@downcity/shell 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (141) hide show
  1. package/bin/Shell.d.ts +55 -0
  2. package/bin/Shell.d.ts.map +1 -0
  3. package/bin/Shell.js +171 -0
  4. package/bin/Shell.js.map +1 -0
  5. package/bin/approval/ShellApprovalRuntime.d.ts +62 -0
  6. package/bin/approval/ShellApprovalRuntime.d.ts.map +1 -0
  7. package/bin/approval/ShellApprovalRuntime.js +214 -0
  8. package/bin/approval/ShellApprovalRuntime.js.map +1 -0
  9. package/bin/index.d.ts +27 -0
  10. package/bin/index.d.ts.map +1 -0
  11. package/bin/index.js +26 -0
  12. package/bin/index.js.map +1 -0
  13. package/bin/sandbox/LinuxBubblewrapSandbox.d.ts +19 -0
  14. package/bin/sandbox/LinuxBubblewrapSandbox.d.ts.map +1 -0
  15. package/bin/sandbox/LinuxBubblewrapSandbox.js +186 -0
  16. package/bin/sandbox/LinuxBubblewrapSandbox.js.map +1 -0
  17. package/bin/sandbox/MacOsSeatbeltSandbox.d.ts +16 -0
  18. package/bin/sandbox/MacOsSeatbeltSandbox.d.ts.map +1 -0
  19. package/bin/sandbox/MacOsSeatbeltSandbox.js +154 -0
  20. package/bin/sandbox/MacOsSeatbeltSandbox.js.map +1 -0
  21. package/bin/sandbox/SandboxConfigResolver.d.ts +37 -0
  22. package/bin/sandbox/SandboxConfigResolver.d.ts.map +1 -0
  23. package/bin/sandbox/SandboxConfigResolver.js +130 -0
  24. package/bin/sandbox/SandboxConfigResolver.js.map +1 -0
  25. package/bin/sandbox/SandboxPreflight.d.ts +73 -0
  26. package/bin/sandbox/SandboxPreflight.d.ts.map +1 -0
  27. package/bin/sandbox/SandboxPreflight.js +122 -0
  28. package/bin/sandbox/SandboxPreflight.js.map +1 -0
  29. package/bin/sandbox/SandboxRunner.d.ts +61 -0
  30. package/bin/sandbox/SandboxRunner.d.ts.map +1 -0
  31. package/bin/sandbox/SandboxRunner.js +107 -0
  32. package/bin/sandbox/SandboxRunner.js.map +1 -0
  33. package/bin/sandbox/UnrestrictedSandbox.d.ts +16 -0
  34. package/bin/sandbox/UnrestrictedSandbox.d.ts.map +1 -0
  35. package/bin/sandbox/UnrestrictedSandbox.js +39 -0
  36. package/bin/sandbox/UnrestrictedSandbox.js.map +1 -0
  37. package/bin/sandbox/types/Sandbox.d.ts +130 -0
  38. package/bin/sandbox/types/Sandbox.d.ts.map +1 -0
  39. package/bin/sandbox/types/Sandbox.js +10 -0
  40. package/bin/sandbox/types/Sandbox.js.map +1 -0
  41. package/bin/sandbox/types/SandboxRuntime.d.ts +370 -0
  42. package/bin/sandbox/types/SandboxRuntime.d.ts.map +1 -0
  43. package/bin/sandbox/types/SandboxRuntime.js +10 -0
  44. package/bin/sandbox/types/SandboxRuntime.js.map +1 -0
  45. package/bin/session/Paths.d.ts +12 -0
  46. package/bin/session/Paths.d.ts.map +1 -0
  47. package/bin/session/Paths.js +21 -0
  48. package/bin/session/Paths.js.map +1 -0
  49. package/bin/session/ShellActionResponse.d.ts +52 -0
  50. package/bin/session/ShellActionResponse.d.ts.map +1 -0
  51. package/bin/session/ShellActionResponse.js +73 -0
  52. package/bin/session/ShellActionResponse.js.map +1 -0
  53. package/bin/session/ShellActionRuntime.d.ts +15 -0
  54. package/bin/session/ShellActionRuntime.d.ts.map +1 -0
  55. package/bin/session/ShellActionRuntime.js +15 -0
  56. package/bin/session/ShellActionRuntime.js.map +1 -0
  57. package/bin/session/ShellActionRuntimeSupport.d.ts +88 -0
  58. package/bin/session/ShellActionRuntimeSupport.d.ts.map +1 -0
  59. package/bin/session/ShellActionRuntimeSupport.js +305 -0
  60. package/bin/session/ShellActionRuntimeSupport.js.map +1 -0
  61. package/bin/session/ShellProcessEvents.d.ts +22 -0
  62. package/bin/session/ShellProcessEvents.d.ts.map +1 -0
  63. package/bin/session/ShellProcessEvents.js +41 -0
  64. package/bin/session/ShellProcessEvents.js.map +1 -0
  65. package/bin/session/ShellRunScope.d.ts +43 -0
