@downcity/agent 1.1.97 → 1.1.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/executor/composer/system/default/assets/core.prompt.d.ts +1 -1
- package/bin/executor/composer/system/default/assets/core.prompt.d.ts.map +1 -1
- package/bin/executor/composer/system/default/assets/core.prompt.js +1 -1
- package/bin/executor/composer/system/default/assets/core.prompt.js.map +1 -1
- package/bin/executor/tools/shell/ShellToolBridge.d.ts.map +1 -1
- package/bin/executor/tools/shell/ShellToolBridge.js +14 -0
- package/bin/executor/tools/shell/ShellToolBridge.js.map +1 -1
- package/bin/executor/tools/shell/types/ShellPlugin.d.ts +8 -0
- package/bin/executor/tools/shell/types/ShellPlugin.d.ts.map +1 -1
- package/bin/index.d.ts +1 -1
- package/bin/index.d.ts.map +1 -1
- package/bin/index.js.map +1 -1
- package/bin/plugin/core/ImagePlugin.d.ts +2 -5
- package/bin/plugin/core/ImagePlugin.d.ts.map +1 -1
- package/bin/plugin/core/ImagePlugin.js +6 -49
- package/bin/plugin/core/ImagePlugin.js.map +1 -1
- package/bin/sandbox/LinuxBubblewrapSandbox.d.ts +1 -3
- package/bin/sandbox/LinuxBubblewrapSandbox.d.ts.map +1 -1
- package/bin/sandbox/LinuxBubblewrapSandbox.js +31 -30
- package/bin/sandbox/LinuxBubblewrapSandbox.js.map +1 -1
- package/bin/sandbox/MacOsSeatbeltSandbox.d.ts +1 -1
- package/bin/sandbox/MacOsSeatbeltSandbox.d.ts.map +1 -1
- package/bin/sandbox/MacOsSeatbeltSandbox.js +30 -29
- package/bin/sandbox/MacOsSeatbeltSandbox.js.map +1 -1
- package/bin/sandbox/SandboxConfigResolver.d.ts +1 -0
- package/bin/sandbox/SandboxConfigResolver.d.ts.map +1 -1
- package/bin/sandbox/SandboxConfigResolver.js +13 -3
- package/bin/sandbox/SandboxConfigResolver.js.map +1 -1
- package/bin/sandbox/SandboxRunner.d.ts +17 -4
- package/bin/sandbox/SandboxRunner.d.ts.map +1 -1
- package/bin/sandbox/SandboxRunner.js +20 -5
- package/bin/sandbox/SandboxRunner.js.map +1 -1
- package/bin/sandbox/types/SandboxRuntime.d.ts +46 -6
- package/bin/sandbox/types/SandboxRuntime.d.ts.map +1 -1
- package/bin/sandbox/types/SandboxRuntime.js +2 -2
- package/bin/types/plugin/ImagePlugin.d.ts +3 -55
- package/bin/types/plugin/ImagePlugin.d.ts.map +1 -1
- package/package.json +2 -2
- package/scripts/image-plugin-job.test.mjs +10 -43
- package/scripts/linux-bubblewrap-sandbox.test.mjs +23 -14
- package/src/executor/composer/system/default/assets/core.prompt.ts +1 -1
- package/src/executor/composer/system/default/assets/core.prompt.ts.txt +5 -0
- package/src/executor/tools/shell/ShellToolBridge.ts +14 -0
- package/src/executor/tools/shell/types/ShellPlugin.ts +8 -0
- package/src/index.ts +0 -3
- package/src/plugin/core/ImagePlugin.ts +6 -52
- package/src/sandbox/LinuxBubblewrapSandbox.ts +35 -43
- package/src/sandbox/MacOsSeatbeltSandbox.ts +35 -41
- package/src/sandbox/SandboxConfigResolver.ts +15 -3
- package/src/sandbox/SandboxRunner.ts +32 -7
- package/src/sandbox/types/SandboxRuntime.ts +54 -6
- package/src/types/plugin/ImagePlugin.ts +3 -56
- package/tsconfig.tsbuildinfo +1 -1
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* 关键点(中文)
|
|
5
5
|
* - 当前最小实现直接基于系统自带 `sandbox-exec`。
|
|
6
6
|
* - 目标不是抽象完整 provider 体系,而是先把 shell 命令从“宿主机直跑”收敛成“带边界执行”。
|
|
7
|
-
* -
|
|
7
|
+
* - 边界只保留四类:路径、环境变量、网络、agent 级共享 HOME/TMPDIR/cache。
|
|
8
8
|
*/
|
|
9
9
|
import { spawn } from "node:child_process";
|
|
10
10
|
import path from "node:path";
|
|
@@ -36,17 +36,19 @@ function buildReadablePaths(params) {
|
|
|
36
36
|
"/opt/homebrew",
|
|
37
37
|
"/usr/local",
|
|
38
38
|
params.rootPath,
|
|
39
|
-
params.
|
|
40
|
-
params.
|
|
39
|
+
params.sandboxDir,
|
|
40
|
+
params.tmpDir,
|
|
41
|
+
params.cacheDir,
|
|
41
42
|
path.dirname(params.shellPath),
|
|
42
43
|
]);
|
|
43
44
|
}
|
|
44
45
|
function buildWritablePaths(params) {
|
|
45
46
|
return dedupePaths([
|
|
46
47
|
...params.config.writablePaths,
|
|
47
|
-
params.
|
|
48
|
-
params.
|
|
49
|
-
params.
