@anthropic-ai/sandbox-runtime 0.0.1

package/dist/sandbox/sandbox-utils.js

@@ -0,0 +1,345 @@
+import { homedir } from 'os';
+import * as path from 'path';
+import * as fs from 'fs';
+import { getPlatform } from '../utils/platform.js';
+import { ripGrep } from '../utils/ripgrep.js';
+/**
+ * Dangerous files that should be protected from writes.
+ * These files can be used for code execution or data exfiltration.
+ */
+const DANGEROUS_FILES = [
+    '.gitconfig',
+    '.gitmodules',
+    '.bashrc',
+    '.bash_profile',
+    '.zshrc',
+    '.zprofile',
+    '.profile',
+    '.ripgreprc',
+    '.mcp.json',
+];
+/**
+ * Dangerous directories that should be protected from writes.
+ * These directories contain sensitive configuration or executable files.
+ */
+const DANGEROUS_DIRECTORIES = ['.git', '.vscode', '.idea'];
+/**
+ * Normalizes a path for case-insensitive comparison.
+ * This prevents bypassing security checks using mixed-case paths on case-insensitive
+ * filesystems (macOS/Windows) like `.cLauDe/Settings.locaL.json`.
+ *
+ * We always normalize to lowercase regardless of platform for consistent security.
+ * @param path The path to normalize
+ * @returns The lowercase path for safe comparison
+ */
+function normalizeCaseForComparison(pathStr) {
+    return pathStr.toLowerCase();
+}
+/**
+ * Check if a path pattern contains glob characters
+ */
+export function containsGlobChars(pathPattern) {
+    return (pathPattern.includes('*') ||
+        pathPattern.includes('?') ||
+        pathPattern.includes('[') ||
+        pathPattern.includes(']'));
+}
+/**
+ * Remove trailing /** glob suffix from a path pattern
+ * Used to normalize path patterns since /** just means "directory and everything under it"
+ */
+export function removeTrailingGlobSuffix(pathPattern) {
+    return pathPattern.replace(/\/\*\*$/, '');
+}
+/**
+ * Normalize a path for use in sandbox configurations
+ * Handles:
+ * - Tilde (~) expansion for home directory
+ * - Relative paths (./foo, ../foo, etc.) converted to absolute
+ * - Absolute paths remain unchanged
+ * - Symlinks are resolved to their real paths for non-glob patterns
+ * - Glob patterns preserve wildcards after path normalization
+ *
+ * Returns the absolute path with symlinks resolved (or normalized glob pattern)
+ */
+export function normalizePathForSandbox(pathPattern) {
+    const cwd = process.cwd();
+    let normalizedPath = pathPattern;
+    // Expand ~ to home directory
+    if (pathPattern === '~') {
+        normalizedPath = homedir();
+    }
+    else if (pathPattern.startsWith('~/')) {
+        normalizedPath = homedir() + pathPattern.slice(1);
+    }
+    else if (pathPattern.startsWith('./') || pathPattern.startsWith('../')) {
+        // Convert relative to absolute based on current working directory
+        normalizedPath = path.resolve(cwd, pathPattern);
+    }
+    else if (!path.isAbsolute(pathPattern)) {
+        // Handle other relative paths (e.g., ".", "..", "foo/bar")
+        normalizedPath = path.resolve(cwd, pathPattern);
+    }
+    // For glob patterns, don't try to resolve symlinks (they don't exist as literal paths)
+    if (containsGlobChars(normalizedPath)) {
+        return normalizedPath;
+    }
+    // Resolve symlinks to real paths to avoid bwrap issues
+    try {
+        normalizedPath = fs.realpathSync(normalizedPath);
+    }
+    catch {
+        // If path doesn't exist or can't be resolved, keep the normalized path
+    }
+    return normalizedPath;
+}
+/**
+ * Get recommended system paths that should be writable for commands to work properly
+ *
+ * WARNING: These default paths are intentionally broad for compatibility but may
+ * allow access to files from other processes. In highly security-sensitive
+ * environments, you should configure more restrictive write paths.
+ */
+export function getDefaultWritePaths() {
+    const homeDir = homedir();
+    const recommendedPaths = [
+        '/dev/stdout',
+        '/dev/stderr',
+        '/dev/null',
+        '/dev/tty',
+        '/dev/dtracehelper',
+        '/dev/autofs_nowait',
+        path.join(homeDir, '.npm/_logs'),
+        '.',
+    ];
+    return recommendedPaths;
+}
+/**
+ * Get mandatory deny paths within allowed write areas
+ * This uses ripgrep to scan the filesystem for dangerous files and directories
+ * Returns absolute paths that must be blocked from writes
+ */
+export async function getMandatoryDenyWithinAllow() {
+    const denyPaths = [];
+    const cwd = process.cwd();
+    // Always deny writes to settings.json files
+    // Block in home directory
+    denyPaths.push(path.join(homedir(), '.claude', 'settings.json'));
+    // Block in current directory
+    denyPaths.push(path.resolve(cwd, '.claude', 'settings.json'));
+    denyPaths.push(path.resolve(cwd, '.claude', 'settings.local.json'));
+    // Use shared constants for dangerous files
+    const dangerousFiles = [...DANGEROUS_FILES];
+    // Use shared constants plus additional Claude-specific directories
+    // Note: We don't include .git as a whole directory since we need it to be writable for git operations
+    // Instead, we'll block specific dangerous paths within .git (hooks and config) below