  66. package/bin/session/ShellRunScope.d.ts.map +1 -0
  67. package/bin/session/ShellRunScope.js +29 -0
  68. package/bin/session/ShellRunScope.js.map +1 -0
  69. package/bin/session/ShellRuntimeEnvironment.d.ts +21 -0
  70. package/bin/session/ShellRuntimeEnvironment.d.ts.map +1 -0
  71. package/bin/session/ShellRuntimeEnvironment.js +69 -0
  72. package/bin/session/ShellRuntimeEnvironment.js.map +1 -0
  73. package/bin/session/ShellRuntimeTypes.d.ts +160 -0
  74. package/bin/session/ShellRuntimeTypes.d.ts.map +1 -0
  75. package/bin/session/ShellRuntimeTypes.js +10 -0
  76. package/bin/session/ShellRuntimeTypes.js.map +1 -0
  77. package/bin/session/actions/ShellActionShared.d.ts +76 -0
  78. package/bin/session/actions/ShellActionShared.d.ts.map +1 -0
  79. package/bin/session/actions/ShellActionShared.js +100 -0
  80. package/bin/session/actions/ShellActionShared.js.map +1 -0
  81. package/bin/session/actions/ShellApprovalActions.d.ts +34 -0
  82. package/bin/session/actions/ShellApprovalActions.d.ts.map +1 -0
  83. package/bin/session/actions/ShellApprovalActions.js +37 -0
  84. package/bin/session/actions/ShellApprovalActions.js.map +1 -0
  85. package/bin/session/actions/ShellExecActions.d.ts +15 -0
  86. package/bin/session/actions/ShellExecActions.d.ts.map +1 -0
  87. package/bin/session/actions/ShellExecActions.js +117 -0
  88. package/bin/session/actions/ShellExecActions.js.map +1 -0
  89. package/bin/session/actions/ShellLifecycleActions.d.ts +18 -0
  90. package/bin/session/actions/ShellLifecycleActions.d.ts.map +1 -0
  91. package/bin/session/actions/ShellLifecycleActions.js +53 -0
  92. package/bin/session/actions/ShellLifecycleActions.js.map +1 -0
  93. package/bin/session/actions/ShellQueryActions.d.ts +27 -0
  94. package/bin/session/actions/ShellQueryActions.d.ts.map +1 -0
  95. package/bin/session/actions/ShellQueryActions.js +151 -0
  96. package/bin/session/actions/ShellQueryActions.js.map +1 -0
  97. package/bin/session/actions/ShellStartActions.d.ts +15 -0
  98. package/bin/session/actions/ShellStartActions.d.ts.map +1 -0
  99. package/bin/session/actions/ShellStartActions.js +167 -0
  100. package/bin/session/actions/ShellStartActions.js.map +1 -0
  101. package/bin/session/actions/ShellWriteActions.d.ts +15 -0
  102. package/bin/session/actions/ShellWriteActions.d.ts.map +1 -0
  103. package/bin/session/actions/ShellWriteActions.js +85 -0
  104. package/bin/session/actions/ShellWriteActions.js.map +1 -0
  105. package/bin/tool/ShellToolFormatting.d.ts +12 -0
  106. package/bin/tool/ShellToolFormatting.d.ts.map +1 -0
  107. package/bin/tool/ShellToolFormatting.js +31 -0
  108. package/bin/tool/ShellToolFormatting.js.map +1 -0
  109. package/bin/tool/ShellToolSchemas.d.ts +61 -0
  110. package/bin/tool/ShellToolSchemas.d.ts.map +1 -0
  111. package/bin/tool/ShellToolSchemas.js +130 -0
  112. package/bin/tool/ShellToolSchemas.js.map +1 -0
  113. package/bin/tool/ShellTools.d.ts +32 -0
  114. package/bin/tool/ShellTools.d.ts.map +1 -0
  115. package/bin/tool/ShellTools.js +296 -0
  116. package/bin/tool/ShellTools.js.map +1 -0
  117. package/bin/types/Shell.d.ts +115 -0
  118. package/bin/types/Shell.d.ts.map +1 -0
  119. package/bin/types/Shell.js +9 -0
  120. package/bin/types/Shell.js.map +1 -0
  121. package/bin/types/ShellAction.d.ts +258 -0
  122. package/bin/types/ShellAction.d.ts.map +1 -0
  123. package/bin/types/ShellAction.js +9 -0
  124. package/bin/types/ShellAction.js.map +1 -0
  125. package/bin/types/ShellHostContext.d.ts +78 -0
  126. package/bin/types/ShellHostContext.d.ts.map +1 -0
  127. package/bin/types/ShellHostContext.js +9 -0
