@geminixiang/mama 0.2.0-beta.0 → 0.2.0-beta.2

package/dist/sandbox/image.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"image.js","sourceRoot":"","sources":["../../src/sandbox/image.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,YAAY,CAAC,qEAAqE,CAAC,CAAC;IAChG,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,MAA0B;IACnE,IAAI,CAAC;QACH,MAAM,UAAU,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,YAAY,CAAC,+CAA+C,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,6CAA6C,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAuC;IACrE,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,oBAAoB;IAC3B,QAAQ,EAAE,oBAAoB;IAC9B,cAAc,EAAE,GAAG,EAAE;QACnB,MAAM,IAAI,YAAY,CAAC,oEAAoE,CAAC,CAAC;IAC/F,CAAC;CACF,CAAC","sourcesContent":["import type { ImageSandboxConfig, SandboxAdapter } from \"./types.js\";\nimport { SandboxError } from \"./errors.js\";\nimport { execSimple } from \"./utils.js\";\n\nexport function parseImageSandboxArg(value: string): ImageSandboxConfig | undefined {\n  if (!value.startsWith(\"image:\")) {\n    return undefined;\n  }\n\n  const image = value.slice(\"image:\".length);\n  if (!image) {\n    throw new SandboxError(\"Error: image sandbox requires image name (e.g., image:ubuntu:24.04)\");\n  }\n  return { type: \"image\", image };\n}\n\nexport async function validateImageSandbox(config: ImageSandboxConfig): Promise<void> {\n  try {\n    await execSimple(\"docker\", [\"--version\"]);\n  } catch {\n    throw new SandboxError(\"Error: Docker is not installed or not in PATH\");\n  }\n  console.log(`  Image auto-provisioning enabled. Image: ${config.image}`);\n}\n\nexport const imageSandboxAdapter: SandboxAdapter<ImageSandboxConfig> = {\n  type: \"image\",\n  parse: parseImageSandboxArg,\n  validate: validateImageSandbox,\n  createExecutor: () => {\n    throw new SandboxError(\"Error: image sandbox must resolve to a concrete container executor\");\n  },\n};\n"]}

package/dist/sandbox/index.d.ts

@@ -0,0 +1,20 @@
+import { ContainerExecutor } from "./container.js";
+import { FirecrackerExecutor } from "./firecracker.js";
+import { HostExecutor } from "./host.js";
+import type { Executor, SandboxAdapter, SandboxConfig } from "./types.js";
+export type { ContainerSandboxConfig, ExecOptions, ExecResult, Executor, FirecrackerSandboxConfig, HostSandboxConfig, ImageSandboxConfig, SandboxAdapter, SandboxConfig, } from "./types.js";
+export { ContainerExecutor, FirecrackerExecutor, HostExecutor };
+export { SandboxError } from "./errors.js";
+export { buildContainerExecCommand, containerSandboxAdapter, parseContainerSandboxArg, validateContainerSandbox, } from "./container.js";
+export { firecrackerSandboxAdapter, parseFirecrackerSandboxArg, validateFirecrackerSandbox, } from "./firecracker.js";
+export { hostSandboxAdapter, parseHostSandboxArg, validateHostSandbox } from "./host.js";
+export { imageSandboxAdapter, parseImageSandboxArg, validateImageSandbox } from "./image.js";
+declare const sandboxAdapters: readonly [SandboxAdapter<import("./types.js").HostSandboxConfig>, SandboxAdapter<import("./types.js").ContainerSandboxConfig>, SandboxAdapter<import("./types.js").ImageSandboxConfig>, SandboxAdapter<import("./types.js").FirecrackerSandboxConfig>];
+export declare function getSandboxAdapters(): readonly [...typeof sandboxAdapters];
+export declare function parseSandboxArg(value: string): SandboxConfig;
+export declare function validateSandbox(config: SandboxConfig): Promise<void>;
+/**
+ * Create an executor that runs commands on host, in a Docker container, or in a Firecracker VM.
+ */
+export declare function createExecutor(config: SandboxConfig, env?: Record<string, string>, ensureReady?: () => Promise<void>): Executor;
+//# sourceMappingURL=index.d.ts.map

