@cogitator-ai/sandbox 0.1.0

package/dist/executors/wasm.js

@@ -0,0 +1,171 @@
+/**
+ * WASM sandbox executor - isolated execution via Extism
+ *
+ * Provides fast, memory-safe execution of WASM modules.
+ * Cold start: 1-10ms (vs Docker 1-5s)
+ * Memory: 1-10MB per plugin (vs Docker 50-200MB)
+ */
+import { BaseSandboxExecutor } from './base';
+import { readFile } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+const DEFAULT_TIMEOUT = 30_000;
+const DEFAULT_FUNCTION = 'run';
+const MAX_OUTPUT_SIZE = 50_000;
+const DEFAULT_CACHE_SIZE = 10;
+export class WasmSandboxExecutor extends BaseSandboxExecutor {
+    type = 'wasm';
+    createPlugin;
+    pluginCache = new Map();
+    options;
+    cacheOrder = [];
+    constructor(options = {}) {
+        super();
+        this.options = options;
+    }
+    async connect() {
+        try {
+            const extism = await import('@extism/extism');
+            this.createPlugin = extism.default;
+            return this.success(undefined);
+        }
+        catch (error) {
+            return this.failure(`Failed to load Extism: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    async disconnect() {
+        for (const plugin of this.pluginCache.values()) {
+            try {
+                await plugin.close();
+            }
+            catch {
+            }
+        }
+        this.pluginCache.clear();
+        this.cacheOrder = [];
+        return this.success(undefined);
+    }
+    async isAvailable() {
+        if (!this.createPlugin) {
+            const result = await this.connect();
+            return result.success;
+        }
+        return true;
+    }
+    async execute(request, config) {
+        if (!this.createPlugin) {
+            return this.failure('WASM executor not connected');
+        }
+        const startTime = Date.now();
+        const timeout = request.timeout ?? config.timeout ?? DEFAULT_TIMEOUT;
+        const wasmModule = config.wasmModule;
+        const functionName = config.wasmFunction ?? DEFAULT_FUNCTION;
+        if (!wasmModule) {
+            return this.failure('No WASM module specified in config');
+        }
+        try {
+            const plugin = await this.getOrCreatePlugin(wasmModule, config.wasi ?? false);
+            const input = this.buildInput(request);
+            const result = await this.executeWithTimeout(plugin, functionName, input, timeout);
+            return this.success({
+                stdout: result.stdout.slice(0, MAX_OUTPUT_SIZE),
+                stderr: result.stderr.slice(0, MAX_OUTPUT_SIZE),
+                exitCode: result.exitCode,
+                timedOut: result.timedOut,
+                duration: Date.now() - startTime,
+            });
+        }
+        catch (error) {
+            return this.failure(`WASM execution failed: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    async getOrCreatePlugin(wasmModule, useWasi) {
+        const cacheKey = `${wasmModule}:${useWasi}`;
+        if (this.pluginCache.has(cacheKey)) {
+            return this.pluginCache.get(cacheKey);
+        }
+        const source = await this.loadWasmSource(wasmModule);
+        const plugin = await this.createPlugin(source, { useWasi });
+        this.pluginCache.set(cacheKey, plugin);
+        this.cacheOrder.push(cacheKey);
+        const maxSize = this.options.wasm?.cacheSize ?? DEFAULT_CACHE_SIZE;
+        while (this.cacheOrder.length > maxSize) {
+            const oldKey = this.cacheOrder.shift();
+            const oldPlugin = this.pluginCache.get(oldKey);
+            if (oldPlugin) {
+                await oldPlugin.close();
+                this.pluginCache.delete(oldKey);
+            }
+        }
+        return plugin;
+    }
+    async loadWasmSource(wasmModule) {
+        if (wasmModule.startsWith('http://') || wasmModule.startsWith('https://')) {
+            return { wasm: [{ url: wasmModule }] };
+        }
+        if (existsSync(wasmModule)) {
+            return await readFile(wasmModule);
+        }
+        try {
+            const resolved = require.resolve(wasmModule);
+            return await readFile(resolved);
+        }
+        catch {
+            throw new Error(`WASM module not found: ${wasmModule}`);
+        }
+    }
+    buildInput(request) {
+        if (request.stdin) {
+            return request.stdin;
+        }
+        return JSON.stringify({
+            command: request.command,
+            cwd: request.cwd ?? '/workspace',
+            env: request.env ?? {},
+        });
+    }
+    async executeWithTimeout(plugin, functionName, input, timeoutMs) {
+        const executePromise = (async () => {
+            try {
+                const result = await plugin.call(functionName, input);
+                const output = new TextDecoder().decode(result);
+                try {
+                    const parsed = JSON.parse(output);
+                    return {
+                        stdout: typeof parsed.stdout === 'string' ? parsed.stdout : output,
+                        stderr: typeof parsed.stderr === 'string' ? parsed.stderr : '',
+                        exitCode: typeof parsed.exitCode === 'number' ? parsed.exitCode : 0,
+                        timedOut: false,
+                    };
+                }
+                catch {
+                    return {
+                        stdout: output,
+                        stderr: '',
+                        exitCode: 0,
+                        timedOut: false,
+                    };
+                }
+            }
+            catch (error) {
+                return {
+                    stdout: '',
+                    stderr: error instanceof Error ? error.message : String(error),
+                    exitCode: 1,
+                    timedOut: false,
+                };
+            }
+        })();
+        const timeoutPromise = new Promise((resolve) => {
+            setTimeout(() => {
+                resolve({
+                    stdout: '',
+                    stderr: 'Execution timed out',
+                    exitCode: 124,
+                    timedOut: true,
+                });
+            }, timeoutMs);
+        });
+        return Promise.race([executePromise, timeoutPromise]);
+    }
+}
+//# sourceMappingURL=wasm.js.map

