@carderne/sandbox-runtime 0.0.40

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,163 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { SandboxManager } from './index.js';
+import { spawn } from 'child_process';
+import { logForDebugging } from './utils/debug.js';
+import { loadConfig, loadConfigFromString } from './utils/config-loader.js';
+import * as readline from 'readline';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+/**
+ * Get default config path
+ */
+function getDefaultConfigPath() {
+    return path.join(os.homedir(), '.srt-settings.json');
+}
+/**
+ * Create a minimal default config if no config file exists
+ */
+function getDefaultConfig() {
+    return {
+        network: {
+            allowedDomains: [],
+            deniedDomains: [],
+        },
+        filesystem: {
+            denyRead: [],
+            allowRead: [],
+            allowWrite: [],
+            denyWrite: [],
+        },
+    };
+}
+async function main() {
+    const program = new Command();
+    program
+        .name('srt')
+        .description('Run commands in a sandbox with network and filesystem restrictions')
+        .version(process.env.npm_package_version || '1.0.0');
+    // Default command - run command in sandbox
+    program
+        .argument('[command...]', 'command to run in the sandbox')
+        .option('-d, --debug', 'enable debug logging')
+        .option('-s, --settings <path>', 'path to config file (default: ~/.srt-settings.json)')
+        .option('-c <command>', 'run command string directly (like sh -c), no escaping applied')
+        .option('--control-fd <fd>', 'read config updates from file descriptor (JSON lines protocol)', parseInt)
+        .allowUnknownOption()
+        .action(async (commandArgs, options) => {
+        try {
+            // Enable debug logging if requested
+            if (options.debug) {
+                process.env.DEBUG = 'true';
+            }
+            // Load config from file
+            const configPath = options.settings || getDefaultConfigPath();
+            let runtimeConfig = loadConfig(configPath);
+            if (!runtimeConfig) {
+                logForDebugging(`No config found at ${configPath}, using default config`);
+                runtimeConfig = getDefaultConfig();
+            }
+            // Initialize sandbox with config
+            logForDebugging('Initializing sandbox...');
+            await SandboxManager.initialize(runtimeConfig);
+            // Set up control fd for dynamic config updates if specified
+            let controlReader = null;
+            if (options.controlFd !== undefined) {
+                try {
+                    const controlStream = fs.createReadStream('', {
+                        fd: options.controlFd,
+                    });
+                    controlReader = readline.createInterface({
+                        input: controlStream,
+                        crlfDelay: Infinity,
+                    });
+                    controlReader.on('line', line => {
+                        const newConfig = loadConfigFromString(line);
+                        if (newConfig) {
+                            logForDebugging(`Config updated from control fd: ${JSON.stringify(newConfig)}`);
+                            SandboxManager.updateConfig(newConfig);
+                        }
+                        else if (line.trim()) {
+                            // Only log non-empty lines that failed to parse
+                            logForDebugging(`Invalid config on control fd (ignored): ${line}`);
+                        }
+                    });
+                    controlReader.on('error', err => {
+                        logForDebugging(`Control fd error: ${err.message}`);
+                    });
+                    logForDebugging(`Listening for config updates on fd ${options.controlFd}`);
+                }
+                catch (err) {
+                    logForDebugging(`Failed to open control fd ${options.controlFd}: ${err instanceof Error ? err.message : String(err)}`);
+                }
+            }
+            // Cleanup control reader on exit
+            process.on('exit', () => {
+                controlReader?.close();
+            });
+            // Determine command string based on mode
+            let command;
+            if (options.c) {
+                // -c mode: use command string directly, no escaping
+                command = options.c;
+                logForDebugging(`Command string mode (-c): ${command}`);
+            }
+            else if (commandArgs.length > 0) {
+                // Default mode: simple join
+                command = commandArgs.join(' ');
+                logForDebugging(`Original command: ${command}`);
+            }
+            else {
+                console.error('Error: No command specified. Use -c <command> or provide command arguments.');
+                process.exit(1);
+            }
+            logForDebugging(JSON.stringify(SandboxManager.getNetworkRestrictionConfig(), null, 2));
+            // Wrap the command with sandbox restrictions
+            const sandboxedCommand = await SandboxManager.wrapWithSandbox(command);
+            // Execute the sandboxed command
+            const child = spawn(sandboxedCommand, {
+                shell: true,
+                stdio: 'inherit',
+            });
+            // Handle process exit
+            child.on('exit', (code, signal) => {
+                // Clean up bwrap mount point artifacts before exiting.
+                // On Linux, bwrap creates empty files on the host when protecting
+                // non-existent deny paths. This removes them.