package/dist/sandbox/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EAIlB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,mBAAmB,EAIpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EAIb,MAAM,WAAW,CAAC;AAGnB,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE1E,YAAY,EACV,sBAAsB,EACtB,WAAW,EACX,UAAU,EACV,QAAQ,EACR,wBAAwB,EACxB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,aAAa,GACd,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,yBAAyB,EACzB,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAE7F,QAAA,MAAM,eAAe,wPAKX,CAAC;AAKX,wBAAgB,kBAAkB,IAAI,SAAS,CAAC,GAAG,OAAO,eAAe,CAAC,CAEzE;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CAiB5D;AAED,wBAAsB,eAAe,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAO1E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,aAAa,EACrB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,WAAW,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAChC,QAAQ,CAMV","sourcesContent":["import {\n  ContainerExecutor,\n  containerSandboxAdapter,\n  parseContainerSandboxArg,\n  validateContainerSandbox,\n} from \"./container.js\";\nimport {\n  FirecrackerExecutor,\n  firecrackerSandboxAdapter,\n  parseFirecrackerSandboxArg,\n  validateFirecrackerSandbox,\n} from \"./firecracker.js\";\nimport {\n  HostExecutor,\n  hostSandboxAdapter,\n  parseHostSandboxArg,\n  validateHostSandbox,\n} from \"./host.js\";\nimport { imageSandboxAdapter, parseImageSandboxArg, validateImageSandbox } from \"./image.js\";\nimport { SandboxError } from \"./errors.js\";\nimport type { Executor, SandboxAdapter, SandboxConfig } from \"./types.js\";\n\nexport type {\n  ContainerSandboxConfig,\n  ExecOptions,\n  ExecResult,\n  Executor,\n  FirecrackerSandboxConfig,\n  HostSandboxConfig,\n  ImageSandboxConfig,\n  SandboxAdapter,\n  SandboxConfig,\n} from \"./types.js\";\nexport { ContainerExecutor, FirecrackerExecutor, HostExecutor };\nexport { SandboxError } from \"./errors.js\";\nexport {\n  buildContainerExecCommand,\n  containerSandboxAdapter,\n  parseContainerSandboxArg,\n  validateContainerSandbox,\n} from \"./container.js\";\nexport {\n  firecrackerSandboxAdapter,\n  parseFirecrackerSandboxArg,\n  validateFirecrackerSandbox,\n} from \"./firecracker.js\";\nexport { hostSandboxAdapter, parseHostSandboxArg, validateHostSandbox } from \"./host.js\";\nexport { imageSandboxAdapter, parseImageSandboxArg, validateImageSandbox } from \"./image.js\";\n\nconst sandboxAdapters = [\n  hostSandboxAdapter,\n  containerSandboxAdapter,\n  imageSandboxAdapter,\n  firecrackerSandboxAdapter,\n] as const;\nconst sandboxAdapterByType = new Map(\n  sandboxAdapters.map((adapter) => [adapter.type, adapter]),\n) as Map<SandboxConfig[\"type\"], SandboxAdapter>;\n\nexport function getSandboxAdapters(): readonly [...typeof sandboxAdapters] {\n  return sandboxAdapters;\n}\n\nexport function parseSandboxArg(value: string): SandboxConfig {\n  for (const adapter of sandboxAdapters) {\n    const config = adapter.parse(value);\n    if (config) {\n      return config;\n    }\n  }\n\n  if (value.startsWith(\"docker:\")) {\n    throw new SandboxError(\n      `Error: '${value}' is not supported. Use 'container:<container-name>' for the shared-container mode or 'image:<image-name>' for mama-managed per-user containers.`,\n    );\n  }\n\n  throw new SandboxError(\n    `Error: Invalid sandbox type '${value}'. Use 'host', 'container:<container-name>', 'image:<image-name>', or 'firecracker:<vm-id>:<host-path>'`,\n  );\n}\n\nexport async function validateSandbox(config: SandboxConfig): Promise<void> {\n  const adapter = sandboxAdapterByType.get(config.type);\n  if (!adapter) {\n    throw new SandboxError(`Error: Unsupported sandbox type '${config.type}'`);\n  }\n\n  await adapter.validate(config);\n}\n\n/**\n * Create an executor that runs commands on host, in a Docker container, or in a Firecracker VM.\n */\nexport function createExecutor(\n  config: SandboxConfig,\n  env?: Record<string, string>,\n  ensureReady?: () => Promise<void>,\n): Executor {\n  const adapter = sandboxAdapterByType.get(config.type);\n  if (!adapter) {\n    throw new SandboxError(`Error: Unsupported sandbox type '${config.type}'`);\n  }\n  return adapter.createExecutor(config, env, ensureReady);\n}\n"]}

