@anthropic-ai/sandbox-runtime 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/sandbox/sandbox-manager.d.ts.map +1 -1
- package/dist/sandbox/sandbox-manager.js +39 -25
- package/dist/sandbox/sandbox-manager.js.map +1 -1
- package/dist/sandbox/windows-sandbox-utils.d.ts +82 -0
- package/dist/sandbox/windows-sandbox-utils.d.ts.map +1 -0
- package/dist/sandbox/windows-sandbox-utils.js +270 -0
- package/dist/sandbox/windows-sandbox-utils.js.map +1 -0
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox-manager.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-manager.ts"],"names":[],"mappings":"AAIA,OAAO,EAAe,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAEjE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC/D,OAAO,KAAK,EACV,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,EACzB,MAAM,sBAAsB,CAAA;AAiB7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;
|
|
1
|
+
{"version":3,"file":"sandbox-manager.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-manager.ts"],"names":[],"mappings":"AAIA,OAAO,EAAe,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAEjE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC/D,OAAO,KAAK,EACV,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,EACzB,MAAM,sBAAsB,CAAA;AAiB7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AA6tBpE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CACR,aAAa,EAAE,oBAAoB,EACnC,kBAAkB,CAAC,EAAE,kBAAkB,EACvC,gBAAgB,CAAC,EAAE,OAAO,GACzB,OAAO,CAAC,IAAI,CAAC,CAAA;IAChB,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAA;IAChD,mBAAmB,IAAI,OAAO,CAAA;IAC9B,iBAAiB,IAAI,OAAO,CAAA;IAC5B,eAAe,IAAI,uBAAuB,CAAA;IAC1C,gBAAgB,IAAI,wBAAwB,CAAA;IAC5C,2BAA2B,IAAI,wBAAwB,CAAA;IACvD,mBAAmB,IAAI,MAAM,EAAE,GAAG,SAAS,CAAA;IAC3C,oBAAoB,IAAI,OAAO,GAAG,SAAS,CAAA;IAC3C,4BAA4B,IAAI,OAAO,GAAG,SAAS,CAAA;IACnD,YAAY,IAAI,MAAM,GAAG,SAAS,CAAA;IAClC,iBAAiB,IAAI,MAAM,GAAG,SAAS,CAAA;IACvC,sBAAsB,IAAI,MAAM,GAAG,SAAS,CAAA;IAC5C,uBAAuB,IAAI,MAAM,GAAG,SAAS,CAAA;IAC7C,4BAA4B,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IAChD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACpE,wBAAwB,IAAI,qBAAqB,CAAA;IACjD,iCAAiC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAAA;IAC1E,2BAA2B,IAAI,MAAM,EAAE,CAAA;IACvC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACvB;AAMD;;;GAGG;AACH,eAAO,MAAM,cAAc,EAAE,eAqBnB,CAAA"}
|
|
@@ -139,13 +139,28 @@ async function startSocksProxyServer(sandboxAskCallback) {
|
|
|
139
139
|
// Public Module Functions (will be exported via namespace)
|
|
140
140
|
// ============================================================================
|
|
141
141
|
async function initialize(runtimeConfig, sandboxAskCallback, enableLogMonitor = false) {
|
|
142
|
-
// Store config for use by other functions
|
|
143
|
-
config = runtimeConfig;
|
|
144
142
|
// Return if already initializing
|
|
145
143
|
if (initializationPromise) {
|
|
146
144
|
await initializationPromise;
|
|
147
145
|
return;
|
|
148
146
|
}
|
|
147
|
+
// Store config for use by other functions
|
|
148
|
+
config = runtimeConfig;
|
|
149
|
+
// Check dependencies now that we have config with ripgrep info
|
|
150
|
+
if (!checkDependencies()) {
|
|
151
|
+
const platform = getPlatform();
|
|
152
|
+
let errorMessage = 'Sandbox dependencies are not available on this system.';
|
|
153
|
+
if (platform === 'linux') {
|
|
154
|
+
errorMessage += ' Required: ripgrep (rg), bubblewrap (bwrap), and socat.';
|
|
155
|
+
}
|
|
156
|
+
else if (platform === 'macos') {
|
|
157
|
+
errorMessage += ' Required: ripgrep (rg).';
|
|
158
|
+
}
|
|
159
|
+
else {
|
|
160
|
+
errorMessage += ` Platform '${platform}' is not supported.`;
|
|
161
|
+
}
|
|
162
|
+
throw new Error(errorMessage);
|
|
163
|
+
}
|
|
149
164
|
// Start log monitor for macOS if enabled
|
|
150
165
|
if (enableLogMonitor && getPlatform() === 'macos') {
|
|
151
166
|
logMonitorShutdown = startMacOSSandboxLogMonitor(sandboxViolationStore.addViolation.bind(sandboxViolationStore), config.ignoreViolations);
|
|
@@ -222,32 +237,31 @@ function checkDependencies() {
|
|
|
222
237
|
if (dependenciesCheckCache !== undefined) {
|
|
223
238
|
return dependenciesCheckCache;
|
|
224
239
|
}
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
return false;
|
|
230
|
-
}
|
|
231
|
-
// Check ripgrep - only check 'rg' if no custom command is configured
|
|
232
|
-
// If custom command is provided, we trust it exists (will fail naturally if not)
|
|
233
|
-
const hasCustomRipgrep = config?.ripgrep?.command !== undefined;
|
|
234
|
-
if (!hasCustomRipgrep) {
|
|
235
|
-
// Only check for default 'rg' command
|
|
236
|
-
if (!hasRipgrepSync()) {
|
|
237
|
-
dependenciesCheckCache = false;
|
|
240
|
+
function computeDependencies() {
|
|
241
|
+
const platform = getPlatform();
|
|
242
|
+
// Check platform support
|
|
243
|
+
if (!isSupportedPlatform(platform)) {
|
|
238
244
|
return false;
|
|
239
245
|
}
|
|
246
|
+
// Check ripgrep - only check 'rg' if no custom command is configured
|
|
247
|
+
// If custom command is provided, we trust it exists (will fail naturally if not)
|
|
248
|
+
const hasCustomRipgrep = config?.ripgrep?.command !== undefined;
|
|
249
|
+
if (!hasCustomRipgrep) {
|
|
250
|
+
// Only check for default 'rg' command
|
|
251
|
+
if (!hasRipgrepSync()) {
|
|
252
|
+
return false;
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
// Platform-specific dependency checks
|
|
256
|
+
if (platform === 'linux') {
|
|
257
|
+
const allowAllUnixSockets = config?.network?.allowAllUnixSockets ?? false;
|
|
258
|
+
return hasLinuxSandboxDependenciesSync(allowAllUnixSockets);
|
|
259
|
+
}
|
|
260
|
+
// macOS only needs ripgrep (already checked above)
|
|
261
|
+
return true;
|
|
240
262
|
}
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
const allowAllUnixSockets = config?.network?.allowAllUnixSockets ?? false;
|
|
244
|
-
const result = hasLinuxSandboxDependenciesSync(allowAllUnixSockets);
|
|
245
|
-
dependenciesCheckCache = result;
|
|
246
|
-
return result;
|
|
247
|
-
}
|
|
248
|
-
// macOS only needs ripgrep (already checked above)
|
|
249
|
-
dependenciesCheckCache = true;
|
|
250
|
-
return true;
|
|
263
|
+
dependenciesCheckCache = computeDependencies();
|
|
264
|
+
return dependenciesCheckCache;
|
|
251
265
|
}
|
|
252
266
|
function getFsReadConfig() {
|
|
253
267
|
if (!config) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox-manager.js","sourceRoot":"","sources":["../../src/sandbox/sandbox-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAA;AACvD,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAA;AAEzD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAiB,MAAM,sBAAsB,CAAA;AACjE,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AAQxB,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAE5B,+BAA+B,GAChC,MAAM,0BAA0B,CAAA;AACjC,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,0BAA0B,CAAA;AACjC,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AACpE,OAAO,EAAE,GAAG,EAAE,MAAM,SAAS,CAAA;AAQ7B,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E,IAAI,MAAwC,CAAA;AAC5C,IAAI,eAAqE,CAAA;AACzE,IAAI,gBAA+C,CAAA;AACnD,IAAI,cAAqD,CAAA;AACzD,IAAI,qBAAqE,CAAA;AACzE,IAAI,iBAAiB,GAAG,KAAK,CAAA;AAC7B,IAAI,kBAA4C,CAAA;AAChD,MAAM,qBAAqB,GAAG,IAAI,qBAAqB,EAAE,CAAA;AACzD,IAAI,sBAA2C,CAAA;AAE/C,+EAA+E;AAC/E,0CAA0C;AAC1C,+EAA+E;AAE/E,SAAS,eAAe;IACtB,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAM;IACR,CAAC;IACD,MAAM,cAAc,GAAG,GAAG,EAAE,CAC1B,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;QAChB,eAAe,CAAC,qCAAqC,CAAC,EAAE,EAAE;YACxD,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACJ,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;IACtC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAA;IACvC,iBAAiB,GAAG,IAAI,CAAA;AAC1B,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAgB,EAAE,OAAe;IAC7D,+CAA+C;IAC/C,4DAA4D;IAC5D,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA,CAAC,cAAc;QACtD,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC,CAAA;IACxE,CAAC;IAED,wCAAwC;IACxC,OAAO,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,WAAW,EAAE,CAAA;AACzD,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,IAAY,EACZ,kBAAuC;IAEvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