  128. package/bin/types/ShellHostContext.js.map +1 -0
  129. package/bin/types/ShellRuntime.d.ts +128 -0
  130. package/bin/types/ShellRuntime.d.ts.map +1 -0
  131. package/bin/types/ShellRuntime.js +9 -0
  132. package/bin/types/ShellRuntime.js.map +1 -0
  133. package/bin/types/ShellRuntimeOptions.d.ts +103 -0
  134. package/bin/types/ShellRuntimeOptions.d.ts.map +1 -0
  135. package/bin/types/ShellRuntimeOptions.js +10 -0
  136. package/bin/types/ShellRuntimeOptions.js.map +1 -0
  137. package/bin/utils/Id.d.ts +11 -0
  138. package/bin/utils/Id.d.ts.map +1 -0
  139. package/bin/utils/Id.js +14 -0
  140. package/bin/utils/Id.js.map +1 -0
  141. package/package.json +81 -0
package/bin/sandbox/SandboxPreflight.js ADDED
@@ -0,0 +1,122 @@
1
+ /**
2
+ * SandboxPreflight:本机 shell sandbox 依赖预检。
3
+ *
4
+ * 关键点(中文)
5
+ * - shell 命令必须进入 sandbox;这里提前检查 backend 依赖,避免启动后首次 shell 执行才失败。
6
+ * - Linux backend 基于 bubblewrap,本质使用 Linux namespaces / bind mount 等内核能力。
7
+ * - 本模块只诊断并给出修复建议,不自动安装软件,也不修改宿主机 sysctl。
8
+ */
9
+ import { access, readFile } from "node:fs/promises";
10
+ import path from "node:path";
11
+ import { delimiter } from "node:path";
12
+ async function commandExists(command) {
13
+ const pathValue = String(process.env.PATH || "").trim();
14
+ const dirs = pathValue ? pathValue.split(delimiter) : [];
15
+ for (const dir of dirs) {
16
+ const candidate = path.join(dir, command);
17
+ try {
18
+ await access(candidate);
19
+ return true;
20
+ }
21
+ catch {
22
+ // continue
23
+ }
24
+ }
25
+ return false;
26
+ }
27
+ async function readProcInt(filePath) {
28
+ try {
29
+ const raw = await readFile(filePath, "utf-8");
30
+ const value = Number.parseInt(raw.trim(), 10);
31
+ return Number.isFinite(value) && !Number.isNaN(value) ? value : null;
32
+ }
33
+ catch {
34
+ return null;
35
+ }
36
+ }
37
+ async function isLinuxUserNamespaceEnabled(probe) {
38
+ const unprivilegedUsernsClone = await probe.readProcInt("/proc/sys/kernel/unprivileged_userns_clone");
39
+ if (unprivilegedUsernsClone === 0)
40
+ return false;
41
+ const maxUserNamespaces = await probe.readProcInt("/proc/sys/user/max_user_namespaces");
42
+ if (maxUserNamespaces === 0)
43
+ return false;
44
+ return true;
45
+ }
46
+ /**
47
+ * 检查当前宿主是否满足 shell sandbox 运行要求。
48
+ */
49
+ export async function checkShellSandboxPreflight() {
50
+ return await checkShellSandboxPreflightWithProbe({
51
+ commandExists,
52
+ readProcInt,
53
+ });
54
+ }
55
+ /**
56
+ * 使用注入探针检查当前宿主是否满足 shell sandbox 运行要求。
57
+ */
58
+ export async function checkShellSandboxPreflightWithProbe(probe) {
59
+ const platform = process.platform;
60
+ const issues = [];
61
+ if (platform === "darwin") {
62
+ if (!(await probe.commandExists("sandbox-exec"))) {
63
+ issues.push({
64
+ code: "missing-command",
65
+ message: "macOS shell sandbox requires sandbox-exec, but it was not found.",
66
+ fixes: [
67
+ "Use a macOS system that includes /usr/bin/sandbox-exec.",
68
+ ],
69
+ });
70
+ }
71
+ return {
72
+ ok: issues.length === 0,
73
+ platform,
74
+ backend: "macos-seatbelt",
75
+ issues,
76
+ };
77
+ }
78
+ if (platform === "linux") {
79
+ if (!(await probe.commandExists("bwrap"))) {
80
+ issues.push({
81
+ code: "missing-command",
82
+ message: "Linux shell sandbox requires bubblewrap (bwrap), but it was not found.",
83
+ fixes: [
84
+ "Debian / Ubuntu: sudo apt install bubblewrap",
85
+ "Fedora: sudo dnf install bubblewrap",
86
+ "Arch: sudo pacman -S bubblewrap",
87
+ ],
88
+ });
89
+ }
90
+ if (!(await isLinuxUserNamespaceEnabled(probe))) {
91
+ issues.push({
92
+ code: "userns-disabled",
93
+ message: "Linux user namespaces are disabled, so bubblewrap cannot create the sandbox.",