+    const dangerousDirectories = [
+        ...DANGEROUS_DIRECTORIES.filter(d => d !== '.git'),
+        '.claude/commands',
+        '.claude/agents',
+    ];
+    // Create an AbortController for ripgrep operations
+    const abortController = new AbortController();
+    // Add absolute paths for dangerous files in CWD
+    for (const fileName of dangerousFiles) {
+        // Always include the potential path in CWD (even if file doesn't exist yet)
+        const cwdFilePath = path.resolve(cwd, fileName);
+        denyPaths.push(cwdFilePath);
+        // Find all existing instances of this file in CWD and subdirectories using ripgrep
+        try {
+            // Use ripgrep to find files with exact name match (case-insensitive)
+            // -g/--glob: Include/exclude files matching this glob pattern
+            // --files: List files that would be searched
+            // --hidden: Search hidden files
+            // --iglob: Case-insensitive glob matching to catch .Bashrc, .BASHRC, etc.
+            const matches = await ripGrep([
+                '--files',
+                '--hidden',
+                '--iglob',
+                fileName,
+                '-g',
+                '!**/node_modules/**',
+            ], cwd, abortController.signal);
+            // Convert relative paths to absolute paths
+            const absoluteMatches = matches.map(match => path.resolve(cwd, match));
+            denyPaths.push(...absoluteMatches);
+        }
+        catch (error) {
+            // If ripgrep fails, we cannot safely determine all dangerous files
+            throw new Error(`Failed to scan for dangerous file "${fileName}": ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    // Add absolute paths for dangerous directories in CWD
+    for (const dirName of dangerousDirectories) {
+        // Always include the potential path in CWD (even if directory doesn't exist yet)
+        const cwdDirPath = path.resolve(cwd, dirName);
+        denyPaths.push(cwdDirPath);
+        // Find all existing instances of this directory in CWD and subdirectories using ripgrep
+        try {
+            // Use ripgrep to find directories (case-insensitive)
+            // Note: ripgrep lists files, so we need to find files within these directories
+            // and then extract the directory paths
+            const pattern = `**/${dirName}/**`;
+            const matches = await ripGrep([
+                '--files',
+                '--hidden',
+                '--iglob',
+                pattern,
+                '-g',
+                '!**/node_modules/**',
+            ], cwd, abortController.signal);
+            // Extract directory paths from file paths
+            const dirPaths = new Set();
+            for (const match of matches) {
+                const absolutePath = path.resolve(cwd, match);
+                // Find the dangerous directory in the path (case-insensitive)
+                const segments = absolutePath.split(path.sep);
+                const normalizedDirName = normalizeCaseForComparison(dirName);
+                // Find the directory using case-insensitive comparison
+                const dirIndex = segments.findIndex(segment => normalizeCaseForComparison(segment) === normalizedDirName);
+                if (dirIndex !== -1) {
+                    // Reconstruct path up to and including the dangerous directory
+                    const dirPath = segments.slice(0, dirIndex + 1).join(path.sep);
+                    dirPaths.add(dirPath);
+                }
+            }
+            denyPaths.push(...dirPaths);
+        }
+        catch (error) {
+            // If ripgrep fails, we cannot safely determine all dangerous directories
+            throw new Error(`Failed to scan for dangerous directory "${dirName}": ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    // Special handling for dangerous .git paths
+    // We block specific paths within .git that can be used for code execution
+    const dangerousGitPaths = [
+        '.git/hooks', // Block all hook files to prevent code execution via git hooks
+        '.git/config', // Block config file to prevent dangerous config options like core.fsmonitor
+    ];
+    for (const gitPath of dangerousGitPaths) {
+        // Add the path in the current working directory
+        const absoluteGitPath = path.resolve(cwd, gitPath);
+        denyPaths.push(absoluteGitPath);
+        // Also find .git directories in subdirectories and block their hooks/config
+        // This handles nested repositories (case-insensitive)
+        try {
+            // Find all .git directories by looking for .git/HEAD files (case-insensitive)
+            const gitHeadFiles = await ripGrep([
+                '--files',
+                '--hidden',
+                '--iglob',
+                '**/.git/HEAD',
+                '-g',
+                '!**/node_modules/**',
+            ], cwd, abortController.signal);
+            for (const gitHeadFile of gitHeadFiles) {
+                // Get the .git directory path
+                const gitDir = path.dirname(gitHeadFile);
+                // Add the dangerous path within this .git directory