,eAAe,CAAC,8CAA8C,CAAC,CAAA;QAC/D,OAAO,KAAK,CAAA;IACd,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QACxD,IAAI,oBAAoB,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;YAC7C,eAAe,CAAC,0BAA0B,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;YACzD,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC1D,IAAI,oBAAoB,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,CAAC;YAC9C,eAAe,CAAC,2BAA2B,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;YAC1D,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,eAAe,CAAC,qCAAqC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;QACpE,OAAO,KAAK,CAAA;IACd,CAAC;IAED,eAAe,CAAC,yCAAyC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;IACxE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;QAC5D,IAAI,WAAW,EAAE,CAAC;YAChB,eAAe,CAAC,iBAAiB,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;YAChD,OAAO,IAAI,CAAA;QACb,CAAC;aAAM,CAAC;YACN,eAAe,CAAC,gBAAgB,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;YAC/C,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAe,CAAC,iCAAiC,KAAK,EAAE,EAAE;YACxD,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,kBAAuC;IAEvC,eAAe,GAAG,qBAAqB,CAAC;QACtC,MAAM,EAAE,CAAC,IAAY,EAAE,IAAY,EAAE,EAAE,CACrC,oBAAoB,CAAC,IAAI,EAAE,IAAI,EAAE,kBAAkB,CAAC;KACvD,CAAC,CAAA;IAEF,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7C,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAA;YAC9D,OAAM;QACR,CAAC;QAED,MAAM,MAAM,GAAG,eAAe,CAAA;QAE9B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;YAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAA;YAChC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC3C,MAAM,CAAC,KAAK,EAAE,CAAA;gBACd,eAAe,CAAC,qCAAqC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;gBACpE,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;YACvB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAA;YACzD,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;IAC/B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,kBAAuC;IAEvC,gBAAgB,GAAG,sBAAsB,CAAC;QACxC,MAAM,EAAE,CAAC,IAAY,EAAE,IAAY,EAAE,EAAE,CACrC,oBAAoB,CAAC,IAAI,EAAE,IAAI,EAAE,kBAAkB,CAAC;KACvD,CAAC,CAAA;IAEF,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7C,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,0CAA0C;YAC1C,MAAM,CAAC,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC,CAAA;YAC/D,OAAM;QACR,CAAC;QAED,gBAAgB;aACb,MAAM,CAAC,CAAC,EAAE,WAAW,CAAC;aACtB,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE;YACrB,gBAAgB,EAAE,KAAK,EAAE,CAAA;YACzB,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC,CAAC;aACD,KAAK,CAAC,MAAM,CAAC,CAAA;IAClB,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,+EAA+E;AAC/E,2DAA2D;AAC3D,+EAA+E;AAE/E,KAAK,UAAU,UAAU,CACvB,aAAmC,EACnC,kBAAuC,EACvC,gBAAgB,GAAG,KAAK;IAExB,0CAA0C;IAC1C,MAAM,GAAG,aAAa,CAAA;IAEtB,iCAAiC;IACjC,IAAI,qBAAqB,EAAE,CAAC;QAC1B,MAAM,qBAAqB,CAAA;QAC3B,OAAM;IACR,CAAC;IAED,yCAAyC;IACzC,IAAI,gBAAgB,IAAI,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;QAClD,kBAAkB,GAAG,2BAA2B,CAC9C,qBAAqB,CAAC,YAAY,CAAC,IAAI,CAAC,qBAAqB,CAAC,EAC9D,MAAM,CAAC,gBAAgB,CACxB,CAAA;QACD,eAAe,CAAC,mCAAmC,CAAC,CAAA;IACtD,CAAC;IAED,uCAAuC;IACvC,eAAe,EAAE,CAAA;IAEjB,oCAAoC;IACpC,qBAAqB,GAAG,CAAC,KAAK,IAAI,EAAE;QAClC,IAAI,CAAC;YACH,oDAAoD;YACpD,IAAI,aAAqB,CAAA;YACzB,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC/C,iDAAiD;gBACjD,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAA;gBAC5C,eAAe,CAAC,qCAAqC,aAAa,EAAE,CAAC,CAAA;YACvE,CAAC;iBAAM,CAAC;gBACN,yBAAyB;gBACzB,aAAa,GAAG,MAAM,oBAAoB,CAAC,kBAAkB,CAAC,CAAA;YAChE,CAAC;YAED,IAAI,cAAsB,CAAA;YAC1B,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;gBAChD,kDAAkD;gBAClD,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAA;gBAC9C,eAAe,CAAC,sCAAsC,cAAc,EAAE,CAAC,CAAA;YACzE,CAAC;iBAAM,CAAC;gBACN,0BAA0B;gBAC1B,cAAc,GAAG,MAAM,qBAAqB,CAAC,kBAAkB,CAAC,CAAA;YAClE,CAAC;YAED,8CAA8C;YAC9C,IAAI,WAAkD,CAAA;YACtD,IAAI,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;gBAC9B,WAAW,GAAG,MAAM,4BAA4B,CAC9C,aAAa,EACb,cAAc,CACf,CAAA;YACH,CAAC;YAED,MAAM,OAAO,GAA8B;gBACzC,aAAa;gBACb,cAAc;gBACd,WAAW;aACZ,CAAA;YACD,cAAc,GAAG,OAAO,CAAA;YACxB,eAAe,CAAC,oCAAoC,CAAC,CAAA;YACrD,OAAO,OAAO,CAAA;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,wDAAwD;YACxD,qBAAqB,GAAG,SAAS,CAAA;YACjC,cAAc,GAAG,SAAS,CAAA;YAC1B,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;gBAChB,eAAe,CAAC,2CAA2C,CAAC,EAAE,EAAE;oBAC9D,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,MAAM,KAAK,CAAA;QACb,CAAC;IACH,CAAC,CAAC,EAAE,CAAA;IAEJ,MAAM,qBAAqB,CAAA;AAC7B,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAkB;IAC7C,MAAM,kBAAkB,GAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IACzD,OAAO,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,mBAAmB;IAC1B,kEAAkE;IAClE,OAAO,MAAM,KAAK,SAAS,CAAA;AAC7B,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB;IACxB,oCAAoC;IACpC,IAAI,sBAAsB,KAAK,SAAS,EAAE,CAAC;QACzC,OAAO,sBAAsB,CAAA;IAC/B,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAA;IAE9B,yBAAyB;IACzB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,sBAAsB,GAAG,KAAK,CAAA;QAC9B,OAAO,KAAK,CAAA;IACd,CAAC;IAED,qEAAqE;IACrE,iFAAiF;IACjF,MAAM,gBAAgB,GAAG,MAAM,EAAE,OAAO,EAAE,OAAO,KAAK,SAAS,CAAA;IAC/D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,sCAAsC;QACtC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YACtB,sBAAsB,GAAG,KAAK,CAAA;YAC9B,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,MAAM,mBAAmB,GAAG,MAAM,EAAE,OAAO,EAAE,mBAAmB,IAAI,KAAK,CAAA;QACzE,MAAM,MAAM,GAAG,+BAA+B,CAAC,mBAAmB,CAAC,CAAA;QACnE,sBAAsB,GAAG,MAAM,CAAA;QAC/B,OAAO,MAAM,CAAA;IACf,CAAC;IAED,mDAAmD;IACnD,sBAAsB,GAAG,IAAI,CAAA;IAC7B,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,eAAe;IACtB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAA;IACzB,CAAC;IAED,oCAAoC;IACpC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ;SACzC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC,EAAE;QACb,IAAI,WAAW,EAAE,KAAK,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,eAAe,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAA;YAC1D,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;IAEJ,OAAO;QACL,QAAQ,EAAE,SAAS;KACpB,CAAA;AACH,CAAC;AAED,SAAS,gBAAgB;IACvB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAA;IACnE,CAAC;IAED,mDAAmD;IACnD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU;SAC5C,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC,EAAE;QACb,IAAI,WAAW,EAAE,KAAK,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,eAAe,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAA;YAC1D,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;IAEJ,kDAAkD;IAClD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS;SAC1C,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC,EAAE;QACb,IAAI,WAAW,EAAE,KAAK,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,eAAe,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAA;YAC1D,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;IAEJ,+DAA+D;IAC/D,MAAM,SAAS,GAAG,CAAC,GAAG,oBAAoB,EAAE,EAAE,GAAG,UAAU,CAAC,CAAA;IAE5D,OAAO;QACL,SAAS;QACT,eAAe,EAAE,SAAS;KAC3B,CAAA;AACH,CAAC;AAED,SAAS,2BAA2B;IAClC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAA;IAClD,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAA;IAEhD,OAAO;QACL,GAAG,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;QAChD,GAAG,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;KAC/C,CAAA;AACH,CAAC;AAED,SAAS,mBAAmB;IAC1B,OAAO,MAAM,EAAE,OAAO,EAAE,gBAAgB,CAAA;AAC1C,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO,MAAM,EAAE,OAAO,EAAE,mBAAmB,CAAA;AAC7C,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO,MAAM,EAAE,OAAO,EAAE,iBAAiB,CAAA;AAC3C,CAAC;AAED,SAAS,mBAAmB;IAC1B,OAAO,MAAM,EAAE,gBAAgB,CAAA;AACjC,CAAC;AAED,SAAS,4BAA4B;IACnC,OAAO,MAAM,EAAE,yBAAyB,CAAA;AAC1C,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO,MAAM,EAAE,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AAC7C,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,cAAc,EAAE,aAAa,CAAA;AACtC,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,cAAc,EAAE,cAAc,CAAA;AACvC,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO,cAAc,EAAE,WAAW,EAAE,cAAc,CAAA;AACpD,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO,cAAc,EAAE,WAAW,EAAE,eAAe,CAAA;AACrD,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