94
+ fixes: [
95
+ "Check: cat /proc/sys/kernel/unprivileged_userns_clone",
96
+ "Check: cat /proc/sys/user/max_user_namespaces",
97
+ "Debian / Ubuntu: sudo sysctl kernel.unprivileged_userns_clone=1",
98
+ ],
99
+ });
100
+ }
101
+ return {
102
+ ok: issues.length === 0,
103
+ platform,
104
+ backend: "linux-bubblewrap",
105
+ issues,
106
+ };
107
+ }
108
+ return {
109
+ ok: false,
110
+ platform,
111
+ issues: [
112
+ {
113
+ code: "unsupported-platform",
114
+ message: `Shell sandbox is not supported on this platform: ${platform}.`,
115
+ fixes: [
116
+ "Use macOS or Linux for local shell execution.",
117
+ ],
118
+ },
119
+ ],
120
+ };
121
+ }
122
+ //# sourceMappingURL=SandboxPreflight.js.map
package/bin/sandbox/SandboxPreflight.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SandboxPreflight.js","sourceRoot":"","sources":["../../src/sandbox/SandboxPreflight.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAuEtC,KAAK,UAAU,aAAa,CAAC,OAAe;IAC1C,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAC9C,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,KAAiC;IAEjC,MAAM,uBAAuB,GAAG,MAAM,KAAK,CAAC,WAAW,CACrD,4CAA4C,CAC7C,CAAC;IACF,IAAI,uBAAuB,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEhD,MAAM,iBAAiB,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,oCAAoC,CAAC,CAAC;IACxF,IAAI,iBAAiB,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAE1C,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAC9C,OAAO,MAAM,mCAAmC,CAAC;QAC/C,aAAa;QACb,WAAW;KACZ,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mCAAmC,CACvD,KAAiC;IAEjC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAE3C,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,kEAAkE;gBAC3E,KAAK,EAAE;oBACL,yDAAyD;iBAC1D;aACF,CAAC,CAAC;QACL,CAAC;QACD,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YACvB,QAAQ;YACR,OAAO,EAAE,gBAAgB;YACzB,MAAM;SACP,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,wEAAwE;gBACjF,KAAK,EAAE;oBACL,8CAA8C;oBAC9C,qCAAqC;oBACrC,iCAAiC;iBAClC;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAChD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,8EAA8E;gBACvF,KAAK,EAAE;oBACL,uDAAuD;oBACvD,+CAA+C;oBAC/C,iEAAiE;iBAClE;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YACvB,QAAQ;YACR,OAAO,EAAE,kBAAkB;YAC3B,MAAM;SACP,CAAC;IACJ,CAAC;IAED,OAAO;QACL,EAAE,EAAE,KAAK;QACT,QAAQ;QACR,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,sBAAsB;gBAC5B,OAAO,EAAE,oDAAoD,QAAQ,GAAG;gBACxE,KAAK,EAAE;oBACL,+CAA+C;iBAChD;aACF;SACF;KACF,CAAC;AACJ,CAAC"}
package/bin/sandbox/SandboxRunner.d.ts ADDED
@@ -0,0 +1,61 @@
1
+ /**
2
+ * SandboxRunner 入口。
3
+ *
4
+ * 关键点(中文)
5
+ * - 这里不实现完整的 session/read/write 协议,只负责本地子进程创建时统一进入 agent sandbox backend。
6
+ * - 当前版本接入 macOS seatbelt 与 Linux bubblewrap backend。
7
+ * - 本地命令不再允许回退到宿主机普通子进程执行。
8
+ */
9
+ import type { ShellHostContext } from "../types/ShellHostContext.js";
10
+ import type { SandboxSpawnResult } from "../sandbox/types/SandboxRuntime.js";
11
+ /**
12
+ * 启动 shell 子进程。
13
+ */
14
+ export declare function spawnShellProcess(params: {
15
+ context: ShellHostContext;
16
+ shellId: string;
17
+ shellDir: string;
18
+ cmd: string;
19
+ cwd: string;
20
+ shellPath: string;
21
+ login: boolean;
22
+ baseEnv: NodeJS.ProcessEnv;
23
+ sandboxMode?: "safe" | "unrestricted";
24
+ }): Promise<SandboxSpawnResult>;
25
+ /**
26
+ * 在当前 agent sandbox 中启动本地子进程。
27
+ */
28
+ export declare function spawnInSandbox(params: {
29
+ context: ShellHostContext;
30
+ executionId: string;
31
+ executionDir: string;
32
+ cmd: string;
33
+ cwd: string;
34
+ shellPath: string;
35
+ login: boolean;
36
