@cdoing/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agents/coordinator.d.ts +114 -0
- package/dist/agents/coordinator.d.ts.map +1 -0
- package/dist/agents/coordinator.js +158 -0
- package/dist/agents/coordinator.js.map +1 -0
- package/dist/context-providers/clipboard.d.ts +13 -0
- package/dist/context-providers/clipboard.d.ts.map +1 -0
- package/dist/context-providers/clipboard.js +53 -0
- package/dist/context-providers/clipboard.js.map +1 -0
- package/dist/context-providers/codebase.d.ts +46 -0
- package/dist/context-providers/codebase.d.ts.map +1 -0
- package/dist/context-providers/codebase.js +273 -0
- package/dist/context-providers/codebase.js.map +1 -0
- package/dist/context-providers/diff.d.ts +18 -0
- package/dist/context-providers/diff.d.ts.map +1 -0
- package/dist/context-providers/diff.js +63 -0
- package/dist/context-providers/diff.js.map +1 -0
- package/dist/context-providers/docs.d.ts +21 -0
- package/dist/context-providers/docs.d.ts.map +1 -0
- package/dist/context-providers/docs.js +180 -0
- package/dist/context-providers/docs.js.map +1 -0
- package/dist/context-providers/file-include.d.ts +13 -0
- package/dist/context-providers/file-include.d.ts.map +1 -0
- package/dist/context-providers/file-include.js +82 -0
- package/dist/context-providers/file-include.js.map +1 -0
- package/dist/context-providers/folder.d.ts +19 -0
- package/dist/context-providers/folder.d.ts.map +1 -0
- package/dist/context-providers/folder.js +130 -0
- package/dist/context-providers/folder.js.map +1 -0
- package/dist/context-providers/git.d.ts +19 -0
- package/dist/context-providers/git.d.ts.map +1 -0
- package/dist/context-providers/git.js +74 -0
- package/dist/context-providers/git.js.map +1 -0
- package/dist/context-providers/index.d.ts +26 -0
- package/dist/context-providers/index.d.ts.map +1 -0
- package/dist/context-providers/index.js +37 -0
- package/dist/context-providers/index.js.map +1 -0
- package/dist/context-providers/open-files.d.ts +25 -0
- package/dist/context-providers/open-files.d.ts.map +1 -0
- package/dist/context-providers/open-files.js +134 -0
- package/dist/context-providers/open-files.js.map +1 -0
- package/dist/context-providers/problems.d.ts +24 -0
- package/dist/context-providers/problems.d.ts.map +1 -0
- package/dist/context-providers/problems.js +97 -0
- package/dist/context-providers/problems.js.map +1 -0
- package/dist/context-providers/registry.d.ts +61 -0
- package/dist/context-providers/registry.d.ts.map +1 -0
- package/dist/context-providers/registry.js +92 -0
- package/dist/context-providers/registry.js.map +1 -0
- package/dist/context-providers/terminal.d.ts +25 -0
- package/dist/context-providers/terminal.d.ts.map +1 -0
- package/dist/context-providers/terminal.js +55 -0
- package/dist/context-providers/terminal.js.map +1 -0
- package/dist/context-providers/tree.d.ts +29 -0
- package/dist/context-providers/tree.d.ts.map +1 -0
- package/dist/context-providers/tree.js +172 -0
- package/dist/context-providers/tree.js.map +1 -0
- package/dist/context-providers/types.d.ts +72 -0
- package/dist/context-providers/types.d.ts.map +1 -0
- package/dist/context-providers/types.js +10 -0
- package/dist/context-providers/types.js.map +1 -0
- package/dist/context-providers/url.d.ts +27 -0
- package/dist/context-providers/url.d.ts.map +1 -0
- package/dist/context-providers/url.js +131 -0
- package/dist/context-providers/url.js.map +1 -0
- package/dist/effort/index.d.ts +78 -0
- package/dist/effort/index.d.ts.map +1 -0
- package/dist/effort/index.js +146 -0
- package/dist/effort/index.js.map +1 -0
- package/dist/hooks/index.d.ts +47 -0
- package/dist/hooks/index.d.ts.map +1 -0
- package/dist/hooks/index.js +151 -0
- package/dist/hooks/index.js.map +1 -0
- package/dist/index.d.ts +75 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +152 -0
- package/dist/index.js.map +1 -0
- package/dist/indexing/chunker.d.ts +25 -0
- package/dist/indexing/chunker.d.ts.map +1 -0
- package/dist/indexing/chunker.js +217 -0
- package/dist/indexing/chunker.js.map +1 -0
- package/dist/indexing/database.d.ts +49 -0
- package/dist/indexing/database.d.ts.map +1 -0
- package/dist/indexing/database.js +287 -0
- package/dist/indexing/database.js.map +1 -0
- package/dist/indexing/index.d.ts +9 -0
- package/dist/indexing/index.d.ts.map +1 -0
- package/dist/indexing/index.js +13 -0
- package/dist/indexing/index.js.map +1 -0
- package/dist/indexing/indexer.d.ts +63 -0
- package/dist/indexing/indexer.d.ts.map +1 -0
- package/dist/indexing/indexer.js +352 -0
- package/dist/indexing/indexer.js.map +1 -0
- package/dist/indexing/recent-edits-cache.d.ts +77 -0
- package/dist/indexing/recent-edits-cache.d.ts.map +1 -0
- package/dist/indexing/recent-edits-cache.js +123 -0
- package/dist/indexing/recent-edits-cache.js.map +1 -0
- package/dist/indexing/types.d.ts +39 -0
- package/dist/indexing/types.d.ts.map +1 -0
- package/dist/indexing/types.js +6 -0
- package/dist/indexing/types.js.map +1 -0
- package/dist/mcp/index.d.ts +33 -0
- package/dist/mcp/index.d.ts.map +1 -0
- package/dist/mcp/index.js +37 -0
- package/dist/mcp/index.js.map +1 -0
- package/dist/mcp/manager.d.ts +123 -0
- package/dist/mcp/manager.d.ts.map +1 -0
- package/dist/mcp/manager.js +331 -0
- package/dist/mcp/manager.js.map +1 -0
- package/dist/oauth.d.ts +33 -0
- package/dist/oauth.d.ts.map +1 -0
- package/dist/oauth.js +312 -0
- package/dist/oauth.js.map +1 -0
- package/dist/permissions/index.d.ts +216 -0
- package/dist/permissions/index.d.ts.map +1 -0
- package/dist/permissions/index.js +938 -0
- package/dist/permissions/index.js.map +1 -0
- package/dist/plan/index.d.ts +20 -0
- package/dist/plan/index.d.ts.map +1 -0
- package/dist/plan/index.js +24 -0