package/dist/sandbox/index.js

@@ -0,0 +1,51 @@
+import { ContainerExecutor, containerSandboxAdapter, } from "./container.js";
+import { FirecrackerExecutor, firecrackerSandboxAdapter, } from "./firecracker.js";
+import { HostExecutor, hostSandboxAdapter, } from "./host.js";
+import { imageSandboxAdapter } from "./image.js";
+import { SandboxError } from "./errors.js";
+export { ContainerExecutor, FirecrackerExecutor, HostExecutor };
+export { SandboxError } from "./errors.js";
+export { buildContainerExecCommand, containerSandboxAdapter, parseContainerSandboxArg, validateContainerSandbox, } from "./container.js";
+export { firecrackerSandboxAdapter, parseFirecrackerSandboxArg, validateFirecrackerSandbox, } from "./firecracker.js";
+export { hostSandboxAdapter, parseHostSandboxArg, validateHostSandbox } from "./host.js";
+export { imageSandboxAdapter, parseImageSandboxArg, validateImageSandbox } from "./image.js";
+const sandboxAdapters = [
+    hostSandboxAdapter,
+    containerSandboxAdapter,
+    imageSandboxAdapter,
+    firecrackerSandboxAdapter,
+];
+const sandboxAdapterByType = new Map(sandboxAdapters.map((adapter) => [adapter.type, adapter]));
+export function getSandboxAdapters() {
+    return sandboxAdapters;
+}
+export function parseSandboxArg(value) {
+    for (const adapter of sandboxAdapters) {
+        const config = adapter.parse(value);
+        if (config) {
+            return config;
+        }
+    }
+    if (value.startsWith("docker:")) {
+        throw new SandboxError(`Error: '${value}' is not supported. Use 'container:<container-name>' for the shared-container mode or 'image:<image-name>' for mama-managed per-user containers.`);
+    }
+    throw new SandboxError(`Error: Invalid sandbox type '${value}'. Use 'host', 'container:<container-name>', 'image:<image-name>', or 'firecracker:<vm-id>:<host-path>'`);
+}
+export async function validateSandbox(config) {
+    const adapter = sandboxAdapterByType.get(config.type);
+    if (!adapter) {
+        throw new SandboxError(`Error: Unsupported sandbox type '${config.type}'`);
+    }
+    await adapter.validate(config);
+}
+/**
+ * Create an executor that runs commands on host, in a Docker container, or in a Firecracker VM.
+ */
+export function createExecutor(config, env, ensureReady) {
+    const adapter = sandboxAdapterByType.get(config.type);
+    if (!adapter) {
+        throw new SandboxError(`Error: Unsupported sandbox type '${config.type}'`);
+    }
+    return adapter.createExecutor(config, env, ensureReady);
+}
+//# sourceMappingURL=index.js.map