+ baseEnv: NodeJS.ProcessEnv;
37
+ sandboxMode?: "safe" | "unrestricted";
38
+ }): Promise<SandboxSpawnResult>;
39
+ /**
40
+ * 执行一次 one-shot sandbox 命令并等待结束。
41
+ *
42
+ * 关键点(中文)
43
+ * - 供 task script 这类“直接执行命令但不需要 shell session 管理”的路径复用。
44
+ * - 非零退出码会直接抛错,行为与原先 `execa(..., { reject: true })` 保持一致。
45
+ */
46
+ export declare function runSandboxCommand(params: {
47
+ context: ShellHostContext;
48
+ executionId: string;
49
+ executionDir: string;
50
+ cmd: string;
51
+ cwd: string;
52
+ shellPath: string;
53
+ login: boolean;
54
+ baseEnv: NodeJS.ProcessEnv;
55
+ }): Promise<{
56
+ stdout: string;
57
+ stderr: string;
58
+ exitCode: number;
59
+ spawn: SandboxSpawnResult;
60
+ }>;
61
+ //# sourceMappingURL=SandboxRunner.d.ts.map
package/bin/sandbox/SandboxRunner.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SandboxRunner.d.ts","sourceRoot":"","sources":["../../src/sandbox/SandboxRunner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AAM5E;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE;IAC9C,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC;CACvC,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAY9B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE;IAC3C,OAAO,EAAE,gBAAgB,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC;CACvC,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAsC9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE;IAC9C,OAAO,EAAE,gBAAgB,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC;CAC5B,GAAG,OAAO,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,kBAAkB,CAAC;CAC3B,CAAC,CAiCD"}
package/bin/sandbox/SandboxRunner.js ADDED
@@ -0,0 +1,107 @@
1
+ /**
2
+ * SandboxRunner 入口。
3
+ *
4
+ * 关键点(中文)
5
+ * - 这里不实现完整的 session/read/write 协议,只负责本地子进程创建时统一进入 agent sandbox backend。
6
+ * - 当前版本接入 macOS seatbelt 与 Linux bubblewrap backend。
7
+ * - 本地命令不再允许回退到宿主机普通子进程执行。
8
+ */
9
+ import { resolveSandboxConfig, resolveSandboxCwd } from "../sandbox/SandboxConfigResolver.js";
10
+ import { spawnMacOsSeatbeltSandbox } from "../sandbox/MacOsSeatbeltSandbox.js";
11
+ import { spawnLinuxBubblewrapSandbox } from "../sandbox/LinuxBubblewrapSandbox.js";
12
+ import { spawnUnrestrictedSandbox } from "../sandbox/UnrestrictedSandbox.js";
13
+ /**
14
+ * 启动 shell 子进程。
15
+ */
16
+ export async function spawnShellProcess(params) {
17
+ return spawnInSandbox({
18
+ context: params.context,
19
+ executionId: params.shellId,
20
+ executionDir: params.shellDir,
21
+ cmd: params.cmd,
22
+ cwd: params.cwd,
23
+ shellPath: params.shellPath,
24
+ login: params.login,
25
+ baseEnv: params.baseEnv,
26
+ sandboxMode: params.sandboxMode,
27
+ });
28
+ }
29
+ /**
30
+ * 在当前 agent sandbox 中启动本地子进程。
31
+ */
32
+ export async function spawnInSandbox(params) {
33
+ if (params.sandboxMode === "unrestricted") {
34
+ return spawnUnrestrictedSandbox({
35
+ executionId: params.executionId,
36
+ executionDir: params.executionDir,
37
+ cmd: params.cmd,
38
+ cwd: params.cwd,
39
+ shellPath: params.shellPath,
40
+ login: params.login,
41
+ baseEnv: params.baseEnv,
42
+ actualCwd: params.cwd,
43
+ });
44
+ }
45
+ const config = resolveSandboxConfig(params.context);
46
+ const actualCwd = resolveSandboxCwd({
47
+ rootPath: config.rootPath,
48
+ requestedCwd: params.cwd,
49
+ context: params.context,
50
+ });
51
+ const spawnParams = {
52
+ executionId: params.executionId,
53
+ executionDir: params.executionDir,
54
+ cmd: params.cmd,
55
+ cwd: params.cwd,
56
+ shellPath: params.shellPath,
57
+ login: params.login,
58
+ baseEnv: params.baseEnv,
59
+ config,
60
+ actualCwd,
61
+ };
62
+ if (config.backend === "macos-seatbelt") {
63
+ return spawnMacOsSeatbeltSandbox(spawnParams);