- package/dist/plan/index.js.map +1 -0
- package/dist/plan/manager.d.ts +101 -0
- package/dist/plan/manager.d.ts.map +1 -0
- package/dist/plan/manager.js +170 -0
- package/dist/plan/manager.js.map +1 -0
- package/dist/rules/index.d.ts +28 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +31 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/manager.d.ts +77 -0
- package/dist/rules/manager.d.ts.map +1 -0
- package/dist/rules/manager.js +279 -0
- package/dist/rules/manager.js.map +1 -0
- package/dist/rules/types.d.ts +34 -0
- package/dist/rules/types.d.ts.map +1 -0
- package/dist/rules/types.js +9 -0
- package/dist/rules/types.js.map +1 -0
- package/dist/sandbox/filesystem.d.ts +20 -0
- package/dist/sandbox/filesystem.d.ts.map +1 -0
- package/dist/sandbox/filesystem.js +141 -0
- package/dist/sandbox/filesystem.js.map +1 -0
- package/dist/sandbox/index.d.ts +4 -0
- package/dist/sandbox/index.d.ts.map +1 -0
- package/dist/sandbox/index.js +8 -0
- package/dist/sandbox/index.js.map +1 -0
- package/dist/sandbox/manager.d.ts +47 -0
- package/dist/sandbox/manager.d.ts.map +1 -0
- package/dist/sandbox/manager.js +220 -0
- package/dist/sandbox/manager.js.map +1 -0
- package/dist/sandbox/network.d.ts +14 -0
- package/dist/sandbox/network.d.ts.map +1 -0
- package/dist/sandbox/network.js +87 -0
- package/dist/sandbox/network.js.map +1 -0
- package/dist/sandbox/types.d.ts +42 -0
- package/dist/sandbox/types.d.ts.map +1 -0
- package/dist/sandbox/types.js +25 -0
- package/dist/sandbox/types.js.map +1 -0
- package/dist/tools/ast-edit.d.ts +57 -0
- package/dist/tools/ast-edit.d.ts.map +1 -0
- package/dist/tools/ast-edit.js +443 -0
- package/dist/tools/ast-edit.js.map +1 -0
- package/dist/tools/code-verify.d.ts +8 -0
- package/dist/tools/code-verify.d.ts.map +1 -0
- package/dist/tools/code-verify.js +159 -0
- package/dist/tools/code-verify.js.map +1 -0
- package/dist/tools/codebase-search.d.ts +17 -0
- package/dist/tools/codebase-search.d.ts.map +1 -0
- package/dist/tools/codebase-search.js +104 -0
- package/dist/tools/codebase-search.js.map +1 -0
- package/dist/tools/file-delete.d.ts +26 -0
- package/dist/tools/file-delete.d.ts.map +1 -0
- package/dist/tools/file-delete.js +179 -0
- package/dist/tools/file-delete.js.map +1 -0
- package/dist/tools/file-edit.d.ts +10 -0
- package/dist/tools/file-edit.d.ts.map +1 -0
- package/dist/tools/file-edit.js +138 -0
- package/dist/tools/file-edit.js.map +1 -0
- package/dist/tools/file-read.d.ts +12 -0
- package/dist/tools/file-read.d.ts.map +1 -0
- package/dist/tools/file-read.js +211 -0
- package/dist/tools/file-read.js.map +1 -0
- package/dist/tools/file-run.d.ts +10 -0
- package/dist/tools/file-run.d.ts.map +1 -0
- package/dist/tools/file-run.js +179 -0
- package/dist/tools/file-run.js.map +1 -0
- package/dist/tools/file-write.d.ts +10 -0
- package/dist/tools/file-write.d.ts.map +1 -0
- package/dist/tools/file-write.js +134 -0
- package/dist/tools/file-write.js.map +1 -0
- package/dist/tools/glob-search.d.ts +8 -0
- package/dist/tools/glob-search.d.ts.map +1 -0
- package/dist/tools/glob-search.js +108 -0
- package/dist/tools/glob-search.js.map +1 -0
- package/dist/tools/grep-search.d.ts +8 -0
- package/dist/tools/grep-search.d.ts.map +1 -0
- package/dist/tools/grep-search.js +139 -0
- package/dist/tools/grep-search.js.map +1 -0
- package/dist/tools/list-dir.d.ts +16 -0
- package/dist/tools/list-dir.d.ts.map +1 -0
- package/dist/tools/list-dir.js +183 -0
- package/dist/tools/list-dir.js.map +1 -0
- package/dist/tools/multi-edit.d.ts +16 -0
- package/dist/tools/multi-edit.d.ts.map +1 -0
- package/dist/tools/multi-edit.js +163 -0
- package/dist/tools/multi-edit.js.map +1 -0
- package/dist/tools/notebook-edit.d.ts +31 -0
- package/dist/tools/notebook-edit.d.ts.map +1 -0
- package/dist/tools/notebook-edit.js +321 -0
- package/dist/tools/notebook-edit.js.map +1 -0
- package/dist/tools/registry.d.ts +16 -0
- package/dist/tools/registry.d.ts.map +1 -0
- package/dist/tools/registry.js +41 -0
- package/dist/tools/registry.js.map +1 -0
- package/dist/tools/shell-exec.d.ts +12 -0
- package/dist/tools/shell-exec.d.ts.map +1 -0
- package/dist/tools/shell-exec.js +261 -0
- package/dist/tools/shell-exec.js.map +1 -0
- package/dist/tools/sub-agent-manager.d.ts +57 -0
- package/dist/tools/sub-agent-manager.d.ts.map +1 -0
- package/dist/tools/sub-agent-manager.js +153 -0
- package/dist/tools/sub-agent-manager.js.map +1 -0
- package/dist/tools/sub-agent-status.d.ts +12 -0
- package/dist/tools/sub-agent-status.d.ts.map +1 -0
- package/dist/tools/sub-agent-status.js +59 -0
- package/dist/tools/sub-agent-status.js.map +1 -0
- package/dist/tools/sub-agent-terminate.d.ts +12 -0
- package/dist/tools/sub-agent-terminate.d.ts.map +1 -0
- package/dist/tools/sub-agent-terminate.js +55 -0
- package/dist/tools/sub-agent-terminate.js.map +1 -0
- package/dist/tools/sub-agent.d.ts +34 -0
- package/dist/tools/sub-agent.d.ts.map +1 -0
- package/dist/tools/sub-agent.js +140 -0
- package/dist/tools/sub-agent.js.map +1 -0
- package/dist/tools/system-info.d.ts +24 -0
- package/dist/tools/system-info.d.ts.map +1 -0
- package/dist/tools/system-info.js +220 -0
- package/dist/tools/system-info.js.map +1 -0
- package/dist/tools/todo.d.ts +16 -0
- package/dist/tools/todo.d.ts.map +1 -0
- package/dist/tools/todo.js +144 -0
- package/dist/tools/todo.js.map +1 -0
- package/dist/tools/types.d.ts +20 -0
- package/dist/tools/types.d.ts.map +1 -0
- package/dist/tools/types.js +3 -0
- package/dist/tools/types.js.map +1 -0
- package/dist/tools/view-diff.d.ts +11 -0
- package/dist/tools/view-diff.d.ts.map +1 -0
- package/dist/tools/view-diff.js +88 -0
- package/dist/tools/view-diff.js.map +1 -0
- package/dist/tools/view-repo-map.d.ts +18 -0
- package/dist/tools/view-repo-map.d.ts.map +1 -0