,4BAA4B;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IAAI,qBAAqB,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,qBAAqB,CAAA;YAC3B,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IACD,OAAO,cAAc,KAAK,SAAS,CAAA;AACrC,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,OAAe,EACf,QAAiB;IAEjB,qCAAqC;IACrC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAA;IAE9B,kCAAkC;IAClC,MAAM,4BAA4B,EAAE,CAAA;IAEpC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,MAAM,2BAA2B,CAAC;gBACvC,OAAO;gBACP,aAAa,EAAE,YAAY,EAAE;gBAC7B,cAAc,EAAE,iBAAiB,EAAE;gBACnC,UAAU,EAAE,eAAe,EAAE;gBAC7B,WAAW,EAAE,gBAAgB,EAAE;gBAC/B,uBAAuB,EAAE,IAAI;gBAC7B,gBAAgB,EAAE,mBAAmB,EAAE;gBACvC,mBAAmB,EAAE,sBAAsB,EAAE;gBAC7C,iBAAiB,EAAE,oBAAoB,EAAE;gBACzC,gBAAgB,EAAE,mBAAmB,EAAE;gBACvC,QAAQ;gBACR,aAAa,EAAE,gBAAgB,EAAE;aAClC,CAAC,CAAA;QAEJ,KAAK,OAAO;YACV,OAAO,2BAA2B,CAAC;gBACjC,OAAO;gBACP,sBAAsB,EAAE,IAAI;gBAC5B,yBAAyB,EAAE,IAAI;gBAC/B,cAAc,EAAE,sBAAsB,EAAE;gBACxC,eAAe,EAAE,uBAAuB,EAAE;gBAC1C,aAAa,EAAE,cAAc,EAAE,aAAa;gBAC5C,cAAc,EAAE,cAAc,EAAE,cAAc;gBAC9C,UAAU,EAAE,eAAe,EAAE;gBAC7B,WAAW,EAAE,gBAAgB,EAAE;gBAC/B,yBAAyB,EAAE,4BAA4B,EAAE;gBACzD,mBAAmB,EAAE,sBAAsB,EAAE;gBAC7C,QAAQ;gBACR,aAAa,EAAE,gBAAgB,EAAE;aAClC,CAAC,CAAA;QAEJ;YACE,oGAAoG;YACpG,MAAM,IAAI,KAAK,CACb,uDAAuD,QAAQ,EAAE,CAClE,CAAA;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,KAAK;IAClB,mBAAmB;IACnB,IAAI,kBAAkB,EAAE,CAAC;QACvB,kBAAkB,EAAE,CAAA;QACpB,kBAAkB,GAAG,SAAS,CAAA;IAChC,CAAC;IAED,IAAI,cAAc,EAAE,WAAW,EAAE,CAAC;QAChC,MAAM,EACJ,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,kBAAkB,GACnB,GAAG,cAAc,CAAC,WAAW,CAAA;QAE9B,yCAAyC;QACzC,MAAM,YAAY,GAAoB,EAAE,CAAA;QAExC,2CAA2C;QAC3C,IAAI,iBAAiB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBAC9C,eAAe,CAAC,qCAAqC,CAAC,CAAA;gBAEtD,2BAA2B;gBAC3B,YAAY,CAAC,IAAI,CACf,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;oBAC1B,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE;wBAClC,eAAe,CAAC,4BAA4B,CAAC,CAAA;wBAC7C,OAAO,EAAE,CAAA;oBACX,CAAC,CAAC,CAAA;oBACF,0BAA0B;oBAC1B,UAAU,CAAC,GAAG,EAAE;wBACd,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC;4BAC9B,eAAe,CAAC,2CAA2C,EAAE;gCAC3D,KAAK,EAAE,MAAM;6BACd,CAAC,CAAA;4BACF,IAAI,CAAC;gCACH,IAAI,iBAAiB,CAAC,GAAG,EAAE,CAAC;oCAC1B,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gCAChD,CAAC;4BACH,CAAC;4BAAC,MAAM,CAAC;gCACP,kCAAkC;4BACpC,CAAC;wBACH,CAAC;wBACD,OAAO,EAAE,CAAA;oBACX,CAAC,EAAE,IAAI,CAAC,CAAA;gBACV,CAAC,CAAC,CACH,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAK,GAA6B,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBACpD,eAAe,CAAC,8BAA8B,GAAG,EAAE,EAAE;wBACnD,KAAK,EAAE,OAAO;qBACf,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,kBAAkB,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;YACzD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBAC/C,eAAe,CAAC,sCAAsC,CAAC,CAAA;gBAEvD,2BAA2B;gBAC3B,YAAY,CAAC,IAAI,CACf,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;oBAC1B,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE;wBACnC,eAAe,CAAC,6BAA6B,CAAC,CAAA;wBAC9C,OAAO,EAAE,CAAA;oBACX,CAAC,CAAC,CAAA;oBACF,0BAA0B;oBAC1B,UAAU,CAAC,GAAG,EAAE;wBACd,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;4BAC/B,eAAe,CAAC,4CAA4C,EAAE;gCAC5D,KAAK,EAAE,MAAM;6BACd,CAAC,CAAA;4BACF,IAAI,CAAC;gCACH,IAAI,kBAAkB,CAAC,GAAG,EAAE,CAAC;oCAC3B,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gCACjD,CAAC;4BACH,CAAC;4BAAC,MAAM,CAAC;gCACP,kCAAkC;4BACpC,CAAC;wBACH,CAAC;wBACD,OAAO,EAAE,CAAA;oBACX,CAAC,EAAE,IAAI,CAAC,CAAA;gBACV,CAAC,CAAC,CACH,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAK,GAA6B,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBACpD,eAAe,CAAC,+BAA+B,GAAG,EAAE,EAAE;wBACpD,KAAK,EAAE,OAAO;qBACf,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QAE/B,mBAAmB;QACnB,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC1C,eAAe,CAAC,wBAAwB,CAAC,CAAA;YAC3C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,eAAe,CAAC,8BAA8B,GAAG,EAAE,EAAE;oBACnD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC3C,eAAe,CAAC,yBAAyB,CAAC,CAAA;YAC5C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,eAAe,CAAC,+BAA+B,GAAG,EAAE,EAAE;oBACpD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,MAAM,aAAa,GAAoB,EAAE,CAAA;IAEzC,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,eAAe,CAAA,CAAC,8CAA8C;QAC7E,MAAM,SAAS,GAAG,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;YAC5C,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACnB,IAAI,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,wBAAwB,EAAE,CAAC;oBACxD,eAAe,CAAC,oCAAoC,KAAK,CAAC,OAAO,EAAE,EAAE;wBACnE,KAAK,EAAE,OAAO;qBACf,CAAC,CAAA;gBACJ,CAAC;gBACD,OAAO,EAAE,CAAA;YACX,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAC/B,CAAC;IAED,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,KAAY,EAAE,EAAE;YACjE,eAAe,CAAC,qCAAqC,KAAK,CAAC,OAAO,EAAE,EAAE;gBACpE,KAAK,EAAE,OAAO;aACf,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAChC,CAAC;IAED,gCAAgC;IAChC,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAEhC,mBAAmB;IACnB,eAAe,GAAG,SAAS,CAAA;IAC3B,gBAAgB,GAAG,SAAS,CAAA;IAC5B,cAAc,GAAG,SAAS,CAAA;IAC1B,qBAAqB,GAAG,SAAS,CAAA;IACjC,sBAAsB,GAAG,SAAS,CAAA;AACpC,CAAC;AAED,SAAS,wBAAwB;IAC/B,OAAO,qBAAqB,CAAA;AAC9B,CAAC;AAED,SAAS,iCAAiC,CACxC,OAAe,EACf,MAAc;IAEd,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,MAAM,CAAA;IACf,CAAC;IAED,MAAM,UAAU,GAAG,qBAAqB,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAA;IACzE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI,SAAS,GAAG,MAAM,CAAA;IACtB,SAAS,IAAI,GAAG,GAAG,sBAAsB,GAAG,GAAG,CAAA;IAC/C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,SAAS,IAAI,SAAS,CAAC,IAAI,GAAG,GAAG,CAAA;IACnC,CAAC;IACD,SAAS,IAAI,uBAAuB,CAAA;IAEpC,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,2BAA2B;IAClC,qBAAqB;IACrB,oDAAoD;IACpD,IAAI,WAAW,EAAE,KAAK,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,YAAY,GAAa,EAAE,CAAA;IAEjC,2CAA2C;IAC3C,MAAM,QAAQ,GAAG;QACf,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ;QAC7B,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU;QAC/B,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS;KAC/B,CAAA;IAED,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,qFAAqF;QACrF,MAAM,uBAAuB,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAA;QAE9D,2EAA2E;QAC3E,IAAI,iBAAiB,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAC/C,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAoCD,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAoB;IAC7C,UAAU;IACV,mBAAmB;IACnB,mBAAmB;IACnB,iBAAiB;IACjB,eAAe;IACf,gBAAgB;IAChB,2BAA2B;IAC3B,mBAAmB;IACnB,oBAAoB;IACpB,4BAA4B;IAC5B,YAAY;IACZ,iBAAiB;IACjB,sBAAsB;IACtB,uBAAuB;IACvB,4BAA4B;IAC5B,eAAe;IACf,KAAK;IACL,wBAAwB;IACxB,iCAAiC;IACjC,2BAA2B;CACnB,CAAA"}
|
|
1
|
+
{"version":3,"file":"sandbox-manager.js","sourceRoot":"","sources":["../../src/sandbox/sandbox-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAA;AACvD,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAA;AAEzD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAiB,MAAM,sBAAsB,CAAA;AACjE,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AAQxB,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAE5B,+BAA+B,GAChC,MAAM,0BAA0B,CAAA;AACjC,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,0BAA0B,CAAA;AACjC,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AACpE,OAAO,EAAE,GAAG,EAAE,MAAM,SAAS,CAAA;AAQ7B,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E,IAAI,MAAwC,CAAA;AAC5C,IAAI,eAAqE,CAAA;AACzE,IAAI,gBAA+C,CAAA;AACnD,IAAI,cAAqD,CAAA;AACzD,IAAI,qBAAqE,CAAA;AACzE,IAAI,iBAAiB,GAAG,KAAK,CAAA;AAC7B,IAAI,kBAA4C,CAAA;AAChD,MAAM,qBAAqB,GAAG,IAAI,qBAAqB,EAAE,CAAA;AACzD,IAAI,sBAA2C,CAAA;AAE/C,+EAA+E;AAC/E,0CAA0C;AAC1C,+EAA+E;AAE/E,SAAS,eAAe;IACtB,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAM;IACR,CAAC;IACD,MAAM,cAAc,GAAG,GAAG,EAAE,CAC1B,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;QAChB,eAAe,CAAC,qCAAqC,CAAC,EAAE,EAAE;YACxD,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACJ,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;IACtC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAA;IACvC,iBAAiB,GAAG,IAAI,CAAA;AAC1B,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAgB,EAAE,OAAe;IAC7D,+CAA+C;IAC/C,4DAA4D;IAC5D,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA,CAAC,cAAc;QACtD,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC,CAAA;IACxE,CAAC;IAED,wCAAwC;IACxC,OAAO,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,WAAW,EAAE,CAAA;AACzD,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,IAAY,EACZ,kBAAuC;IAEvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,eAAe,CAAC,8CAA8C,CAAC,CAAA;QAC/D,OAAO,KAAK,CAAA;IACd,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QACxD,IAAI,oBAAoB,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;YAC7C,eAAe,CAAC,0BAA0B,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;YACzD,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC1D,IAAI,oBAAoB,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,CAAC;YAC9C,eAAe,CAAC,2BAA2B,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;YAC1D,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,eAAe,CAAC,qCAAqC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;QACpE,OAAO,KAAK,CAAA;IACd,CAAC;IAED,eAAe,CAAC,yCAAyC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;IACxE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;QAC5D,IAAI,WAAW,EAAE,CAAC;YAChB,eAAe,CAAC,iBAAiB,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;YAChD,OAAO,IAAI,CAAA;QACb,CAAC;aAAM,CAAC;YACN,eAAe,CAAC,gBAAgB,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;YAC/C,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAe,CAAC,iCAAiC,KAAK,EAAE,EAAE;YACxD,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,kBAAuC;IAEvC,eAAe,GAAG,qBAAqB,CAAC;QACtC,MAAM,EAAE,CAAC,IAAY,EAAE,IAAY,EAAE,EAAE,CACrC,oBAAoB,CAAC,IAAI,EAAE,IAAI,EAAE,kBAAkB,CAAC;KACvD,CAAC,CAAA;IAEF,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7C,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAA;YAC9D,OAAM;QACR,CAAC;QAED,MAAM,MAAM,GAAG,eAAe,CAAA;QAE9B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;YAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAA;YAChC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC3C,MAAM,CAAC,KAAK,EAAE,CAAA;gBACd,eAAe,CAAC,qCAAqC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;gBACpE,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;YACvB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAA;YACzD,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;IAC/B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,kBAAuC;IAEvC,gBAAgB,GAAG,sBAAsB,CAAC;QACxC,MAAM,EAAE,CAAC,IAAY,EAAE,IAAY,EAAE,EAAE,CACrC,oBAAoB,CAAC,IAAI,EAAE,IAAI,EAAE,kBAAkB,CAAC;KACvD,CAAC,CAAA;IAEF,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7C,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,0CAA0C;YAC1C,MAAM,CAAC,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC,CAAA;YAC/D,OAAM;QACR,CAAC;QAED,gBAAgB;aACb,MAAM,CAAC,CAAC,EAAE,WAAW,CAAC;aACtB,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE;YACrB,gBAAgB,EAAE,KAAK,EAAE,CAAA;YACzB,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC,CAAC;aACD,KAAK,CAAC,MAAM,CAAC,CAAA;IAClB,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,+EAA+E;AAC/E,2DAA2D;AAC3D,+EAA+E;AAE/E,KAAK,UAAU,UAAU,CACvB,aAAmC,EACnC,kBAAuC,EACvC,gBAAgB,GAAG,KAAK;IAExB,iCAAiC;IACjC,IAAI,qBAAqB,EAAE,CAAC;QAC1B,MAAM,qBAAqB,CAAA;QAC3B,OAAM;IACR,CAAC;IAED,0CAA0C;IAC1C,MAAM,GAAG,aAAa,CAAA;IAEtB,+DAA+D;IAC/D,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAA;QAC9B,IAAI,YAAY,GAAG,wDAAwD,CAAA;QAE3E,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACzB,YAAY,IAAI,yDAAyD,CAAA;QAC3E,CAAC;aAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,YAAY,IAAI,0BAA0B,CAAA;QAC5C,CAAC;aAAM,CAAC;YACN,YAAY,IAAI,cAAc,QAAQ,qBAAqB,CAAA;QAC7D,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAA;IAC/B,CAAC;IAED,yCAAyC;IACzC,IAAI,gBAAgB,IAAI,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;QAClD,kBAAkB,GAAG,2BAA2B,CAC9C,qBAAqB,CAAC,YAAY,CAAC,IAAI,CAAC,qBAAqB,CAAC,EAC9D,MAAM,CAAC,gBAAgB,CACxB,CAAA;QACD,eAAe,CAAC,mCAAmC,CAAC,CAAA;IACtD,CAAC;IAED,uCAAuC;IACvC,eAAe,EAAE,CAAA;IAEjB,oCAAoC;IACpC,qBAAqB,GAAG,CAAC,KAAK,IAAI,EAAE;QAClC,IAAI,CAAC;YACH,oDAAoD;YACpD,IAAI,aAAqB,CAAA;YACzB,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC/C,iDAAiD;gBACjD,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAA;gBAC5C,eAAe,CAAC,qCAAqC,aAAa,EAAE,CAAC,CAAA;YACvE,CAAC;iBAAM,CAAC;gBACN,yBAAyB;gBACzB,aAAa,GAAG,MAAM,oBAAoB,CAAC,kBAAkB,CAAC,CAAA;YAChE,CAAC;YAED,IAAI,cAAsB,CAAA;YAC1B,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;gBAChD,kDAAkD;gBAClD,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAA;gBAC9C,eAAe,CAAC,sCAAsC,cAAc,EAAE,CAAC,CAAA;YACzE,CAAC;iBAAM,CAAC;gBACN,0BAA0B;gBAC1B,cAAc,GAAG,MAAM,qBAAqB,CAAC,kBAAkB,CAAC,CAAA;YAClE,CAAC;YAED,8CAA8C;YAC9C,IAAI,WAAkD,CAAA;YACtD,IAAI,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;gBAC9B,WAAW,GAAG,MAAM,4BAA4B,CAC9C,aAAa,EACb,cAAc,CACf,CAAA;YACH,CAAC;YAED,MAAM,OAAO,GAA8B;gBACzC,aAAa;gBACb,cAAc;gBACd,WAAW;aACZ,CAAA;YACD,cAAc,GAAG,OAAO,CAAA;YACxB,eAAe,CAAC,oCAAoC,CAAC,CAAA;YACrD,OAAO,OAAO,CAAA;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,wDAAwD;YACxD,qBAAqB,GAAG,SAAS,CAAA;YACjC,cAAc,GAAG,SAAS,CAAA;YAC1B,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;gBAChB,eAAe,CAAC,2CAA2C,CAAC,EAAE,EAAE;oBAC9D,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,MAAM,KAAK,CAAA;QACb,CAAC;IACH,CAAC,CAAC,EAAE,CAAA;IAEJ,MAAM,qBAAqB,CAAA;AAC7B,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAkB;IAC7C,MAAM,kBAAkB,GAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IACzD,OAAO,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,mBAAmB;IAC1B,kEAAkE;IAClE,OAAO,MAAM,KAAK,SAAS,CAAA;AAC7B,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB;IACxB,oCAAoC;IACpC,IAAI,sBAAsB,KAAK,SAAS,EAAE,CAAC;QACzC,OAAO,sBAAsB,CAAA;IAC/B,CAAC;IAED,SAAS,mBAAmB;QAC1B,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAA;QAE9B,yBAAyB;QACzB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,OAAO,KAAK,CAAA;QACd,CAAC;QAED,qEAAqE;QACrE,iFAAiF;QACjF,MAAM,gBAAgB,GAAG,MAAM,EAAE,OAAO,EAAE,OAAO,KAAK,SAAS,CAAA;QAC/D,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,sCAAsC;YACtC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;gBACtB,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACzB,MAAM,mBAAmB,GAAG,MAAM,EAAE,OAAO,EAAE,mBAAmB,IAAI,KAAK,CAAA;YACzE,OAAO,+BAA+B,CAAC,mBAAmB,CAAC,CAAA;QAC7D,CAAC;QAED,mDAAmD;QACnD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,sBAAsB,GAAG,mBAAmB,EAAE,CAAA;IAC9C,OAAO,sBAAsB,CAAA;AAC/B,CAAC;AAED,SAAS,eAAe;IACtB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAA;IACzB,CAAC;IAED,oCAAoC;IACpC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ;SACzC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC,EAAE;QACb,IAAI,WAAW,EAAE,KAAK,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,eAAe,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAA;YAC1D,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;IAEJ,OAAO;QACL,QAAQ,EAAE,SAAS;KACpB,CAAA;AACH,CAAC;AAED,SAAS,gBAAgB;IACvB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAA;IACnE,CAAC;IAED,mDAAmD;IACnD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU;SAC5C,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC,EAAE;QACb,IAAI,WAAW,EAAE,KAAK,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,eAAe,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAA;YAC1D,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;IAEJ,kDAAkD;IAClD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS;SAC1C,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC,EAAE;QACb,IAAI,WAAW,EAAE,KAAK,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,eAAe,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAA;YAC1D,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;IAEJ,+DAA+D;IAC/D,MAAM,SAAS,GAAG,CAAC,GAAG,oBAAoB,EAAE,EAAE,GAAG,UAAU,CAAC,CAAA;IAE5D,OAAO;QACL,SAAS;QACT,eAAe,EAAE,SAAS;KAC3B,CAAA;AACH,CAAC;AAED,SAAS,2BAA2B;IAClC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAA;IAClD,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAA;IAEhD,OAAO;QACL,GAAG,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;QAChD,GAAG,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;KAC/C,CAAA;AACH,CAAC;AAED,SAAS,mBAAmB;IAC1B,OAAO,MAAM,EAAE,OAAO,EAAE,gBAAgB,CAAA;AAC1C,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO,MAAM,EAAE,OAAO,EAAE,mBAAmB,CAAA;AAC7C,