64
+ }
65
+ if (config.backend === "linux-bubblewrap") {
66
+ return spawnLinuxBubblewrapSandbox(spawnParams);
67
+ }
68
+ throw new Error(`unsupported sandbox backend: ${config.backend}`);
69
+ }
70
+ /**
71
+ * 执行一次 one-shot sandbox 命令并等待结束。
72
+ *
73
+ * 关键点(中文)
74
+ * - 供 task script 这类“直接执行命令但不需要 shell session 管理”的路径复用。
75
+ * - 非零退出码会直接抛错,行为与原先 `execa(..., { reject: true })` 保持一致。
76
+ */
77
+ export async function runSandboxCommand(params) {
78
+ const spawn = await spawnInSandbox(params);
79
+ const stdoutChunks = [];
80
+ const stderrChunks = [];
81
+ spawn.child.stdout.on("data", (chunk) => {
82
+ stdoutChunks.push(String(chunk ?? ""));
83
+ });
84
+ spawn.child.stderr.on("data", (chunk) => {
85
+ stderrChunks.push(String(chunk ?? ""));
86
+ });
87
+ const exitCode = await new Promise((resolve, reject) => {
88
+ spawn.child.on("error", (error) => reject(error));
89
+ spawn.child.on("close", (code) => resolve(typeof code === "number" ? code : -1));
90
+ });
91
+ const stdout = stdoutChunks.join("");
92
+ const stderr = stderrChunks.join("");
93
+ if (exitCode !== 0) {
94
+ const message = [stdout.trim(), stderr.trim()]
95
+ .filter(Boolean)
96
+ .join("\n")
97
+ .trim();
98
+ throw new Error(message || `Sandbox command failed with exit code ${exitCode}`);
99
+ }
100
+ return {
101
+ stdout,
102
+ stderr,
103
+ exitCode,
104
+ spawn,
105
+ };
106
+ }
107
+ //# sourceMappingURL=SandboxRunner.js.map
package/bin/sandbox/SandboxRunner.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SandboxRunner.js","sourceRoot":"","sources":["../../src/sandbox/SandboxRunner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC7F,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAE5E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAUvC;IACC,OAAO,cAAc,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,WAAW,EAAE,MAAM,CAAC,OAAO;QAC3B,YAAY,EAAE,MAAM,CAAC,QAAQ;QAC7B,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;KAChC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAUpC;IACC,IAAI,MAAM,CAAC,WAAW,KAAK,cAAc,EAAE,CAAC;QAC1C,OAAO,wBAAwB,CAAC;YAC9B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,GAAG;SACtB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,iBAAiB,CAAC;QAClC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,GAAG;QACxB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG;QAClB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM;QACN,SAAS;KACV,CAAC;IACF,IAAI,MAAM,CAAC,OAAO,KAAK,gBAAgB,EAAE,CAAC;QACxC,OAAO,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,KAAK,kBAAkB,EAAE,CAAC;QAC1C,OAAO,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;AACpE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MASvC;IAMC,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAsB,EAAE,EAAE;QACvD,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAsB,EAAE,EAAE;QACvD,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7D,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAClD,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACnF,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;aAC3C,MAAM,CAAC,OAAO,CAAC;aACf,IAAI,CAAC,IAAI,CAAC;aACV,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,yCAAyC,QAAQ,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,OAAO;QACL,MAAM;QACN,MAAM;QACN,QAAQ;QACR,KAAK;KACN,CAAC;AACJ,CAAC"}
package/bin/sandbox/UnrestrictedSandbox.d.ts ADDED
@@ -0,0 +1,16 @@
1
+ /**
2
+ * Unrestricted sandbox backend。
3
+ *
4
+ * 关键点(中文)
5
+ * - 这是 Downcity Runtime 管理的高权限执行环境,不是 agent 直接访问宿主 shell。
6
+ * - 进程继承宿主可见文件系统与环境边界,但必须由上层 approval 流程批准后才能调用。
7
+ * - 本 backend 只负责 spawn,不做审批、审计或风险判断。
8
+ */
9