- package/dist/tools/view-repo-map.js +245 -0
- package/dist/tools/view-repo-map.js.map +1 -0
- package/dist/tools/web-fetch.d.ts +13 -0
- package/dist/tools/web-fetch.d.ts.map +1 -0
- package/dist/tools/web-fetch.js +106 -0
- package/dist/tools/web-fetch.js.map +1 -0
- package/dist/tools/web-search.d.ts +10 -0
- package/dist/tools/web-search.d.ts.map +1 -0
- package/dist/tools/web-search.js +106 -0
- package/dist/tools/web-search.js.map +1 -0
- package/dist/utils/gitignore.d.ts +10 -0
- package/dist/utils/gitignore.d.ts.map +1 -0
- package/dist/utils/gitignore.js +104 -0
- package/dist/utils/gitignore.js.map +1 -0
- package/dist/utils/lazy-apply.d.ts +45 -0
- package/dist/utils/lazy-apply.d.ts.map +1 -0
- package/dist/utils/lazy-apply.js +164 -0
- package/dist/utils/lazy-apply.js.map +1 -0
- package/dist/utils/memory.d.ts +36 -0
- package/dist/utils/memory.d.ts.map +1 -0
- package/dist/utils/memory.js +136 -0
- package/dist/utils/memory.js.map +1 -0
- package/dist/utils/path-matching.d.ts +24 -0
- package/dist/utils/path-matching.d.ts.map +1 -0
- package/dist/utils/path-matching.js +116 -0
- package/dist/utils/path-matching.js.map +1 -0
- package/dist/utils/path-safety.d.ts +13 -0
- package/dist/utils/path-safety.d.ts.map +1 -0
- package/dist/utils/path-safety.js +54 -0
- package/dist/utils/path-safety.js.map +1 -0
- package/dist/utils/project-config.d.ts +18 -0
- package/dist/utils/project-config.d.ts.map +1 -0
- package/dist/utils/project-config.js +76 -0
- package/dist/utils/project-config.js.map +1 -0
- package/dist/utils/search-match.d.ts +63 -0
- package/dist/utils/search-match.d.ts.map +1 -0
- package/dist/utils/search-match.js +426 -0
- package/dist/utils/search-match.js.map +1 -0
- package/dist/utils/shell-paths.d.ts +17 -0
- package/dist/utils/shell-paths.d.ts.map +1 -0
- package/dist/utils/shell-paths.js +107 -0
- package/dist/utils/shell-paths.js.map +1 -0
- package/dist/utils/streaming-diff.d.ts +45 -0
- package/dist/utils/streaming-diff.d.ts.map +1 -0
- package/dist/utils/streaming-diff.js +230 -0
- package/dist/utils/streaming-diff.js.map +1 -0
- package/dist/utils/todo.d.ts +47 -0
- package/dist/utils/todo.d.ts.map +1 -0
- package/dist/utils/todo.js +102 -0
- package/dist/utils/todo.js.map +1 -0
- package/package.json +23 -0
- package/src/agents/coordinator.ts +240 -0
- package/src/context-providers/clipboard.ts +48 -0
- package/src/context-providers/codebase.ts +274 -0
- package/src/context-providers/diff.ts +66 -0
- package/src/context-providers/docs.ts +160 -0
- package/src/context-providers/file-include.ts +54 -0
- package/src/context-providers/folder.ts +106 -0
- package/src/context-providers/git.ts +72 -0
- package/src/context-providers/index.ts +26 -0
- package/src/context-providers/open-files.ts +113 -0
- package/src/context-providers/problems.ts +100 -0
- package/src/context-providers/registry.ts +99 -0
- package/src/context-providers/terminal.ts +58 -0
- package/src/context-providers/tree.ts +161 -0
- package/src/context-providers/types.ts +84 -0
- package/src/context-providers/url.ts +138 -0
- package/src/effort/index.ts +177 -0
- package/src/hooks/index.ts +148 -0
- package/src/index.ts +114 -0
- package/src/indexing/README.md +267 -0
- package/src/indexing/chunker.ts +206 -0
- package/src/indexing/database.ts +299 -0
- package/src/indexing/index.ts +15 -0
- package/src/indexing/indexer.ts +383 -0
- package/src/indexing/recent-edits-cache.ts +150 -0
- package/src/indexing/types.ts +44 -0
- package/src/mcp/index.ts +33 -0
- package/src/mcp/manager.ts +385 -0
- package/src/oauth.ts +330 -0
- package/src/permissions/index.ts +1011 -0
- package/src/plan/index.ts +20 -0
- package/src/plan/manager.ts +233 -0
- package/src/rules/index.ts +28 -0
- package/src/rules/manager.ts +276 -0
- package/src/rules/types.ts +40 -0
- package/src/sandbox/filesystem.ts +135 -0
- package/src/sandbox/index.ts +9 -0
- package/src/sandbox/manager.ts +213 -0
- package/src/sandbox/network.ts +101 -0
- package/src/sandbox/types.ts +63 -0
- package/src/tools/ast-edit.ts +493 -0
- package/src/tools/code-verify.ts +143 -0
- package/src/tools/codebase-search.ts +117 -0
- package/src/tools/file-delete.ts +155 -0
- package/src/tools/file-edit.ts +115 -0
- package/src/tools/file-read.ts +195 -0
- package/src/tools/file-run.ts +158 -0
- package/src/tools/file-write.ts +104 -0
- package/src/tools/glob-search.ts +80 -0
- package/src/tools/grep-search.ts +120 -0
- package/src/tools/list-dir.ts +172 -0
- package/src/tools/multi-edit.ts +138 -0
- package/src/tools/notebook-edit.ts +342 -0
- package/src/tools/registry.ts +43 -0
- package/src/tools/shell-exec.ts +251 -0
- package/src/tools/sub-agent-manager.ts +183 -0
- package/src/tools/sub-agent-status.ts +67 -0
- package/src/tools/sub-agent-terminate.ts +62 -0
- package/src/tools/sub-agent.ts +162 -0
- package/src/tools/system-info.ts +248 -0
- package/src/tools/todo.ts +149 -0
- package/src/tools/types.ts +21 -0
- package/src/tools/view-diff.ts +99 -0
- package/src/tools/view-repo-map.ts +249 -0
- package/src/tools/web-fetch.ts +118 -0
- package/src/tools/web-search.ts +129 -0
- package/src/utils/gitignore.ts +73 -0
- package/src/utils/lazy-apply.ts +189 -0
- package/src/utils/memory.ts +124 -0
- package/src/utils/path-matching.ts +84 -0
- package/src/utils/path-safety.ts +19 -0
- package/src/utils/project-config.ts +41 -0
- package/src/utils/search-match.ts +495 -0
- package/src/utils/shell-paths.ts +79 -0
- package/src/utils/streaming-diff.ts +260 -0
- package/src/utils/todo.ts +115 -0
- package/tsconfig.json +18 -0
|
@@ -0,0 +1,220 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Sandbox Manager — orchestrates filesystem and network sandbox enforcement.
