@ash-ai/server 0.0.26 → 0.0.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { describe, it, expect, afterEach } from 'vitest';
|
|
2
|
-
import { buildBwrapArgs,
|
|
2
|
+
import { buildBwrapArgs, hasBwrap } from '@ash-ai/sandbox';
|
|
3
3
|
import { execSync } from 'node:child_process';
|
|
4
4
|
import { mkdtempSync, mkdirSync, writeFileSync, rmSync } from 'node:fs';
|
|
5
5
|
import { join } from 'node:path';
|
|
@@ -92,46 +92,6 @@ describe('sandbox filesystem isolation', () => {
|
|
|
92
92
|
expect(tmpfsMounts).toContain('/var/ash/data');
|
|
93
93
|
});
|
|
94
94
|
});
|
|
95
|
-
describe('generateOciSpec', () => {
|
|
96
|
-
it('hides the entire data directory, not just sandboxesDir', () => {
|
|
97
|
-
const opts = makeSandboxOpts('/data');
|
|
98
|
-
const spec = generateOciSpec(opts, 'node', ['bridge.js'], { PATH: '/usr/bin' });
|
|
99
|
-
const tmpfsMounts = spec.mounts
|
|
100
|
-
.filter((m) => m.type === 'tmpfs')
|
|
101
|
-
.map((m) => m.destination);
|
|
102
|
-
expect(tmpfsMounts).toContain('/data');
|
|
103
|
-
expect(tmpfsMounts).not.toContain('/data/sandboxes');
|
|
104
|
-
});
|
|
105
|
-
it('restores only the current sandbox directory', () => {
|
|
106
|
-
const opts = makeSandboxOpts('/data', 'abc-123');
|
|
107
|
-
const spec = generateOciSpec(opts, 'node', ['bridge.js'], { PATH: '/usr/bin' });
|
|
108
|
-
const bindMounts = spec.mounts
|
|
109
|
-
.filter((m) => m.type === 'bind')
|
|
110
|
-
.map((m) => m.destination);
|
|
111
|
-
expect(bindMounts).toContain('/data/sandboxes/abc-123');
|
|
112
|
-
});
|
|
113
|
-
it('does not expose agents or sessions directories', () => {
|
|
114
|
-
const opts = makeSandboxOpts('/data');
|
|
115
|
-
const spec = generateOciSpec(opts, 'node', ['bridge.js'], { PATH: '/usr/bin' });
|
|
116
|
-
const bindMounts = spec.mounts
|
|
117
|
-
.filter((m) => m.type === 'bind')
|
|
118
|
-
.map((m) => m.destination);
|
|
119
|
-
for (const mount of bindMounts) {
|
|
120
|
-
expect(mount).not.toContain('/data/agents');
|
|
121
|
-
expect(mount).not.toContain('/data/sessions');
|
|
122
|
-
}
|
|
123
|
-
});
|
|
124
|
-
it('mount order: tmpfs for data dir comes before bind for sandbox dir', () => {
|
|
125
|
-
const opts = makeSandboxOpts('/data', 'sandbox-1');
|
|
126
|
-
const spec = generateOciSpec(opts, 'node', ['bridge.js'], { PATH: '/usr/bin' });
|
|
127
|
-
const dataTmpfsIdx = spec.mounts.findIndex((m) => m.type === 'tmpfs' && m.destination === '/data');
|
|
128
|
-
const sandboxBindIdx = spec.mounts.findIndex((m) => m.type === 'bind' && m.destination === '/data/sandboxes/sandbox-1');
|
|
129
|
-
expect(dataTmpfsIdx).toBeGreaterThan(-1);
|
|
130
|
-
expect(sandboxBindIdx).toBeGreaterThan(-1);
|
|
131
|
-
// tmpfs must come before bind so the bind overrides it for the specific path
|
|
132
|
-
expect(dataTmpfsIdx).toBeLessThan(sandboxBindIdx);
|
|
133
|
-
});
|
|
134
|
-
});
|
|
135
95
|
// ---------------------------------------------------------------------------
|
|
136
96
|
// Integration test — actually runs bwrap (Linux only)
|
|
137
97
|
// ---------------------------------------------------------------------------
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox-isolation.test.js","sourceRoot":"","sources":["../../src/__tests__/sandbox-isolation.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"sandbox-isolation.test.js","sourceRoot":"","sources":["../../src/__tests__/sandbox-isolation.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE3D,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC;;;;;GAKG;AAEH,SAAS,eAAe,CAAC,OAAe,EAAE,SAAS,GAAG,gBAAgB;IACpE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACnD,OAAO;QACL,SAAS;QACT,YAAY;QACZ,QAAQ,EAAE,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC;QAC/C,UAAU;QACV,YAAY;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,8EAA8E;IAC9E,qEAAqE;IACrE,8EAA8E;IAE9E,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YAElC,4DAA4D;YAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,WAAW,GAAa,EAAE,CAAC;YACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS;oBAAE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACvC,8DAA8D;YAC9D,gDAAgD;YAChD,MAAM,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YAElC,4CAA4C;YAC5C,MAAM,UAAU,GAAa,EAAE,CAAC;YAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ;oBAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACzD,CAAC;YAED,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YACjE,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YAElC,qEAAqE;YACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC;YACtF,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,OAAO,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,iBAAiB,CAAC,CAAC;YAC5F,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC;YAEtG,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YAElC,yCAAyC;YACzC,MAAM,UAAU,GAAa,EAAE,CAAC;YAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,WAAW,EAAE,CAAC;oBACpD,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC3B,0DAA0D;oBAC1D,IAAI,MAAM,KAAK,GAAG;wBAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;gBAC5C,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;YAChD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,IAAI,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;YAC9C,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YAElC,MAAM,WAAW,GAAa,EAAE,CAAC;YACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS;oBAAE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,8EAA8E;IAC9E,sDAAsD;IACtD,8EAA8E;IAE9E,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,QAAQ,EAAE,EAAE,CAAC;QAC/C,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;YACjC,IAAI,OAAe,CAAC;YAEpB,SAAS,CAAC,GAAG,EAAE;gBACb,IAAI,OAAO;oBAAE,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACjE,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;gBACnE,sDAAsD;gBACtD,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,qBAAqB,CAAC,CAAC,CAAC;gBAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;gBAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;gBAChD,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;gBACpD,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;gBAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;gBAEnD,wCAAwC;gBACxC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChE,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC,EAAE,qBAAqB,CAAC,CAAC;gBACnF,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACjE,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,oBAAoB,CAAC,CAAC;gBACnF,SAAS,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,aAAa,CAAC,IAAI,CAAC,eAAe,EAAE,aAAa,CAAC,EAAE,sBAAsB,CAAC,CAAC;gBAC5E,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC7C,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,EAAE,mBAAmB,CAAC,CAAC;gBAEpE,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;gBACpD,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;gBAElC,sDAAsD;gBACtD,MAAM,KAAK,GAAG;oBACZ,+CAA+C;oBAC/C,WAAW,YAAY,2EAA2E;oBAClG,qCAAqC;oBACrC,WAAW,SAAS,mDAAmD;oBACvE,uCAAuC;oBACvC,WAAW,WAAW,uDAAuD;oBAC7E,wCAAwC;oBACxC,WAAW,eAAe,iEAAiE;oBAC3F,8DAA8D;oBAC9D,MAAM,OAAO,8DAA8D;iBAC5E,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEd,MAAM,MAAM,GAAG,QAAQ,CACrB,SAAS,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,mBAAmB,KAAK,GAAG,EACvE,EAAE,OAAO,EAAE,MAAM,EAAE,CACpB,CAAC,QAAQ,EAAE,CAAC;gBAEb,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;gBAClD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;gBAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;gBAC5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;gBACjD,kFAAkF;gBAClF,gFAAgF;gBAChF,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ash-ai/server",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.27",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -36,7 +36,7 @@
|
|
|
36
36
|
"drizzle-orm": "^0.44.7",
|
|
37
37
|
"fastify": "^5.8.1",
|
|
38
38
|
"pg": "^8.20.0",
|
|
39
|
-
"@ash-ai/sandbox": "0.0.
|
|
39
|
+
"@ash-ai/sandbox": "0.0.24",
|
|
40
40
|
"@ash-ai/shared": "0.0.19"
|
|
41
41
|
},
|
|
42
42
|
"devDependencies": {
|