|
|
48
|
+
params.executionDir,
|
|
49
|
+
params.config.sandboxDir,
|
|
50
|
+
params.config.tmpDir,
|
|
51
|
+
params.config.cacheDir,
|
|
50
52
|
]);
|
|
51
53
|
}
|
|
52
54
|
function buildNetworkRules(networkMode) {
|
|
@@ -59,14 +61,11 @@ function buildSeatbeltProfile(params) {
|
|
|
59
61
|
const readablePaths = buildReadablePaths({
|
|
60
62
|
rootPath: params.config.rootPath,
|
|
61
63
|
shellPath: params.shellPath,
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
const writablePaths = buildWritablePaths({
|
|
66
|
-
...params,
|
|
67
|
-
shellHomeDir: params.shellHomeDir,
|
|
68
|
-
shellTmpDir: params.shellTmpDir,
|
|
64
|
+
sandboxDir: params.config.sandboxDir,
|
|
65
|
+
tmpDir: params.config.tmpDir,
|
|
66
|
+
cacheDir: params.config.cacheDir,
|
|
69
67
|
});
|
|
68
|
+
const writablePaths = buildWritablePaths(params);
|
|
70
69
|
const lines = [
|
|
71
70
|
"(version 1)",
|
|
72
71
|
"(deny default)",
|
|
@@ -102,9 +101,14 @@ function buildSandboxEnv(params) {
|
|
|
102
101
|
env[key] = value;
|
|
103
102
|
}
|
|
104
103
|
env.PATH = String(env.PATH || params.baseEnv.PATH || DEFAULT_PATH_VALUE);
|
|
105
|
-
env.HOME = params.
|
|
106
|
-
env.ZDOTDIR = params.
|
|
107
|
-
env.TMPDIR = params.
|
|
104
|
+
env.HOME = params.config.homeDir;
|
|
105
|
+
env.ZDOTDIR = params.config.homeDir;
|
|
106
|
+
env.TMPDIR = params.config.tmpDir;
|
|
107
|
+
env.XDG_CACHE_HOME = params.config.cacheDir;
|
|
108
|
+
env.DC_SANDBOX = "1";
|
|
109
|
+
env.DC_SANDBOX_DIR = params.config.sandboxDir;
|
|
110
|
+
env.DC_SANDBOX_HOME = params.config.homeDir;
|
|
111
|
+
env.DC_SANDBOX_CACHE = params.config.cacheDir;
|
|
108
112
|
env.SHELL = params.shellPath;
|
|
109
113
|
return env;
|
|
110
114
|
}
|
|
@@ -112,16 +116,13 @@ function buildSandboxEnv(params) {
|
|
|
112
116
|
* 在 macOS seatbelt sandbox 中启动 shell 子进程。
|
|
113
117
|
*/
|
|
114
118
|
export async function spawnMacOsSeatbeltSandbox(params) {
|
|
115
|
-
const
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
await fs.ensureDir(
|
|
120
|
-
await fs.ensureDir(shellTmpDir);
|
|
119
|
+
const profilePath = path.join(params.executionDir, "sandbox-profile.sb");
|
|
120
|
+
await fs.ensureDir(params.config.sandboxDir);
|
|
121
|
+
await fs.ensureDir(params.config.tmpDir);
|
|
122
|
+
await fs.ensureDir(params.config.cacheDir);
|
|
123
|
+
await fs.ensureDir(params.executionDir);
|
|
121
124
|
const profile = buildSeatbeltProfile({
|
|
122
125
|
...params,
|
|
123
|
-
shellHomeDir,
|
|
124
|
-
shellTmpDir,
|
|
125
126
|
});
|
|
126
127
|
await fs.writeFile(profilePath, profile, "utf-8");
|
|
127
128
|
const child = spawn("sandbox-exec", [
|
|
@@ -133,11 +134,7 @@ export async function spawnMacOsSeatbeltSandbox(params) {
|
|
|
133
134
|
], {
|
|
134
135
|
cwd: params.actualCwd,
|
|
135
136
|
stdio: "pipe",
|
|
136
|
-
env: buildSandboxEnv(
|
|
137
|
-
...params,
|
|
138
|
-
shellHomeDir,
|
|
139
|
-
shellTmpDir,
|
|
140
|
-
}),
|
|
137
|
+
env: buildSandboxEnv(params),
|
|
141
138
|
});
|
|
142
139
|
child.stdout.setEncoding("utf8");
|
|
143
140
|
child.stderr.setEncoding("utf8");
|
|
@@ -147,6 +144,10 @@ export async function spawnMacOsSeatbeltSandbox(params) {
|
|
|
147
144
|
sandboxed: true,
|
|
148
145
|
backend: "macos-seatbelt",
|
|
149
146
|
networkMode: params.config.networkMode,
|
|
147
|
+
sandboxDir: params.config.sandboxDir,
|
|
148
|
+
homeDir: params.config.homeDir,
|
|
149
|
+
tmpDir: params.config.tmpDir,
|
|
150
|
+
cacheDir: params.config.cacheDir,
|
|
150
151
|
};
|
|
151
152
|
}
|
|
152
153
|
//# sourceMappingURL=MacOsSeatbeltSandbox.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MacOsSeatbeltSandbox.js","sourceRoot":"","sources":["../../src/sandbox/MacOsSeatbeltSandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,UAAU,CAAC;AAM1B,MAAM,kBAAkB,GACtB,gEAAgE,CAAC;AAEnE,SAAS,oBAAoB,CAAC,KAAa;IACzC,OAAO,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACzE,CAAC;AAED,SAAS,WAAW,CAAC,MAAgB;IACnC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YAAE,SAAS;QAClD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,
|
|
1
|
+