|
|
4
|
+
*
|
|
5
|
+
* Loads sandbox configuration from .claude/settings.json files using the
|
|
6
|
+
* same hierarchy as the permission system (local → shared → user).
|
|
7
|
+
*/
|
|
8
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
9
|
+
if (k2 === undefined) k2 = k;
|
|
10
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
11
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
12
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
13
|
+
}
|
|
14
|
+
Object.defineProperty(o, k2, desc);
|
|
15
|
+
}) : (function(o, m, k, k2) {
|
|
16
|
+
if (k2 === undefined) k2 = k;
|
|
17
|
+
o[k2] = m[k];
|
|
18
|
+
}));
|
|
19
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
20
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
21
|
+
}) : function(o, v) {
|
|
22
|
+
o["default"] = v;
|
|
23
|
+
});
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42
|
+
exports.SandboxManager = void 0;
|
|
43
|
+
const fs = __importStar(require("fs"));
|
|
44
|
+
const path = __importStar(require("path"));
|
|
45
|
+
const os = __importStar(require("os"));
|
|
46
|
+
const types_1 = require("./types");
|
|
47
|
+
const filesystem_1 = require("./filesystem");
|
|
48
|
+
const network_1 = require("./network");
|
|
49
|
+
const HOME_DIR = os.homedir();
|
|
50
|
+
const USER_SETTINGS_FILE = path.join(HOME_DIR, ".claude", "settings.json");
|
|
51
|
+
class SandboxManager {
|
|
52
|
+
config;
|
|
53
|
+
workingDir;
|
|
54
|
+
projectDir;
|
|
55
|
+
sessionApprovedDomains = new Set();
|
|
56
|
+
domainPromptFn = null;
|
|
57
|
+
constructor(workingDir, projectDir) {
|
|
58
|
+
this.workingDir = path.resolve(workingDir);
|
|
59
|
+
this.projectDir = projectDir ? path.resolve(projectDir) : this.workingDir;
|
|
60
|
+
this.config = (0, types_1.defaultSandboxConfig)();
|
|
61
|
+
this.loadConfig();
|
|
62
|
+
}
|
|
63
|
+
// ── Config loading ──────────────────────────────────────────────────────────
|
|
64
|
+
/**
|
|
65
|
+
* Load and merge sandbox config from settings files.
|
|
66
|
+
* Precedence: local project → shared project → user (highest to lowest).
|
|
67
|
+
* Arrays are merged (not replaced) across scopes.
|
|
68
|
+
*/
|
|
69
|
+
loadConfig() {
|
|
70
|
+
const candidates = [
|
|
71
|
+
path.join(this.projectDir, ".claude", "settings.local.json"),
|
|
72
|
+
path.join(this.projectDir, ".claude", "settings.json"),
|
|
73
|
+
USER_SETTINGS_FILE,
|
|
74
|
+
];
|
|
75
|
+
const merged = (0, types_1.defaultSandboxConfig)();
|
|
76
|
+
for (const filePath of candidates) {
|
|
77
|
+
try {
|
|
78
|
+
if (!fs.existsSync(filePath))
|
|
79
|
+
continue;
|
|
80
|
+
const data = JSON.parse(fs.readFileSync(filePath, "utf-8"));
|
|
81
|
+
if (!data.sandbox)
|
|
82
|
+
continue;
|
|
83
|
+
const sb = data.sandbox;
|
|
84
|
+
// enabled: any scope can enable
|
|
85
|
+
if (sb.enabled === true)
|
|
86
|
+
merged.enabled = true;
|
|
87
|
+
// mode: highest-precedence scope wins (first found)
|
|
88
|
+
if (sb.mode && merged.mode === "regular") {
|
|
89
|
+
merged.mode = sb.mode;
|
|
90
|
+
}
|
|
91
|
+
// Filesystem arrays are merged
|
|
92
|
+
if (sb.filesystem) {
|
|
93
|
+
if (Array.isArray(sb.filesystem.allowWrite)) {
|
|
94
|
+
merged.filesystem.allowWrite.push(...sb.filesystem.allowWrite);
|
|
95
|
+
}
|
|
96
|
+
if (Array.isArray(sb.filesystem.denyWrite)) {
|
|
97
|
+
merged.filesystem.denyWrite.push(...sb.filesystem.denyWrite);
|
|
98
|
+
}
|
|
99
|
+
if (Array.isArray(sb.filesystem.denyRead)) {
|
|
100
|
+
merged.filesystem.denyRead.push(...sb.filesystem.denyRead);
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
// Network: merge domains
|
|
104
|
+
if (sb.network) {
|
|
105
|
+
if (Array.isArray(sb.network.allowedDomains)) {
|
|
106
|
+
merged.network.allowedDomains.push(...sb.network.allowedDomains);
|
|
107
|
+
}
|
|
108
|
+
if (sb.network.allowManagedDomainsOnly === true) {
|
|
109
|
+
merged.network.allowManagedDomainsOnly = true;
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
// Excluded commands: merge
|
|
113
|
+
if (Array.isArray(sb.excludedCommands)) {
|
|
114
|
+
merged.excludedCommands.push(...sb.excludedCommands);
|
|
115
|
+
}
|
|
116
|
+
// allowUnsandboxedCommands: false from any scope wins (restrictive)