package/dist/executors/wasm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wasm.js","sourceRoot":"","sources":["../../src/executors/wasm.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,OAAO,EAAE,mBAAmB,EAAE,MAAM,QAAQ,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAgBrC,MAAM,eAAe,GAAG,MAAM,CAAC;AAC/B,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAC/B,MAAM,eAAe,GAAG,MAAM,CAAC;AAC/B,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAE9B,MAAM,OAAO,mBAAoB,SAAQ,mBAAmB;IACjD,IAAI,GAAG,MAAM,CAAC;IACf,YAAY,CAAkB;IAC9B,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC9C,OAAO,CAAsB;IAC7B,UAAU,GAAa,EAAE,CAAC;IAElC,YAAY,UAA+B,EAAE;QAC3C,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC9C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,OAAoC,CAAC;YAChE,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,OAAO,CACjB,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACnF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;YACvB,CAAC;YAAC,MAAM,CAAC;YACT,CAAC;QACH,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACpC,OAAO,MAAM,CAAC,OAAO,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAAgC,EAChC,MAAqB;QAErB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,IAAI,eAAe,CAAC;QACrE,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACrC,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,gBAAgB,CAAC;QAE7D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC;QAC5D,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC;YAE9E,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;YAEnF,OAAO,IAAI,CAAC,OAAO,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC;gBAC/C,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC;gBAC/C,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACjC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,OAAO,CACjB,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACnF,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAC7B,UAAkB,EAClB,OAAgB;QAEhB,MAAM,QAAQ,GAAG,GAAG,UAAU,IAAI,OAAO,EAAE,CAAC;QAE5C,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;QACzC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAa,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAE7D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE/B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,IAAI,kBAAkB,CAAC;QACnE,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,OAAO,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,EAAG,CAAC;YACxC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC/C,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,UAAkB;QAC7C,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1E,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;QACzC,CAAC;QAED,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,OAAO,MAAM,QAAQ,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC7C,OAAO,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,OAAgC;QACjD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,OAAO,CAAC,KAAK,CAAC;QACvB,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,YAAY;YAChC,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,EAAE;SACvB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,MAAoB,EACpB,YAAoB,EACpB,KAAa,EACb,SAAiB;QAOjB,MAAM,cAAc,GAAG,CAAC,KAAK,IAAI,EAAE;YACjC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtD,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAEhD,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBAClC,OAAO;wBACL,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;wBAClE,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;wBAC9D,QAAQ,EAAE,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;wBACnE,QAAQ,EAAE,KAAK;qBAChB,CAAC;gBACJ,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO;wBACL,MAAM,EAAE,MAAM;wBACd,MAAM,EAAE,EAAE;wBACV,QAAQ,EAAE,CAAC;wBACX,QAAQ,EAAE,KAAK;qBAChB,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO;oBACL,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;oBAC9D,QAAQ,EAAE,CAAC;oBACX,QAAQ,EAAE,KAAK;iBAChB,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,MAAM,cAAc,GAAG,IAAI,OAAO,CAK/B,CAAC,OAAO,EAAE,EAAE;YACb,UAAU,CAAC,GAAG,EAAE;gBACd,OAAO,CAAC;oBACN,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,qBAAqB;oBAC7B,QAAQ,EAAE,GAAG;oBACb,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAC;YACL,CAAC,EAAE,SAAS,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IACxD,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * @cogitator-ai/sandbox
+ *
+ * Docker-based sandbox execution for Cogitator agents
+ */
+export { SandboxManager } from './sandbox-manager';
+export { BaseSandboxExecutor, NativeSandboxExecutor, DockerSandboxExecutor, type DockerExecutorOptions, } from './executors/index';
+export { ContainerPool, type ContainerPoolOptions, type ContainerCreateOptions } from './pool/index';
+export { parseMemory, cpusToNanoCpus } from './utils/index';
+export type { SandboxType, SandboxConfig, SandboxResourceLimits, SandboxNetworkConfig, SandboxMount, SandboxExecutionRequest, SandboxExecutionResult, SandboxManagerConfig, SandboxPoolConfig, SandboxDockerConfig, SandboxResult, } from '@cogitator-ai/types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,KAAK,qBAAqB,GAC3B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,KAAK,oBAAoB,EAAE,KAAK,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACrG,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE5D,YAAY,EACV,WAAW,EACX,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,GACd,MAAM,qBAAqB,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+/**
+ * @cogitator-ai/sandbox
+ *
+ * Docker-based sandbox execution for Cogitator agents
+ */
+export { SandboxManager } from './sandbox-manager';
+export { BaseSandboxExecutor, NativeSandboxExecutor, DockerSandboxExecutor, } from './executors/index';
+export { ContainerPool } from './pool/index';
+export { parseMemory, cpusToNanoCpus } from './utils/index';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,GAEtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAA0D,MAAM,cAAc,CAAC;AACrG,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC"}