+                SandboxManager.cleanupAfterCommand();
+                if (signal) {
+                    if (signal === 'SIGINT' || signal === 'SIGTERM') {
+                        process.exit(0);
+                    }
+                    else {
+                        console.error(`Process killed by signal: ${signal}`);
+                        process.exit(1);
+                    }
+                }
+                process.exit(code ?? 0);
+            });
+            child.on('error', error => {
+                console.error(`Failed to execute command: ${error.message}`);
+                process.exit(1);
+            });
+            // Handle cleanup on interrupt
+            process.on('SIGINT', () => {
+                child.kill('SIGINT');
+            });
+            process.on('SIGTERM', () => {
+                child.kill('SIGTERM');
+            });
+        }
+        catch (error) {
+            console.error(`Error: ${error instanceof Error ? error.message : String(error)}`);
+            process.exit(1);
+        }
+    });
+    program.parse();
+}
+main().catch(error => {
+    console.error('Fatal error:', error);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAE3C,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAC3E,OAAO,KAAK,QAAQ,MAAM,UAAU,CAAA;AACpC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AACxB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AAExB;;GAEG;AACH,SAAS,oBAAoB;IAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,oBAAoB,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB;IACvB,OAAO;QACL,OAAO,EAAE;YACP,cAAc,EAAE,EAAE;YAClB,aAAa,EAAE,EAAE;SAClB;QACD,UAAU,EAAE;YACV,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,EAAE;YACb,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;SACd;KACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAA;IAE7B,OAAO;SACJ,IAAI,CAAC,KAAK,CAAC;SACX,WAAW,CACV,oEAAoE,CACrE;SACA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,CAAA;IAEtD,2CAA2C;IAC3C,OAAO;SACJ,QAAQ,CAAC,cAAc,EAAE,+BAA+B,CAAC;SACzD,MAAM,CAAC,aAAa,EAAE,sBAAsB,CAAC;SAC7C,MAAM,CACL,uBAAuB,EACvB,qDAAqD,CACtD;SACA,MAAM,CACL,cAAc,EACd,+DAA+D,CAChE;SACA,MAAM,CACL,mBAAmB,EACnB,gEAAgE,EAChE,QAAQ,CACT;SACA,kBAAkB,EAAE;SACpB,MAAM,CACL,KAAK,EACH,WAAqB,EACrB,OAKC,EACD,EAAE;QACF,IAAI,CAAC;YACH,oCAAoC;YACpC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,MAAM,CAAA;YAC5B,CAAC;YAED,wBAAwB;YACxB,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,IAAI,oBAAoB,EAAE,CAAA;YAC7D,IAAI,aAAa,GAAG,UAAU,CAAC,UAAU,CAAC,CAAA;YAE1C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,eAAe,CACb,sBAAsB,UAAU,wBAAwB,CACzD,CAAA;gBACD,aAAa,GAAG,gBAAgB,EAAE,CAAA;YACpC,CAAC;YAED,iCAAiC;YACjC,eAAe,CAAC,yBAAyB,CAAC,CAAA;YAC1C,MAAM,cAAc,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;YAE9C,4DAA4D;YAC5D,IAAI,aAAa,GAA8B,IAAI,CAAA;YACnD,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,aAAa,GAAG,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE;wBAC5C,EAAE,EAAE,OAAO,CAAC,SAAS;qBACtB,CAAC,CAAA;oBACF,aAAa,GAAG,QAAQ,CAAC,eAAe,CAAC;wBACvC,KAAK,EAAE,aAAa;wBACpB,SAAS,EAAE,QAAQ;qBACpB,CAAC,CAAA;oBAEF,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE;wBAC9B,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAA;wBAC5C,IAAI,SAAS,EAAE,CAAC;4BACd,eAAe,CACb,mCAAmC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAC/D,CAAA;4BACD,cAAc,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;wBACxC,CAAC;6BAAM,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;4BACvB,gDAAgD;4BAChD,eAAe,CACb,2CAA2C,IAAI,EAAE,CAClD,CAAA;wBACH,CAAC;oBACH,CAAC,CAAC,CAAA;oBAEF,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;wBAC9B,eAAe,CAAC,qBAAqB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;oBACrD,CAAC,CAAC,CAAA;oBAEF,eAAe,CACb,sCAAsC,OAAO,CAAC,SAAS,EAAE,CAC1D,CAAA;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,eAAe,CACb,6BAA6B,OAAO,CAAC,SAAS,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACtG,CAAA;gBACH,CAAC;YACH,CAAC;YAED,iCAAiC;YACjC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;gBACtB,aAAa,EAAE,KAAK,EAAE,CAAA;YACxB,CAAC,CAAC,CAAA;YAEF,yCAAyC;YACzC,IAAI,OAAe,CAAA;YACnB,IAAI,OAAO,CAAC,CAAC,EAAE,CAAC;gBACd,oDAAoD;gBACpD,OAAO,GAAG,OAAO,CAAC,CAAC,CAAA;gBACnB,eAAe,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAA;YACzD,CAAC;iBAAM,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,4BAA4B;gBAC5B,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAC/B,eAAe,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAA;YACjD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CACX,6EAA6E,CAC9E,CAAA;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC;YAED,eAAe,CACb,IAAI,CAAC,SAAS,CACZ,cAAc,CAAC,2BAA2B,EAAE,EAC5C,IAAI,EACJ,CAAC,CACF,CACF,CAAA;YAED,6CAA6C;YAC7C,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;YAEtE,gCAAgC;YAChC,MAAM,KAAK,GAAG,KAAK,CAAC,gBAAgB,EAAE;gBACpC,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,SAAS;aACjB,CAAC,CAAA;YAEF,sBAAsB;YACtB,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;gBAChC,uDAAuD;gBACvD,kEAAkE;gBAClE,8CAA8C;gBAC9C,cAAc,CAAC,mBAAmB,EAAE,CAAA;gBAEpC,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;wBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;oBACjB,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAA;wBACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;oBACjB,CAAC;gBACH,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAA;YACzB,CAAC,CAAC,CAAA;YAEF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE;gBACxB,OAAO,CAAC,KAAK,CAAC,8BAA8B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;gBAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC,CAAC,CAAA;YAEF,8BAA8B;YAC9B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACxB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACtB,CAAC,CAAC,CAAA;YAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACzB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACvB,CAAC,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACnE,CAAA;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC,CACF,CAAA;IAEH,OAAO,CAAC,KAAK,EAAE,CAAA;AACjB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAA"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+export { SandboxManager } from './sandbox/sandbox-manager.js';
+export { SandboxViolationStore } from './sandbox/sandbox-violation-store.js';
+export type { SandboxRuntimeConfig, NetworkConfig, FilesystemConfig, IgnoreViolationsConfig, } from './sandbox/sandbox-config.js';
+export { SandboxRuntimeConfigSchema, NetworkConfigSchema, FilesystemConfigSchema, IgnoreViolationsConfigSchema, RipgrepConfigSchema, } from './sandbox/sandbox-config.js';
+export type { SandboxAskCallback, FsReadRestrictionConfig, FsWriteRestrictionConfig, NetworkRestrictionConfig, NetworkHostPattern, } from './sandbox/sandbox-schemas.js';
+export type { SandboxViolationEvent } from './sandbox/macos-sandbox-utils.js';
+export { type SandboxDependencyCheck } from './sandbox/linux-sandbox-utils.js';
+export { getDefaultWritePaths } from './sandbox/sandbox-utils.js';
+export { getWslVersion } from './utils/platform.js';
+export type { Platform } from './utils/platform.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sCAAsC,CAAA;AAG5E,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,6BAA6B,CAAA;AAEpC,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,EAC5B,mBAAmB,GACpB,MAAM,6BAA6B,CAAA;AAGpC,YAAY,EACV,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,8BAA8B,CAAA;AAGrC,YAAY,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAA;AAC7E,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,kCAAkC,CAAA;AAG9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAA;AAGjE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAA"}

package/dist/index.js

@@ -0,0 +1,9 @@
+// Library exports
+export { SandboxManager } from './sandbox/sandbox-manager.js';
+export { SandboxViolationStore } from './sandbox/sandbox-violation-store.js';
+export { SandboxRuntimeConfigSchema, NetworkConfigSchema, FilesystemConfigSchema, IgnoreViolationsConfigSchema, RipgrepConfigSchema, } from './sandbox/sandbox-config.js';
+// Utility functions
+export { getDefaultWritePaths } from './sandbox/sandbox-utils.js';
+// Platform utilities
+export { getWslVersion } from './utils/platform.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kBAAkB;AAClB,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sCAAsC,CAAA;AAU5E,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,EAC5B,mBAAmB,GACpB,MAAM,6BAA6B,CAAA;AAepC,oBAAoB;AACpB,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAA;AAEjE,qBAAqB;AACrB,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA"}

package/dist/sandbox/generate-seccomp-filter.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Get the path to a pre-generated BPF filter file from the vendor directory
+ * Returns the path if it exists, null otherwise
+ *
+ * Pre-generated BPF files are organized by architecture:
+ * - vendor/seccomp/{x64,arm64}/unix-block.bpf
+ *
+ * Tries multiple paths for resilience:
+ * 0. Explicit path provided via parameter (checked first if provided)
+ * 1. vendor/seccomp/{arch}/unix-block.bpf (bundled - when bundled into consuming packages)
+ * 2. ../../vendor/seccomp/{arch}/unix-block.bpf (package root - standard npm installs)
+ * 3. ../vendor/seccomp/{arch}/unix-block.bpf (dist/vendor - for bundlers)
+ * 4. Global npm install (if seccompBinaryPath not provided) - for native builds
+ *
+ * @param seccompBinaryPath - Optional explicit path to the BPF filter file. If provided and
+ *   exists, it will be used. If not provided, falls back to searching local paths and then
+ *   global npm install (for native builds where vendor directory isn't bundled).
+ */
+export declare function getPreGeneratedBpfPath(seccompBinaryPath?: string): string | null;
+/**
+ * Get the path to the apply-seccomp binary from the vendor directory
+ * Returns the path if it exists, null otherwise
+ *
+ * Pre-built apply-seccomp binaries are organized by architecture:
+ * - vendor/seccomp/{x64,arm64}/apply-seccomp
+ *
+ * Tries multiple paths for resilience:
+ * 0. Explicit path provided via parameter (checked first if provided)
+ * 1. vendor/seccomp/{arch}/apply-seccomp (bundled - when bundled into consuming packages)
+ * 2. ../../vendor/seccomp/{arch}/apply-seccomp (package root - standard npm installs)
+ * 3. ../vendor/seccomp/{arch}/apply-seccomp (dist/vendor - for bundlers)
+ * 4. Global npm install (if seccompBinaryPath not provided) - for native builds
+ *
+ * @param seccompBinaryPath - Optional explicit path to the apply-seccomp binary. If provided
+ *   and exists, it will be used. If not provided, falls back to searching local paths and
+ *   then global npm install (for native builds where vendor directory isn't bundled).