+                if (gitPath === '.git/hooks') {
+                    const hooksPath = path.join(gitDir, 'hooks');
+                    denyPaths.push(hooksPath);
+                }
+                else if (gitPath === '.git/config') {
+                    const configPath = path.join(gitDir, 'config');
+                    denyPaths.push(configPath);
+                }
+            }
+        }
+        catch (error) {
+            // If ripgrep fails, we cannot safely determine all .git repositories
+            throw new Error(`Failed to scan for .git directories: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    // Remove duplicates and return
+    return Array.from(new Set(denyPaths));
+}
+/**
+ * Generate proxy environment variables for sandboxed processes
+ */
+export function generateProxyEnvVars(httpProxyPort, socksProxyPort) {
+    const envVars = [`SANDBOX_RUNTIME=1`];
+    // If no proxy ports provided, return empty array
+    if (!httpProxyPort && !socksProxyPort) {
+        return envVars;
+    }
+    // Always set NO_PROXY to exclude localhost and private networks from proxying
+    const noProxyAddresses = [
+        'localhost',
+        '127.0.0.1',
+        '::1',
+        '*.local',
+        '.local',
+        '169.254.0.0/16', // Link-local
+        '10.0.0.0/8', // Private network
+        '172.16.0.0/12', // Private network
+        '192.168.0.0/16', // Private network
+    ].join(',');
+    envVars.push(`NO_PROXY=${noProxyAddresses}`);
+    envVars.push(`no_proxy=${noProxyAddresses}`);
+    if (httpProxyPort) {
+        envVars.push(`HTTP_PROXY=http://localhost:${httpProxyPort}`);
+        envVars.push(`HTTPS_PROXY=http://localhost:${httpProxyPort}`);
+        // Lowercase versions for compatibility with some tools
+        envVars.push(`http_proxy=http://localhost:${httpProxyPort}`);
+        envVars.push(`https_proxy=http://localhost:${httpProxyPort}`);
+    }
+    if (socksProxyPort) {
+        // Use socks5h:// for proper DNS resolution through proxy
+        envVars.push(`ALL_PROXY=socks5h://localhost:${socksProxyPort}`);
+        envVars.push(`all_proxy=socks5h://localhost:${socksProxyPort}`);
+        // Configure Git to use SSH through SOCKS proxy (platform-aware)
+        if (getPlatform() === 'macos') {
+            // macOS has nc available
+            envVars.push(`GIT_SSH_COMMAND="ssh -o ProxyCommand='nc -X 5 -x localhost:${socksProxyPort} %h %p'"`);
+        }
+        // FTP proxy support (use socks5h for DNS resolution through proxy)
+        envVars.push(`FTP_PROXY=socks5h://localhost:${socksProxyPort}`);
+        envVars.push(`ftp_proxy=socks5h://localhost:${socksProxyPort}`);
+        // rsync proxy support
+        envVars.push(`RSYNC_PROXY=localhost:${socksProxyPort}`);
+        // Database tools NOTE: Most database clients don't have built-in proxy support
+        // You typically need to use SSH tunneling or a SOCKS wrapper like tsocks/proxychains
+        // Docker CLI uses HTTP for the API
+        // This makes Docker use the HTTP proxy for registry operations
+        envVars.push(`DOCKER_HTTP_PROXY=http://localhost:${httpProxyPort || socksProxyPort}`);
+        envVars.push(`DOCKER_HTTPS_PROXY=http://localhost:${httpProxyPort || socksProxyPort}`);
+        // Kubernetes kubectl - uses standard HTTPS_PROXY
+        // kubectl respects HTTPS_PROXY which we already set above
+        // AWS CLI - uses standard HTTPS_PROXY (v2 supports it well)
+        // AWS CLI v2 respects HTTPS_PROXY which we already set above
+        // Google Cloud SDK - has specific proxy settings
+        // Use HTTPS proxy to match other HTTP-based tools
+        if (httpProxyPort) {
+            envVars.push(`CLOUDSDK_PROXY_TYPE=https`);
+            envVars.push(`CLOUDSDK_PROXY_ADDRESS=localhost`);
+            envVars.push(`CLOUDSDK_PROXY_PORT=${httpProxyPort}`);
+        }
+        // Azure CLI - uses HTTPS_PROXY
+        // Azure CLI respects HTTPS_PROXY which we already set above
+        // Terraform - uses standard HTTP/HTTPS proxy vars
+        // Terraform respects HTTP_PROXY/HTTPS_PROXY which we already set above
+        // gRPC-based tools - use standard proxy vars
+        envVars.push(`GRPC_PROXY=socks5h://localhost:${socksProxyPort}`);
+        envVars.push(`grpc_proxy=socks5h://localhost:${socksProxyPort}`);
+    }
+    // WARNING: Do not set HTTP_PROXY/HTTPS_PROXY to SOCKS URLs when only SOCKS proxy is available
+    // Most HTTP clients do not support SOCKS URLs in these variables and will fail, and we want
+    // to avoid overriding the client otherwise respecting the ALL_PROXY env var which points to SOCKS.
+    return envVars;
+}
+/**
+ * Encode a command for sandbox monitoring
+ * Truncates to 100 chars and base64 encodes to avoid parsing issues
+ */
+export function encodeSandboxedCommand(command) {
+    const truncatedCommand = command.slice(0, 100);
+    return Buffer.from(truncatedCommand).toString('base64');
+}
+/**
+ * Decode a base64-encoded command from sandbox monitoring
+ */
+export function decodeSandboxedCommand(encodedCommand) {
+    return Buffer.from(encodedCommand, 'base64').toString('utf8');
+}
+//# sourceMappingURL=sandbox-utils.js.map