package/dist/pool/container-pool.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Container pool for reusing Docker containers
+ */
+import type { SandboxMount } from '@cogitator-ai/types';
+import type { Docker, DockerContainer } from '../docker-types';
+export interface ContainerCreateOptions {
+    memory?: number;
+    cpus?: number;
+    cpuShares?: number;
+    pidsLimit?: number;
+    networkMode?: string;
+    mounts?: SandboxMount[];
+    user?: string;
+}
+export interface ContainerPoolOptions {
+    maxSize?: number;
+    idleTimeoutMs?: number;
+}
+export declare class ContainerPool {
+    private docker;
+    private containers;
+    private maxSize;
+    private idleTimeoutMs;
+    private cleanupInterval?;
+    constructor(docker: Docker, options?: ContainerPoolOptions);
+    acquire(image: string, options: ContainerCreateOptions): Promise<DockerContainer>;
+    release(container: DockerContainer): Promise<void>;
+    private createContainer;
+    private destroyContainer;
+    private cleanup;
+    destroyAll(): Promise<void>;
+}
+//# sourceMappingURL=container-pool.d.ts.map

package/dist/pool/container-pool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"container-pool.d.ts","sourceRoot":"","sources":["../../src/pool/container-pool.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAS/D,MAAM,WAAW,sBAAsB;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,YAAY,EAAE,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,UAAU,CAAyB;IAC3C,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,eAAe,CAAC,CAAiC;gBAE7C,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,oBAAyB;IAWxD,OAAO,CACX,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,sBAAsB,GAC9B,OAAO,CAAC,eAAe,CAAC;IAyBrB,OAAO,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;YAW1C,eAAe;YA4Cf,gBAAgB;YAWhB,OAAO;IAgBf,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAUlC"}