{"version":3,"file":"MacOsSeatbeltSandbox.js","sourceRoot":"","sources":["../../src/sandbox/MacOsSeatbeltSandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,UAAU,CAAC;AAM1B,MAAM,kBAAkB,GACtB,gEAAgE,CAAC;AAEnE,SAAS,oBAAoB,CAAC,KAAa;IACzC,OAAO,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACzE,CAAC;AAED,SAAS,WAAW,CAAC,MAAgB;IACnC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YAAE,SAAS;QAClD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,MAM3B;IACC,OAAO,WAAW,CAAC;QACjB,MAAM;QACN,MAAM;QACN,SAAS;QACT,MAAM;QACN,MAAM;QACN,UAAU;QACV,eAAe;QACf,YAAY;QACZ,MAAM,CAAC,QAAQ;QACf,MAAM,CAAC,UAAU;QACjB,MAAM,CAAC,MAAM;QACb,MAAM,CAAC,QAAQ;QACf,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;KAC/B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA0B;IACpD,OAAO,WAAW,CAAC;QACjB,GAAG,MAAM,CAAC,MAAM,CAAC,aAAa;QAC9B,MAAM,CAAC,YAAY;QACnB,MAAM,CAAC,MAAM,CAAC,UAAU;QACxB,MAAM,CAAC,MAAM,CAAC,MAAM;QACpB,MAAM,CAAC,MAAM,CAAC,QAAQ;KACvB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,WAAwD;IACjF,IAAI,WAAW,KAAK,YAAY,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3D,OAAO,CAAC,0BAA0B,EAAE,yBAAyB,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,oBAAoB,CAAC,MAE7B;IACC,MAAM,aAAa,GAAG,kBAAkB,CAAC;QACvC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ;QAChC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;QACpC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;QAC5B,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ;KACjC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG;QACZ,aAAa;QACb,gBAAgB;QAChB,sBAAsB;QACtB,kBAAkB;QAClB,qBAAqB;QACrB,4BAA4B;QAC5B,GAAG,aAAa,CAAC,GAAG,CAClB,CAAC,KAAK,EAAE,EAAE,CAAC,+BAA+B,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAC3E;QACD,GAAG,aAAa,CAAC,GAAG,CAClB,CAAC,KAAK,EAAE,EAAE,CAAC,gCAAgC,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAC5E;QACD,GAAG,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;KAChD,CAAC;IAEF,UAAU;IACV,gDAAgD;IAChD,0CAA0C;IAC1C,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,+BAA+B,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,eAAe,CAAC,MAA0B;IACjD,MAAM,GAAG,GAAsB,EAAE,CAAC;IAClC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;YAAE,SAAS;QACzD,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACnB,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS;QACrC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;YAAE,SAAS;QACzD,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACnB,CAAC;IAED,GAAG,CAAC,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,kBAAkB,CAAC,CAAC;IACzE,GAAG,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;IACjC,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;IACpC,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;IAClC,GAAG,CAAC,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC;IAC5C,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;IACrB,GAAG,CAAC,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC;IAC9C,GAAG,CAAC,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;IAC5C,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC;IAC9C,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC;IAE7B,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAkD;IAElD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;IAEzE,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC7C,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExC,MAAM,OAAO,GAAG,oBAAoB,CAAC;QACnC,GAAG,MAAM;KACV,CAAC,CAAC;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAElD,MAAM,KAAK,GAAG,KAAK,CACjB,cAAc,EACd;QACE,IAAI;QACJ,WAAW;QACX,MAAM,CAAC,SAAS;QAChB,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI;QAC3B,MAAM,CAAC,GAAG;KACX,EACD;QACE,GAAG,EAAE,MAAM,CAAC,SAAS;QACrB,KAAK,EAAE,MAAM;QACb,GAAG,EAAE,eAAe,CAAC,MAAM,CAAC;KAC7B,CACF,CAAC;IAEF,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACjC,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IAEjC,OAAO;QACL,KAAK;QACL,GAAG,EAAE,MAAM,CAAC,SAAS;QACrB,SAAS,EAAE,IAAI;QACf,OAAO,EAAE,gBAAgB;QACzB,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW;QACtC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;QACpC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO;QAC9B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;QAC5B,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ;KACjC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SandboxConfigResolver.d.ts","sourceRoot":"","sources":["../../src/sandbox/SandboxConfigResolver.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"SandboxConfigResolver.d.ts","sourceRoot":"","sources":["../../src/sandbox/SandboxConfigResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AAC1E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AA4B/E;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAM9E;AAyCD;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,cAAc,CAMtD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,YAAY,GAAG,qBAAqB,CAuBjF;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE;IACxC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,YAAY,CAAC;CACvB,GAAG,MAAM,CAUT"}
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* 关键点(中文)
|
|
5
5
|
* - 这里负责把 `downcity.json` 中面向用户的最小配置,收敛成运行时可直接执行的绝对路径配置。
|
|
6
|
+
* - sandbox 是 agent 项目级能力,持久目录固定为 `<project>/.downcity/sandbox`。
|
|
6
7
|
* - 当前版本只服务 shell / CLI 这条命令执行链,不引入审批、profile 绑定或用户权限系统。
|
|
7
8
|
* - 解析结果只回答一个问题:这次命令执行的 sandbox 边界是什么。
|
|
8
9
|
*/
|
|