+ */
+export declare function getApplySeccompBinaryPath(seccompBinaryPath?: string): string | null;
+/**
+ * Get the path to a pre-generated seccomp BPF filter that blocks Unix domain socket creation
+ * Returns the path to the BPF filter file, or null if not available
+ *
+ * The filter blocks socket(AF_UNIX, ...) syscalls while allowing all other syscalls.
+ * This prevents creation of new Unix domain socket file descriptors.
+ *
+ * Security scope:
+ * - Blocks: socket(AF_UNIX, ...) syscall (creating new Unix socket FDs)
+ * - Does NOT block: Operations on inherited Unix socket FDs (bind, connect, sendto, etc.)
+ * - Does NOT block: Unix socket FDs passed via SCM_RIGHTS
+ * - For most sandboxing scenarios, blocking socket creation is sufficient
+ *
+ * Note: This blocks ALL Unix socket creation, regardless of path. The allowUnixSockets
+ * configuration is not supported on Linux due to seccomp-bpf limitations (it cannot
+ * read user-space memory to inspect socket paths).
+ *
+ * Requirements:
+ * - Pre-generated BPF filters included for x64 and ARM64 only
+ * - Other architectures are not supported
+ *
+ * @param seccompBinaryPath - Optional explicit path to the BPF filter file
+ * @returns Path to the pre-generated BPF filter file, or null if not available
+ */
+export declare function generateSeccompFilter(seccompBinaryPath?: string): string | null;
+/**
+ * Clean up a seccomp filter file
+ * Since we only use pre-generated BPF files from vendor/, this is a no-op.
+ * Pre-generated files are never deleted.
+ * Kept for backward compatibility with existing code that calls it.
+ */
+export declare function cleanupSeccompFilter(_filterPath: string): void;
+//# sourceMappingURL=generate-seccomp-filter.d.ts.map

package/dist/sandbox/generate-seccomp-filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-seccomp-filter.d.ts","sourceRoot":"","sources":["../../src/sandbox/generate-seccomp-filter.ts"],"names":[],"mappings":"AA8IA;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,sBAAsB,CACpC,iBAAiB,CAAC,EAAE,MAAM,GACzB,MAAM,GAAG,IAAI,CASf;AA6DD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,iBAAiB,CAAC,EAAE,MAAM,GACzB,MAAM,GAAG,IAAI,CASf;AA6DD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,qBAAqB,CACnC,iBAAiB,CAAC,EAAE,MAAM,GACzB,MAAM,GAAG,IAAI,CAaf;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAE9D"}

package/dist/sandbox/generate-seccomp-filter.js

@@ -0,0 +1,263 @@
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import * as fs from 'node:fs';
+import { execSync } from 'node:child_process';
+import { homedir } from 'node:os';
+import { logForDebugging } from '../utils/debug.js';
+// Cache for path lookups (key: explicit path or empty string, value: resolved path or null)
+const bpfPathCache = new Map();
+const applySeccompPathCache = new Map();
+// Cache for global npm paths (computed once per process)
+let cachedGlobalNpmPaths = null;
+/**
+ * Get paths to check for globally installed @anthropic-ai/sandbox-runtime package.
+ * This is used as a fallback when the binaries aren't bundled (e.g., native builds).
+ */
+function getGlobalNpmPaths() {
+    if (cachedGlobalNpmPaths)
+        return cachedGlobalNpmPaths;
+    const paths = [];
+    // Try to get the actual global npm root
+    try {
+        const npmRoot = execSync('npm root -g', {
+            encoding: 'utf8',
+            timeout: 5000,
+            stdio: ['pipe', 'pipe', 'ignore'],
+        }).trim();
+        if (npmRoot) {
+            paths.push(join(npmRoot, '@anthropic-ai', 'sandbox-runtime'));
+        }
+    }
+    catch {
+        // npm not available or failed
+    }
+    // Common global npm locations as fallbacks
+    const home = homedir();
+    paths.push(
+    // npm global (Linux/macOS)
+    join('/usr', 'lib', 'node_modules', '@anthropic-ai', 'sandbox-runtime'), join('/usr', 'local', 'lib', 'node_modules', '@anthropic-ai', 'sandbox-runtime'), 
+    // npm global with prefix (common on macOS with homebrew)
+    join('/opt', 'homebrew', 'lib', 'node_modules', '@anthropic-ai', 'sandbox-runtime'), 
+    // User-local npm global
+    join(home, '.npm', 'lib', 'node_modules', '@anthropic-ai', 'sandbox-runtime'), join(home, '.npm-global', 'lib', 'node_modules', '@anthropic-ai', 'sandbox-runtime'));
+    cachedGlobalNpmPaths = paths;
+    return paths;
+}
+/**
+ * Map Node.js process.arch to our vendor directory architecture names
+ * Returns null for unsupported architectures
+ */
+function getVendorArchitecture() {
+    const arch = process.arch;
+    switch (arch) {
+        case 'x64':
+        case 'x86_64':
+            return 'x64';
+        case 'arm64':
+        case 'aarch64':
+            return 'arm64';
+        case 'ia32':
+        case 'x86':
+            // TODO: Add support for 32-bit x86 (ia32)
+            // Currently blocked because the seccomp filter does not block the socketcall() syscall,
+            // which is used on 32-bit x86 for all socket operations (socket, socketpair, bind, connect, etc.).
