@bike4mind/cli 0.2.64-worktree-refactor-extract-search-query-builders.21815 → 0.2.64

package/dist/chunk-KQAMBXAW.js

@@ -1,163 +0,0 @@
-#!/usr/bin/env node
-import {
-  DEFAULT_SANDBOX_CONFIG
-} from "./chunk-4BIBE3J7.js";
-
-// src/sandbox/SandboxOrchestrator.ts
-var SandboxOrchestrator = class {
-  constructor(config, runtime, proxyManager) {
-    this.stats = { sandboxed: 0, unsandboxed: 0, blocked: 0, violations: 0 };
-    this.violationStore = null;
-    this.config = config ?? DEFAULT_SANDBOX_CONFIG;
-    this.runtime = runtime ?? null;
-    this.proxyManager = proxyManager ?? null;
-  }
-  /**
-   * Determine whether a command should be sandboxed.
-   *
-   * Decision logic:
-   * 1. If sandbox is disabled → unsandboxed (no permission change)
-   * 2. If command matches an excluded command → unsandboxed (requires permission)
-   * 3. If runtime is not available → unsandboxed with warning
-   * 4. Otherwise → sandbox the command
-   */
-  shouldSandbox(command, cwd) {
-    if (!this.config.enabled || this.config.mode === "disabled") {
-      return { type: "unsandboxed", requiresPermission: true };
-    }
-    const baseCommand = this.getBaseCommand(command);
-    if (this.isExcludedCommand(baseCommand)) {
-      if (!this.config.allowUnsandboxedCommands) {
-        return {
-          type: "blocked",
-          reason: `Command '${baseCommand}' is excluded from sandboxing and unsandboxed commands are not allowed`
-        };
-      }
-      return {
-        type: "unsandboxed",
-        requiresPermission: true,
-        reason: `Command '${baseCommand}' is excluded from sandboxing`
-      };
-    }
-    if (!this.runtime) {
-      return {
-        type: "unsandboxed",
-        requiresPermission: true,
-        reason: "Sandbox runtime not available on this platform"
-      };
-    }
-    const proxyEnv = this.proxyManager?.getProxyEnv() ?? {};
-    const wrappedCommand = this.runtime.wrapCommand({
-      command,
-      cwd,
-      filesystemConfig: this.config.filesystem,
-      env: proxyEnv,
-      ...this.runtime.platform === "linux" && this.config.platform.linux.seccompProfile && {
-        seccompProfile: this.config.platform.linux.seccompProfile
-      }
-    });
-    return { type: "sandbox", wrappedCommand };
-  }
-  /** Get the current sandbox mode */
-  getMode() {
-    return this.config.mode;
-  }
-  /** Set the sandbox mode (does not persist — caller must save config) */
-  setMode(mode) {
-    this.config.mode = mode;
-    this.config.enabled = mode !== "disabled";
-  }
-  /** Check if sandbox is enabled and runtime is available */
-  isAvailable() {
-    return this.runtime !== null && this.runtime.isAvailable();
-  }
-  /** Check if sandbox is currently active (enabled + available) */
-  isActive() {
-    return this.config.enabled && this.config.mode !== "disabled" && this.isAvailable();
-  }
-  /** Get the current sandbox configuration */
-  getConfig() {
-    return this.config;
-  }
-  /** Update config (does not persist — caller must save) */
-  updateConfig(config) {
-    this.config = config;
-  }
-  /** Get the ProxyManager instance (if any) */
-  getProxyManager() {
-    return this.proxyManager;
-  }
-  /** Start the network proxy (if configured) */
-  async startProxy() {
-    await this.proxyManager?.start();
-  }
-  /** Stop the network proxy */
-  async stopProxy() {
-    await this.proxyManager?.stop();
-  }
-  /** Get full status information for display */
-  getStatus() {
-    return {
-      mode: this.config.mode,
-      enabled: this.config.enabled,
-      platform: this.runtime?.platform ?? null,
-      runtimeAvailable: this.runtime?.isAvailable() ?? false,
-      runtimeName: this.runtime?.name ?? null,
-      proxyRunning: this.proxyManager?.isRunning() ?? false,
-      proxyPort: this.proxyManager?.getPort() ?? null,
-      config: this.config,
-      stats: { ...this.stats }
-    };
-  }
-  // --- Stats tracking ---
-  recordSandboxed() {
-    this.stats.sandboxed++;
-  }
-  recordUnsandboxed() {
-    this.stats.unsandboxed++;
-  }
-  recordBlocked() {
-    this.stats.blocked++;
-  }
-  recordViolations(count = 1) {
-    this.stats.violations += count;
-  }
-  getStats() {
-    return { ...this.stats };
-  }
-  resetStats() {
-    this.stats = { sandboxed: 0, unsandboxed: 0, blocked: 0, violations: 0 };
-  }
-  // --- Violation store ---
-  setViolationStore(store) {
-    this.violationStore = store;
-  }
-  getViolationStore() {
-    return this.violationStore;
-  }
-  /** Record a violation to store and increment stats */
-  async recordViolation(violation) {
-    this.stats.violations++;
-    await this.violationStore?.record(violation).catch(() => {
-    });
-  }
-  /**
-   * Extract the base command name from a full command string.
-   * e.g., "docker compose up -d" → "docker"
-   */
-  getBaseCommand(command) {
-    const trimmed = command.trim();
-    const withoutEnv = trimmed.replace(/^(\w+=\S+\s+)*/, "");
-    const parts = withoutEnv.split(/\s+/);
-    const first = parts[0] || "";
-    return first.split("/").pop() || first;
-  }
-  /** Check if a command is in the excluded list */
-  isExcludedCommand(baseCommand) {
-    return this.config.excludedCommands.some((excluded) => baseCommand === excluded);
-  }
-};
-
-export {
-  SandboxOrchestrator
-};