@@ -18,6 +19,7 @@ const DEFAULT_ENV_ALLOWLIST = [
|
|
|
18
19
|
"USER",
|
|
19
20
|
"LOGNAME",
|
|
20
21
|
];
|
|
22
|
+
const SANDBOX_RELATIVE_DIR = path.join(".downcity", "sandbox");
|
|
21
23
|
function normalizeEnvAllowlist(values) {
|
|
22
24
|
const seen = new Set();
|
|
23
25
|
const result = [];
|
|
@@ -42,10 +44,10 @@ export function isPathInsideRoot(rootPath, targetPath) {
|
|
|
42
44
|
return Boolean(relative) && !relative.startsWith("..") && !path.isAbsolute(relative);
|
|
43
45
|
}
|
|
44
46
|
function normalizeWritablePaths(params) {
|
|
45
|
-
const { rootPath, writablePaths, context } = params;
|
|
47
|
+
const { rootPath, sandboxDir, writablePaths, context } = params;
|
|
46
48
|
const rawValues = Array.isArray(writablePaths) && writablePaths.length > 0
|
|
47
|
-
? writablePaths
|
|
48
|
-
: [rootPath];
|
|
49
|
+
? [rootPath, sandboxDir, ...writablePaths]
|
|
50
|
+
: [rootPath, sandboxDir];
|
|
49
51
|
const seen = new Set();
|
|
50
52
|
const result = [];
|
|
51
53
|
for (const rawValue of rawValues) {
|
|
@@ -87,12 +89,20 @@ export function resolveSandboxBackend() {
|
|
|
87
89
|
export function resolveSandboxConfig(context) {
|
|
88
90
|
const rootPath = path.resolve(context.rootPath);
|
|
89
91
|
const projectConfig = context.config?.sandbox;
|
|
92
|
+
const sandboxDir = path.join(rootPath, SANDBOX_RELATIVE_DIR);
|
|
93
|
+
const tmpDir = path.join(sandboxDir, "tmp");
|
|
94
|
+
const cacheDir = path.join(sandboxDir, ".cache");
|
|
90
95
|
return {
|
|
91
96
|
backend: resolveSandboxBackend(),
|
|
92
97
|
rootPath,
|
|
98
|
+
sandboxDir,
|
|
99
|
+
homeDir: sandboxDir,
|
|
100
|
+
tmpDir,
|
|
101
|
+
cacheDir,
|
|
93
102
|
envAllowlist: normalizeEnvAllowlist(projectConfig?.envAllowlist),
|
|
94
103
|
writablePaths: normalizeWritablePaths({
|
|
95
104
|
rootPath,
|
|
105
|
+
sandboxDir,
|
|
96
106
|
writablePaths: projectConfig?.writablePaths,
|
|
97
107
|
context,
|
|
98
108
|
}),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SandboxConfigResolver.js","sourceRoot":"","sources":["../../src/sandbox/SandboxConfigResolver.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"SandboxConfigResolver.js","sourceRoot":"","sources":["../../src/sandbox/SandboxConfigResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAC;AAK7B,MAAM,qBAAqB,GAAG;IAC5B,MAAM;IACN,MAAM;IACN,MAAM;IACN,WAAW;IACX,QAAQ;IACR,UAAU;IACV,OAAO;IACP,MAAM;IACN,SAAS;CACV,CAAC;AAEF,MAAM,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;AAE/D,SAAS,qBAAqB,CAAC,MAAiB;IAC9C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,KAAK,IAAI,MAAM,IAAI,qBAAqB,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YAAE,SAAS;QAClD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB,EAAE,UAAkB;IACnE,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,cAAc,KAAK,gBAAgB;QAAE,OAAO,IAAI,CAAC;IACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;IACjE,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,sBAAsB,CAAC,MAK/B;IACC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAChE,MAAM,SAAS,GACb,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC;QACtD,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;QAC1C,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC7B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,eAAe;YAAE,SAAS;QAC/B,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAC/B,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAC1F,CAAC;QACF,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YAC9C,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,iEAAiE,EAAE;gBACrF,QAAQ;gBACR,WAAW,EAAE,eAAe;gBAC5B,YAAY;aACb,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC;YAAE,SAAS;QACrC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC;IAC3D,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,kBAAkB,CAAC;IAC5D,MAAM,IAAI,KAAK,CACb,yFAAyF,OAAO,CAAC,QAAQ,EAAE,CAC5G,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAqB;IACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAEjD,OAAO;QACL,OAAO,EAAE,qBAAqB,EAAE;QAChC,QAAQ;QACR,UAAU;QACV,OAAO,EAAE,UAAU;QACnB,MAAM;QACN,QAAQ;QACR,YAAY,EAAE,qBAAqB,CAAC,aAAa,EAAE,YAAY,CAAC;QAChE,aAAa,EAAE,sBAAsB,CAAC;YACpC,QAAQ;YACR,UAAU;YACV,aAAa,EAAE,aAAa,EAAE,aAAa;YAC3C,OAAO;SACR,CAAC;QACF,WAAW,EAAE,aAAa,EAAE,WAAW,IAAI,MAAM;KAClD,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAIjC;IACC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACxD,IAAI,gBAAgB,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,EAAE,CAAC;QACrD,OAAO,aAAa,CAAC;IACvB,CAAC;IACD,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,8DAA8D,EAAE;QACzF,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,aAAa;KAC5B,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,QAAQ,CAAC;AACzB,CAAC"}
|
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