package/dist/sandbox/sandbox-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-utils.js","sourceRoot":"","sources":["../../src/sandbox/sandbox-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAA;AAC5B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAE7C;;;GAGG;AACH,MAAM,eAAe,GAAG;IACtB,YAAY;IACZ,aAAa;IACb,SAAS;IACT,eAAe;IACf,QAAQ;IACR,WAAW;IACX,UAAU;IACV,YAAY;IACZ,WAAW;CACH,CAAA;AAEV;;;GAGG;AACH,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAU,CAAA;AAEnE;;;;;;;;GAQG;AACH,SAAS,0BAA0B,CAAC,OAAe;IACjD,OAAO,OAAO,CAAC,WAAW,EAAE,CAAA;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAmB;IACnD,OAAO,CACL,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QACzB,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QACzB,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QACzB,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,WAAmB;IAC1D,OAAO,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;AAC3C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,uBAAuB,CAAC,WAAmB;IACzD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAA;IACzB,IAAI,cAAc,GAAG,WAAW,CAAA;IAEhC,6BAA6B;IAC7B,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;QACxB,cAAc,GAAG,OAAO,EAAE,CAAA;IAC5B,CAAC;SAAM,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,cAAc,GAAG,OAAO,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACzE,kEAAkE;QAClE,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IACjD,CAAC;SAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACzC,2DAA2D;QAC3D,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IACjD,CAAC;IAED,uFAAuF;IACvF,IAAI,iBAAiB,CAAC,cAAc,CAAC,EAAE,CAAC;QACtC,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,uDAAuD;IACvD,IAAI,CAAC;QACH,cAAc,GAAG,EAAE,CAAC,YAAY,CAAC,cAAc,CAAC,CAAA;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;IACzE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,OAAO,GAAG,OAAO,EAAE,CAAA;IACzB,MAAM,gBAAgB,GAAG;QACvB,aAAa;QACb,aAAa;QACb,WAAW;QACX,UAAU;QACV,mBAAmB;QACnB,oBAAoB;QACpB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC;QAChC,GAAG;KACJ,CAAA;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B;IAC/C,MAAM,SAAS,GAAa,EAAE,CAAA;IAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAA;IAEzB,4CAA4C;IAC5C,0BAA0B;IAC1B,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC,CAAA;IAChE,6BAA6B;IAC7B,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC,CAAA;IAC7D,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC,CAAA;IAEnE,2CAA2C;IAC3C,MAAM,cAAc,GAAG,CAAC,GAAG,eAAe,CAAC,CAAA;IAE3C,mEAAmE;IACnE,sGAAsG;IACtG,qFAAqF;IACrF,MAAM,oBAAoB,GAAG;QAC3B,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC;QAClD,kBAAkB;QAClB,gBAAgB;KACjB,CAAA;IAED,mDAAmD;IACnD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAA;IAE7C,gDAAgD;IAChD,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;QACtC,4EAA4E;QAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC/C,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAE3B,mFAAmF;QACnF,IAAI,CAAC;YACH,qEAAqE;YACrE,8DAA8D;YAC9D,6CAA6C;YAC7C,gCAAgC;YAChC,0EAA0E;YAC1E,MAAM,OAAO,GAAG,MAAM,OAAO,CAC3B;gBACE,SAAS;gBACT,UAAU;gBACV,SAAS;gBACT,QAAQ;gBACR,IAAI;gBACJ,qBAAqB;aACtB,EACD,GAAG,EACH,eAAe,CAAC,MAAM,CACvB,CAAA;YACD,2CAA2C;YAC3C,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;YACtE,SAAS,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAA;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,mEAAmE;YACnE,MAAM,IAAI,KAAK,CACb,sCAAsC,QAAQ,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC7G,CAAA;QACH,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;QAC3C,iFAAiF;QACjF,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAC7C,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QAE1B,wFAAwF;QACxF,IAAI,CAAC;YACH,qDAAqD;YACrD,+EAA+E;YAC/E,uCAAuC;YACvC,MAAM,OAAO,GAAG,MAAM,OAAO,KAAK,CAAA;YAClC,MAAM,OAAO,GAAG,MAAM,OAAO,CAC3B;gBACE,SAAS;gBACT,UAAU;gBACV,SAAS;gBACT,OAAO;gBACP,IAAI;gBACJ,qBAAqB;aACtB,EACD,GAAG,EACH,eAAe,CAAC,MAAM,CACvB,CAAA;YAED,0CAA0C;YAC1C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAA;YAClC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC7C,8DAA8D;gBAC9D,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAC7C,MAAM,iBAAiB,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAA;gBAC7D,uDAAuD;gBACvD,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,CACjC,OAAO,CAAC,EAAE,CAAC,0BAA0B,CAAC,OAAO,CAAC,KAAK,iBAAiB,CACrE,CAAA;gBACD,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;oBACpB,+DAA+D;oBAC/D,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAC9D,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;gBACvB,CAAC;YACH,CAAC;YACD,SAAS,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAA;QAC7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yEAAyE;YACzE,MAAM,IAAI,KAAK,CACb,2CAA2C,OAAO,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACjH,CAAA;QACH,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,0EAA0E;IAC1E,MAAM,iBAAiB,GAAG;QACxB,YAAY,EAAE,+DAA+D;QAC7E,aAAa,EAAE,4EAA4E;KAC5F,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,gDAAgD;QAChD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAClD,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QAE/B,4EAA4E;QAC5E,sDAAsD;QACtD,IAAI,CAAC;YACH,8EAA8E;YAC9E,MAAM,YAAY,GAAG,MAAM,OAAO,CAChC;gBACE,SAAS;gBACT,UAAU;gBACV,SAAS;gBACT,cAAc;gBACd,IAAI;gBACJ,qBAAqB;aACtB,EACD,GAAG,EACH,eAAe,CAAC,MAAM,CACvB,CAAA;YAED,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;gBACvC,8BAA8B;gBAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;gBAExC,oDAAoD;gBACpD,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;oBAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;oBAC5C,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBAC3B,CAAC;qBAAM,IAAI,OAAO,KAAK,aAAa,EAAE,CAAC;oBACrC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;oBAC9C,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,qEAAqE;YACrE,MAAM,IAAI,KAAK,CACb,wCAAwC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACjG,CAAA;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAA;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,aAAsB,EACtB,cAAuB;IAEvB,MAAM,OAAO,GAAa,CAAC,mBAAmB,CAAC,CAAA;IAE/C,iDAAiD;IACjD,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,EAAE,CAAC;QACtC,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,8EAA8E;IAC9E,MAAM,gBAAgB,GAAG;QACvB,WAAW;QACX,WAAW;QACX,KAAK;QACL,SAAS;QACT,QAAQ;QACR,gBAAgB,EAAE,aAAa;QAC/B,YAAY,EAAE,kBAAkB;QAChC,eAAe,EAAE,kBAAkB;QACnC,gBAAgB,EAAE,kBAAkB;KACrC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACX,OAAO,CAAC,IAAI,CAAC,YAAY,gBAAgB,EAAE,CAAC,CAAA;IAC5C,OAAO,CAAC,IAAI,CAAC,YAAY,gBAAgB,EAAE,CAAC,CAAA;IAE5C,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,+BAA+B,aAAa,EAAE,CAAC,CAAA;QAC5D,OAAO,CAAC,IAAI,CAAC,gCAAgC,aAAa,EAAE,CAAC,CAAA;QAC7D,uDAAuD;QACvD,OAAO,CAAC,IAAI,CAAC,+BAA+B,aAAa,EAAE,CAAC,CAAA;QAC5D,OAAO,CAAC,IAAI,CAAC,gCAAgC,aAAa,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,yDAAyD;QACzD,OAAO,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAA;QAC/D,OAAO,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAA;QAE/D,gEAAgE;QAChE,IAAI,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,yBAAyB;YACzB,OAAO,CAAC,IAAI,CACV,8DAA8D,cAAc,UAAU,CACvF,CAAA;QACH,CAAC;QAED,mEAAmE;QACnE,OAAO,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAA;QAC/D,OAAO,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAA;QAE/D,sBAAsB;QACtB,OAAO,CAAC,IAAI,CAAC,yBAAyB,cAAc,EAAE,CAAC,CAAA;QAEvD,+EAA+E;QAC/E,qFAAqF;QAErF,mCAAmC;QACnC,+DAA+D;QAC/D,OAAO,CAAC,IAAI,CACV,sCAAsC,aAAa,IAAI,cAAc,EAAE,CACxE,CAAA;QACD,OAAO,CAAC,IAAI,CACV,uCAAuC,aAAa,IAAI,cAAc,EAAE,CACzE,CAAA;QAED,iDAAiD;QACjD,0DAA0D;QAE1D,4DAA4D;QAC5D,6DAA6D;QAE7D,iDAAiD;QACjD,kDAAkD;QAClD,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAA;YACzC,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAA;YAChD,OAAO,CAAC,IAAI,CAAC,uBAAuB,aAAa,EAAE,CAAC,CAAA;QACtD,CAAC;QAED,+BAA+B;QAC/B,4DAA4D;QAE5D,kDAAkD;QAClD,uEAAuE;QAEvE,6CAA6C;QAC7C,OAAO,CAAC,IAAI,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAA;QAChE,OAAO,CAAC,IAAI,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAA;IAClE,CAAC;IAED,8FAA8F;IAC9F,4FAA4F;IAC5F,mGAAmG;IAEnG,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,cAAsB;IAC3D,OAAO,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AAC/D,CAAC"}

