?: string[] | undefined;
+        allowLocalBinding?: boolean | undefined;
+        httpProxyPort?: number | undefined;
+        socksProxyPort?: number | undefined;
+    }, {
+        allowUnixSockets?: string[] | undefined;
+        allowLocalBinding?: boolean | undefined;
+        httpProxyPort?: number | undefined;
+        socksProxyPort?: number | undefined;
+    }>>;
+    ignoreViolations: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
+    enableWeakerNestedSandbox: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    network?: {
+        allowUnixSockets?: string[] | undefined;
+        allowLocalBinding?: boolean | undefined;
+        httpProxyPort?: number | undefined;
+        socksProxyPort?: number | undefined;
+    } | undefined;
+    ignoreViolations?: Record<string, string[]> | undefined;
+    enableWeakerNestedSandbox?: boolean | undefined;
+}, {
+    network?: {
+        allowUnixSockets?: string[] | undefined;
+        allowLocalBinding?: boolean | undefined;
+        httpProxyPort?: number | undefined;
+        socksProxyPort?: number | undefined;
+    } | undefined;
+    ignoreViolations?: Record<string, string[]> | undefined;
+    enableWeakerNestedSandbox?: boolean | undefined;
+}>;
+export type SandboxConfig = z.infer<typeof SandboxConfigSchema>;
+//# sourceMappingURL=sandbox-schemas.d.ts.map

package/dist/sandbox/sandbox-schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-schemas.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-schemas.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAGvB,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,MAAM,WAAW,wBAAwB;IACvC,SAAS,EAAE,MAAM,EAAE,CAAA;IACnB,eAAe,EAAE,MAAM,EAAE,CAAA;CAC1B;AAGD,MAAM,WAAW,wBAAwB;IACvC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;CACvB;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,GAAG,SAAS,CAAA;CACzB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG,CAC/B,MAAM,EAAE,kBAAkB,KACvB,OAAO,CAAC,OAAO,CAAC,CAAA;AAErB,wBAAgB,sBAAsB,CAAC,eAAe,EAAE,SAAS,GAAG,QAAQ,qEAiB3E;AAqKD;;;GAGG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,MAAM,GACd,kBAAkB,GAAG,KAAK,CA2B5B;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,sBAAsB,2DAWhC,CAAA;AAEH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAA;AAO3E,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;GAiCnB,CAAA;AAGb,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAW9B,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA"}

package/dist/sandbox/sandbox-schemas.js

@@ -0,0 +1,231 @@
+import { isIP } from 'node:net';
+import { z } from 'zod';
+export function generateHostListSchema(allowedOrDenied) {
+    return z
+        .array(z.string())
+        .describe(`List of automatically ${allowedOrDenied} network hosts (e.g., ["github.com:443", "api.example.com"])`)
+        .transform((patterns) => {
+        // Parse and validate each host pattern
+        return patterns.map(pattern => {
+            const parsed = safeParseRestrictionPattern(pattern);
+            if (parsed instanceof Error) {
+                throw new Error(`Invalid network host pattern: ${parsed.message}`);
+            }
+            // Return the original validated string, not the parsed pattern
+            return pattern;
+        });
+    });
+}
+// Port number schema
+const portNumberSchema = z
+    .string()
+    .regex(/^\d+$/)
+    .transform(val => parseInt(val, 10))
+    .refine(port => port >= 1 && port <= 65535, 'Port must be between 1 and 65535');
+// Schema for IPv6 addresses without port
+// Examples: "::1" (IPv6 loopback), "2001:db8::1", "fe80::1"
+const ipv6Schema = z
+    .string()
+    .refine(val => isIP(val) === 6 && !val.includes('[') && !val.includes(']'))
+    .transform((val) => ({
+    host: val,
+    port: undefined,
+}));
+// Schema for IPv6 addresses with port (requires bracket notation)
+// Examples: "[::1]:8080", "[2001:db8::1]:443", "[fe80::1]:22"
+const ipv6WithPortSchema = z
+    .string()
+    .regex(/^\[([^\]]+)\]:(\d+)$/)