* SandboxRunner 入口。
|
|
3
3
|
*
|
|
4
4
|
* 关键点(中文)
|
|
5
|
-
* - 这里不实现完整的 session/read/write
|
|
5
|
+
* - 这里不实现完整的 session/read/write 协议,只负责本地子进程创建时统一进入 agent sandbox backend。
|
|
6
6
|
* - 当前版本接入 macOS seatbelt 与 Linux bubblewrap backend。
|
|
7
|
-
* -
|
|
7
|
+
* - 本地命令不再允许回退到宿主机普通子进程执行。
|
|
8
8
|
*/
|
|
9
9
|
import type { AgentContext } from "../types/runtime/agent/AgentContext.js";
|
|
10
10
|
import type { SandboxSpawnResult } from "../sandbox/types/SandboxRuntime.js";
|
|
@@ -21,6 +21,19 @@ export declare function spawnShellProcess(params: {
|
|
|
21
21
|
login: boolean;
|
|
22
22
|
baseEnv: NodeJS.ProcessEnv;
|
|
23
23
|
}): Promise<SandboxSpawnResult>;
|
|
24
|
+
/**
|
|
25
|
+
* 在当前 agent sandbox 中启动本地子进程。
|
|
26
|
+
*/
|
|
27
|
+
export declare function spawnInSandbox(params: {
|
|
28
|
+
context: AgentContext;
|
|
29
|
+
executionId: string;
|
|
30
|
+
executionDir: string;
|
|
31
|
+
cmd: string;
|
|
32
|
+
cwd: string;
|
|
33
|
+
shellPath: string;
|
|
34
|
+
login: boolean;
|
|
35
|
+
baseEnv: NodeJS.ProcessEnv;
|
|
36
|
+
}): Promise<SandboxSpawnResult>;
|
|
24
37
|
/**
|
|
25
38
|
* 执行一次 one-shot sandbox 命令并等待结束。
|
|
26
39
|
*
|
|
@@ -30,8 +43,8 @@ export declare function spawnShellProcess(params: {
|
|
|
30
43
|
*/
|
|
31
44
|
export declare function runSandboxCommand(params: {
|
|
32
45
|
context: AgentContext;
|
|
33
|
-
|
|
34
|
-
|
|
46
|
+
executionId: string;
|
|
47
|
+
executionDir: string;
|
|
35
48
|
cmd: string;
|
|
36
49
|
cwd: string;
|
|
37
50
|
shellPath: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SandboxRunner.d.ts","sourceRoot":"","sources":["../../src/sandbox/SandboxRunner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AAK5E;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE;IAC9C,OAAO,EAAE,YAAY,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC;CAC5B,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAyB9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE;IAC9C,OAAO,EAAE,YAAY,CAAC;IACtB,
|
|
1
|
+
{"version":3,"file":"SandboxRunner.d.ts","sourceRoot":"","sources":["../../src/sandbox/SandboxRunner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AAK5E;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE;IAC9C,OAAO,EAAE,YAAY,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC;CAC5B,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAW9B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE;IAC3C,OAAO,EAAE,YAAY,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC;CAC5B,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAyB9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE;IAC9C,OAAO,EAAE,YAAY,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC;CAC5B,GAAG,OAAO,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,kBAAkB,CAAC;CAC3B,CAAC,CAiCD"}
|
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
* SandboxRunner 入口。
|
|
3
3
|
*
|
|
4
4
|
* 关键点(中文)
|
|
5
|
-
* - 这里不实现完整的 session/read/write
|
|
5
|
+
* - 这里不实现完整的 session/read/write 协议,只负责本地子进程创建时统一进入 agent sandbox backend。
|
|
6
6
|
* - 当前版本接入 macOS seatbelt 与 Linux bubblewrap backend。
|
|
7
|
-
* -
|
|
7
|
+
* - 本地命令不再允许回退到宿主机普通子进程执行。
|
|
8
8
|
*/
|
|
9
9
|
import { resolveSandboxConfig, resolveSandboxCwd } from "../sandbox/SandboxConfigResolver.js";
|
|
10
10
|
import { spawnMacOsSeatbeltSandbox } from "../sandbox/MacOsSeatbeltSandbox.js";
|
|
@@ -13,6 +13,21 @@ import { spawnLinuxBubblewrapSandbox } from "../sandbox/LinuxBubblewrapSandbox.j
|
|
|
13
13
|
* 启动 shell 子进程。
|
|
14
14
|
*/
|
|
15
15
|
export async function spawnShellProcess(params) {
|
|
16
|
+
return spawnInSandbox({
|
|
17
|
+
context: params.context,
|
|
18
|
+
executionId: params.shellId,
|
|
19
|
+
executionDir: params.shellDir,
|
|
20
|
+
cmd: params.cmd,
|
|
21
|
+
cwd: params.cwd,
|
|
22
|
+
shellPath: params.shellPath,
|
|
23
|
+
login: params.login,
|
|
24
|
+
baseEnv: params.baseEnv,
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* 在当前 agent sandbox 中启动本地子进程。
|
|
29
|
+
*/
|
|
30
|
+
export async function spawnInSandbox(params) {
|
|
16
31
|
const config = resolveSandboxConfig(params.context);
|
|
17
32
|
const actualCwd = resolveSandboxCwd({
|
|
18
33
|
rootPath: config.rootPath,
|
|
@@ -20,8 +35,8 @@ export async function spawnShellProcess(params) {
|
|
|
20
35
|
context: params.context,
|
|
21
36
|
});
|
|
22
37
|
const spawnParams = {
|
|
23
|
-
|
|
24
|
-
|
|
38
|
+
executionId: params.executionId,
|
|
39
|
+
executionDir: params.executionDir,
|
|
25
40
|
cmd: params.cmd,
|
|
26
41
|
cwd: params.cwd,
|
|
27
42
|
shellPath: params.shellPath,
|
|
@@ -46,7 +61,7 @@ export async function spawnShellProcess(params) {
|
|
|
46
61
|
* - 非零退出码会直接抛错,行为与原先 `execa(..., { reject: true })` 保持一致。
|
|