package/dist/sandbox/sandbox-violation-store.d.ts

@@ -0,0 +1,19 @@
+import { type SandboxViolationEvent } from './macos-sandbox-utils.js';
+/**
+ * In-memory tail for sandbox violations
+ */
+export declare class SandboxViolationStore {
+    private violations;
+    private totalCount;
+    private readonly maxSize;
+    private listeners;
+    addViolation(violation: SandboxViolationEvent): void;
+    getViolations(limit?: number): SandboxViolationEvent[];
+    getCount(): number;
+    getTotalCount(): number;
+    getViolationsForCommand(command: string): SandboxViolationEvent[];
+    clear(): void;
+    subscribe(listener: (violations: SandboxViolationEvent[]) => void): () => void;
+    private notifyListeners;
+}
+//# sourceMappingURL=sandbox-violation-store.d.ts.map

package/dist/sandbox/sandbox-violation-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-violation-store.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-violation-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,qBAAqB,EAAE,MAAM,0BAA0B,CAAA;AAGrE;;GAEG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,UAAU,CAA8B;IAChD,OAAO,CAAC,UAAU,CAAI;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAM;IAC9B,OAAO,CAAC,SAAS,CACN;IAEX,YAAY,CAAC,SAAS,EAAE,qBAAqB,GAAG,IAAI;IASpD,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,qBAAqB,EAAE;IAOtD,QAAQ,IAAI,MAAM;IAIlB,aAAa,IAAI,MAAM;IAIvB,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,qBAAqB,EAAE;IAKjE,KAAK,IAAI,IAAI;IAMb,SAAS,CACP,QAAQ,EAAE,CAAC,UAAU,EAAE,qBAAqB,EAAE,KAAK,IAAI,GACtD,MAAM,IAAI;IAQb,OAAO,CAAC,eAAe;CAKxB"}

package/dist/sandbox/sandbox-violation-store.js

@@ -0,0 +1,54 @@
+import { encodeSandboxedCommand } from './sandbox-utils.js';
+/**
+ * In-memory tail for sandbox violations
+ */
+export class SandboxViolationStore {
+    constructor() {
+        this.violations = [];
+        this.totalCount = 0;
+        this.maxSize = 100;
+        this.listeners = new Set();
+    }
+    addViolation(violation) {
+        this.violations.push(violation);
+        this.totalCount++;
+        if (this.violations.length > this.maxSize) {
+            this.violations = this.violations.slice(-this.maxSize);
+        }
+        this.notifyListeners();
+    }
+    getViolations(limit) {
+        if (limit === undefined) {
+            return [...this.violations];
+        }
+        return this.violations.slice(-limit);
+    }
+    getCount() {
+        return this.violations.length;
+    }
+    getTotalCount() {
+        return this.totalCount;
+    }
+    getViolationsForCommand(command) {
+        const commandBase64 = encodeSandboxedCommand(command);
+        return this.violations.filter(v => v.encodedCommand === commandBase64);
+    }
+    clear() {
+        this.violations = [];
+        // Don't reset totalCount when clearing
+        this.notifyListeners();
+    }
+    subscribe(listener) {
+        this.listeners.add(listener);
+        listener(this.getViolations());
+        return () => {
+            this.listeners.delete(listener);
+        };
+    }
+    notifyListeners() {
+        // Always notify with all violations so listeners can track the full count
+        const violations = this.getViolations();
+        this.listeners.forEach(listener => listener(violations));
+    }
+}
+//# sourceMappingURL=sandbox-violation-store.js.map

package/dist/sandbox/sandbox-violation-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-violation-store.js","sourceRoot":"","sources":["../../src/sandbox/sandbox-violation-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAE3D;;GAEG;AACH,MAAM,OAAO,qBAAqB;IAAlC;QACU,eAAU,GAA4B,EAAE,CAAA;QACxC,eAAU,GAAG,CAAC,CAAA;QACL,YAAO,GAAG,GAAG,CAAA;QACtB,cAAS,GACf,IAAI,GAAG,EAAE,CAAA;IAoDb,CAAC;IAlDC,YAAY,CAAC,SAAgC;QAC3C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QAC/B,IAAI,CAAC,UAAU,EAAE,CAAA;QACjB,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC1C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACxD,CAAC;QACD,IAAI,CAAC,eAAe,EAAE,CAAA;IACxB,CAAC;IAED,aAAa,CAAC,KAAc;QAC1B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAA;QAC7B,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAA;IACtC,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAA;IAC/B,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAA;IACxB,CAAC;IAED,uBAAuB,CAAC,OAAe;QACrC,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAA;QACrD,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,aAAa,CAAC,CAAA;IACxE,CAAC;IAED,KAAK;QACH,IAAI,CAAC,UAAU,GAAG,EAAE,CAAA;QACpB,uCAAuC;QACvC,IAAI,CAAC,eAAe,EAAE,CAAA;IACxB,CAAC;IAED,SAAS,CACP,QAAuD;QAEvD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC5B,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAA;QAC9B,OAAO,GAAG,EAAE;YACV,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;QACjC,CAAC,CAAA;IACH,CAAC;IAEO,eAAe;QACrB,0EAA0E;QAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAA;QACvC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAA;IAC1D,CAAC;CACF"}