package/dist/sandbox/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EACjB,uBAAuB,GAGxB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,GAG1B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,kBAAkB,GAGnB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,mBAAmB,EAA8C,MAAM,YAAY,CAAC;AAC7F,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAc3C,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,yBAAyB,EACzB,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAE7F,MAAM,eAAe,GAAG;IACtB,kBAAkB;IAClB,uBAAuB;IACvB,mBAAmB;IACnB,yBAAyB;CACjB,CAAC;AACX,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CACZ,CAAC;AAEhD,MAAM,UAAU,kBAAkB;IAChC,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,YAAY,CACpB,WAAW,KAAK,kJAAkJ,CACnK,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,YAAY,CACpB,gCAAgC,KAAK,yGAAyG,CAC/I,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,MAAqB;IACzD,MAAM,OAAO,GAAG,oBAAoB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,YAAY,CAAC,oCAAoC,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,MAAqB,EACrB,GAA4B,EAC5B,WAAiC;IAEjC,MAAM,OAAO,GAAG,oBAAoB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,YAAY,CAAC,oCAAoC,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,OAAO,CAAC,cAAc,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;AAC1D,CAAC","sourcesContent":["import {\n  ContainerExecutor,\n  containerSandboxAdapter,\n  parseContainerSandboxArg,\n  validateContainerSandbox,\n} from \"./container.js\";\nimport {\n  FirecrackerExecutor,\n  firecrackerSandboxAdapter,\n  parseFirecrackerSandboxArg,\n  validateFirecrackerSandbox,\n} from \"./firecracker.js\";\nimport {\n  HostExecutor,\n  hostSandboxAdapter,\n  parseHostSandboxArg,\n  validateHostSandbox,\n} from \"./host.js\";\nimport { imageSandboxAdapter, parseImageSandboxArg, validateImageSandbox } from \"./image.js\";\nimport { SandboxError } from \"./errors.js\";\nimport type { Executor, SandboxAdapter, SandboxConfig } from \"./types.js\";\n\nexport type {\n  ContainerSandboxConfig,\n  ExecOptions,\n  ExecResult,\n  Executor,\n  FirecrackerSandboxConfig,\n  HostSandboxConfig,\n  ImageSandboxConfig,\n  SandboxAdapter,\n  SandboxConfig,\n} from \"./types.js\";\nexport { ContainerExecutor, FirecrackerExecutor, HostExecutor };\nexport { SandboxError } from \"./errors.js\";\nexport {\n  buildContainerExecCommand,\n  containerSandboxAdapter,\n  parseContainerSandboxArg,\n  validateContainerSandbox,\n} from \"./container.js\";\nexport {\n  firecrackerSandboxAdapter,\n  parseFirecrackerSandboxArg,\n  validateFirecrackerSandbox,\n} from \"./firecracker.js\";\nexport { hostSandboxAdapter, parseHostSandboxArg, validateHostSandbox } from \"./host.js\";\nexport { imageSandboxAdapter, parseImageSandboxArg, validateImageSandbox } from \"./image.js\";\n\nconst sandboxAdapters = [\n  hostSandboxAdapter,\n  containerSandboxAdapter,\n  imageSandboxAdapter,\n  firecrackerSandboxAdapter,\n] as const;\nconst sandboxAdapterByType = new Map(\n  sandboxAdapters.map((adapter) => [adapter.type, adapter]),\n) as Map<SandboxConfig[\"type\"], SandboxAdapter>;\n\nexport function getSandboxAdapters(): readonly [...typeof sandboxAdapters] {\n  return sandboxAdapters;\n}\n\nexport function parseSandboxArg(value: string): SandboxConfig {\n  for (const adapter of sandboxAdapters) {\n    const config = adapter.parse(value);\n    if (config) {\n      return config;\n    }\n  }\n\n  if (value.startsWith(\"docker:\")) {\n    throw new SandboxError(\n      `Error: '${value}' is not supported. Use 'container:<container-name>' for the shared-container mode or 'image:<image-name>' for mama-managed per-user containers.`,\n    );\n  }\n\n  throw new SandboxError(\n    `Error: Invalid sandbox type '${value}'. Use 'host', 'container:<container-name>', 'image:<image-name>', or 'firecracker:<vm-id>:<host-path>'`,\n  );\n}\n\nexport async function validateSandbox(config: SandboxConfig): Promise<void> {\n  const adapter = sandboxAdapterByType.get(config.type);\n  if (!adapter) {\n    throw new SandboxError(`Error: Unsupported sandbox type '${config.type}'`);\n  }\n\n  await adapter.validate(config);\n}\n\n/**\n * Create an executor that runs commands on host, in a Docker container, or in a Firecracker VM.\n */\nexport function createExecutor(\n  config: SandboxConfig,\n  env?: Record<string, string>,\n  ensureReady?: () => Promise<void>,\n): Executor {\n  const adapter = sandboxAdapterByType.get(config.type);\n  if (!adapter) {\n    throw new SandboxError(`Error: Unsupported sandbox type '${config.type}'`);\n  }\n  return adapter.createExecutor(config, env, ensureReady);\n}\n"]}