47
62
|
*/
|
|
48
63
|
export async function runSandboxCommand(params) {
|
|
49
|
-
const spawn = await
|
|
64
|
+
const spawn = await spawnInSandbox(params);
|
|
50
65
|
const stdoutChunks = [];
|
|
51
66
|
const stderrChunks = [];
|
|
52
67
|
spawn.child.stdout.on("data", (chunk) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SandboxRunner.js","sourceRoot":"","sources":["../../src/sandbox/SandboxRunner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC7F,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAElF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MASvC;IACC,MAAM,MAAM,GAAG,oBAAoB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,iBAAiB,CAAC;QAClC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,GAAG;QACxB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG;QAClB,
|
|
1
|
+
{"version":3,"file":"SandboxRunner.js","sourceRoot":"","sources":["../../src/sandbox/SandboxRunner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC7F,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAElF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MASvC;IACC,OAAO,cAAc,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,WAAW,EAAE,MAAM,CAAC,OAAO;QAC3B,YAAY,EAAE,MAAM,CAAC,QAAQ;QAC7B,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MASpC;IACC,MAAM,MAAM,GAAG,oBAAoB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,iBAAiB,CAAC;QAClC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,GAAG;QACxB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG;QAClB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM;QACN,SAAS;KACV,CAAC;IACF,IAAI,MAAM,CAAC,OAAO,KAAK,gBAAgB,EAAE,CAAC;QACxC,OAAO,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,KAAK,kBAAkB,EAAE,CAAC;QAC1C,OAAO,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;AACpE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MASvC;IAMC,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAsB,EAAE,EAAE;QACvD,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAsB,EAAE,EAAE;QACvD,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7D,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAClD,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACnF,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;aAC3C,MAAM,CAAC,OAAO,CAAC;aACf,IAAI,CAAC,IAAI,CAAC;aACV,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,yCAAyC,QAAQ,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,OAAO;QACL,MAAM;QACN,MAAM;QACN,QAAQ;QACR,KAAK;KACN,CAAC;AACJ,CAAC"}
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
*
|
|
4
4
|
* 关键点(中文)
|
|
5
5
|
* - 这里放的是 agent 执行层内部使用的最小 sandbox 运行时类型。
|
|
6
|
-
* - 当前只围绕
|
|
7
|
-
* - 目标是让 shell
|
|
6
|
+
* - 当前只围绕 agent 级 sandbox spawn 设计,不引入复杂 provider / policy / binding 对象。
|
|
7
|
+
* - 目标是让 shell、task script 等本地执行入口都能复用同一个 agent sandbox 边界。
|
|
8
8
|
*/
|
|
9
9
|
import type { ChildProcessWithoutNullStreams } from "node:child_process";
|
|
10
10
|
import type { SandboxConfig } from "../../sandbox/types/Sandbox.js";
|
|
@@ -256,19 +256,43 @@ export interface ResolvedSandboxConfig extends SandboxConfig {
|
|
|
256
256
|
* 当前运行时选中的 backend。
|
|
257
257
|
*/
|
|
258
258
|
backend: SandboxBackend;
|
|
259
|
+
/**
|
|
260
|
+
* 当前 agent 级 sandbox 的持久目录。
|
|
261
|
+
*
|
|
262
|
+
* 说明(中文)
|
|
263
|
+
* - 该目录不属于某个 shellId,而属于当前 agent 项目。
|
|
264
|
+
* - shell、task script 等所有 sandbox 子进程共享它作为 HOME/cache 根。
|
|
265
|
+
*/
|
|
266
|
+
sandboxDir: string;
|
|
267
|
+
/**
|
|
268
|
+
* sandbox 子进程使用的 HOME。
|
|
269
|
+
*/
|
|
270
|
+
homeDir: string;
|
|
271
|
+
/**
|
|
272
|
+
* sandbox 子进程使用的临时目录。
|
|
273
|
+
*/
|
|
274
|
+
tmpDir: string;
|
|
275
|
+
/**
|
|
276
|
+
* sandbox 子进程使用的 XDG cache 目录。
|
|
277
|
+
*/
|
|
278
|
+
cacheDir: string;
|
|
259
279
|
}
|
|
260
280
|
/**
|
|
261
281
|
* 单次 shell 启动时传给 sandbox backend 的归一化参数。
|
|
262
282
|
*/
|
|
263
283
|
export interface SandboxSpawnParams {
|
|
264
284
|
/**
|
|
265
|
-
*
|
|
285
|
+
* 当前执行记录标识。
|
|
286
|
+
*
|
|
287
|
+
* 说明(中文)
|
|
288
|
+
* - shell plugin 传入 shellId,task script 可以传入自己的 executionId。
|
|
289
|
+
* - 它只用于日志与诊断,不参与 sandbox HOME/cache/权限边界的计算。
|
|
266
290
|
*/
|
|
267
|
-
|
|
291
|
+
executionId: string;
|
|
268
292
|
/**
|
|
269
|
-
*
|
|
293
|
+
* 当前执行记录目录。
|
|
270
294
|
*/
|
|
271
|
-
|
|
295
|
+
executionDir: string;
|
|
272
296
|
/**
|
|
273
297
|
* 要执行的原始命令文本。
|
|
274
298
|
*/
|
|
@@ -318,5 +342,21 @@ export interface SandboxSpawnResult {
|
|
|
318
342
|
* 当前实际采用的网络模式。
|
|
319
343
|
*/
|
|
320
344
|
networkMode: SandboxNetworkMode;
|
|
345
|
+
/**
|
|
346
|
+
* 当前 agent 级 sandbox 的持久目录。
|
|
347
|
+
*/
|
|
348
|
+
sandboxDir: string;
|
|
349
|
+
/**
|
|
350
|
+
* 当前子进程使用的 HOME。
|
|
351
|
+
*/
|
|
352
|
+
homeDir: string;
|
|
353
|
+
/**
|
|
354
|
+
* 当前子进程使用的临时目录。
|
|
355