+ import type { SandboxSpawnParams, SandboxSpawnResult } from "../sandbox/types/SandboxRuntime.js";
10
+ /**
11
+ * 在 unrestricted sandbox 中启动 shell 子进程。
12
+ */
13
+ export declare function spawnUnrestrictedSandbox(params: Omit<SandboxSpawnParams, "config"> & {
14
+ actualCwd: string;
15
+ }): Promise<SandboxSpawnResult>;
16
+ //# sourceMappingURL=UnrestrictedSandbox.d.ts.map
package/bin/sandbox/UnrestrictedSandbox.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"UnrestrictedSandbox.d.ts","sourceRoot":"","sources":["../../src/sandbox/UnrestrictedSandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EACV,kBAAkB,EAClB,kBAAkB,EACnB,MAAM,mCAAmC,CAAC;AAE3C;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,MAAM,EAAE,IAAI,CAAC,kBAAkB,EAAE,QAAQ,CAAC,GAAG;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,GACjE,OAAO,CAAC,kBAAkB,CAAC,CA+B7B"}
package/bin/sandbox/UnrestrictedSandbox.js ADDED
@@ -0,0 +1,39 @@
1
+ /**
2
+ * Unrestricted sandbox backend。
3
+ *
4
+ * 关键点(中文)
5
+ * - 这是 Downcity Runtime 管理的高权限执行环境,不是 agent 直接访问宿主 shell。
6
+ * - 进程继承宿主可见文件系统与环境边界,但必须由上层 approval 流程批准后才能调用。
7
+ * - 本 backend 只负责 spawn,不做审批、审计或风险判断。
8
+ */
9
+ import { spawn } from "node:child_process";
10
+ import fs from "fs-extra";
11
+ /**
12
+ * 在 unrestricted sandbox 中启动 shell 子进程。
13
+ */
14
+ export async function spawnUnrestrictedSandbox(params) {
15
+ await fs.ensureDir(params.executionDir);
16
+ const child = spawn(params.shellPath, [
17
+ params.login ? "-lc" : "-c",
18
+ params.cmd,
19
+ ], {
20
+ cwd: params.actualCwd,
21
+ stdio: "pipe",
22
+ env: params.baseEnv,
23
+ });
24
+ child.stdout.setEncoding("utf8");
25
+ child.stderr.setEncoding("utf8");
26
+ return {
27
+ child,
28
+ cwd: params.actualCwd,
29
+ sandboxed: false,
30
+ sandboxMode: "unrestricted",
31
+ backend: "unrestricted-host",
32
+ networkMode: "full",
33
+ sandboxDir: "",
34
+ homeDir: String(params.baseEnv.HOME || ""),
35
+ tmpDir: String(params.baseEnv.TMPDIR || "/tmp"),
36
+ cacheDir: String(params.baseEnv.XDG_CACHE_HOME || ""),
37
+ };
38
+ }
39
+ //# sourceMappingURL=UnrestrictedSandbox.js.map
package/bin/sandbox/UnrestrictedSandbox.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"UnrestrictedSandbox.js","sourceRoot":"","sources":["../../src/sandbox/UnrestrictedSandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,MAAM,UAAU,CAAC;AAM1B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,MAAkE;IAElE,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExC,MAAM,KAAK,GAAG,KAAK,CACjB,MAAM,CAAC,SAAS,EAChB;QACE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI;QAC3B,MAAM,CAAC,GAAG;KACX,EACD;QACE,GAAG,EAAE,MAAM,CAAC,SAAS;QACrB,KAAK,EAAE,MAAM;QACb,GAAG,EAAE,MAAM,CAAC,OAAO;KACpB,CACF,CAAC;IAEF,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACjC,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IAEjC,OAAO;QACL,KAAK;QACL,GAAG,EAAE,MAAM,CAAC,SAAS;QACrB,SAAS,EAAE,KAAK;QAChB,WAAW,EAAE,cAAc;QAC3B,OAAO,EAAE,mBAAmB;QAC5B,WAAW,EAAE,MAAM;QACnB,UAAU,EAAE,EAAE;QACd,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;QAC1C,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC;QAC/C,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;KACtD,CAAC;AACJ,CAAC"}
package/bin/sandbox/types/Sandbox.d.ts ADDED
@@ -0,0 +1,130 @@
1
+ /**
2
+ * Sandbox 共享类型定义。
3
+ *
4
+ * 关键点(中文)
5
+ * - 这里放的是 console 模块与 agent 执行层都会使用的最小 sandbox 协议。
6
+ * - 当前版本不引入复杂 profile / binding / permission 模型,只表达“命令执行边界”。
7
+ * - 运行时句柄与状态化 session 类型放在 `src/sandbox/types/`。
8
+ */
9
+ /**
10
+ * Sandbox 网络模式。
11
+ *
12
+ * 说明(中文)
13
+ * - `off`:完全禁止网络访问。
14
+ * - `restricted`:允许受限网络访问(后续实现白名单时再细化)。
15
+ * - `full`:允许完整网络访问。
16
+ */
17
+ export type SandboxNetworkMode = "off" | "restricted" | "full";