package/dist/sandbox/types.d.ts

@@ -0,0 +1,51 @@
+export type SandboxConfig = HostSandboxConfig | ContainerSandboxConfig | ImageSandboxConfig | FirecrackerSandboxConfig;
+export interface HostSandboxConfig {
+    type: "host";
+}
+export interface ContainerSandboxConfig {
+    type: "container";
+    container: string;
+}
+export interface ImageSandboxConfig {
+    type: "image";
+    image: string;
+}
+export interface FirecrackerSandboxConfig {
+    type: "firecracker";
+    vmId: string;
+    hostPath: string;
+    sshUser?: string;
+    sshPort?: number;
+}
+export interface Executor {
+    /**
+     * Execute a bash command.
+     */
+    exec(command: string, options?: ExecOptions): Promise<ExecResult>;
+    /**
+     * Get the workspace path prefix for this executor.
+     * Host: returns the actual path.
+     * Container/Firecracker: returns /workspace.
+     */
+    getWorkspacePath(hostPath: string): string;
+    /**
+     * Get the current sandbox config used by this executor.
+     */
+    getSandboxConfig(): SandboxConfig;
+}
+export interface ExecOptions {
+    timeout?: number;
+    signal?: AbortSignal;
+}
+export interface ExecResult {
+    stdout: string;
+    stderr: string;
+    code: number;
+}
+export interface SandboxAdapter<TConfig extends SandboxConfig = SandboxConfig> {
+    type: TConfig["type"];
+    parse(value: string): TConfig | undefined;
+    validate(config: TConfig): Promise<void>;
+    createExecutor(config: TConfig, env?: Record<string, string>, ensureReady?: () => Promise<void>): Executor;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/sandbox/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/sandbox/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GACrB,iBAAiB,GACjB,sBAAsB,GACtB,kBAAkB,GAClB,wBAAwB,CAAC;AAE7B,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,WAAW,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,aAAa,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAElE;;;;OAIG;IACH,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC;IAE3C;;OAEG;IACH,gBAAgB,IAAI,aAAa,CAAC;CACnC;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc,CAAC,OAAO,SAAS,aAAa,GAAG,aAAa;IAC3E,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IACtB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;IAC1C,QAAQ,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,cAAc,CACZ,MAAM,EAAE,OAAO,EACf,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,WAAW,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAChC,QAAQ,CAAC;CACb","sourcesContent":["export type SandboxConfig =\n  | HostSandboxConfig\n  | ContainerSandboxConfig\n  | ImageSandboxConfig\n  | FirecrackerSandboxConfig;\n\nexport interface HostSandboxConfig {\n  type: \"host\";\n}\n\nexport interface ContainerSandboxConfig {\n  type: \"container\";\n  container: string;\n}\n\nexport interface ImageSandboxConfig {\n  type: \"image\";\n  image: string;\n}\n\nexport interface FirecrackerSandboxConfig {\n  type: \"firecracker\";\n  vmId: string;\n  hostPath: string;\n  sshUser?: string;\n  sshPort?: number;\n}\n\nexport interface Executor {\n  /**\n   * Execute a bash command.\n   */\n  exec(command: string, options?: ExecOptions): Promise<ExecResult>;\n\n  /**\n   * Get the workspace path prefix for this executor.\n   * Host: returns the actual path.\n   * Container/Firecracker: returns /workspace.\n   */\n  getWorkspacePath(hostPath: string): string;\n\n  /**\n   * Get the current sandbox config used by this executor.\n   */\n  getSandboxConfig(): SandboxConfig;\n}\n\nexport interface ExecOptions {\n  timeout?: number;\n  signal?: AbortSignal;\n}\n\nexport interface ExecResult {\n  stdout: string;\n  stderr: string;\n  code: number;\n}\n\nexport interface SandboxAdapter<TConfig extends SandboxConfig = SandboxConfig> {\n  type: TConfig[\"type\"];\n  parse(value: string): TConfig | undefined;\n  validate(config: TConfig): Promise<void>;\n  createExecutor(\n    config: TConfig,\n    env?: Record<string, string>,\n    ensureReady?: () => Promise<void>,\n  ): Executor;\n}\n"]}