package/dist/pool/container-pool.js

@@ -0,0 +1,116 @@
+/**
+ * Container pool for reusing Docker containers
+ */
+export class ContainerPool {
+    docker;
+    containers = [];
+    maxSize;
+    idleTimeoutMs;
+    cleanupInterval;
+    constructor(docker, options = {}) {
+        this.docker = docker;
+        this.maxSize = options.maxSize ?? 5;
+        this.idleTimeoutMs = options.idleTimeoutMs ?? 60_000;
+        this.cleanupInterval = setInterval(() => void this.cleanup(), this.idleTimeoutMs / 2);
+    }
+    async acquire(image, options) {
+        const available = this.containers.find((c) => !c.inUse && c.image === image);
+        if (available) {
+            available.inUse = true;
+            available.lastUsed = Date.now();
+            return available.container;
+        }
+        const container = await this.createContainer(image, options);
+        if (this.containers.length < this.maxSize) {
+            this.containers.push({
+                container,
+                image,
+                inUse: true,
+                lastUsed: Date.now(),
+            });
+        }
+        return container;
+    }
+    async release(container) {
+        const pooled = this.containers.find((c) => c.container.id === container.id);
+        if (pooled) {
+            pooled.inUse = false;
+            pooled.lastUsed = Date.now();
+        }
+        else {
+            await this.destroyContainer(container);
+        }
+    }
+    async createContainer(image, options) {
+        try {
+            await this.docker.getImage(image).inspect();
+        }
+        catch {
+            await new Promise((resolve, reject) => {
+                this.docker.pull(image, (err, stream) => {
+                    if (err)
+                        return reject(err);
+                    this.docker.modem.followProgress(stream, (progressErr) => {
+                        if (progressErr)
+                            reject(progressErr);
+                        else
+                            resolve();
+                    });
+                });
+            });
+        }
+        const binds = options.mounts?.map((m) => `${m.source}:${m.target}${m.readOnly ? ':ro' : ''}`);
+        const container = await this.docker.createContainer({
+            Image: image,
+            Cmd: ['sleep', 'infinity'],
+            User: options.user,
+            HostConfig: {
+                Memory: options.memory,
+                NanoCpus: options.cpus ? Math.floor(options.cpus * 1e9) : undefined,
+                CpuShares: options.cpuShares,
+                PidsLimit: options.pidsLimit ?? 100,
+                NetworkMode: options.networkMode ?? 'none',
+                Binds: binds,
+                SecurityOpt: ['no-new-privileges'],
+                CapDrop: ['ALL'],
+                ReadonlyRootfs: false,
+            },
+            WorkingDir: '/workspace',
+        });
+        await container.start();
+        return container;
+    }
+    async destroyContainer(container) {
+        try {
+            await container.stop({ t: 1 });
+        }
+        catch {
+        }
+        try {
+            await container.remove({ force: true });
+        }
+        catch {
+        }
+    }
+    async cleanup() {
+        const now = Date.now();
+        const toRemove = [];
+        for (const pooled of this.containers) {
+            if (!pooled.inUse && now - pooled.lastUsed > this.idleTimeoutMs) {
+                toRemove.push(pooled);
+            }
+        }
+        for (const pooled of toRemove) {
+            this.containers = this.containers.filter((c) => c !== pooled);
+            await this.destroyContainer(pooled.container);
+        }
+    }
+    async destroyAll() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+        }
+        await Promise.all(this.containers.map((c) => this.destroyContainer(c.container)));
+        this.containers = [];
+    }
+}
+//# sourceMappingURL=container-pool.js.map

