@bike4mind/cli 0.2.64-worktree-refactor-extract-search-query-builders.21815 → 0.2.64

package/dist/SeatbeltRuntime-D4m0VOcD.mjs

@@ -0,0 +1,116 @@
+#!/usr/bin/env node
+import { i as isBinaryAvailable, r as expandPath } from "./SandboxRuntimeAdapter-C1B4t20N.mjs";
+import { mkdtempSync, writeFileSync } from "fs";
+import os from "os";
+import path from "path";
+//#region src/sandbox/runtime/SeatbeltRuntime.ts
+/**
+* macOS Seatbelt (sandbox-exec) runtime implementation.
+*
+* Generates dynamic Seatbelt profiles to restrict filesystem access.
+* Uses Apple's Sandbox framework via the `sandbox-exec` CLI tool.
+*/
+/**
+* Escape a path for use in a Seatbelt profile.
+*
+* Seatbelt profiles use S-expression (Scheme-like) syntax where paths are
+* enclosed in quoted strings. Only two characters need escaping:
+* - Backslash (\): Must be doubled to prevent interpreting the next char as special.
+* - Double quote ("): Must be escaped to prevent closing the string prematurely.
+*
+* Scheme syntax characters like (, ), and ; do NOT need escaping because they
+* are only special at the expression parsing level. Inside a quoted string,
+* they are treated as literal characters and cannot inject directives.
+*/
+function escapeSeatbeltPath(p) {
+	return p.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
+}
+var SeatbeltRuntime = class {
+	constructor() {
+		this.platform = "darwin";
+		this.name = "seatbelt";
+	}
+	isAvailable() {
+		return isBinaryAvailable("sandbox-exec");
+	}
+	/**
+	* Generate a Seatbelt profile string from the filesystem config.
+	*
+	* Strategy:
+	* - Start with (allow default) to permit most operations
+	* - Deny all file writes globally
+	* - Allow file writes only to the working directory
+	* - Deny all access to explicitly denied paths
+	* - Allow read access to explicitly allowed paths
+	*/
+	generateProfile(options) {
+		const { cwd, filesystemConfig } = options;
+		const expandedDenied = filesystemConfig.deniedPaths.map(expandPath);
+		const expandedAllowed = filesystemConfig.allowedReadPaths.map(expandPath);
+		const lines = [
+			"(version 1)",
+			"",
+			"; Start with permissive defaults (process exec, network, sysctl, etc.)",
+			"(allow default)",
+			""
+		];
+		if (filesystemConfig.writeOnlyToWorkingDir) {
+			lines.push("; Deny all file writes globally");
+			lines.push("(deny file-write*)");
+			lines.push("");
+			lines.push("; Allow writes to working directory");
+			lines.push(`(allow file-write* (subpath "${escapeSeatbeltPath(cwd)}"))`);
+			lines.push("");
+			lines.push("; Allow writes to temp directories");
+			lines.push(`(allow file-write* (subpath "/tmp"))`);
+			lines.push(`(allow file-write* (subpath "/private/tmp"))`);
+			lines.push(`(allow file-write* (subpath "${escapeSeatbeltPath(os.tmpdir())}"))`);
+			lines.push("");
+		}
+		if (expandedDenied.length > 0) {
+			lines.push("; Deny access to sensitive paths");
+			for (const deniedPath of expandedDenied) lines.push(`(deny file-read* file-write* (subpath "${escapeSeatbeltPath(deniedPath)}"))`);
+			lines.push("");
+		}
+		if (expandedAllowed.length > 0) {
+			lines.push("; Explicitly allowed read paths");
+			for (const allowedPath of expandedAllowed) lines.push(`(allow file-read* (subpath "${escapeSeatbeltPath(allowedPath)}"))`);
+			lines.push("");
+		}
+		return lines.join("\n");
+	}
+	wrapCommand(options) {
+		try {
+			const profile = this.generateProfile(options);
+			const tmpDir = mkdtempSync(path.join(os.tmpdir(), "b4m-sandbox-"));
+			const profilePath = path.join(tmpDir, "sandbox.sb");
+			writeFileSync(profilePath, profile, "utf-8");
+			const args = [
+				"-f",
+				profilePath,
+				"bash",
+				"-c",
+				options.command
+			];
+			const envEntries = Object.entries(options.env ?? {});
+			const envPrefix = envEntries.length > 0 ? envEntries.map(([k, v]) => `${k}=${shellEscape(v)}`).join(" ") + " " : "";
+			return {
+				executable: "sandbox-exec",
+				args,
+				env: options.env ?? {},
+				commandString: `${envPrefix}sandbox-exec -f ${profilePath} bash -c ${shellEscape(options.command)}`,
+				cleanupPaths: [profilePath, tmpDir]
+			};
+		} catch (err) {
+			throw new Error(`Failed to create sandbox profile: ${err instanceof Error ? err.message : String(err)}`);
+		}
+	}
+};
+/**
+* Shell-escape a string for safe embedding in a command.
+*/
+function shellEscape(str) {
+	return `'${str.replace(/'/g, "'\\''")}'`;
+}
+//#endregion
+export { SeatbeltRuntime };