+            // On 32-bit x86, the direct socket() syscall doesn't exist - instead, all socket operations
+            // are multiplexed through socketcall(SYS_SOCKET, ...), socketcall(SYS_SOCKETPAIR, ...), etc.
+            //
+            // To properly support 32-bit x86, we need to:
+            // 1. Build a separate i386 BPF filter (BPF bytecode is architecture-specific)
+            // 2. Modify vendor/seccomp-src/seccomp-unix-block.c to conditionally add rules that block:
+            //    - socketcall(SYS_SOCKET, [AF_UNIX, ...])
+            //    - socketcall(SYS_SOCKETPAIR, [AF_UNIX, ...])
+            // 3. This requires complex BPF logic to inspect socketcall's sub-function argument
+            //
+            // Until then, 32-bit x86 is not supported to avoid a security bypass.
+            logForDebugging(`[SeccompFilter] 32-bit x86 (ia32) is not currently supported due to missing socketcall() syscall blocking. ` +
+                `The current seccomp filter only blocks socket(AF_UNIX, ...), but on 32-bit x86, socketcall() can be used to bypass this.`, { level: 'error' });
+            return null;
+        default:
+            logForDebugging(`[SeccompFilter] Unsupported architecture: ${arch}. Only x64 and arm64 are supported.`);
+            return null;
+    }
+}
+/**
+ * Get local paths to check for seccomp files (bundled or package installs).
+ */
+function getLocalSeccompPaths(filename) {
+    const arch = getVendorArchitecture();
+    if (!arch)
+        return [];
+    const baseDir = dirname(fileURLToPath(import.meta.url));
+    const relativePath = join('vendor', 'seccomp', arch, filename);
+    return [
+        join(baseDir, relativePath), // bundled: same directory as bundle (e.g., when bundled into claude-cli)
+        join(baseDir, '..', '..', relativePath), // package root: vendor/seccomp/...
+        join(baseDir, '..', relativePath), // dist: dist/vendor/seccomp/...
+    ];
+}
+/**
+ * Get the path to a pre-generated BPF filter file from the vendor directory
+ * Returns the path if it exists, null otherwise
+ *
+ * Pre-generated BPF files are organized by architecture:
+ * - vendor/seccomp/{x64,arm64}/unix-block.bpf
+ *
+ * Tries multiple paths for resilience:
+ * 0. Explicit path provided via parameter (checked first if provided)
+ * 1. vendor/seccomp/{arch}/unix-block.bpf (bundled - when bundled into consuming packages)
+ * 2. ../../vendor/seccomp/{arch}/unix-block.bpf (package root - standard npm installs)
+ * 3. ../vendor/seccomp/{arch}/unix-block.bpf (dist/vendor - for bundlers)
+ * 4. Global npm install (if seccompBinaryPath not provided) - for native builds
+ *
+ * @param seccompBinaryPath - Optional explicit path to the BPF filter file. If provided and
+ *   exists, it will be used. If not provided, falls back to searching local paths and then
+ *   global npm install (for native builds where vendor directory isn't bundled).
+ */
+export function getPreGeneratedBpfPath(seccompBinaryPath) {
+    const cacheKey = seccompBinaryPath ?? '';
+    if (bpfPathCache.has(cacheKey)) {
+        return bpfPathCache.get(cacheKey);
+    }
+    const result = findBpfPath(seccompBinaryPath);
+    bpfPathCache.set(cacheKey, result);
+    return result;
+}
+// NOTE: This is a slow operation (synchronous fs lookups + execSync). Ensure calls
+// are memoized at the top level rather than invoked repeatedly.