package/dist/pool/container-pool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"container-pool.js","sourceRoot":"","sources":["../../src/pool/container-pool.ts"],"names":[],"mappings":"AAAA;;GAEG;AA2BH,MAAM,OAAO,aAAa;IAChB,MAAM,CAAS;IACf,UAAU,GAAsB,EAAE,CAAC;IACnC,OAAO,CAAS;IAChB,aAAa,CAAS;IACtB,eAAe,CAAkC;IAEzD,YAAY,MAAc,EAAE,UAAgC,EAAE;QAC5D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,MAAM,CAAC;QAErD,IAAI,CAAC,eAAe,GAAG,WAAW,CAChC,GAAG,EAAE,CAAC,KAAK,IAAI,CAAC,OAAO,EAAE,EACzB,IAAI,CAAC,aAAa,GAAG,CAAC,CACvB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CACX,KAAa,EACb,OAA+B;QAE/B,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,KAAK,KAAK,CACrC,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,CAAC,KAAK,GAAG,IAAI,CAAC;YACvB,SAAS,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAChC,OAAO,SAAS,CAAC,SAAS,CAAC;QAC7B,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE7D,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC1C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;gBACnB,SAAS;gBACT,KAAK;gBACL,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,SAA0B;QACtC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,KAAK,SAAS,CAAC,EAAE,CAAC,CAAC;QAE5E,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;YACrB,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,KAAa,EACb,OAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAC1C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAiB,EAAE,MAA6B,EAAE,EAAE;oBAC3E,IAAI,GAAG;wBAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;oBAC5B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,EAAE;wBACvD,IAAI,WAAW;4BAAE,MAAM,CAAC,WAAW,CAAC,CAAC;;4BAChC,OAAO,EAAE,CAAC;oBACjB,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,CAC/B,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAC3D,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;YAClD,KAAK,EAAE,KAAK;YACZ,GAAG,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;YAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,UAAU,EAAE;gBACV,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;gBACnE,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,GAAG;gBACnC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,MAAM;gBAC1C,KAAK,EAAE,KAAK;gBACZ,WAAW,EAAE,CAAC,mBAAmB,CAAC;gBAClC,OAAO,EAAE,CAAC,KAAK,CAAC;gBAChB,cAAc,EAAE,KAAK;aACtB;YACD,UAAU,EAAE,YAAY;SACzB,CAAC,CAAC;QAEH,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,SAA0B;QACvD,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;QACT,CAAC;QACD,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;QACT,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACrC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBAChE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,OAAO,CAAC,GAAG,CACf,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAC/D,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;IACvB,CAAC;CACF"}

package/dist/pool/index.d.ts

@@ -0,0 +1,2 @@
+export * from './container-pool';
+//# sourceMappingURL=index.d.ts.map

package/dist/pool/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/pool/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC"}

package/dist/pool/index.js

@@ -0,0 +1,2 @@
+export * from './container-pool';
+//# sourceMappingURL=index.js.map

package/dist/pool/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/pool/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC"}

package/dist/sandbox-manager.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Sandbox manager - orchestrates sandbox execution
+ */
+import type { SandboxConfig, SandboxExecutionRequest, SandboxExecutionResult, SandboxManagerConfig, SandboxResult } from '@cogitator-ai/types';
+export declare class SandboxManager {
+    private executors;
+    private config;
+    private initialized;
+    constructor(config?: SandboxManagerConfig);
+    initialize(): Promise<void>;
+    execute(request: SandboxExecutionRequest, config: SandboxConfig): Promise<SandboxResult<SandboxExecutionResult>>;
+    isDockerAvailable(): Promise<boolean>;
+    isWasmAvailable(): Promise<boolean>;
+    shutdown(): Promise<void>;
+}
+//# sourceMappingURL=sandbox-manager.d.ts.map

package/dist/sandbox-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-manager.d.ts","sourceRoot":"","sources":["../src/sandbox-manager.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,uBAAuB,EACvB,sBAAsB,EACtB,oBAAoB,EACpB,aAAa,EAEd,MAAM,qBAAqB,CAAC;AAM7B,qBAAa,cAAc;IACzB,OAAO,CAAC,SAAS,CAA+C;IAChE,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,GAAE,oBAAyB;IAIvC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAiC3B,OAAO,CACX,OAAO,EAAE,uBAAuB,EAChC,MAAM,EAAE,aAAa,GACpB,OAAO,CAAC,aAAa,CAAC,sBAAsB,CAAC,CAAC;IA8C3C,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC;IAMrC,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAMnC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAOhC"}