|
|
117
|
+
if (sb.allowUnsandboxedCommands === false) {
|
|
118
|
+
merged.allowUnsandboxedCommands = false;
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
catch {
|
|
122
|
+
// Skip malformed files
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
// Deduplicate arrays
|
|
126
|
+
merged.filesystem.allowWrite = [...new Set(merged.filesystem.allowWrite)];
|
|
127
|
+
merged.filesystem.denyWrite = [...new Set(merged.filesystem.denyWrite)];
|
|
128
|
+
merged.filesystem.denyRead = [...new Set(merged.filesystem.denyRead)];
|
|
129
|
+
merged.network.allowedDomains = [...new Set(merged.network.allowedDomains)];
|
|
130
|
+
merged.excludedCommands = [...new Set(merged.excludedCommands)];
|
|
131
|
+
this.config = merged;
|
|
132
|
+
}
|
|
133
|
+
// ── Public API ──────────────────────────────────────────────────────────────
|
|
134
|
+
getConfig() {
|
|
135
|
+
return this.config;
|
|
136
|
+
}
|
|
137
|
+
isEnabled() {
|
|
138
|
+
return this.config.enabled;
|
|
139
|
+
}
|
|
140
|
+
getMode() {
|
|
141
|
+
return this.config.mode;
|
|
142
|
+
}
|
|
143
|
+
setDomainPromptFn(fn) {
|
|
144
|
+
this.domainPromptFn = fn;
|
|
145
|
+
}
|
|
146
|
+
approveDomain(domain) {
|
|
147
|
+
this.sessionApprovedDomains.add(domain);
|
|
148
|
+
}
|
|
149
|
+
// ── Access checks ─────────────────────────────────────────────────────────
|
|
150
|
+
checkFileRead(filePath) {
|
|
151
|
+
return (0, filesystem_1.checkReadAccess)(filePath, this.config, this.workingDir, this.projectDir);
|
|
152
|
+
}
|
|
153
|
+
checkFileWrite(filePath) {
|
|
154
|
+
return (0, filesystem_1.checkWriteAccess)(filePath, this.config, this.workingDir, this.projectDir);
|
|
155
|
+
}
|
|
156
|
+
/**
|
|
157
|
+
* Check if a shell command is allowed by sandbox rules.
|
|
158
|
+
* Returns denied if dangerouslyDisableSandbox is used but not allowed.
|
|
159
|
+
*/
|
|
160
|
+
checkShellCommand(command, dangerouslyDisableSandbox) {
|
|
161
|
+
if (!this.config.enabled)
|
|
162
|
+
return { allowed: true };
|
|
163
|
+
// Handle dangerouslyDisableSandbox escape hatch
|
|
164
|
+
if (dangerouslyDisableSandbox) {
|
|
165
|
+
if (!this.config.allowUnsandboxedCommands) {
|
|
166
|
+
return {
|
|
167
|
+
allowed: false,
|
|
168
|
+
reason: "Sandbox: dangerouslyDisableSandbox is not allowed (allowUnsandboxedCommands is false)",
|
|
169
|
+
};
|
|
170
|
+
}
|
|
171
|
+
// Allowed to bypass sandbox — permission system still applies
|
|
172
|
+
return { allowed: true };
|
|
173
|
+
}
|
|
174
|
+
// Check if command is excluded from sandbox
|
|
175
|
+
if (this.isExcludedCommand(command)) {
|
|
176
|
+
return { allowed: true };
|
|
177
|
+
}
|
|
178
|
+
// Check command paths heuristically
|
|
179
|
+
return (0, filesystem_1.checkShellCommandPaths)(command, this.config, this.workingDir, this.projectDir);
|
|
180
|
+
}
|
|
181
|
+
/**
|
|
182
|
+
* Check if network access to a URL is allowed.
|
|
183
|
+
* If the domain needs user approval, triggers the domain prompt.
|
|
184
|
+
*/
|
|
185
|
+
async checkNetworkAccess(url) {
|
|
186
|
+
const result = (0, network_1.checkDomainAccess)(url, this.config, this.sessionApprovedDomains);
|
|
187
|
+
if (result.promptUser && result.domain && this.domainPromptFn) {
|
|
188
|
+
const approved = await this.domainPromptFn(result.domain);
|
|
189
|
+
if (approved) {
|
|
190
|
+
this.sessionApprovedDomains.add(result.domain);
|
|
191
|
+
return { allowed: true };
|
|
192
|
+
}
|
|
193
|
+
return {
|
|
194
|
+
allowed: false,
|
|
195
|
+
reason: `Sandbox: user denied network access to domain "${result.domain}"`,
|
|
196
|
+
};
|
|
197
|
+
}
|
|
198
|
+
return result;
|
|
199
|
+
}
|
|
200
|
+
/**
|
|
201
|
+
* Check if a command prefix matches any excluded command.
|
|
202
|
+
*/
|
|
203
|
+
isExcludedCommand(command) {
|
|
204
|
+
const trimmed = command.trimStart();
|
|
205
|
+
for (const excluded of this.config.excludedCommands) {
|
|
206
|
+
if (trimmed === excluded || trimmed.startsWith(excluded + " ") || trimmed.startsWith(excluded + "\t")) {
|
|
207
|
+
return true;
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
return false;
|
|
211
|
+
}
|
|
212
|
+
/**
|
|
213
|
+
* Get a sandboxed environment for shell command execution.