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO,MAAM,EAAE,OAAO,EAAE,iBAAiB,CAAA;AAC3C,CAAC;AAED,SAAS,mBAAmB;IAC1B,OAAO,MAAM,EAAE,gBAAgB,CAAA;AACjC,CAAC;AAED,SAAS,4BAA4B;IACnC,OAAO,MAAM,EAAE,yBAAyB,CAAA;AAC1C,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO,MAAM,EAAE,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AAC7C,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,cAAc,EAAE,aAAa,CAAA;AACtC,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,cAAc,EAAE,cAAc,CAAA;AACvC,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO,cAAc,EAAE,WAAW,EAAE,cAAc,CAAA;AACpD,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO,cAAc,EAAE,WAAW,EAAE,eAAe,CAAA;AACrD,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,4BAA4B;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IAAI,qBAAqB,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,qBAAqB,CAAA;YAC3B,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IACD,OAAO,cAAc,KAAK,SAAS,CAAA;AACrC,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,OAAe,EACf,QAAiB;IAEjB,qCAAqC;IACrC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAA;IAE9B,kCAAkC;IAClC,MAAM,4BAA4B,EAAE,CAAA;IAEpC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,MAAM,2BAA2B,CAAC;gBACvC,OAAO;gBACP,aAAa,EAAE,YAAY,EAAE;gBAC7B,cAAc,EAAE,iBAAiB,EAAE;gBACnC,UAAU,EAAE,eAAe,EAAE;gBAC7B,WAAW,EAAE,gBAAgB,EAAE;gBAC/B,uBAAuB,EAAE,IAAI;gBAC7B,gBAAgB,EAAE,mBAAmB,EAAE;gBACvC,mBAAmB,EAAE,sBAAsB,EAAE;gBAC7C,iBAAiB,EAAE,oBAAoB,EAAE;gBACzC,gBAAgB,EAAE,mBAAmB,EAAE;gBACvC,QAAQ;gBACR,aAAa,EAAE,gBAAgB,EAAE;aAClC,CAAC,CAAA;QAEJ,KAAK,OAAO;YACV,OAAO,2BAA2B,CAAC;gBACjC,OAAO;gBACP,sBAAsB,EAAE,IAAI;gBAC5B,yBAAyB,EAAE,IAAI;gBAC/B,cAAc,EAAE,sBAAsB,EAAE;gBACxC,eAAe,EAAE,uBAAuB,EAAE;gBAC1C,aAAa,EAAE,cAAc,EAAE,aAAa;gBAC5C,cAAc,EAAE,cAAc,EAAE,cAAc;gBAC9C,UAAU,EAAE,eAAe,EAAE;gBAC7B,WAAW,EAAE,gBAAgB,EAAE;gBAC/B,yBAAyB,EAAE,4BAA4B,EAAE;gBACzD,mBAAmB,EAAE,sBAAsB,EAAE;gBAC7C,QAAQ;gBACR,aAAa,EAAE,gBAAgB,EAAE;aAClC,CAAC,CAAA;QAEJ;YACE,oGAAoG;YACpG,MAAM,IAAI,KAAK,CACb,uDAAuD,QAAQ,EAAE,CAClE,CAAA;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,KAAK;IAClB,mBAAmB;IACnB,IAAI,kBAAkB,EAAE,CAAC;QACvB,kBAAkB,EAAE,CAAA;QACpB,kBAAkB,GAAG,SAAS,CAAA;IAChC,CAAC;IAED,IAAI,cAAc,EAAE,WAAW,EAAE,CAAC;QAChC,MAAM,EACJ,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,kBAAkB,GACnB,GAAG,cAAc,CAAC,WAAW,CAAA;QAE9B,yCAAyC;QACzC,MAAM,YAAY,GAAoB,EAAE,CAAA;QAExC,2CAA2C;QAC3C,IAAI,iBAAiB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBAC9C,eAAe,CAAC,qCAAqC,CAAC,CAAA;gBAEtD,2BAA2B;gBAC3B,YAAY,CAAC,IAAI,CACf,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;oBAC1B,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE;wBAClC,eAAe,CAAC,4BAA4B,CAAC,CAAA;wBAC7C,OAAO,EAAE,CAAA;oBACX,CAAC,CAAC,CAAA;oBACF,0BAA0B;oBAC1B,UAAU,CAAC,GAAG,EAAE;wBACd,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC;4BAC9B,eAAe,CAAC,2CAA2C,EAAE;gCAC3D,KAAK,EAAE,MAAM;6BACd,CAAC,CAAA;4BACF,IAAI,CAAC;gCACH,IAAI,iBAAiB,CAAC,GAAG,EAAE,CAAC;oCAC1B,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gCAChD,CAAC;4BACH,CAAC;4BAAC,MAAM,CAAC;gCACP,kCAAkC;4BACpC,CAAC;wBACH,CAAC;wBACD,OAAO,EAAE,CAAA;oBACX,CAAC,EAAE,IAAI,CAAC,CAAA;gBACV,CAAC,CAAC,CACH,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAK,GAA6B,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBACpD,eAAe,CAAC,8BAA8B,GAAG,EAAE,EAAE;wBACnD,KAAK,EAAE,OAAO;qBACf,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,kBAAkB,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;YACzD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBAC/C,eAAe,CAAC,sCAAsC,CAAC,CAAA;gBAEvD,2BAA2B;gBAC3B,YAAY,CAAC,IAAI,CACf,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;oBAC1B,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE;wBACnC,eAAe,CAAC,6BAA6B,CAAC,CAAA;wBAC9C,OAAO,EAAE,CAAA;oBACX,CAAC,CAAC,CAAA;oBACF,0BAA0B;oBAC1B,UAAU,CAAC,GAAG,EAAE;wBACd,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;4BAC/B,eAAe,CAAC,4CAA4C,EAAE;gCAC5D,KAAK,EAAE,MAAM;6BACd,CAAC,CAAA;4BACF,IAAI,CAAC;gCACH,IAAI,kBAAkB,CAAC,GAAG,EAAE,CAAC;oCAC3B,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gCACjD,CAAC;4BACH,CAAC;4BAAC,MAAM,CAAC;gCACP,kCAAkC;4BACpC,CAAC;wBACH,CAAC;wBACD,OAAO,EAAE,CAAA;oBACX,CAAC,EAAE,IAAI,CAAC,CAAA;gBACV,CAAC,CAAC,CACH,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAK,GAA6B,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBACpD,eAAe,CAAC,+BAA+B,GAAG,EAAE,EAAE;wBACpD,KAAK,EAAE,OAAO;qBACf,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QAE/B,mBAAmB;QACnB,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC1C,eAAe,CAAC,wBAAwB,CAAC,CAAA;YAC3C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,eAAe,CAAC,8BAA8B,GAAG,EAAE,EAAE;oBACnD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC3C,eAAe,CAAC,yBAAyB,CAAC,CAAA;YAC5C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,eAAe,CAAC,+BAA+B,GAAG,EAAE,EAAE;oBACpD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,MAAM,aAAa,GAAoB,EAAE,CAAA;IAEzC,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,eAAe,CAAA,CAAC,8CAA8C;QAC7E,MAAM,SAAS,GAAG,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;YAC5C,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACnB,IAAI,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,wBAAwB,EAAE,CAAC;oBACxD,eAAe,CAAC,oCAAoC,KAAK,CAAC,OAAO,EAAE,EAAE;wBACnE,KAAK,EAAE,OAAO;qBACf,CAAC,CAAA;gBACJ,CAAC;gBACD,OAAO,EAAE,CAAA;YACX,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAC/B,CAAC;IAED,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,KAAY,EAAE,EAAE;YACjE,eAAe,CAAC,qCAAqC,KAAK,CAAC,OAAO,EAAE,EAAE;gBACpE,KAAK,EAAE,OAAO;aACf,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAChC,CAAC;IAED,gCAAgC;IAChC,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAEhC,mBAAmB;IACnB,eAAe,GAAG,SAAS,CAAA;IAC3B,gBAAgB,GAAG,SAAS,CAAA;IAC5B,cAAc,GAAG,SAAS,CAAA;IAC1B,qBAAqB,GAAG,SAAS,CAAA;IACjC,sBAAsB,GAAG,SAAS,CAAA;AACpC,CAAC;AAED,SAAS,wBAAwB;IAC/B,OAAO,qBAAqB,CAAA;AAC9B,CAAC;AAED,SAAS,iCAAiC,CACxC,OAAe,EACf,MAAc;IAEd,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,MAAM,CAAA;IACf,CAAC;IAED,MAAM,UAAU,GAAG,qBAAqB,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAA;IACzE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI,SAAS,GAAG,MAAM,CAAA;IACtB,SAAS,IAAI,GAAG,GAAG,sBAAsB,GAAG,GAAG,CAAA;IAC/C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,SAAS,IAAI,SAAS,CAAC,IAAI,GAAG,GAAG,CAAA;IACnC,CAAC;IACD,SAAS,IAAI,uBAAuB,CAAA;IAEpC,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,2BAA2B;IAClC,qBAAqB;IACrB,oDAAoD;IACpD,IAAI,WAAW,EAAE,KAAK,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,YAAY,GAAa,EAAE,CAAA;IAEjC,2CAA2C;IAC3C,MAAM,QAAQ,GAAG;QACf,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ;QAC7B,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU;QAC/B,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS;KAC/B,CAAA;IAED,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,qFAAqF;QACrF,MAAM,uBAAuB,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAA;QAE9D,2EAA2E;QAC3E,IAAI,iBAAiB,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAC/C,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAoCD,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAoB;IAC7C,UAAU;IACV,mBAAmB;IACnB,mBAAmB;IACnB,iBAAiB;IACjB,eAAe;IACf,gBAAgB;IAChB,2BAA2B;IAC3B,mBAAmB;IACnB,oBAAoB;IACpB,4BAA4B;IAC5B,YAAY;IACZ,iBAAiB;IACjB,sBAAsB;IACtB,uBAAuB;IACvB,4BAA4B;IAC5B,eAAe;IACf,KAAK;IACL,wBAAwB;IACxB,iCAAiC;IACjC,2BAA2B;CACnB,CAAA"}
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
import type { FsReadRestrictionConfig, FsWriteRestrictionConfig } from './sandbox-schemas.js';
|
|
2
|
+
export interface WindowsSandboxParams {
|
|
3
|
+
command: string;
|
|
4
|
+
hasNetworkRestrictions: boolean;
|
|
5
|
+
hasFilesystemRestrictions: boolean;
|
|
6
|
+
httpProxyPort?: number;
|
|
7
|
+
socksProxyPort?: number;
|
|
8
|
+
readConfig?: FsReadRestrictionConfig;
|
|
9
|
+
writeConfig?: FsWriteRestrictionConfig;
|
|
10
|
+
binShell?: string;
|
|
11
|
+
ripgrepConfig?: {
|
|
12
|
+
command: string;
|
|
13
|
+
args?: string[];
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
|
+
/**
|
|
17
|
+
* Check if Windows sandbox dependencies are available (synchronous)
|
|
18
|
+
* Returns true if PowerShell is available and we can execute AppContainer commands.