package/dist/sandbox/socks-proxy.d.ts

@@ -0,0 +1,13 @@
+import type { Socks5Server } from '@pondwader/socks5-server';
+export interface SocksProxyServerOptions {
+    filter(port: number, host: string): Promise<boolean> | boolean;
+}
+export interface SocksProxyWrapper {
+    server: Socks5Server;
+    getPort(): number | undefined;
+    listen(port: number, hostname: string): Promise<number>;
+    close(): Promise<void>;
+    unref(): void;
+}
+export declare function createSocksProxyServer(options: SocksProxyServerOptions): SocksProxyWrapper;
+//# sourceMappingURL=socks-proxy.d.ts.map

package/dist/sandbox/socks-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"socks-proxy.d.ts","sourceRoot":"","sources":["../../src/sandbox/socks-proxy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAI5D,MAAM,WAAW,uBAAuB;IACtC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;CAC/D;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,YAAY,CAAA;IACpB,OAAO,IAAI,MAAM,GAAG,SAAS,CAAA;IAC7B,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACvD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IACtB,KAAK,IAAI,IAAI,CAAA;CACd;AAED,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,uBAAuB,GAC/B,iBAAiB,CAqGnB"}

package/dist/sandbox/socks-proxy.js

@@ -0,0 +1,95 @@
+import { createServer } from '@pondwader/socks5-server';
+import { logForDebugging } from '../utils/debug.js';
+export function createSocksProxyServer(options) {
+    const socksServer = createServer();
+    socksServer.setRulesetValidator(async (conn) => {
+        try {
+            const hostname = conn.destAddress;
+            const port = conn.destPort;
+            logForDebugging(`Connection request to ${hostname}:${port}`);
+            const allowed = await options.filter(port, hostname);
+            if (!allowed) {
+                logForDebugging(`Connection blocked to ${hostname}:${port}`, {
+                    level: 'error',
+                });
+                return false;
+            }
+            logForDebugging(`Connection allowed to ${hostname}:${port}`);
+            return true;
+        }
+        catch (error) {
+            logForDebugging(`Error validating connection: ${error}`, {
+                level: 'error',
+            });
+            return false;
+        }
+    });
+    return {
+        server: socksServer,
+        getPort() {
+            // Access the internal server to get the port
+            // We need to use type assertion here as the server property is private
+            try {
+                const serverInternal = socksServer?.server;
+                if (serverInternal && typeof serverInternal?.address === 'function') {
+                    const address = serverInternal.address();
+                    if (address && typeof address === 'object' && 'port' in address) {
+                        return address.port;
+                    }
+                }
+            }
+            catch (error) {
+                // Server might not be listening yet or property access failed
+                logForDebugging(`Error getting port: ${error}`, { level: 'error' });
+            }
+            return undefined;
+        },
+        listen(port, hostname) {
+            return new Promise((resolve, reject) => {
+                const listeningCallback = () => {
+                    const actualPort = this.getPort();
+                    if (actualPort) {
+                        logForDebugging(`SOCKS proxy listening on ${hostname}:${actualPort}`);
+                        resolve(actualPort);
+                    }
+                    else {
+                        reject(new Error('Failed to get SOCKS proxy server port'));
+                    }
+                };
+                socksServer.listen(port, hostname, listeningCallback);
+            });
+        },
+        async close() {
+            return new Promise((resolve, reject) => {
+                socksServer.close(error => {
+                    if (error) {
+                        // Only reject for actual errors, not for "already closed" states
+                        // Check for common "already closed" error patterns
+                        const errorMessage = error.message?.toLowerCase() || '';
+                        const isAlreadyClosed = errorMessage.includes('not running') ||
+                            errorMessage.includes('already closed') ||
+                            errorMessage.includes('not listening');
+                        if (!isAlreadyClosed) {
+                            reject(error);
+                            return;
+                        }
+                    }
+                    resolve();
+                });
+            });
+        },
+        unref() {
+            // Access the internal server to call unref
+            try {
+                const serverInternal = socksServer?.server;
+                if (serverInternal && typeof serverInternal?.unref === 'function') {
+                    serverInternal.unref();
+                }
+            }
+            catch (error) {
+                logForDebugging(`Error calling unref: ${error}`, { level: 'error' });
+            }
+        },
+    };
+}
+//# sourceMappingURL=socks-proxy.js.map