|
|
214
|
+
*/
|
|
215
|
+
getShellEnv() {
|
|
216
|
+
return (0, network_1.buildSandboxedEnv)(this.config, process.env);
|
|
217
|
+
}
|
|
218
|
+
}
|
|
219
|
+
exports.SandboxManager = SandboxManager;
|
|
220
|
+
//# sourceMappingURL=manager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/sandbox/manager.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAEzB,mCAA+C;AAC/C,6CAAyF;AACzF,uCAAiE;AAEjE,MAAM,QAAQ,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;AAC9B,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;AAE3E,MAAa,cAAc;IACjB,MAAM,CAAgB;IACtB,UAAU,CAAS;IACnB,UAAU,CAAS;IACnB,sBAAsB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,cAAc,GAAkD,IAAI,CAAC;IAE7E,YAAY,UAAkB,EAAE,UAAmB;QACjD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;QAC1E,IAAI,CAAC,MAAM,GAAG,IAAA,4BAAoB,GAAE,CAAC;QACrC,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;IAED,+EAA+E;IAE/E;;;;OAIG;IACH,UAAU;QACR,MAAM,UAAU,GAAG;YACjB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,qBAAqB,CAAC;YAC5D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,eAAe,CAAC;YACtD,kBAAkB;SACnB,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,4BAAoB,GAAE,CAAC;QAEtC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;oBAAE,SAAS;gBACvC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC5D,IAAI,CAAC,IAAI,CAAC,OAAO;oBAAE,SAAS;gBAE5B,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;gBAExB,gCAAgC;gBAChC,IAAI,EAAE,CAAC,OAAO,KAAK,IAAI;oBAAE,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC;gBAE/C,oDAAoD;gBACpD,IAAI,EAAE,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBACzC,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC,IAAmB,CAAC;gBACvC,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC;oBAClB,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC5C,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;oBACjE,CAAC;oBACD,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC3C,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;oBAC/D,CAAC;oBACD,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC1C,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;oBAC7D,CAAC;gBACH,CAAC;gBAED,yBAAyB;gBACzB,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;oBACf,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;wBAC7C,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;oBACnE,CAAC;oBACD,IAAI,EAAE,CAAC,OAAO,CAAC,uBAAuB,KAAK,IAAI,EAAE,CAAC;wBAChD,MAAM,CAAC,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;oBAChD,CAAC;gBACH,CAAC;gBAED,2BAA2B;gBAC3B,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBACvC,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,CAAC;gBACvD,CAAC;gBAED,oEAAoE;gBACpE,IAAI,EAAE,CAAC,wBAAwB,KAAK,KAAK,EAAE,CAAC;oBAC1C,MAAM,CAAC,wBAAwB,GAAG,KAAK,CAAC;gBAC1C,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,CAAC,UAAU,CAAC,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QAC1E,MAAM,CAAC,UAAU,CAAC,SAAS,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,UAAU,CAAC,QAAQ,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtE,MAAM,CAAC,OAAO,CAAC,cAAc,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;QAC5E,MAAM,CAAC,gBAAgB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAEhE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,+EAA+E;IAE/E,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAC1B,CAAC;IAED,iBAAiB,CAAC,EAAwC;QACxD,IAAI,CAAC,cAAc,GAAG,EAAE,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,MAAc;QAC1B,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,6EAA6E;IAE7E,aAAa,CAAC,QAAgB;QAC5B,OAAO,IAAA,4BAAe,EAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAClF,CAAC;IAED,cAAc,CAAC,QAAgB;QAC7B,OAAO,IAAA,6BAAgB,EAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACnF,CAAC;IAED;;;OAGG;IACH,iBAAiB,CAAC,OAAe,EAAE,yBAAmC;QACpE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAEnD,gDAAgD;QAChD,IAAI,yBAAyB,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;gBAC1C,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,uFAAuF;iBAChG,CAAC;YACJ,CAAC;YACD,8DAA8D;YAC9D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,4CAA4C;QAC5C,IAAI,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,oCAAoC;QACpC,OAAO,IAAA,mCAAsB,EAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACxF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,kBAAkB,CAAC,GAAW;QAClC,MAAM,MAAM,GAAG,IAAA,2BAAiB,EAAC,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAEhF,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC1D,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC/C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,kDAAkD,MAAM,CAAC,MAAM,GAAG;aAC3E,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,OAAe;QAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;QACpC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACpD,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,GAAG,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,GAAG,IAAI,CAAC,EAAE,CAAC;gBACtG,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAA,2BAAiB,EAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IACrD,CAAC;CACF;AAlMD,wCAkMC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sandbox Network — domain access checks and environment restrictions.
|
|
3
|
+
*/
|
|
4
|
+
import type { SandboxConfig, SandboxCheckResult } from "./types";
|
|
5
|
+
/**
|
|
6
|
+
* Check whether accessing a URL is allowed by sandbox network rules.
|
|
7
|
+
*/
|
|
8
|
+
export declare function checkDomainAccess(url: string, config: SandboxConfig, sessionApprovedDomains: Set<string>): SandboxCheckResult;
|
|
9
|
+
/**
|
|
10
|
+
* Build a sandboxed environment for shell command execution.
|
|
11
|
+
* Sets proxy env vars as a best-effort network restriction.
|
|
12
|
+
*/
|
|
13
|
+
export declare function buildSandboxedEnv(config: SandboxConfig, baseEnv: NodeJS.ProcessEnv): NodeJS.ProcessEnv;
|
|
14
|
+
//# sourceMappingURL=network.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../src/sandbox/network.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAEjE;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,aAAa,EACrB,sBAAsB,EAAE,GAAG,CAAC,MAAM,CAAC,GAClC,kBAAkB,CA0CpB;AAeD;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,aAAa,EACrB,OAAO,EAAE,MAAM,CAAC,UAAU,GACzB,MAAM,CAAC,UAAU,CAuBnB"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Sandbox Network — domain access checks and environment restrictions.
|
|
4
|
+
*/
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.checkDomainAccess = checkDomainAccess;
|
|
7
|
+
exports.buildSandboxedEnv = buildSandboxedEnv;
|
|
8
|
+
/**
|
|
9
|
+
* Check whether accessing a URL is allowed by sandbox network rules.