18
+ /**
19
+ * Sandbox 路径访问模式。
20
+ *
21
+ * 说明(中文)
22
+ * - `ro`:只读。
23
+ * - `rw`:可读写。
24
+ */
25
+ export type SandboxPathAccessMode = "ro" | "rw";
26
+ /**
27
+ * 单条路径边界规则。
28
+ */
29
+ export interface SandboxPathRule {
30
+ /**
31
+ * 宿主机上的绝对路径。
32
+ */
33
+ path: string;
34
+ /**
35
+ * 当前路径在 sandbox 中的访问模式。
36
+ */
37
+ access: SandboxPathAccessMode;
38
+ /**
39
+ * 当前规则的说明文本。
40
+ */
41
+ reason?: string;
42
+ }
43
+ /**
44
+ * sandbox 最小配置。
45
+ *
46
+ * 说明(中文)
47
+ * - 当前只表达命令执行边界,不表达 chat 用户授权与审批流。
48
+ * - `rootPath` 是默认工作根目录。
49
+ * - `writablePaths` 决定哪些路径允许写入。
50
+ * - `envAllowlist` 决定哪些环境变量允许导出到 sandbox。
51
+ */
52
+ export interface SandboxConfig {
53
+ /**
54
+ * 当前 sandbox 的默认根目录。
55
+ */
56
+ rootPath: string;
57
+ /**
58
+ * 允许导出的环境变量名集合。
59
+ *
60
+ * 说明(中文)
61
+ * - 这里仅声明允许导出的 key,不在共享配置层直接保存明文值。
62
+ */
63
+ envAllowlist: string[];
64
+ /**
65
+ * 允许写入的路径集合。
66
+ *
67
+ * 说明(中文)
68
+ * - 路径可以是绝对路径,也可以是相对 `rootPath` 的相对路径。
69
+ * - 运行时会统一解析为绝对路径,并限制在 `rootPath` 范围内。
70
+ */
71
+ writablePaths: string[];
72
+ /**
73
+ * 当前 sandbox 的网络模式。
74
+ */
75
+ networkMode: SandboxNetworkMode;
76
+ }
77
+ /**
78
+ * 项目级 sandbox 配置。
79
+ *
80
+ * 说明(中文)
81
+ * - 这是 `downcity.json` 中面向用户暴露的最小配置。
82
+ * - 当前版本只服务 CLI / shell 执行边界,不扩展到审批或用户权限系统。
83
+ */
84
+ export interface SandboxProjectConfig {
85
+ /**
86
+ * 允许导出的环境变量名集合。
87
+ *
88
+ * 说明(中文)
89
+ * - 这里只声明允许导出的 key,不直接保存变量值。
90
+ * - 运行时仍会注入少量必需变量,例如隔离后的 `HOME`、`TMPDIR`。
91
+ */
92
+ envAllowlist?: string[];
93
+ /**
94
+ * 允许写入的路径集合。
95
+ *
96
+ * 说明(中文)
97
+ * - 路径可以是绝对路径,也可以是相对 `rootPath` 的相对路径。
98
+ * - 当前版本会把越出 `rootPath` 的路径裁掉,避免把宿主文件系统重新暴露回去。
99
+ */
100
+ writablePaths?: string[];
101
+ /**
102
+ * 当前 sandbox 的网络模式。
103
+ *
104
+ * 说明(中文)
105
+ * - 默认建议使用 `off`。
106
+ * - `restricted` 先保留为受限网络语义占位,当前实现会按保守策略处理。
107
+ */
108
+ networkMode?: SandboxNetworkMode;
109
+ }
110
+ /**
111
+ * console 模块中保存的 agent sandbox 配置记录。
112
+ */
113
+ export interface AgentSandboxConfigRecord {
114
+ /**
115
+ * 当前 agent 的稳定标识。
116
+ *
117
+ * 说明(中文)
118
+ * - 当前建议直接使用 agent 项目根目录绝对路径。
119
+ */
120
+ agentId: string;
121
+ /**
122
+ * 当前 agent 使用的 sandbox 配置。
123
+ */
124
+ config: SandboxConfig;
125
+ /**
126
+ * 最近更新时间(ISO8601)。
127
+ */
128
+ updatedAt: string;
129
+ }
130
+ //# sourceMappingURL=Sandbox.d.ts.map
package/bin/sandbox/types/Sandbox.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"Sandbox.d.ts","sourceRoot":"","sources":["../../../src/sandbox/types/Sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;;;GAOG;AACH,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,YAAY,GAAG,MAAM,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,MAAM,qBAAqB,GAAG,IAAI,GAAG,IAAI,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,EAAE,qBAAqB,CAAC;IAE9B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;OAKG;IACH,YAAY,EAAE,MAAM,EAAE,CAAC;IAEvB;;;;;;OAMG;IACH,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;CACjC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;;OAKG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;CACnB"}
package/bin/sandbox/types/Sandbox.js ADDED
@@ -0,0 +1,10 @@
1
+ /**
2
+ * Sandbox 共享类型定义。
3
+ *
4
+ * 关键点(中文)
5
+ * - 这里放的是 console 模块与 agent 执行层都会使用的最小 sandbox 协议。
6
+ * - 当前版本不引入复杂 profile / binding / permission 模型,只表达“命令执行边界”。
7
+ * - 运行时句柄与状态化 session 类型放在 `src/sandbox/types/`。
8
+ */
9
+ export {};
10
+ //# sourceMappingURL=Sandbox.js.map
package/bin/sandbox/types/Sandbox.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"Sandbox.js","sourceRoot":"","sources":["../../../src/sandbox/types/Sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}