package/dist/sandbox-manager.js

@@ -0,0 +1,98 @@
+/**
+ * Sandbox manager - orchestrates sandbox execution
+ */
+import { DockerSandboxExecutor } from './executors/docker';
+import { NativeSandboxExecutor } from './executors/native';
+import { WasmSandboxExecutor } from './executors/wasm';
+export class SandboxManager {
+    executors = new Map();
+    config;
+    initialized = false;
+    constructor(config = {}) {
+        this.config = config;
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        const native = new NativeSandboxExecutor();
+        await native.connect();
+        this.executors.set('native', native);
+        try {
+            const docker = new DockerSandboxExecutor({
+                docker: this.config.docker,
+                pool: this.config.pool,
+            });
+            const result = await docker.connect();
+            if (result.success) {
+                this.executors.set('docker', docker);
+            }
+        }
+        catch {
+        }
+        try {
+            const wasm = new WasmSandboxExecutor({
+                wasm: this.config.wasm,
+            });
+            const result = await wasm.connect();
+            if (result.success) {
+                this.executors.set('wasm', wasm);
+            }
+        }
+        catch {
+        }
+        this.initialized = true;
+    }
+    async execute(request, config) {
+        await this.initialize();
+        const type = config.type;
+        const executor = this.executors.get(type);
+        if (!executor) {
+            if (type === 'wasm') {
+                console.warn('[sandbox] WASM unavailable, falling back to Docker');
+                const dockerExecutor = this.executors.get('docker');
+                if (dockerExecutor) {
+                    return dockerExecutor.execute(request, { ...config, type: 'docker' });
+                }
+                console.warn('[sandbox] Docker also unavailable, falling back to native execution');
+                const nativeExecutor = this.executors.get('native');
+                if (nativeExecutor) {
+                    return nativeExecutor.execute(request, { ...config, type: 'native' });
+                }
+            }
+            if (type === 'docker') {
+                console.warn('[sandbox] Docker unavailable, falling back to native execution');
+                const nativeExecutor = this.executors.get('native');
+                if (nativeExecutor) {
+                    return nativeExecutor.execute(request, { ...config, type: 'native' });
+                }
+            }
+            return { success: false, error: `Sandbox type '${type}' not available` };
+        }
+        const mergedConfig = {
+            ...this.config.defaults,
+            ...config,
+            resources: { ...this.config.defaults?.resources, ...config.resources },
+            network: { ...this.config.defaults?.network, ...config.network },
+            env: { ...this.config.defaults?.env, ...config.env },
+        };
+        return executor.execute(request, mergedConfig);
+    }
+    async isDockerAvailable() {
+        await this.initialize();
+        const docker = this.executors.get('docker');
+        return docker ? docker.isAvailable() : false;
+    }
+    async isWasmAvailable() {
+        await this.initialize();
+        const wasm = this.executors.get('wasm');
+        return wasm ? wasm.isAvailable() : false;
+    }
+    async shutdown() {
+        for (const executor of this.executors.values()) {
+            await executor.disconnect();
+        }
+        this.executors.clear();
+        this.initialized = false;
+    }
+}
+//# sourceMappingURL=sandbox-manager.js.map

package/dist/sandbox-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-manager.js","sourceRoot":"","sources":["../src/sandbox-manager.ts"],"names":[],"mappings":"AAAA;;GAEG;AAWH,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,MAAM,OAAO,cAAc;IACjB,SAAS,GAAG,IAAI,GAAG,EAAoC,CAAC;IACxD,MAAM,CAAuB;IAC7B,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,SAA+B,EAAE;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,MAAM,MAAM,GAAG,IAAI,qBAAqB,EAAE,CAAC;QAC3C,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;QACvB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAErC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,qBAAqB,CAAC;gBACvC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;gBAC1B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;aACvB,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,mBAAmB,CAAC;gBACnC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;aACvB,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACpC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QACT,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAAgC,EAChC,MAAqB;QAErB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE1C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;gBACpB,OAAO,CAAC,IAAI,CACV,oDAAoD,CACrD,CAAC;gBACF,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACpD,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACxE,CAAC;gBACD,OAAO,CAAC,IAAI,CACV,qEAAqE,CACtE,CAAC;gBACF,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACpD,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;YACD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtB,OAAO,CAAC,IAAI,CACV,gEAAgE,CACjE,CAAC;gBACF,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACpD,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,IAAI,iBAAiB,EAAE,CAAC;QAC3E,CAAC;QAED,MAAM,YAAY,GAAkB;YAClC,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ;YACvB,GAAG,MAAM;YACT,SAAS,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,SAAS,EAAE;YACtE,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE;YAChE,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE;SACrD,CAAC;QAEF,OAAO,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5C,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxC,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;QAC9B,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;CACF"}