|
|
10
|
+
*/
|
|
11
|
+
function checkDomainAccess(url, config, sessionApprovedDomains) {
|
|
12
|
+
if (!config.enabled)
|
|
13
|
+
return { allowed: true };
|
|
14
|
+
let hostname;
|
|
15
|
+
try {
|
|
16
|
+
hostname = new URL(url).hostname;
|
|
17
|
+
}
|
|
18
|
+
catch {
|
|
19
|
+
return { allowed: false, reason: `Sandbox: invalid URL "${url}"` };
|
|
20
|
+
}
|
|
21
|
+
// Check against allowed domains (exact or subdomain match)
|
|
22
|
+
if (isDomainAllowed(hostname, config.network.allowedDomains)) {
|
|
23
|
+
return { allowed: true };
|
|
24
|
+
}
|
|
25
|
+
// Check session-approved domains
|
|
26
|
+
if (sessionApprovedDomains.has(hostname)) {
|
|
27
|
+
return { allowed: true };
|
|
28
|
+
}
|
|
29
|
+
// Check if any parent domain was session-approved
|
|
30
|
+
for (const approved of sessionApprovedDomains) {
|
|
31
|
+
if (hostname.endsWith("." + approved)) {
|
|
32
|
+
return { allowed: true };
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
// Domain not allowed
|
|
36
|
+
if (config.network.allowManagedDomainsOnly) {
|
|
37
|
+
return {
|
|
38
|
+
allowed: false,
|
|
39
|
+
reason: `Sandbox: network access denied for domain "${hostname}" (not in allowedDomains and allowManagedDomainsOnly is enabled)`,
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
// Prompt user for approval
|
|
43
|
+
return {
|
|
44
|
+
allowed: false,
|
|
45
|
+
promptUser: true,
|
|
46
|
+
domain: hostname,
|
|
47
|
+
reason: `Sandbox: domain "${hostname}" is not in the allowed list`,
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Check if a hostname matches any of the allowed domains.
|
|
52
|
+
* Supports exact match and subdomain match (e.g., "github.com" matches "api.github.com").
|
|
53
|
+
*/
|
|
54
|
+
function isDomainAllowed(hostname, allowedDomains) {
|
|
55
|
+
for (const domain of allowedDomains) {
|
|
56
|
+
if (hostname === domain || hostname.endsWith("." + domain)) {
|
|
57
|
+
return true;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
return false;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Build a sandboxed environment for shell command execution.
|
|
64
|
+
* Sets proxy env vars as a best-effort network restriction.
|
|
65
|
+
*/
|
|
66
|
+
function buildSandboxedEnv(config, baseEnv) {
|
|
67
|
+
if (!config.enabled)
|
|
68
|
+
return { ...baseEnv };
|
|
69
|
+
const env = { ...baseEnv };
|
|
70
|
+
// Remove potentially dangerous env vars that could leak credentials
|
|
71
|
+
const sensitiveVars = [
|
|
72
|
+
"AWS_SECRET_ACCESS_KEY",
|
|
73
|
+
"AWS_SESSION_TOKEN",
|
|
74
|
+
"GH_TOKEN",
|
|
75
|
+
"GITHUB_TOKEN",
|
|
76
|
+
"NPM_TOKEN",
|
|
77
|
+
"DOCKER_PASSWORD",
|
|
78
|
+
];
|
|
79
|
+
for (const v of sensitiveVars) {
|
|
80
|
+
// Only remove if sandbox is actively restricting network
|
|
81
|
+
if (config.network.allowedDomains.length > 0 || config.network.allowManagedDomainsOnly) {
|
|
82
|
+
delete env[v];
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
return env;
|
|
86
|
+
}
|
|
87
|
+
//# sourceMappingURL=network.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"network.js","sourceRoot":"","sources":["../../src/sandbox/network.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAOH,8CA8CC;AAmBD,8CA0BC;AA9FD;;GAEG;AACH,SAAgB,iBAAiB,CAC/B,GAAW,EACX,MAAqB,EACrB,sBAAmC;IAEnC,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAE9C,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,GAAG,GAAG,EAAE,CAAC;IACrE,CAAC;IAED,2DAA2D;IAC3D,IAAI,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC7D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,iCAAiC;IACjC,IAAI,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,kDAAkD;IAClD,KAAK,MAAM,QAAQ,IAAI,sBAAsB,EAAE,CAAC;QAC9C,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAuB,EAAE,CAAC;QAC3C,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,8CAA8C,QAAQ,kEAAkE;SACjI,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,OAAO;QACL,OAAO,EAAE,KAAK;QACd,UAAU,EAAE,IAAI;QAChB,MAAM,EAAE,QAAQ;QAChB,MAAM,EAAE,oBAAoB,QAAQ,8BAA8B;KACnE,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,QAAgB,EAAE,cAAwB;IACjE,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;QACpC,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC;YAC3D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,MAAqB,EACrB,OAA0B;IAE1B,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;IAE3C,MAAM,GAAG,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;IAE3B,oEAAoE;IACpE,MAAM,aAAa,GAAG;QACpB,uBAAuB;QACvB,mBAAmB;QACnB,UAAU;QACV,cAAc;QACd,WAAW;QACX,iBAAiB;KAClB,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,yDAAyD;QACzD,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAuB,EAAE,CAAC;YACvF,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sandbox Types — configuration and check result interfaces.
|
|
3
|
+
*/
|
|
4
|
+
export interface SandboxFilesystemConfig {
|
|
5
|
+
/** Additional paths (beyond workingDir) where writes are allowed */
|
|
6
|
+
allowWrite: string[];
|
|
7
|
+
/** Paths where writes are denied */
|
|
8
|
+
denyWrite: string[];
|
|
9
|
+
/** Paths where reads are denied */
|
|
10
|
+
denyRead: string[];
|
|
11
|
+
}
|
|
12
|
+
export interface SandboxNetworkConfig {
|
|
13
|
+
/** Whitelisted domains for network access */
|
|
14
|
+
allowedDomains: string[];
|
|
15
|
+
/** If true, block non-allowed domains without prompting the user */
|
|
16
|
+
allowManagedDomainsOnly: boolean;
|
|
17
|
+
}
|
|
18
|
+
/** Sandbox operation mode */
|
|
19
|
+
export type SandboxMode = "auto-allow" | "regular";
|
|
20
|
+
/** Full sandbox configuration (loaded from settings files) */
|
|
21
|
+
export interface SandboxConfig {
|
|
22
|
+
enabled: boolean;
|
|
23
|
+
mode: SandboxMode;
|
|
24
|
+
filesystem: SandboxFilesystemConfig;
|
|
25
|
+
network: SandboxNetworkConfig;
|
|
26
|
+
/** Commands that bypass the sandbox (e.g. "docker") */
|
|
27
|
+
excludedCommands: string[];
|
|
28
|
+
/** Whether dangerouslyDisableSandbox param is respected */
|
|
29
|
+
allowUnsandboxedCommands: boolean;
|
|
30
|
+
}
|
|
31
|
+
/** Result of a sandbox access check */
|
|
32
|
+
export interface SandboxCheckResult {
|
|
33
|
+
allowed: boolean;
|
|
34
|
+
reason?: string;
|
|
35
|
+
/** For network checks: whether the user should be prompted about a new domain */
|
|
36
|
+
promptUser?: boolean;
|
|
37
|
+
/** The domain being requested (when promptUser is true) */
|
|
38
|
+
domain?: string;
|
|
39
|
+
}
|
|
40
|
+
/** Returns a default (disabled) sandbox config */
|
|
41
|
+
export declare function defaultSandboxConfig(): SandboxConfig;
|
|
42
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/sandbox/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,uBAAuB;IACtC,oEAAoE;IACpE,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,oCAAoC;IACpC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,mCAAmC;IACnC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,oBAAoB;IACnC,6CAA6C;IAC7C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,oEAAoE;IACpE,uBAAuB,EAAE,OAAO,CAAC;CAClC;AAED,6BAA6B;AAC7B,MAAM,MAAM,WAAW,GAAG,YAAY,GAAG,SAAS,CAAC;AAEnD,8DAA8D;AAC9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,uBAAuB,CAAC;IACpC,OAAO,EAAE,oBAAoB,CAAC;IAC9B,uDAAuD;IACvD,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,2DAA2D;IAC3D,wBAAwB,EAAE,OAAO,CAAC;CACnC;AAED,uCAAuC;AACvC,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iFAAiF;IACjF,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,kDAAkD;AAClD,wBAAgB,oBAAoB,IAAI,aAAa,CAgBpD"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Sandbox Types — configuration and check result interfaces.