|
|
19
|
+
*
|
|
20
|
+
* NOTE: Full AppContainer support requires:
|
|
21
|
+
* - Windows 8 or later
|
|
22
|
+
* - Administrator privileges (for creating AppContainer profiles)
|
|
23
|
+
* - PowerShell 5.0 or later
|
|
24
|
+
*
|
|
25
|
+
* This check verifies PowerShell is available. Additional runtime checks
|
|
26
|
+
* may be needed for AppContainer profile creation permissions.
|
|
27
|
+
*/
|
|
28
|
+
export declare function hasWindowsSandboxDependenciesSync(): boolean;
|
|
29
|
+
/**
|
|
30
|
+
* Wrap a command with Windows AppContainer sandboxing
|
|
31
|
+
*
|
|
32
|
+
* ARCHITECTURE:
|
|
33
|
+
* Windows sandboxing uses AppContainer, which provides:
|
|
34
|
+
* - Process isolation with restricted token
|
|
35
|
+
* - Capability-based access control
|
|
36
|
+
* - Network isolation via Windows Filtering Platform (WFP)
|
|
37
|
+
*
|
|
38
|
+
* IMPLEMENTATION NOTES:
|
|
39
|
+
* This is a foundational implementation that demonstrates the approach.
|
|
40
|
+
* Production-ready Windows sandboxing requires:
|
|
41
|
+
*
|
|
42
|
+
* 1. Native addon (C++/C#) for proper Win32 API access:
|
|
43
|
+
* - CreateAppContainerProfile()
|
|
44
|
+
* - DeriveAppContainerSidFromAppContainerName()
|
|
45
|
+
* - CreateProcessAsUser() with PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES
|
|
46
|
+
*
|
|
47
|
+
* 2. Fine-grained filesystem control:
|
|
48
|
+
* - Set ACLs on specific files/directories
|
|
49
|
+
* - Use Windows Integrity Levels
|
|
50
|
+
* - Combine with AppContainer capabilities
|
|
51
|
+
*
|
|
52
|
+
* 3. Network filtering:
|
|
53
|
+
* - Windows Filtering Platform (WFP) for packet-level control
|
|
54
|
+
* - Proper firewall rule scoping to AppContainer SID
|
|
55
|
+
*
|
|
56
|
+
* 4. Path translation:
|
|
57
|
+
* - Handle Windows path formats (C:\, UNC paths)
|
|
58
|
+
* - Translate Cygwin/MSYS2 paths if using Git Bash
|
|
59
|
+
*
|
|
60
|
+
* CURRENT LIMITATIONS:
|
|
61
|
+
* - Requires Administrator privileges
|
|
62
|
+
* - Filesystem restrictions are coarse-grained
|
|
63
|
+
* - Network restrictions rely on proxy environment variables (can be bypassed)
|
|
64
|
+
* - No violation monitoring like macOS sandbox log
|
|
65
|
+
*
|
|
66
|
+
* See:
|
|
67
|
+
* - https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation
|
|
68
|
+
* - https://learn.microsoft.com/en-us/windows/win32/api/userenv/nf-userenv-createappcontainerprofile
|
|
69
|
+
*/
|
|
70
|
+
export declare function wrapCommandWithSandboxWindows(params: WindowsSandboxParams): string;
|
|
71
|
+
/**
|
|
72
|
+
* Cleanup function for Windows sandbox resources
|
|
73
|
+
*
|
|
74
|
+
* Should be called on process exit to:
|
|
75
|
+
* - Delete AppContainer profiles
|
|
76
|
+
* - Remove firewall rules
|
|
77
|
+
* - Clean up any temporary files
|
|
78
|
+
*
|
|
79
|
+
* TODO: Implement when native AppContainer support is added
|
|
80
|
+
*/
|
|
81
|
+
export declare function cleanupWindowsSandbox(profileName: string): void;
|
|
82
|
+
//# sourceMappingURL=windows-sandbox-utils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"windows-sandbox-utils.d.ts","sourceRoot":"","sources":["../../src/sandbox/windows-sandbox-utils.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,uBAAuB,EACvB,wBAAwB,EACzB,MAAM,sBAAsB,CAAA;AAE7B,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAA;IACf,sBAAsB,EAAE,OAAO,CAAA;IAC/B,yBAAyB,EAAE,OAAO,CAAA;IAClC,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,UAAU,CAAC,EAAE,uBAAuB,CAAA;IACpC,WAAW,CAAC,EAAE,wBAAwB,CAAA;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,aAAa,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAA;CACrD;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,iCAAiC,IAAI,OAAO,CAyB3D;AAoHD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,wBAAgB,6BAA6B,CAC3C,MAAM,EAAE,oBAAoB,GAC3B,MAAM,CA+FR;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAM/D"}
|
|
@@ -0,0 +1,270 @@
|
|
|
1
|
+
import shellquote from 'shell-quote';
|
|
2
|
+
import { logForDebugging } from '../utils/debug.js';
|
|
3
|
+
import { spawnSync } from 'node:child_process';
|
|
4
|
+
import { randomBytes } from 'node:crypto';
|
|
5
|
+
import { generateProxyEnvVars } from './sandbox-utils.js';
|
|
6
|
+
/**
|
|
7
|
+
* Check if Windows sandbox dependencies are available (synchronous)
|
|
8
|
+
* Returns true if PowerShell is available and we can execute AppContainer commands.
|
|
9
|
+
*
|
|
10
|
+
* NOTE: Full AppContainer support requires:
|
|
11
|
+
* - Windows 8 or later
|
|
12
|
+
* - Administrator privileges (for creating AppContainer profiles)
|
|
13
|
+
* - PowerShell 5.0 or later
|
|
14
|
+
*
|
|
15
|
+
* This check verifies PowerShell is available. Additional runtime checks
|
|
16
|
+
* may be needed for AppContainer profile creation permissions.
|
|
17
|
+
*/
|
|
18
|
+
export function hasWindowsSandboxDependenciesSync() {
|
|
19
|
+
try {
|
|
20
|
+
// Check if PowerShell is available
|
|
21
|
+
const pwshResult = spawnSync('where.exe', ['powershell.exe'], {
|
|
22
|
+
stdio: 'ignore',
|
|
23
|
+
timeout: 1000,
|
|
24
|
+
});
|
|
25
|
+
if (pwshResult.status !== 0) {
|
|
26
|
+
logForDebugging('[Sandbox Windows] PowerShell not found - sandboxing disabled', { level: 'warn' });
|
|
27
|
+
return false;
|
|
28
|
+
}
|
|
29
|
+
// TODO: Add additional checks:
|
|
30
|
+
// - Windows version >= 8
|
|
31
|
+
// - Check if running with sufficient privileges
|
|
32
|
+
// - Test AppContainer profile creation/deletion
|
|
33
|
+
return true;
|
|
34
|
+
}
|
|
35
|
+
catch {
|
|
36
|
+
return false;
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* TODO: Generate Windows AppContainer capability list based on filesystem restrictions
|
|
41
|
+
*
|
|
42
|
+
* AppContainer capabilities determine what resources the sandboxed process can access.
|
|
43
|
+
* See: https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-capabilities
|
|
44
|
+
*
|
|
45
|
+
* Common capabilities:
|
|
46
|
+
* - internetClient: Access to internet
|
|
47
|
+
* - internetClientServer: Act as network server
|
|
48
|
+
* - privateNetworkClientServer: Access to private networks
|
|
49
|
+
* - documentsLibrary, picturesLibrary, videosLibrary, musicLibrary: Access to user libraries
|
|
50
|
+
*
|
|
51
|
+
* LIMITATION: Windows AppContainer capabilities are coarse-grained compared to
|
|
52
|
+
* Unix file permissions. Fine-grained path restrictions require ACL manipulation
|
|
53
|
+
* in addition to AppContainer capabilities.
|
|
54
|
+
*
|
|
55
|
+
* This function will be implemented when full AppContainer support is added.