package/dist/utils/index.d.ts

@@ -0,0 +1,2 @@
+export * from './parse-resources';
+//# sourceMappingURL=index.d.ts.map

package/dist/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC"}

package/dist/utils/index.js

@@ -0,0 +1,2 @@
+export * from './parse-resources';
+//# sourceMappingURL=index.js.map

package/dist/utils/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC"}

package/dist/utils/parse-resources.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Utilities for parsing resource limits
+ */
+/**
+ * Parse memory string to bytes
+ * @example parseMemory('256MB') => 268435456
+ */
+export declare function parseMemory(memory: string): number;
+/**
+ * Parse CPU count to nanoseconds (Docker format)
+ * @example parseCpus(0.5) => 500000000
+ */
+export declare function cpusToNanoCpus(cpus: number): number;
+//# sourceMappingURL=parse-resources.d.ts.map

package/dist/utils/parse-resources.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-resources.d.ts","sourceRoot":"","sources":["../../src/utils/parse-resources.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAkBlD;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEnD"}

package/dist/utils/parse-resources.js

@@ -0,0 +1,31 @@
+/**
+ * Utilities for parsing resource limits
+ */
+/**
+ * Parse memory string to bytes
+ * @example parseMemory('256MB') => 268435456
+ */
+export function parseMemory(memory) {
+    const match = /^(\d+(?:\.\d+)?)\s*(B|KB|MB|GB|TB)?$/i.exec(memory);
+    if (!match) {
+        throw new Error(`Invalid memory format: ${memory}`);
+    }
+    const value = parseFloat(match[1]);
+    const unit = (match[2] ?? 'B').toUpperCase();
+    const multipliers = {
+        B: 1,
+        KB: 1024,
+        MB: 1024 * 1024,
+        GB: 1024 * 1024 * 1024,
+        TB: 1024 * 1024 * 1024 * 1024,
+    };
+    return Math.floor(value * multipliers[unit]);
+}
+/**
+ * Parse CPU count to nanoseconds (Docker format)
+ * @example parseCpus(0.5) => 500000000
+ */
+export function cpusToNanoCpus(cpus) {
+    return Math.floor(cpus * 1e9);
+}
+//# sourceMappingURL=parse-resources.js.map

package/dist/utils/parse-resources.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-resources.js","sourceRoot":"","sources":["../../src/utils/parse-resources.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,MAAM,KAAK,GAAG,uCAAuC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnE,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAE7C,MAAM,WAAW,GAA2B;QAC1C,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,IAAI;QACR,EAAE,EAAE,IAAI,GAAG,IAAI;QACf,EAAE,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI;QACtB,EAAE,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI;KAC9B,CAAC;IAEF,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;AAChC,CAAC"}

package/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "@cogitator-ai/sandbox",
+  "version": "0.1.0",
+  "description": "Sandbox execution for Cogitator agents (Docker and WASM)",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@types/dockerode": "^3.3.31",
+    "nanoid": "^5.0.4",
+    "@cogitator-ai/types": "0.1.0"
+  },
+  "optionalDependencies": {
+    "@extism/extism": "^1.0.3",
+    "dockerode": "^4.0.2"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.0",
+    "vitest": "^1.0.0"
+  },
+  "peerDependencies": {
+    "@extism/extism": "^1.0.0",
+    "dockerode": "^4.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@extism/extism": {
+      "optional": true
+    },
+    "dockerode": {
+      "optional": true
+    }
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/eL1fe/cogitator.git",
+    "directory": "packages/sandbox"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "license": "MIT",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "clean": "rm -rf dist",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  }
+}