|
+
*/
|
|
356
|
+
tmpDir: string;
|
|
357
|
+
/**
|
|
358
|
+
* 当前子进程使用的 XDG cache 目录。
|
|
359
|
+
*/
|
|
360
|
+
cacheDir: string;
|
|
321
361
|
}
|
|
322
362
|
//# sourceMappingURL=SandboxRuntime.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SandboxRuntime.d.ts","sourceRoot":"","sources":["../../../src/sandbox/types/SandboxRuntime.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAErE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,gBAAgB,GAAG,kBAAkB,CAAC;AAEnE;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAC5B,UAAU,GACV,SAAS,GACT,WAAW,GACX,QAAQ,GACR,QAAQ,GACR,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,MAAM,EAAE,oBAAoB,CAAC;IAE7B;;;;;OAKG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;;;;OAKG;IACH,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,kBAAkB;CAAG;AAElE;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACzC,QAAQ,EAAE,sBAAsB,CAAC;QACjC,KAAK,EAAE,kBAAkB,CAAC;KAC3B,CAAC,CAAC;IAEH;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC;QAC3C,QAAQ,EAAE,sBAAsB,CAAC;QACjC,KAAK,EAAE,kBAAkB,CAAC;KAC3B,CAAC,CAAC;IAEH;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACzC,QAAQ,EAAE,sBAAsB,CAAC;QACjC,KAAK,EAAE,kBAAkB,CAAC;KAC3B,CAAC,CAAC;IAEH;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC;QAC3C,QAAQ,EAAE,sBAAsB,CAAC;KAClC,CAAC,CAAC;IAEH;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACzC,QAAQ,EAAE,sBAAsB,CAAC;QACjC,KAAK,EAAE,kBAAkB,CAAC;KAC3B,CAAC,CAAC;IAEH;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC;QAC3C,QAAQ,EAAE,sBAAsB,CAAC;KAClC,CAAC,CAAC;CACJ;AAED;;;;;;GAMG;AACH,MAAM,WAAW,qBAAsB,SAAQ,aAAa;IAC1D;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"SandboxRuntime.d.ts","sourceRoot":"","sources":["../../../src/sandbox/types/SandboxRuntime.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAErE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,gBAAgB,GAAG,kBAAkB,CAAC;AAEnE;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAC5B,UAAU,GACV,SAAS,GACT,WAAW,GACX,QAAQ,GACR,QAAQ,GACR,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,MAAM,EAAE,oBAAoB,CAAC;IAE7B;;;;;OAKG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;;;;OAKG;IACH,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,kBAAkB;CAAG;AAElE;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACzC,QAAQ,EAAE,sBAAsB,CAAC;QACjC,KAAK,EAAE,kBAAkB,CAAC;KAC3B,CAAC,CAAC;IAEH;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC;QAC3C,QAAQ,EAAE,sBAAsB,CAAC;QACjC,KAAK,EAAE,kBAAkB,CAAC;KAC3B,CAAC,CAAC;IAEH;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACzC,QAAQ,EAAE,sBAAsB,CAAC;QACjC,KAAK,EAAE,kBAAkB,CAAC;KAC3B,CAAC,CAAC;IAEH;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC;QAC3C,QAAQ,EAAE,sBAAsB,CAAC;KAClC,CAAC,CAAC;IAEH;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACzC,QAAQ,EAAE,sBAAsB,CAAC;QACjC,KAAK,EAAE,kBAAkB,CAAC;KAC3B,CAAC,CAAC;IAEH;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC;QAC3C,QAAQ,EAAE,sBAAsB,CAAC;KAClC,CAAC,CAAC;CACJ;AAED;;;;;;GAMG;AACH,MAAM,WAAW,qBAAsB,SAAQ,aAAa;IAC1D;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;;;;OAMG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,KAAK,EAAE,OAAO,CAAC;IAEf;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC;IAE3B;;OAEG;IACH,MAAM,EAAE,qBAAqB,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,KAAK,EAAE,8BAA8B,CAAC;IAEtC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,SAAS,EAAE,OAAO,CAAC;IAEnB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB"}
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
*
|
|
4
4
|
* 关键点(中文)
|
|
5
5
|
* - 这里放的是 agent 执行层内部使用的最小 sandbox 运行时类型。
|
|
6
|
-
* - 当前只围绕
|
|
7
|
-
* - 目标是让 shell
|
|
6
|
+
* - 当前只围绕 agent 级 sandbox spawn 设计,不引入复杂 provider / policy / binding 对象。
|
|
7
|
+
* - 目标是让 shell、task script 等本地执行入口都能复用同一个 agent sandbox 边界。
|
|
8
8
|
*/
|
|
9
9
|
export {};
|
|
10
10
|
//# sourceMappingURL=SandboxRuntime.js.map
|
|
@@ -67,61 +67,17 @@ export interface ImagePluginInput {
|
|
|
67
67
|
quality?: string;
|
|
68
68
|
/** 随机种子。 */
|
|
69
69
|
seed?: number;
|
|
70
|
-
/** 业务侧任务 ID
|
|
70
|
+
/** 业务侧任务 ID,用于 provider 侧幂等、追踪和恢复。 */
|
|
71
71
|
client_job_id?: string;
|
|
72
72
|
/** Provider 私有参数,例如 `{ openai: {...}, gemini: {...}, luchi: {...} }`。 */
|
|
73
73
|
provider_options?: JsonObject;
|
|
74
74
|
/** 允许外部 image 函数接收其他 JSON 可序列化参数。 */
|
|
75
75
|
[key: string]: JsonValue | ImagePluginMessage[] | undefined;
|
|
76
76
|
}
|
|
77
|
-
/**
|
|
78
|
-
* ImagePlugin 图片任务状态。
|
|
79
|
-
*/
|
|
80
|
-
export type ImagePluginJobStatus = "queued" | "running" | "succeeded" | "failed";
|
|
81
77
|
/**
|
|
82
78
|
* ImagePlugin 生成结果。
|
|
83
79
|
*/
|
|
84
80
|
export type ImagePluginResult = UIMessage;
|
|
85
|
-
/**
|
|
86
|
-
* ImagePlugin 图片任务创建结果。
|
|
87
|