|
|
56
|
+
*/
|
|
57
|
+
/**
|
|
58
|
+
* Generate PowerShell script to create/get AppContainer profile
|
|
59
|
+
*
|
|
60
|
+
* AppContainer profiles are persistent and identified by name.
|
|
61
|
+
* We create one profile per sandbox session (using random ID) and clean it up after use.
|
|
62
|
+
*
|
|
63
|
+
* NOTE: This approach requires Administrator privileges on Windows.
|
|
64
|
+
* Production implementation should consider:
|
|
65
|
+
* - Reusing a single long-lived profile
|
|
66
|
+
* - Handling profile creation failures gracefully
|
|
67
|
+
* - Cleanup on process exit
|
|
68
|
+
*/
|
|
69
|
+
function generateAppContainerProfileScript(profileName) {
|
|
70
|
+
// PowerShell script to create an AppContainer profile
|
|
71
|
+
// This uses the Windows.Security.Isolation.IsolatedWindowsEnvironment APIs
|
|
72
|
+
//
|
|
73
|
+
// IMPORTANT: This is a simplified example. Production implementation needs:
|
|
74
|
+
// 1. Error handling for profile creation
|
|
75
|
+
// 2. Proper SID management
|
|
76
|
+
// 3. Cleanup on exit
|
|
77
|
+
// 4. Handle existing profiles
|
|
78
|
+
return `
|
|
79
|
+
$profileName = "${profileName}"
|
|
80
|
+
|
|
81
|
+
# Try to create new AppContainer profile
|
|
82
|
+
# This requires Administrator privileges
|
|
83
|
+
try {
|
|
84
|
+
Add-Type -AssemblyName System.Security
|
|
85
|
+
|
|
86
|
+
# Check if profile already exists by trying to derive its SID
|
|
87
|
+
try {
|
|
88
|
+
$sid = [System.Security.Principal.AppContainerSid]::new($profileName)
|
|
89
|
+
Write-Host "AppContainer profile already exists: $profileName"
|
|
90
|
+
} catch {
|
|
91
|
+
Write-Host "Creating new AppContainer profile: $profileName"
|
|
92
|
+
# Note: Actual profile creation requires calling Win32 APIs
|
|
93
|
+
# This is a placeholder - real implementation would use:
|
|
94
|
+
# - CreateAppContainerProfile() Win32 API
|
|
95
|
+
# - Or New-IsolatedWindowsEnvironment cmdlet (Windows 10+)
|
|
96
|
+
throw "AppContainer profile creation not yet fully implemented. This requires native Win32 API calls."
|
|
97
|
+
}
|
|
98
|
+
} catch {
|
|
99
|
+
Write-Error "Failed to create AppContainer profile: $_"
|
|
100
|
+
exit 1
|
|
101
|
+
}
|
|
102
|
+
`.trim();
|
|
103
|
+
}
|
|
104
|
+
/**
|
|
105
|
+
* Generate PowerShell script to configure Windows Firewall rules for the sandbox
|
|
106
|
+
*
|
|
107
|
+
* This restricts network access to only:
|
|
108
|
+
* 1. Localhost connections (for proxy communication)
|
|
109
|
+
* 2. Specific ports (HTTP proxy, SOCKS proxy)
|
|
110
|
+
*
|
|
111
|
+
* ARCHITECTURE:
|
|
112
|
+
* - Create temporary firewall rule scoped to the AppContainer SID
|
|
113
|
+
* - Allow outbound to localhost:httpProxyPort and localhost:socksProxyPort
|
|
114
|
+
* - Block all other outbound connections
|
|
115
|
+
* - Remove rule on cleanup
|
|
116
|
+
*/
|
|
117
|
+
function generateFirewallRulesScript(profileName, httpProxyPort, socksProxyPort) {
|
|
118
|
+
const ruleName = `SandboxRuntime_${profileName}`;
|
|
119
|
+
return `
|
|
120
|
+
$ruleName = "${ruleName}"
|
|
121
|
+
|
|
122
|
+
# Create firewall rule to allow only localhost proxy connections
|
|
123
|
+
# This limits the AppContainer to communicating only with our proxy servers
|
|
124
|
+
|
|
125
|
+
try {
|
|
126
|
+
# Remove existing rule if present
|
|
127
|
+
Remove-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue
|
|
128
|
+
|
|
129
|
+
# Allow outbound to localhost on proxy ports
|
|
130
|
+
${httpProxyPort ? `New-NetFirewallRule -DisplayName "$ruleName-HTTP" -Direction Outbound -Action Allow -RemoteAddress 127.0.0.1 -RemotePort ${httpProxyPort} -Protocol TCP` : ''}
|
|
131
|
+
${socksProxyPort ? `New-NetFirewallRule -DisplayName "$ruleName-SOCKS" -Direction Outbound -Action Allow -RemoteAddress 127.0.0.1 -RemotePort ${socksProxyPort} -Protocol TCP` : ''}
|
|
132
|
+
|
|
133
|
+
# Block all other outbound connections for this AppContainer
|
|
134
|
+
# TODO: This requires AppContainer SID to properly scope the rule
|
|
135
|
+
# For now, we rely on proxy environment variables
|
|
136
|
+
|
|
137
|
+
Write-Host "Firewall rules configured for $ruleName"
|
|
138
|
+
} catch {
|
|
139
|
+
Write-Error "Failed to configure firewall rules: $_"
|
|
140
|
+
exit 1
|
|
141
|
+
}
|
|
142
|
+
`.trim();
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Wrap a command with Windows AppContainer sandboxing
|
|
146
|
+
*
|
|
147
|
+
* ARCHITECTURE:
|
|
148
|
+
* Windows sandboxing uses AppContainer, which provides:
|
|
149
|
+
* - Process isolation with restricted token
|
|
150
|
+
* - Capability-based access control
|
|
151
|
+
* - Network isolation via Windows Filtering Platform (WFP)
|
|
152
|
+
*
|
|
153
|
+
* IMPLEMENTATION NOTES:
|
|
154
|
+
* This is a foundational implementation that demonstrates the approach.
|
|
155
|
+
* Production-ready Windows sandboxing requires:
|
|
156
|
+
*
|
|
157
|
+
* 1. Native addon (C++/C#) for proper Win32 API access:
|
|
158
|
+
* - CreateAppContainerProfile()
|
|
159
|
+
* - DeriveAppContainerSidFromAppContainerName()
|
|
160
|
+
* - CreateProcessAsUser() with PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES
|
|
161
|
+
*
|
|
162
|
+
* 2. Fine-grained filesystem control:
|
|
163
|
+
* - Set ACLs on specific files/directories
|
|
164
|
+
* - Use Windows Integrity Levels
|
|
165
|
+
* - Combine with AppContainer capabilities
|
|
166
|
+
*
|
|
167
|
+
* 3. Network filtering:
|
|
168
|
+
* - Windows Filtering Platform (WFP) for packet-level control
|
|
169
|
+
* - Proper firewall rule scoping to AppContainer SID
|
|
170
|
+
*
|
|
171
|
+
* 4. Path translation:
|
|
172
|
+
* - Handle Windows path formats (C:\, UNC paths)
|
|
173
|
+
* - Translate Cygwin/MSYS2 paths if using Git Bash
|
|
174
|
+
*
|
|
175
|
+
* CURRENT LIMITATIONS:
|
|
176
|
+
* - Requires Administrator privileges
|
|
177
|
+
* - Filesystem restrictions are coarse-grained
|
|
178
|
+
* - Network restrictions rely on proxy environment variables (can be bypassed)
|
|
179
|
+
* - No violation monitoring like macOS sandbox log
|
|
180
|
+
*
|
|
181
|
+
* See:
|
|
182
|
+
* - https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation
|
|
183
|
+
* - https://learn.microsoft.com/en-us/windows/win32/api/userenv/nf-userenv-createappcontainerprofile
|
|
184
|
+
*/
|
|
185
|
+
export function wrapCommandWithSandboxWindows(params) {
|
|
186
|
+
const { command, hasNetworkRestrictions, hasFilesystemRestrictions, httpProxyPort, socksProxyPort, readConfig: _readConfig, writeConfig: _writeConfig, binShell, } = params;
|
|
187
|
+
// If no restrictions, return command as-is
|
|
188
|
+
if (!hasNetworkRestrictions && !hasFilesystemRestrictions) {
|
|
189
|
+
return command;
|
|
190
|
+
}
|
|
191
|
+
// Generate unique profile name for this sandbox session
|
|
192
|
+
const profileId = randomBytes(8).toString('hex');
|
|
193
|
+
const profileName = `SandboxRuntime_${profileId}`;
|
|
194
|
+
// Default to bash (from Git for Windows)
|
|
195
|
+
// On Windows, this is typically: C:\Program Files\Git\bin\bash.exe
|
|
196
|
+
const shellPath = binShell || 'bash';
|
|
197
|
+
logForDebugging(`[Sandbox Windows] Creating AppContainer profile: ${profileName}`);
|
|
198
|
+
logForDebugging(`[Sandbox Windows] Using shell: ${shellPath}`);
|
|
199
|
+
// Generate proxy environment variables
|
|
200
|
+
let envVars = '';
|
|
201
|
+
if (hasNetworkRestrictions && httpProxyPort && socksProxyPort) {
|
|
202
|
+