package/dist/StderrViolationParser-D0afQ3-1.mjs

@@ -0,0 +1,70 @@
+#!/usr/bin/env node
+//#region src/sandbox/logging/StderrViolationParser.ts
+/**
+* Parse macOS Seatbelt denial messages from stderr.
+*
+* Format: sandbox-exec: deny(1) file-write-data /path/to/file
+*/
+function parseSeatbeltStderr(stderr) {
+	const violations = [];
+	const regex = /sandbox-exec:\s*deny\(\d+\)\s+(\S+)\s+(.+)/g;
+	let match;
+	while ((match = regex.exec(stderr)) !== null) {
+		const operation = match[1];
+		const targetPath = match[2].trim();
+		const type = classifySeatbeltOperation(operation);
+		violations.push({
+			type,
+			operation,
+			path: type === "filesystem" ? targetPath : void 0,
+			detail: match[0]
+		});
+	}
+	return violations;
+}
+/**
+* Parse Linux Bubblewrap error messages from stderr.
+*
+* Format: bwrap: Can't open file /path: Permission denied
+*/
+function parseBwrapStderr(stderr) {
+	const violations = [];
+	const regex = /bwrap:\s+(.+)/g;
+	let match;
+	while ((match = regex.exec(stderr)) !== null) {
+		const extractedPath = match[1].trim().match(/(?:Can't open file |Can't bind mount )(\S+)/)?.[1]?.replace(/:$/, "");
+		violations.push({
+			type: "filesystem",
+			path: extractedPath,
+			detail: match[0]
+		});
+	}
+	return violations;
+}
+/**
+* Parse sandbox stderr (auto-detects platform from content).
+* Runs both parsers since they match only their own patterns.
+*/
+function parseSandboxStderr(stderr) {
+	return [...parseSeatbeltStderr(stderr), ...parseBwrapStderr(stderr)];
+}
+/**
+* Convert parsed violations to SandboxViolation records.
+*/
+function toSandboxViolations(parsed, command) {
+	return parsed.map((p) => ({
+		type: p.type,
+		path: p.path,
+		command,
+		blockedBy: "sandbox",
+		timestamp: /* @__PURE__ */ new Date(),
+		detail: p.detail
+	}));
+}
+/** Map Seatbelt operation to violation type */
+function classifySeatbeltOperation(operation) {
+	if (operation.startsWith("network")) return "network";
+	return "filesystem";
+}
+//#endregion
+export { parseSandboxStderr, toSandboxViolations };

package/dist/ViolationLogStore-CZl35HcA.mjs

@@ -0,0 +1,96 @@
+#!/usr/bin/env node
+import { promises } from "fs";
+import { homedir } from "os";
+import path from "path";
+//#region src/sandbox/logging/ViolationLogStore.ts
+const MAX_VIOLATIONS = 5e3;
+const DEFAULT_PATH = path.join(homedir(), ".bike4mind", "violations.jsonl");
+/**
+* Persists sandbox violations to a JSONL file.
+* Follows the same pattern as CommandHistoryStore.
+*/
+var ViolationLogStore = class {
+	constructor(storePath) {
+		this.cache = null;
+		this.storePath = storePath ?? DEFAULT_PATH;
+	}
+	/** Ensure parent directory exists */
+	async init() {
+		const dir = path.dirname(this.storePath);
+		await promises.mkdir(dir, { recursive: true });
+	}
+	/** Load all entries from disk (newest first) */
+	async load() {
+		if (this.cache) return this.cache;
+		try {
+			const entries = (await promises.readFile(this.storePath, "utf-8")).trim().split("\n").filter((line) => line.length > 0).map((line) => {
+				try {
+					return JSON.parse(line);
+				} catch {
+					return null;
+				}
+			}).filter((entry) => entry !== null);
+			entries.sort((a, b) => b.timestamp - a.timestamp);
+			this.cache = entries;
+			return this.cache;
+		} catch (error) {
+			if (error.code === "ENOENT") {
+				this.cache = [];
+				return this.cache;
+			}
+			throw error;
+		}
+	}
+	/** Record a new violation (converts Date → epoch ms, appends JSONL) */
+	async record(violation) {
+		const entry = {
+			type: violation.type,
+			command: violation.command,
+			blockedBy: violation.blockedBy,
+			timestamp: violation.timestamp.getTime(),
+			...violation.path && { path: violation.path },
+			...violation.domain && { domain: violation.domain },
+			...violation.detail && { detail: violation.detail }
+		};
+		await this.init();
+		const line = JSON.stringify(entry) + "\n";
+		await promises.appendFile(this.storePath, line, "utf-8");
+		this.cache = [entry, ...this.cache ?? []];
+		if (this.cache.length > MAX_VIOLATIONS) await this.trim();
+	}
+	/** Get recent violations (default 50) */
+	async getRecent(count = 50) {
+		return (await this.load()).slice(0, count);
+	}
+	/** Count violations by type */
+	async countByType() {
+		const entries = await this.load();
+		let filesystem = 0;
+		let network = 0;
+		for (const entry of entries) if (entry.type === "filesystem") filesystem++;
+		else if (entry.type === "network") network++;
+		return {
+			filesystem,
+			network
+		};
+	}
+	/** Clear all violations */
+	async clear() {
+		try {
+			await promises.unlink(this.storePath);
+		} catch (error) {
+			if (error.code !== "ENOENT") throw error;
+		}
+		this.cache = [];
+	}
+	/** Trim to MAX_VIOLATIONS (rewrite file) */
+	async trim() {
+		if (!this.cache || this.cache.length <= MAX_VIOLATIONS) return;
+		const trimmed = this.cache.slice(0, MAX_VIOLATIONS);
+		const lines = [...trimmed].reverse().map((entry) => JSON.stringify(entry)).join("\n");
+		await promises.writeFile(this.storePath, lines + "\n", "utf-8");
+		this.cache = trimmed;
+	}
+};
+//#endregion
+export { ViolationLogStore };