+    .transform((val) => {
+    const match = val.match(/^\[([^\]]+)\]:(\d+)$/);
+    const host = match[1];
+    const portStr = match[2];
+    // Validate that the host part is actually an IPv6 address
+    if (isIP(host) !== 6) {
+        throw new Error('Invalid IPv6 address in bracket notation');
+    }
+    // Parse and validate port
+    const portResult = portNumberSchema.safeParse(portStr);
+    if (!portResult.success) {
+        throw new Error('Invalid port number');
+    }
+    const port = portResult.data;
+    return { host, port };
+});
+// Schema for IPv4 addresses without port
+// Examples: "192.168.1.1", "127.0.0.1", "10.0.0.1"
+const ipv4Schema = z
+    .string()
+    .refine(val => isIP(val) === 4)
+    .transform((val) => ({
+    host: val,
+    port: undefined,
+}));
+// Schema for IPv4 addresses with port
+// Examples: "192.168.1.1:8080", "127.0.0.1:443", "10.0.0.1:22"
+const ipv4WithPortSchema = z
+    .string()
+    .regex(/^(\d+\.\d+\.\d+\.\d+):(\d+)$/)
+    .transform((val) => {
+    const match = val.match(/^(\d+\.\d+\.\d+\.\d+):(\d+)$/);
+    const host = match[1];
+    const portStr = match[2];
+    // Validate that the host part is actually an IPv4 address
+    if (isIP(host) !== 4) {
+        throw new Error('Invalid IPv4 address format');
+    }
+    // Parse and validate port
+    const portResult = portNumberSchema.safeParse(portStr);
+    if (!portResult.success) {
+        throw new Error('Invalid port number');
+    }
+    const port = portResult.data;
+    return { host, port };
+});
+// Base schema for validating domain names (not IP addresses)
+// Examples: "example.com", "localhost", "*.example.com", "sub.domain.com"
+const domainNameSchema = z.string().refine(val => {
+    // Basic format checks
+    if (val.length === 0 ||
+        val.includes(':') || // No colons (would indicate port or IPv6)
+        val.includes('/') || // No paths or protocol prefixes
+        val.includes('?') || // No query strings
+        val.includes('#') || // No fragments
+        isIP(val) // Not an IP address
+    ) {
+        return false;
+    }
+    // Special case: localhost is always valid
+    if (val === 'localhost') {
+        return true;
+    }
+    // Wildcard domains: *.example.com (must have dot after wildcard)
+    if (val.startsWith('*.')) {
+        const domainPart = val.slice(2);
+        return (domainPart.includes('.') &&
+            !domainPart.startsWith('.') &&
+            !domainPart.endsWith('.'));
+    }
+    // Regular domains: must contain at least one dot and not start/end with dot
+    return val.includes('.') && !val.startsWith('.') && !val.endsWith('.');
+});
+// Schema for domain name without port
+// Examples: "example.com", "*.example.com", "localhost"
+const hostnameSchema = domainNameSchema.transform((val) => ({
+    host: val,
+    port: undefined,
+}));
+// Schema for domain name with port
+// Examples: "example.com:8080", "localhost:3000", "*.example.com:443"
+const hostnameWithPortSchema = z
+    .string()
+    .regex(/^([^:]+):(\d+)$/)
+    .transform((val) => {
+    const match = val.match(/^([^:]+):(\d+)$/);
+    const host = match[1];
+    const portStr = match[2];
+    // Validate that the host part is a valid domain name
+    const hostResult = domainNameSchema.safeParse(host);
+    if (!hostResult.success) {
+        throw new Error('Invalid domain name');
+    }
+    // Parse and validate port
+    const portResult = portNumberSchema.safeParse(portStr);
+    if (!portResult.success) {
+        throw new Error('Invalid port number');
+    }
+    const port = portResult.data;
+    return { host, port };
+});
+// Combined schema that tries each pattern in order
+const hostPatternSchema = z.union([
+    ipv6WithPortSchema,
+    ipv6Schema,
+    ipv4WithPortSchema,
+    ipv4Schema,
+    hostnameWithPortSchema,
+    hostnameSchema,
+]);
+/**
+ * Safely parse a network restriction pattern.
+ * Returns the parsed pattern or an Error.