const proxyEnv = generateProxyEnvVars(httpProxyPort, socksProxyPort);
|
|
203
|
+
// Convert to PowerShell environment variable format
|
|
204
|
+
envVars = proxyEnv
|
|
205
|
+
.map(env => {
|
|
206
|
+
const [key, value] = env.split('=');
|
|
207
|
+
return `$env:${key}="${value}"`;
|
|
208
|
+
})
|
|
209
|
+
.join('; ');
|
|
210
|
+
}
|
|
211
|
+
// IMPORTANT: This is a placeholder implementation
|
|
212
|
+
// Real AppContainer execution requires Win32 API calls that cannot be easily
|
|
213
|
+
// done from PowerShell. Options:
|
|
214
|
+
//
|
|
215
|
+
// 1. Create a native Node.js addon using N-API
|
|
216
|
+
// 2. Create a standalone .exe helper tool (like apply-seccomp on Linux)
|
|
217
|
+
// 3. Use PowerShell with Add-Type to compile C# code that calls Win32 APIs
|
|
218
|
+
//
|
|
219
|
+
// For now, we return a command that:
|
|
220
|
+
// - Sets up proxy environment variables
|
|
221
|
+
// - Executes the shell
|
|
222
|
+
// - Logs a warning that full sandboxing is not yet implemented
|
|
223
|
+
logForDebugging('[Sandbox Windows] WARNING: Full AppContainer sandboxing is not yet implemented. ' +
|
|
224
|
+
'This requires native Win32 API integration. Currently only applying proxy environment variables.', { level: 'warn' });
|
|
225
|
+
// Generate the profile creation script (for future implementation)
|
|
226
|
+
const profileScript = generateAppContainerProfileScript(profileName);
|
|
227
|
+
const firewallScript = hasNetworkRestrictions
|
|
228
|
+
? generateFirewallRulesScript(profileName, httpProxyPort, socksProxyPort)
|
|
229
|
+
: '';
|
|
230
|
+
// Log the scripts that would be used in full implementation
|
|
231
|
+
logForDebugging('[Sandbox Windows] Profile creation script:');
|
|
232
|
+
logForDebugging(profileScript);
|
|
233
|
+
if (firewallScript) {
|
|
234
|
+
logForDebugging('[Sandbox Windows] Firewall rules script:');
|
|
235
|
+
logForDebugging(firewallScript);
|
|
236
|
+
}
|
|
237
|
+
// For now, just wrap with environment variables
|
|
238
|
+
// The shell (bash.exe from Git for Windows) will respect these
|
|
239
|
+
const wrappedCommand = envVars
|
|
240
|
+
? `${shellPath} -c ${shellquote.quote([`${envVars}; ${command}`])}`
|
|
241
|
+
: command;
|
|
242
|
+
logForDebugging(`[Sandbox Windows] Wrapped command: ${wrappedCommand}`);
|
|
243
|
+
// TODO: Return actual AppContainer-wrapped command when native implementation is ready
|
|
244
|
+
// Format would be something like:
|
|
245
|
+
// return `sandboxed-exec.exe --profile ${profileName} --shell "${shellPath}" --command ${shellquote.quote([command])}`
|
|
246
|
+
//
|
|
247
|
+
// Where sandboxed-exec.exe is a native helper that:
|
|
248
|
+
// 1. Creates/loads AppContainer profile
|
|
249
|
+
// 2. Sets up firewall rules
|
|
250
|
+
// 3. Calls CreateProcessAsUser() with AppContainer token
|
|
251
|
+
// 4. Cleans up on exit
|
|
252
|
+
return wrappedCommand;
|
|
253
|
+
}
|
|
254
|
+
/**
|
|
255
|
+
* Cleanup function for Windows sandbox resources
|
|
256
|
+
*
|
|
257
|
+
* Should be called on process exit to:
|
|
258
|
+
* - Delete AppContainer profiles
|
|
259
|
+
* - Remove firewall rules
|
|
260
|
+
* - Clean up any temporary files
|
|
261
|
+
*
|
|
262
|
+
* TODO: Implement when native AppContainer support is added
|
|
263
|
+
*/
|
|
264
|
+
export function cleanupWindowsSandbox(profileName) {
|
|
265
|
+
logForDebugging(`[Sandbox Windows] Cleanup for profile: ${profileName}`);
|
|
266
|
+
// TODO: Implement cleanup
|
|
267
|
+
// - DeleteAppContainerProfile()
|
|
268
|
+
// - Remove-NetFirewallRule
|
|
269
|
+
}
|
|
270
|
+
//# sourceMappingURL=windows-sandbox-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"windows-sandbox-utils.js","sourceRoot":"","sources":["../../src/sandbox/windows-sandbox-utils.ts"],"names":[],"mappings":"AAAA,OAAO,UAAU,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA;AAkBzD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iCAAiC;IAC/C,IAAI,CAAC;QACH,mCAAmC;QACnC,MAAM,UAAU,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,EAAE;YAC5D,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,IAAI;SACd,CAAC,CAAA;QAEF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,eAAe,CACb,8DAA8D,EAC9D,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAA;YACD,OAAO,KAAK,CAAA;QACd,CAAC;QAED,+BAA+B;QAC/B,yBAAyB;QACzB,gDAAgD;QAChD,gDAAgD;QAEhD,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AAEH;;;;;;;;;;;GAWG;AACH,SAAS,iCAAiC,CAAC,WAAmB;IAC5D,sDAAsD;IACtD,2EAA2E;IAC3E,EAAE;IACF,4EAA4E;IAC5E,yCAAyC;IACzC,2BAA2B;IAC3B,qBAAqB;IACrB,8BAA8B;IAE9B,OAAO;kBACS,WAAW;;;;;;;;;;;;;;;;;;;;;;;CAuB5B,CAAC,IAAI,EAAE,CAAA;AACR,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,2BAA2B,CAClC,WAAmB,EACnB,aAAsB,EACtB,cAAuB;IAEvB,MAAM,QAAQ,GAAG,kBAAkB,WAAW,EAAE,CAAA;IAEhD,OAAO;eACM,QAAQ;;;;;;;;;;IAUnB,aAAa,CAAC,CAAC,CAAC,4HAA4H,aAAa,gBAAgB,CAAC,CAAC,CAAC,EAAE;IAC9K,cAAc,CAAC,CAAC,CAAC,6HAA6H,cAAc,gBAAgB,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;CAWpL,CAAC,IAAI,EAAE,CAAA;AACR,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,MAAM,UAAU,6BAA6B,CAC3C,MAA4B;IAE5B,MAAM,EACJ,OAAO,EACP,sBAAsB,EACtB,yBAAyB,EACzB,aAAa,EACb,cAAc,EACd,UAAU,EAAE,WAAW,EACvB,WAAW,EAAE,YAAY,EACzB,QAAQ,GACT,GAAG,MAAM,CAAA;IAEV,2CAA2C;IAC3C,IAAI,CAAC,sBAAsB,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAC1D,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,wDAAwD;IACxD,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IAChD,MAAM,WAAW,GAAG,kBAAkB,SAAS,EAAE,CAAA;IAEjD,yCAAyC;IACzC,mEAAmE;IACnE,MAAM,SAAS,GAAG,QAAQ,IAAI,MAAM,CAAA;IAEpC,eAAe,CACb,oDAAoD,WAAW,EAAE,CAClE,CAAA;IACD,eAAe,CAAC,kCAAkC,SAAS,EAAE,CAAC,CAAA;IAE9D,uCAAuC;IACvC,IAAI,OAAO,GAAG,EAAE,CAAA;IAChB,IAAI,sBAAsB,IAAI,aAAa,IAAI,cAAc,EAAE,CAAC;QAC9D,MAAM,QAAQ,GAAG,oBAAoB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAA;QACpE,oDAAoD;QACpD,OAAO,GAAG,QAAQ;aACf,GAAG,CAAC,GAAG,CAAC,EAAE;YACT,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACnC,OAAO,QAAQ,GAAG,KAAK,KAAK,GAAG,CAAA;QACjC,CAAC,CAAC;aACD,IAAI,CAAC,IAAI,CAAC,CAAA;IACf,CAAC;IAED,kDAAkD;IAClD,6EAA6E;IAC7E,iCAAiC;IACjC,EAAE;IACF,+CAA+C;IAC/C,wEAAwE;IACxE,2EAA2E;IAC3E,EAAE;IACF,qCAAqC;IACrC,wCAAwC;IACxC,uBAAuB;IACvB,+DAA+D;IAE/D,eAAe,CACb,kFAAkF;QAChF,kGAAkG,EACpG,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAA;IAED,mEAAmE;IACnE,MAAM,aAAa,GAAG,iCAAiC,CAAC,WAAW,CAAC,CAAA;IACpE,MAAM,cAAc,GAAG,sBAAsB;QAC3C,CAAC,CAAC,2BAA2B,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACzE,CAAC,CAAC,EAAE,CAAA;IAEN,4DAA4D;IAC5D,eAAe,CAAC,4CAA4C,CAAC,CAAA;IAC7D,eAAe,CAAC,aAAa,CAAC,CAAA;IAC9B,IAAI,cAAc,EAAE,CAAC;QACnB,eAAe,CAAC,0CAA0C,CAAC,CAAA;QAC3D,eAAe,CAAC,cAAc,CAAC,CAAA;IACjC,CAAC;IAED,gDAAgD;IAChD,+DAA+D;IAC/D,MAAM,cAAc,GAAG,OAAO;QAC5B,CAAC,CAAC,GAAG,SAAS,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,GAAG,OAAO,KAAK,OAAO,EAAE,CAAC,CAAC,EAAE;QACnE,CAAC,CAAC,OAAO,CAAA;IAEX,eAAe,CAAC,sCAAsC,cAAc,EAAE,CAAC,CAAA;IAEvE,uFAAuF;IACvF,kCAAkC;IAClC,uHAAuH;IACvH,EAAE;IACF,oDAAoD;IACpD,wCAAwC;IACxC,4BAA4B;IAC5B,yDAAyD;IACzD,uBAAuB;IAEvB,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CAAC,WAAmB;IACvD,eAAe,CAAC,0CAA0C,WAAW,EAAE,CAAC,CAAA;IAExE,0BAA0B;IAC1B,gCAAgC;IAChC,2BAA2B;AAC7B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@anthropic-ai/sandbox-runtime",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.7",
|
|
4
4
|
"description": "Anthropic Sandbox Runtime (ASRT) - A general-purpose tool for wrapping security boundaries around arbitrary processes",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|