package/dist/sandbox/socks-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"socks-proxy.js","sourceRoot":"","sources":["../../src/sandbox/socks-proxy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAcnD,MAAM,UAAU,sBAAsB,CACpC,OAAgC;IAEhC,MAAM,WAAW,GAAG,YAAY,EAAE,CAAA;IAElC,WAAW,CAAC,mBAAmB,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;QAC3C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAA;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAA;YAE1B,eAAe,CAAC,yBAAyB,QAAQ,IAAI,IAAI,EAAE,CAAC,CAAA;YAE5D,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;YAEpD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,eAAe,CAAC,yBAAyB,QAAQ,IAAI,IAAI,EAAE,EAAE;oBAC3D,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;gBACF,OAAO,KAAK,CAAA;YACd,CAAC;YAED,eAAe,CAAC,yBAAyB,QAAQ,IAAI,IAAI,EAAE,CAAC,CAAA;YAC5D,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,eAAe,CAAC,gCAAgC,KAAK,EAAE,EAAE;gBACvD,KAAK,EAAE,OAAO;aACf,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,OAAO;YACL,6CAA6C;YAC7C,uEAAuE;YACvE,IAAI,CAAC;gBACH,MAAM,cAAc,GAClB,WACD,EAAE,MAAM,CAAA;gBACT,IAAI,cAAc,IAAI,OAAO,cAAc,EAAE,OAAO,KAAK,UAAU,EAAE,CAAC;oBACpE,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,CAAA;oBACxC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;wBAChE,OAAO,OAAO,CAAC,IAAI,CAAA;oBACrB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,8DAA8D;gBAC9D,eAAe,CAAC,uBAAuB,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;YACrE,CAAC;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;QACD,MAAM,CAAC,IAAY,EAAE,QAAgB;YACnC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,MAAM,iBAAiB,GAAG,GAAS,EAAE;oBACnC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;oBACjC,IAAI,UAAU,EAAE,CAAC;wBACf,eAAe,CACb,4BAA4B,QAAQ,IAAI,UAAU,EAAE,CACrD,CAAA;wBACD,OAAO,CAAC,UAAU,CAAC,CAAA;oBACrB,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAA;oBAC5D,CAAC;gBACH,CAAC,CAAA;gBACD,WAAW,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAA;YACvD,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,KAAK,CAAC,KAAK;YACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;oBACxB,IAAI,KAAK,EAAE,CAAC;wBACV,iEAAiE;wBACjE,mDAAmD;wBACnD,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;wBACvD,MAAM,eAAe,GACnB,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC;4BACpC,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC;4BACvC,YAAY,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;wBAExC,IAAI,CAAC,eAAe,EAAE,CAAC;4BACrB,MAAM,CAAC,KAAK,CAAC,CAAA;4BACb,OAAM;wBACR,CAAC;oBACH,CAAC;oBACD,OAAO,EAAE,CAAA;gBACX,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,KAAK;YACH,2CAA2C;YAC3C,IAAI,CAAC;gBACH,MAAM,cAAc,GAClB,WACD,EAAE,MAAM,CAAA;gBACT,IAAI,cAAc,IAAI,OAAO,cAAc,EAAE,KAAK,KAAK,UAAU,EAAE,CAAC;oBAClE,cAAc,CAAC,KAAK,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,eAAe,CAAC,wBAAwB,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC"}

package/dist/utils/debug.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Simple debug logging for standalone sandbox
+ */
+export declare function logForDebugging(message: string, options?: {
+    level?: 'info' | 'error' | 'warn';
+}): void;
+//# sourceMappingURL=debug.d.ts.map

package/dist/utils/debug.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"debug.d.ts","sourceRoot":"","sources":["../../src/utils/debug.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,CAAA;CAAE,GAC9C,IAAI,CAmBN"}

package/dist/utils/debug.js

@@ -0,0 +1,22 @@
+/**
+ * Simple debug logging for standalone sandbox
+ */
+export function logForDebugging(message, options) {
+    // Only log if DEBUG environment variable is set
+    if (!process.env.DEBUG) {
+        return;
+    }
+    const level = options?.level || 'info';
+    const prefix = '[SandboxDebug]';
+    switch (level) {
+        case 'error':
+            console.error(`${prefix} ${message}`);
+            break;
+        case 'warn':
+            console.warn(`${prefix} ${message}`);
+            break;
+        default:
+            console.log(`${prefix} ${message}`);
+    }
+}
+//# sourceMappingURL=debug.js.map

package/dist/utils/debug.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"debug.js","sourceRoot":"","sources":["../../src/utils/debug.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAe,EACf,OAA+C;IAE/C,gDAAgD;IAChD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACvB,OAAM;IACR,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,MAAM,CAAA;IACtC,MAAM,MAAM,GAAG,gBAAgB,CAAA;IAE/B,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,OAAO;YACV,OAAO,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAA;YACrC,MAAK;QACP,KAAK,MAAM;YACT,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAA;YACpC,MAAK;QACP;YACE,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAA;IACvC,CAAC;AACH,CAAC"}

package/dist/utils/exec.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Simple wrapper around execFile that doesn't throw on non-zero exit codes
+ * Simplified version for standalone sandbox use
+ */
+export declare function execFileNoThrow(file: string, args: string[], options?: {
+    timeout?: number;
+    cwd?: string;
+}): Promise<{
+    stdout: string;
+    stderr: string;
+    code: number;
+}>;
+//# sourceMappingURL=exec.d.ts.map

package/dist/utils/exec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/utils/exec.ts"],"names":[],"mappings":"AAKA;;;GAGG;AACH,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAO,GAC/C,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CA4B3D"}