+function findBpfPath(seccompBinaryPath) {
+    // Check explicit path first (highest priority)
+    if (seccompBinaryPath) {
+        if (fs.existsSync(seccompBinaryPath)) {
+            logForDebugging(`[SeccompFilter] Using BPF filter from explicit path: ${seccompBinaryPath}`);
+            return seccompBinaryPath;
+        }
+        logForDebugging(`[SeccompFilter] Explicit path provided but file not found: ${seccompBinaryPath}`);
+    }
+    const arch = getVendorArchitecture();
+    if (!arch) {
+        logForDebugging(`[SeccompFilter] Cannot find pre-generated BPF filter: unsupported architecture ${process.arch}`);
+        return null;
+    }
+    logForDebugging(`[SeccompFilter] Detected architecture: ${arch}`);
+    // Check local paths first (bundled or package install)
+    for (const bpfPath of getLocalSeccompPaths('unix-block.bpf')) {
+        if (fs.existsSync(bpfPath)) {
+            logForDebugging(`[SeccompFilter] Found pre-generated BPF filter: ${bpfPath} (${arch})`);
+            return bpfPath;
+        }
+    }
+    // Fallback: check global npm install (for native builds without bundled vendor)
+    for (const globalBase of getGlobalNpmPaths()) {
+        const bpfPath = join(globalBase, 'vendor', 'seccomp', arch, 'unix-block.bpf');
+        if (fs.existsSync(bpfPath)) {
+            logForDebugging(`[SeccompFilter] Found pre-generated BPF filter in global install: ${bpfPath} (${arch})`);
+            return bpfPath;
+        }
+    }
+    logForDebugging(`[SeccompFilter] Pre-generated BPF filter not found in any expected location (${arch})`);
+    return null;
+}
+/**
+ * Get the path to the apply-seccomp binary from the vendor directory
+ * Returns the path if it exists, null otherwise
+ *
+ * Pre-built apply-seccomp binaries are organized by architecture:
+ * - vendor/seccomp/{x64,arm64}/apply-seccomp
+ *
+ * Tries multiple paths for resilience:
+ * 0. Explicit path provided via parameter (checked first if provided)
+ * 1. vendor/seccomp/{arch}/apply-seccomp (bundled - when bundled into consuming packages)
+ * 2. ../../vendor/seccomp/{arch}/apply-seccomp (package root - standard npm installs)
+ * 3. ../vendor/seccomp/{arch}/apply-seccomp (dist/vendor - for bundlers)
+ * 4. Global npm install (if seccompBinaryPath not provided) - for native builds
+ *
+ * @param seccompBinaryPath - Optional explicit path to the apply-seccomp binary. If provided
+ *   and exists, it will be used. If not provided, falls back to searching local paths and
+ *   then global npm install (for native builds where vendor directory isn't bundled).
+ */
+export function getApplySeccompBinaryPath(seccompBinaryPath) {
+    const cacheKey = seccompBinaryPath ?? '';
+    if (applySeccompPathCache.has(cacheKey)) {
+        return applySeccompPathCache.get(cacheKey);
+    }
+    const result = findApplySeccompPath(seccompBinaryPath);
+    applySeccompPathCache.set(cacheKey, result);
+    return result;
+}
+function findApplySeccompPath(seccompBinaryPath) {
+    // Check explicit path first (highest priority)
+    if (seccompBinaryPath) {
+        if (fs.existsSync(seccompBinaryPath)) {
+            logForDebugging(`[SeccompFilter] Using apply-seccomp binary from explicit path: ${seccompBinaryPath}`);
+            return seccompBinaryPath;
+        }
+        logForDebugging(`[SeccompFilter] Explicit path provided but file not found: ${seccompBinaryPath}`);
+    }
+    const arch = getVendorArchitecture();
+    if (!arch) {
+        logForDebugging(`[SeccompFilter] Cannot find apply-seccomp binary: unsupported architecture ${process.arch}`);
+        return null;
+    }
+    logForDebugging(`[SeccompFilter] Looking for apply-seccomp binary for architecture: ${arch}`);
+    // Check local paths first (bundled or package install)
+    for (const binaryPath of getLocalSeccompPaths('apply-seccomp')) {
+        if (fs.existsSync(binaryPath)) {
+            logForDebugging(`[SeccompFilter] Found apply-seccomp binary: ${binaryPath} (${arch})`);
+            return binaryPath;
+        }
+    }
+    // Fallback: check global npm install (for native builds without bundled vendor)
+    for (const globalBase of getGlobalNpmPaths()) {
+        const binaryPath = join(globalBase, 'vendor', 'seccomp', arch, 'apply-seccomp');
+        if (fs.existsSync(binaryPath)) {
+            logForDebugging(`[SeccompFilter] Found apply-seccomp binary in global install: ${binaryPath} (${arch})`);
+            return binaryPath;
+        }
+    }
+    logForDebugging(`[SeccompFilter] apply-seccomp binary not found in any expected location (${arch})`);
+    return null;
+}
+/**
+ * Get the path to a pre-generated seccomp BPF filter that blocks Unix domain socket creation
+ * Returns the path to the BPF filter file, or null if not available
+ *
+ * The filter blocks socket(AF_UNIX, ...) syscalls while allowing all other syscalls.
+ * This prevents creation of new Unix domain socket file descriptors.
+ *
+ * Security scope:
+ * - Blocks: socket(AF_UNIX, ...) syscall (creating new Unix socket FDs)
+ * - Does NOT block: Operations on inherited Unix socket FDs (bind, connect, sendto, etc.)
+ * - Does NOT block: Unix socket FDs passed via SCM_RIGHTS
+ * - For most sandboxing scenarios, blocking socket creation is sufficient
+ *
+ * Note: This blocks ALL Unix socket creation, regardless of path. The allowUnixSockets
+ * configuration is not supported on Linux due to seccomp-bpf limitations (it cannot
+ * read user-space memory to inspect socket paths).