|
|
4
|
+
*/
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.defaultSandboxConfig = defaultSandboxConfig;
|
|
7
|
+
/** Returns a default (disabled) sandbox config */
|
|
8
|
+
function defaultSandboxConfig() {
|
|
9
|
+
return {
|
|
10
|
+
enabled: false,
|
|
11
|
+
mode: "regular",
|
|
12
|
+
filesystem: {
|
|
13
|
+
allowWrite: [],
|
|
14
|
+
denyWrite: [],
|
|
15
|
+
denyRead: [],
|
|
16
|
+
},
|
|
17
|
+
network: {
|
|
18
|
+
allowedDomains: [],
|
|
19
|
+
allowManagedDomainsOnly: false,
|
|
20
|
+
},
|
|
21
|
+
excludedCommands: [],
|
|
22
|
+
allowUnsandboxedCommands: true,
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/sandbox/types.ts"],"names":[],"mappings":";AAAA;;GAEG;;AA4CH,oDAgBC;AAjBD,kDAAkD;AAClD,SAAgB,oBAAoB;IAClC,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,SAAS;QACf,UAAU,EAAE;YACV,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;YACb,QAAQ,EAAE,EAAE;SACb;QACD,OAAO,EAAE;YACP,cAAc,EAAE,EAAE;YAClB,uBAAuB,EAAE,KAAK;SAC/B;QACD,gBAAgB,EAAE,EAAE;QACpB,wBAAwB,EAAE,IAAI;KAC/B,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AST Edit Tool — Tree-sitter powered structural code editing.
|
|
3
|
+
*
|
|
4
|
+
* Uses tree-sitter to parse source code into an AST, then performs
|
|
5
|
+
* targeted edits on specific AST nodes (functions, classes, methods,
|
|
6
|
+
* imports, etc.) by name rather than by string matching.
|
|
7
|
+
*
|
|
8
|
+
* This is more reliable than string-based editing for:
|
|
9
|
+
* - Renaming functions/methods/classes across a file
|
|
10
|
+
* - Replacing entire function bodies
|
|
11
|
+
* - Adding/removing imports
|
|
12
|
+
* - Inserting methods into classes
|
|
13
|
+
* - Extracting or inlining code blocks
|
|
14
|
+
*/
|
|
15
|
+
import type { BaseTool, ToolDefinition, ToolResult } from "./types";
|
|
16
|
+
import type { SandboxManager } from "../sandbox";
|
|
17
|
+
export declare class ASTEditTool implements BaseTool {
|
|
18
|
+
definition: ToolDefinition;
|
|
19
|
+
private workingDir;
|
|
20
|
+
private sandboxManager?;
|
|
21
|
+
constructor(workingDir: string, sandboxManager?: SandboxManager);
|
|
22
|
+
execute(input: Record<string, unknown>): Promise<ToolResult>;
|
|
23
|
+
/**
|
|
24
|
+
* Initialize tree-sitter parser for the given file's language.
|
|
25
|
+
*/
|
|
26
|
+
private initParser;
|
|
27
|
+
/**
|
|
28
|
+
* Parse source code and apply a single AST operation.
|
|
29
|
+
*/
|
|
30
|
+
private applyOperation;
|
|
31
|
+
/**
|
|
32
|
+
* Find an AST node by type and name.
|
|
33
|
+
*/
|
|
34
|
+
private findNode;
|
|
35
|
+
/**
|
|
36
|
+
* Walk the AST tree depth-first, calling visitor on each node.
|
|
37
|
+
*/
|
|
38
|
+
private walkTree;
|
|
39
|
+
/**
|
|
40
|
+
* Check if an AST node matches the requested type category.
|
|
41
|
+
*/
|
|
42
|
+
private matchesNodeType;
|
|
43
|
+
/**
|
|
44
|
+
* Extract the name identifier from an AST node.
|
|
45
|
+
*/
|
|
46
|
+
private getNodeName;
|
|
47
|
+
/**
|
|
48
|
+
* Find the body/block node within a function, method, or class.
|
|
49
|
+
*/
|
|
50
|
+
private findBody;
|
|
51
|
+
/**
|
|
52
|
+
* Rename a node by replacing all occurrences of the old name with the new name
|
|
53
|
+
* within the node's text range.
|
|
54
|
+
*/
|
|
55
|
+
private renameNode;
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=ast-edit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ast-edit.d.ts","sourceRoot":"","sources":["../../src/tools/ast-edit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAEpE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAiDjD,qBAAa,WAAY,YAAW,QAAQ;IAC1C,UAAU,EAAE,cAAc,CA8DxB;IAEF,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,cAAc,CAAC,CAAiB;gBAE5B,UAAU,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,cAAc;IAKzD,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IAoElE;;OAEG;YACW,UAAU;IAgCxB;;OAEG;IACH,OAAO,CAAC,cAAc;IAqEtB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAUhB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAOhB;;OAEG;IACH,OAAO,CAAC,eAAe;IAmEvB;;OAEG;IACH,OAAO,CAAC,WAAW;IAqCnB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAgBhB;;;OAGG;IACH,OAAO,CAAC,UAAU;CAiBnB"}
|