-
*/
|
|
88
|
-
export interface ImagePluginJobCreateResult {
|
|
89
|
-
/** 图片任务唯一 ID。 */
|
|
90
|
-
job_id: string;
|
|
91
|
-
/** 当前任务状态。 */
|
|
92
|
-
status: ImagePluginJobStatus;
|
|
93
|
-
/** 读取任务结果的路径或 URL。 */
|
|
94
|
-
result_path?: string;
|
|
95
|
-
/** 人类可读状态说明。 */
|
|
96
|
-
message?: string;
|
|
97
|
-
/** 建议下次轮询前等待的毫秒数。 */
|
|
98
|
-
poll_after_ms?: number;
|
|
99
|
-
/** 任务创建时间。 */
|
|
100
|
-
created_at?: string;
|
|
101
|
-
/** 任务更新时间。 */
|
|
102
|
-
updated_at?: string;
|
|
103
|
-
}
|
|
104
|
-
/**
|
|
105
|
-
* ImagePlugin 图片任务结果查询结果。
|
|
106
|
-
*/
|
|
107
|
-
export interface ImagePluginJobResult {
|
|
108
|
-
/** 图片任务唯一 ID。 */
|
|
109
|
-
job_id: string;
|
|
110
|
-
/** 当前任务状态。 */
|
|
111
|
-
status: ImagePluginJobStatus;
|
|
112
|
-
/** 成功时的图片结果。 */
|
|
113
|
-
result?: ImagePluginResult;
|
|
114
|
-
/** 失败时的错误信息。 */
|
|
115
|
-
error?: string;
|
|
116
|
-
/** 人类可读状态说明。 */
|
|
117
|
-
message?: string;
|
|
118
|
-
/** 任务未完成时建议下次轮询前等待的毫秒数。 */
|
|
119
|
-
poll_after_ms?: number;
|
|
120
|
-
/** 任务创建时间。 */
|
|
121
|
-
created_at?: string;
|
|
122
|
-
/** 任务更新时间。 */
|
|
123
|
-
updated_at?: string;
|
|
124
|
-
}
|
|
125
81
|
/**
|
|
126
82
|
* ImagePlugin 构造参数。
|
|
127
83
|
*/
|
|
@@ -132,15 +88,7 @@ export interface ImagePluginOptions {
|
|
|
132
88
|
title?: string;
|
|
133
89
|
/** Plugin 用途说明。 */
|
|
134
90
|
description?: string;
|
|
135
|
-
/**
|
|
136
|
-
|
|
137
|
-
/** 可选:读取图片生成任务结果,通常传入 `(input) => city.ai.image_result(input)`。 */
|
|
138
|
-
result?: (input: {
|
|
139
|
-
job_id: string;
|
|
140
|
-
}) => Promise<ImagePluginJobResult> | ImagePluginJobResult;
|
|
141
|
-
/** 兼容 `generate` 动作等待任务完成的最长毫秒数。 */
|
|
142
|
-
wait_timeout_ms?: number;
|
|
143
|
-
/** 兼容 `generate` 动作每次轮询间隔毫秒数。 */
|
|
144
|
-
poll_interval_ms?: number;
|
|
91
|
+
/** 图片生成函数,通常传入 `(input) => city.ai.image(input)`。 */
|
|
92
|
+
image?: (input: ImagePluginInput) => Promise<ImagePluginResult> | ImagePluginResult;
|
|
145
93
|
}
|
|
146
94
|
//# sourceMappingURL=ImagePlugin.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ImagePlugin.d.ts","sourceRoot":"","sources":["../../../src/types/plugin/ImagePlugin.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACpC,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,kBAAkB;IAClB,IAAI,EAAE,OAAO,CAAC;IACd,gBAAgB;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,sBAAsB,GACtB,sBAAsB,CAAC;AAE3B;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,YAAY;IACZ,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;IACtC,oBAAoB;IACpB,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,cAAc;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qBAAqB;IACrB,QAAQ,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAChC,cAAc;IACd,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2BAA2B;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,
|
|
1
|
+
{"version":3,"file":"ImagePlugin.d.ts","sourceRoot":"","sources":["../../../src/types/plugin/ImagePlugin.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACpC,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,kBAAkB;IAClB,IAAI,EAAE,OAAO,CAAC;IACd,gBAAgB;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,sBAAsB,GACtB,sBAAsB,CAAC;AAE3B;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,YAAY;IACZ,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;IACtC,oBAAoB;IACpB,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,cAAc;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qBAAqB;IACrB,QAAQ,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAChC,cAAc;IACd,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2BAA2B;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sCAAsC;IACtC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yEAAyE;IACzE,gBAAgB,CAAC,EAAE,UAAU,CAAC;IAC9B,qCAAqC;IACrC,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,kBAAkB,EAAE,GAAG,SAAS,CAAC;CAC7D;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,SAAS,CAAC;AAE1C;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,8BAA8B;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qDAAqD;IACrD,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,OAAO,CAAC,iBAAiB,CAAC,GAAG,iBAAiB,CAAC;CACrF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@downcity/agent",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.99",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "Downcity Agent 运行时 — 单 Agent 执行壳与本机 RPC 能力",
|
|
6
6
|
"main": "./bin/index.js",
|
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
"node-cron": "^4.2.1",
|
|
30
30
|
"ws": "^8.21.0",
|
|
31
31
|
"zod": "^4.4.3",
|
|
32
|
-
"@downcity/type": "0.1.
|
|
32
|
+
"@downcity/type": "0.1.33"
|
|
33
33
|
},
|
|
34
34
|
"devDependencies": {
|
|
35
35
|
"@types/fs-extra": "^11.0.4",
|