+ *
+ * Requirements:
+ * - Pre-generated BPF filters included for x64 and ARM64 only
+ * - Other architectures are not supported
+ *
+ * @param seccompBinaryPath - Optional explicit path to the BPF filter file
+ * @returns Path to the pre-generated BPF filter file, or null if not available
+ */
+export function generateSeccompFilter(seccompBinaryPath) {
+    const preGeneratedBpf = getPreGeneratedBpfPath(seccompBinaryPath);
+    if (preGeneratedBpf) {
+        logForDebugging('[SeccompFilter] Using pre-generated BPF filter');
+        return preGeneratedBpf;
+    }
+    logForDebugging('[SeccompFilter] Pre-generated BPF filter not available for this architecture. ' +
+        'Only x64 and arm64 are supported.', { level: 'error' });
+    return null;
+}
+/**
+ * Clean up a seccomp filter file
+ * Since we only use pre-generated BPF files from vendor/, this is a no-op.
+ * Pre-generated files are never deleted.
+ * Kept for backward compatibility with existing code that calls it.
+ */
+export function cleanupSeccompFilter(_filterPath) {
+    // No-op: pre-generated BPF files are never cleaned up
+}
+//# sourceMappingURL=generate-seccomp-filter.js.map

package/dist/sandbox/generate-seccomp-filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-seccomp-filter.js","sourceRoot":"","sources":["../../src/sandbox/generate-seccomp-filter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAA;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,4FAA4F;AAC5F,MAAM,YAAY,GAAG,IAAI,GAAG,EAAyB,CAAA;AACrD,MAAM,qBAAqB,GAAG,IAAI,GAAG,EAAyB,CAAA;AAE9D,yDAAyD;AACzD,IAAI,oBAAoB,GAAoB,IAAI,CAAA;AAEhD;;;GAGG;AACH,SAAS,iBAAiB;IACxB,IAAI,oBAAoB;QAAE,OAAO,oBAAoB,CAAA;IAErD,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,wCAAwC;IACxC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,QAAQ,CAAC,aAAa,EAAE;YACtC,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC;SAClC,CAAC,CAAC,IAAI,EAAE,CAAA;QACT,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,iBAAiB,CAAC,CAAC,CAAA;QAC/D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;IAChC,CAAC;IAED,2CAA2C;IAC3C,MAAM,IAAI,GAAG,OAAO,EAAE,CAAA;IACtB,KAAK,CAAC,IAAI;IACR,2BAA2B;IAC3B,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,iBAAiB,CAAC,EACvE,IAAI,CACF,MAAM,EACN,OAAO,EACP,KAAK,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,CAClB;IACD,yDAAyD;IACzD,IAAI,CACF,MAAM,EACN,UAAU,EACV,KAAK,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,CAClB;IACD,wBAAwB;IACxB,IAAI,CACF,IAAI,EACJ,MAAM,EACN,KAAK,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,CAClB,EACD,IAAI,CACF,IAAI,EACJ,aAAa,EACb,KAAK,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,CAClB,CACF,CAAA;IAED,oBAAoB,GAAG,KAAK,CAAA;IAC5B,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB;IAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAc,CAAA;IACnC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,KAAK,CAAC;QACX,KAAK,QAAQ;YACX,OAAO,KAAK,CAAA;QACd,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB,KAAK,MAAM,CAAC;QACZ,KAAK,KAAK;YACR,0CAA0C;YAC1C,wFAAwF;YACxF,mGAAmG;YACnG,4FAA4F;YAC5F,6FAA6F;YAC7F,EAAE;YACF,8CAA8C;YAC9C,8EAA8E;YAC9E,2FAA2F;YAC3F,8CAA8C;YAC9C,kDAAkD;YAClD,mFAAmF;YACnF,EAAE;YACF,sEAAsE;YACtE,eAAe,CACb,6GAA6G;gBAC3G,0HAA0H,EAC5H,EAAE,KAAK,EAAE,OAAO,EAAE,CACnB,CAAA;YACD,OAAO,IAAI,CAAA;QACb;YACE,eAAe,CACb,6CAA6C,IAAI,qCAAqC,CACvF,CAAA;YACD,OAAO,IAAI,CAAA;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,QAAgB;IAC5C,MAAM,IAAI,GAAG,qBAAqB,EAAE,CAAA;IACpC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAA;IAEpB,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IACvD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;IAE9D,OAAO;QACL,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,yEAAyE;QACtG,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,CAAC,EAAE,mCAAmC;QAC5E,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,YAAY,CAAC,EAAE,gCAAgC;KACpE,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,sBAAsB,CACpC,iBAA0B;IAE1B,MAAM,QAAQ,GAAG,iBAAiB,IAAI,EAAE,CAAA;IACxC,IAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,OAAO,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAA;IACpC,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,iBAAiB,CAAC,CAAA;IAC7C,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAClC,OAAO,MAAM,CAAA;AACf,CAAC;AAED,mFAAmF;AACnF,gEAAgE;AAChE,SAAS,WAAW,CAAC,iBAA0B;IAC7C,+CAA+C;IAC/C,IAAI,iBAAiB,EAAE,CAAC;QACtB,IAAI,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACrC,eAAe,CACb,wDAAwD,iBAAiB,EAAE,CAC5E,CAAA;YACD,OAAO,iBAAiB,CAAA;QAC1B,CAAC;QACD,eAAe,CACb,8DAA8D,iBAAiB,EAAE,CAClF,CAAA;IACH,CAAC;IAED,MAAM,IAAI,GAAG,qBAAqB,EAAE,CAAA;IACpC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,eAAe,CACb,kFAAkF,OAAO,CAAC,IAAI,EAAE,CACjG,CAAA;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,eAAe,CAAC,0CAA0C,IAAI,EAAE,CAAC,CAAA;IAEjE,uDAAuD;IACvD,KAAK,MAAM,OAAO,IAAI,oBAAoB,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC7D,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,eAAe,CACb,mDAAmD,OAAO,KAAK,IAAI,GAAG,CACvE,CAAA;YACD,OAAO,OAAO,CAAA;QAChB,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,KAAK,MAAM,UAAU,IAAI,iBAAiB,EAAE,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAClB,UAAU,EACV,QAAQ,EACR,SAAS,EACT,IAAI,EACJ,gBAAgB,CACjB,CAAA;QACD,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,eAAe,CACb,qEAAqE,OAAO,KAAK,IAAI,GAAG,CACzF,CAAA;YACD,OAAO,OAAO,CAAA;QAChB,CAAC;IACH,CAAC;IAED,eAAe,CACb,gFAAgF,IAAI,GAAG,CACxF,CAAA;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,yBAAyB,CACvC,iBAA0B;IAE1B,MAAM,QAAQ,GAAG,iBAAiB,IAAI,EAAE,CAAA;IACxC,IAAI,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,OAAO,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAA;IAC7C,CAAC;IAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,iBAAiB,CAAC,CAAA;IACtD,qBAAqB,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAC3C,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,oBAAoB,CAAC,iBAA0B;IACtD,+CAA+C;IAC/C,IAAI,iBAAiB,EAAE,CAAC;QACtB,IAAI,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACrC,eAAe,CACb,kEAAkE,iBAAiB,EAAE,CACtF,CAAA;YACD,OAAO,iBAAiB,CAAA;QAC1B,CAAC;QACD,eAAe,CACb,8DAA8D,iBAAiB,EAAE,CAClF,CAAA;IACH,CAAC;IAED,MAAM,IAAI,GAAG,qBAAqB,EAAE,CAAA;IACpC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,eAAe,CACb,8EAA8E,OAAO,CAAC,IAAI,EAAE,CAC7F,CAAA;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,eAAe,CACb,sEAAsE,IAAI,EAAE,CAC7E,CAAA;IAED,uDAAuD;IACvD,KAAK,MAAM,UAAU,IAAI,oBAAoB,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/D,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,eAAe,CACb,+CAA+C,UAAU,KAAK,IAAI,GAAG,CACtE,CAAA;YACD,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,KAAK,MAAM,UAAU,IAAI,iBAAiB,EAAE,EAAE,CAAC;QAC7C,MAAM,UAAU,GAAG,IAAI,CACrB,UAAU,EACV,QAAQ,EACR,SAAS,EACT,IAAI,EACJ,eAAe,CAChB,CAAA;QACD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,eAAe,CACb,iEAAiE,UAAU,KAAK,IAAI,GAAG,CACxF,CAAA;YACD,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC;IAED,eAAe,CACb,4EAA4E,IAAI,GAAG,CACpF,CAAA;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,qBAAqB,CACnC,iBAA0B;IAE1B,MAAM,eAAe,GAAG,sBAAsB,CAAC,iBAAiB,CAAC,CAAA;IACjE,IAAI,eAAe,EAAE,CAAC;QACpB,eAAe,CAAC,gDAAgD,CAAC,CAAA;QACjE,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,eAAe,CACb,gFAAgF;QAC9E,mCAAmC,EACrC,EAAE,KAAK,EAAE,OAAO,EAAE,CACnB,CAAA;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAAmB;IACtD,sDAAsD;AACxD,CAAC"}

package/dist/sandbox/http-proxy.d.ts

@@ -0,0 +1,13 @@
+import type { Socket, Server } from 'node:net';
+import type { Duplex } from 'node:stream';
+export interface HttpProxyServerOptions {
+    filter(port: number, host: string, socket: Socket | Duplex): Promise<boolean> | boolean;
+    /**
+     * Optional function to get the MITM proxy socket path for a given host.
+     * If returns a socket path, the request will be routed through that MITM proxy.
+     * If returns undefined, the request will be handled directly.
+     */
+    getMitmSocketPath?(host: string): string | undefined;
+}
+export declare function createHttpProxyServer(options: HttpProxyServerOptions): Server;
+//# sourceMappingURL=http-proxy.d.ts.map

package/dist/sandbox/http-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-proxy.d.ts","sourceRoot":"","sources":["../../src/sandbox/http-proxy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAC9C,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAQzC,MAAM,WAAW,sBAAsB;IACrC,MAAM,CACJ,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,GAAG,MAAM,GACtB,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;IAE7B;;;;OAIG;IACH,iBAAiB,CAAC,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;CACrD;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,sBAAsB,GAAG,MAAM,CA6P7E"}