+ */
+export function safeParseRestrictionPattern(pattern) {
+    const result = hostPatternSchema.safeParse(pattern);
+    if (!result.success) {
+        // Provide helpful error messages for common mistakes
+        if (pattern.startsWith('http://') || pattern.startsWith('https://')) {
+            return Error(`Invalid network restriction: "${pattern}" - remove the protocol (http:// or https://)`);
+        }
+        if (pattern.includes('/')) {
+            return Error(`Invalid network restriction: "${pattern}" - paths are not allowed, only hosts`);
+        }
+        if (pattern === '') {
+            return Error(`Invalid network restriction: empty string - please provide a host`);
+        }
+        if (pattern.endsWith(':')) {
+            return Error(`Invalid network restriction: "${pattern}" - incomplete port specification`);
+        }
+        return Error(`Invalid network restriction: "${pattern}"`);
+    }
+    return result.data;
+}
+/**
+ * Schema for command-specific sandbox violation ignore patterns.
+ * Maps command patterns to lists of filesystem paths to ignore violations for.
+ * The special key "*" matches all commands.
+ *
+ * Example:
+ * {
+ *   "*": ["/usr/bin", "/System"],           // Ignore for all commands
+ *   "git push": ["/usr/bin/nc"],            // Ignore nc errors when running git push
+ *   "npm": ["/private/tmp"],                // Ignore tmp access for npm commands
+ * }
+ */
+export const IgnoreViolationsSchema = z
+    .record(z.string(), z
+    .array(z.string())
+    .describe('List of filesystem paths to ignore sandbox violations for when this command pattern matches'))
+    .describe('Map of command patterns to filesystem paths to ignore violations for. Use "*" to match all commands');
+// ============================================================================
+// COMBINED SCHEMAS
+// ============================================================================
+// Network restriction schemas
+export const NetworkConfigSchema = z
+    .object({
+    allowUnixSockets: z
+        .array(z.string())
+        .optional()
+        .describe('Allow Unix domain sockets for local IPC (SSH agent, Docker, etc.). Provide an array of specific paths. Defaults to blocking if not specified'),
+    allowLocalBinding: z
+        .boolean()
+        .optional()
+        .describe('Allow binding to local network addresses (e.g., localhost ports). Defaults to false if not specified'),
+    httpProxyPort: z
+        .number()
+        .int()
+        .min(1)
+        .max(65535)
+        .optional()
+        .describe('HTTP proxy port to use for network filtering. If not specified, a proxy server will be started automatically'),
+    socksProxyPort: z
+        .number()
+        .int()
+        .min(1)
+        .max(65535)
+        .optional()
+        .describe('SOCKS proxy port to use for network filtering. If not specified, a proxy server will be started automatically'),
+})
+    .optional();
+// Complete sandbox config schema
+export const SandboxConfigSchema = z.object({
+    network: NetworkConfigSchema,
+    ignoreViolations: IgnoreViolationsSchema.optional(),
+    enableWeakerNestedSandbox: z
+        .boolean()
+        .optional()
+        .describe('Enable weaker sandbox mode for unprivileged docker environments where --proc mounting fails. ' +
+        'This significantly reduces the strength of the sandbox and should only be used when this risk is acceptable.' +
+        'Default: false (secure).'),
+});
+//# sourceMappingURL=sandbox-schemas.js.map

package/dist/sandbox/sandbox-schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-schemas.js","sourceRoot":"","sources":["../../src/sandbox/sandbox-schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAA;AAC/B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AA2BvB,MAAM,UAAU,sBAAsB,CAAC,eAAqC;IAC1E,OAAO,CAAC;SACL,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,CACP,yBAAyB,eAAe,8DAA8D,CACvG;SACA,SAAS,CAAC,CAAC,QAAQ,EAAY,EAAE;QAChC,uCAAuC;QACvC,OAAO,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;YAC5B,MAAM,MAAM,GAAG,2BAA2B,CAAC,OAAO,CAAC,CAAA;YACnD,IAAI,MAAM,YAAY,KAAK,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,iCAAiC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;YACpE,CAAC;YACD,+DAA+D;YAC/D,OAAO,OAAO,CAAA;QAChB,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACN,CAAC;AAED,qBAAqB;AACrB,MAAM,gBAAgB,GAAG,CAAC;KACvB,MAAM,EAAE;KACR,KAAK,CAAC,OAAO,CAAC;KACd,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;KACnC,MAAM,CACL,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,EAClC,kCAAkC,CACnC,CAAA;AAEH,yCAAyC;AACzC,4DAA4D;AAC5D,MAAM,UAAU,GAAG,CAAC;KACjB,MAAM,EAAE;KACR,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;KAC1E,SAAS,CACR,CAAC,GAAG,EAAsB,EAAE,CAAC,CAAC;IAC5B,IAAI,EAAE,GAAG;IACT,IAAI,EAAE,SAAS;CAChB,CAAC,CACH,CAAA;AAEH,kEAAkE;AAClE,8DAA8D;AAC9D,MAAM,kBAAkB,GAAG,CAAC;KACzB,MAAM,EAAE;KACR,KAAK,CAAC,sBAAsB,CAAC;KAC7B,SAAS,CAAC,CAAC,GAAG,EAAsB,EAAE;IACrC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,sBAAsB,CAAE,CAAA;IAChD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;IACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;IAEzB,0DAA0D;IAC1D,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAC7D,CAAC;IAED,0BAA0B;IAC1B,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACtD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;IACxC,CAAC;IACD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAA;IAE5B,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AACvB,CAAC,CAAC,CAAA;AAEJ,yCAAyC;AACzC,mDAAmD;AACnD,MAAM,UAAU,GAAG,CAAC;KACjB,MAAM,EAAE;KACR,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KAC9B,SAAS,CACR,CAAC,GAAG,EAAsB,EAAE,CAAC,CAAC;IAC5B,IAAI,EAAE,GAAG;IACT,IAAI,EAAE,SAAS;CAChB,CAAC,CACH,CAAA;AAEH,sCAAsC;AACtC,+DAA+D;AAC/D,MAAM,kBAAkB,GAAG,CAAC;KACzB,MAAM,EAAE;KACR,KAAK,CAAC,8BAA8B,CAAC;KACrC,SAAS,CAAC,CAAC,GAAG,EAAsB,EAAE;IACrC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,8BAA8B,CAAE,CAAA;IACxD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;IACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;IAEzB,0DAA0D;IAC1D,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;IAChD,CAAC;IAED,0BAA0B;IAC1B,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACtD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;IACxC,CAAC;IACD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAA;IAE5B,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AACvB,CAAC,CAAC,CAAA;AAEJ,6DAA6D;AAC7D,0EAA0E;AAC1E,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;IAC/C,sBAAsB;IACtB,IACE,GAAG,CAAC,MAAM,KAAK,CAAC;QAChB,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,0CAA0C;QAC/D,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,gCAAgC;QACrD,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB;QACxC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe;QACpC,IAAI,CAAC,GAAG,CAAC,CAAC,oBAAoB;MAC9B,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,0CAA0C;IAC1C,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QACxB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,iEAAiE;IACjE,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAC/B,OAAO,CACL,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC;YACxB,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC;YAC3B,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAC1B,CAAA;IACH,CAAC;IAED,4EAA4E;IAC5E,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AACxE,CAAC,CAAC,CAAA;AAEF,sCAAsC;AACtC,wDAAwD;AACxD,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,CAC/C,CAAC,GAAG,EAAsB,EAAE,CAAC,CAAC;IAC5B,IAAI,EAAE,GAAG;IACT,IAAI,EAAE,SAAS;CAChB,CAAC,CACH,CAAA;AAED,mCAAmC;AACnC,sEAAsE;AACtE,MAAM,sBAAsB,GAAG,CAAC;KAC7B,MAAM,EAAE;KACR,KAAK,CAAC,iBAAiB,CAAC;KACxB,SAAS,CAAC,CAAC,GAAG,EAAsB,EAAE;IACrC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAE,CAAA;IAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;IACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;IAEzB,qDAAqD;IACrD,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;IACnD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;IACxC,CAAC;IAED,0BAA0B;IAC1B,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACtD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;IACxC,CAAC;IACD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAA;IAE5B,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AACvB,CAAC,CAAC,CAAA;AAEJ,mDAAmD;AACnD,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC;IAChC,kBAAkB;IAClB,UAAU;IACV,kBAAkB;IAClB,UAAU;IACV,sBAAsB;IACtB,cAAc;CACf,CAAC,CAAA;AAEF;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CACzC,OAAe;IAEf,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,qDAAqD;QACrD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACpE,OAAO,KAAK,CACV,iCAAiC,OAAO,+CAA+C,CACxF,CAAA;QACH,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,KAAK,CACV,iCAAiC,OAAO,uCAAuC,CAChF,CAAA;QACH,CAAC;QACD,IAAI,OAAO,KAAK,EAAE,EAAE,CAAC;YACnB,OAAO,KAAK,CACV,mEAAmE,CACpE,CAAA;QACH,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,KAAK,CACV,iCAAiC,OAAO,mCAAmC,CAC5E,CAAA;QACH,CAAC;QACD,OAAO,KAAK,CAAC,iCAAiC,OAAO,GAAG,CAAC,CAAA;IAC3D,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAA;AACpB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC;KACpC,MAAM,CACL,CAAC,CAAC,MAAM,EAAE,EACV,CAAC;KACE,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACjB,QAAQ,CACP,6FAA6F,CAC9F,CACJ;KACA,QAAQ,CACP,qGAAqG,CACtG,CAAA;AAIH,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,8BAA8B;AAC9B,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,gBAAgB,EAAE,CAAC;SAChB,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;SACV,QAAQ,CACP,8IAA8I,CAC/I;IACH,iBAAiB,EAAE,CAAC;SACjB,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CACP,sGAAsG,CACvG;IACH,aAAa,EAAE,CAAC;SACb,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,KAAK,CAAC;SACV,QAAQ,EAAE;SACV,QAAQ,CACP,8GAA8G,CAC/G;IACH,cAAc,EAAE,CAAC;SACd,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,KAAK,CAAC;SACV,QAAQ,EAAE;SACV,QAAQ,CACP,+GAA+G,CAChH;CACJ,CAAC;KACD,QAAQ,EAAE,CAAA;AAEb,iCAAiC;AACjC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,OAAO,EAAE,mBAAmB;IAC5B,gBAAgB,EAAE,sBAAsB,CAAC,QAAQ,EAAE;IACnD,yBAAyB,EAAE,CAAC;SACzB,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,QAAQ,CACP,+FAA+F;QAC7F,8GAA8G;QAC9G,0BAA0B,CAC7B;CACJ,CAAC,CAAA"}

package/dist/sandbox/sandbox-utils.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Check if a path pattern contains glob characters
+ */
+export declare function containsGlobChars(pathPattern: string): boolean;
+/**
+ * Remove trailing /** glob suffix from a path pattern
+ * Used to normalize path patterns since /** just means "directory and everything under it"
+ */
+export declare function removeTrailingGlobSuffix(pathPattern: string): string;
+/**
+ * Normalize a path for use in sandbox configurations
+ * Handles:
+ * - Tilde (~) expansion for home directory
+ * - Relative paths (./foo, ../foo, etc.) converted to absolute
+ * - Absolute paths remain unchanged
+ * - Symlinks are resolved to their real paths for non-glob patterns
+ * - Glob patterns preserve wildcards after path normalization
+ *
+ * Returns the absolute path with symlinks resolved (or normalized glob pattern)
+ */
+export declare function normalizePathForSandbox(pathPattern: string): string;
+/**
+ * Get recommended system paths that should be writable for commands to work properly
+ *
+ * WARNING: These default paths are intentionally broad for compatibility but may
+ * allow access to files from other processes. In highly security-sensitive
+ * environments, you should configure more restrictive write paths.
+ */
+export declare function getDefaultWritePaths(): string[];
+/**
+ * Get mandatory deny paths within allowed write areas
+ * This uses ripgrep to scan the filesystem for dangerous files and directories
+ * Returns absolute paths that must be blocked from writes
+ */
+export declare function getMandatoryDenyWithinAllow(): Promise<string[]>;
+/**
+ * Generate proxy environment variables for sandboxed processes
+ */
+export declare function generateProxyEnvVars(httpProxyPort?: number, socksProxyPort?: number): string[];
+/**
+ * Encode a command for sandbox monitoring
+ * Truncates to 100 chars and base64 encodes to avoid parsing issues
+ */
+export declare function encodeSandboxedCommand(command: string): string;
+/**
+ * Decode a base64-encoded command from sandbox monitoring
+ */
+export declare function decodeSandboxedCommand(encodedCommand: string): string;
+//# sourceMappingURL=sandbox-utils.d.ts.map

package/dist/sandbox/sandbox-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-utils.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-utils.ts"],"names":[],"mappings":"AAyCA;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAO9D;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAEpE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CA8BnE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,EAAE,CAc/C;AAED;;;;GAIG;AACH,wBAAsB,2BAA2B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAqKrE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,CAAC,EAAE,MAAM,EACtB,cAAc,CAAC,EAAE,MAAM,GACtB,MAAM,EAAE,CA6FV;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAG9D;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAErE"}