package/dist/sandbox/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/sandbox/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/sandbox/types.ts"],"names":[],"mappings":"","sourcesContent":["export type SandboxConfig =\n  | HostSandboxConfig\n  | ContainerSandboxConfig\n  | ImageSandboxConfig\n  | FirecrackerSandboxConfig;\n\nexport interface HostSandboxConfig {\n  type: \"host\";\n}\n\nexport interface ContainerSandboxConfig {\n  type: \"container\";\n  container: string;\n}\n\nexport interface ImageSandboxConfig {\n  type: \"image\";\n  image: string;\n}\n\nexport interface FirecrackerSandboxConfig {\n  type: \"firecracker\";\n  vmId: string;\n  hostPath: string;\n  sshUser?: string;\n  sshPort?: number;\n}\n\nexport interface Executor {\n  /**\n   * Execute a bash command.\n   */\n  exec(command: string, options?: ExecOptions): Promise<ExecResult>;\n\n  /**\n   * Get the workspace path prefix for this executor.\n   * Host: returns the actual path.\n   * Container/Firecracker: returns /workspace.\n   */\n  getWorkspacePath(hostPath: string): string;\n\n  /**\n   * Get the current sandbox config used by this executor.\n   */\n  getSandboxConfig(): SandboxConfig;\n}\n\nexport interface ExecOptions {\n  timeout?: number;\n  signal?: AbortSignal;\n}\n\nexport interface ExecResult {\n  stdout: string;\n  stderr: string;\n  code: number;\n}\n\nexport interface SandboxAdapter<TConfig extends SandboxConfig = SandboxConfig> {\n  type: TConfig[\"type\"];\n  parse(value: string): TConfig | undefined;\n  validate(config: TConfig): Promise<void>;\n  createExecutor(\n    config: TConfig,\n    env?: Record<string, string>,\n    ensureReady?: () => Promise<void>,\n  ): Executor;\n}\n"]}

package/dist/sandbox/utils.d.ts

@@ -0,0 +1,4 @@
+export declare function execSimple(cmd: string, args: string[]): Promise<string>;
+export declare function killProcessTree(pid: number): void;
+export declare function shellEscape(s: string): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/sandbox/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/sandbox/utils.ts"],"names":[],"mappings":"AAEA,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAgBvE;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAqBjD;AAED,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAG7C","sourcesContent":["import { spawn } from \"child_process\";\n\nexport function execSimple(cmd: string, args: string[]): Promise<string> {\n  return new Promise((resolve, reject) => {\n    const child = spawn(cmd, args, { stdio: [\"ignore\", \"pipe\", \"pipe\"] });\n    let stdout = \"\";\n    let stderr = \"\";\n    child.stdout?.on(\"data\", (d) => {\n      stdout += d;\n    });\n    child.stderr?.on(\"data\", (d) => {\n      stderr += d;\n    });\n    child.on(\"close\", (code) => {\n      if (code === 0) resolve(stdout);\n      else reject(new Error(stderr || `Exit code ${code}`));\n    });\n  });\n}\n\nexport function killProcessTree(pid: number): void {\n  if (process.platform === \"win32\") {\n    try {\n      spawn(\"taskkill\", [\"/F\", \"/T\", \"/PID\", String(pid)], {\n        stdio: \"ignore\",\n        detached: true,\n      });\n    } catch {\n      // Ignore errors\n    }\n  } else {\n    try {\n      process.kill(-pid, \"SIGKILL\");\n    } catch {\n      try {\n        process.kill(pid, \"SIGKILL\");\n      } catch {\n        // Process already dead\n      }\n    }\n  }\n}\n\nexport function shellEscape(s: string): string {\n  // Escape for passing to sh -c\n  return `'${s.replace(/'/g, \"'\\\\''\")}'`;\n}\n"]}

package/dist/sandbox/utils.js

@@ -0,0 +1,51 @@
+import { spawn } from "child_process";
+export function execSimple(cmd, args) {
+    return new Promise((resolve, reject) => {
+        const child = spawn(cmd, args, { stdio: ["ignore", "pipe", "pipe"] });
+        let stdout = "";
+        let stderr = "";
+        child.stdout?.on("data", (d) => {
+            stdout += d;
+        });
+        child.stderr?.on("data", (d) => {
+            stderr += d;
+        });
+        child.on("close", (code) => {
+            if (code === 0)
+                resolve(stdout);
+            else
+                reject(new Error(stderr || `Exit code ${code}`));
+        });
+    });
+}
+export function killProcessTree(pid) {
+    if (process.platform === "win32") {
+        try {
+            spawn("taskkill", ["/F", "/T", "/PID", String(pid)], {
+                stdio: "ignore",
+                detached: true,
+            });
+        }
+        catch {
+            // Ignore errors
+        }
+    }
+    else {
+        try {
+            process.kill(-pid, "SIGKILL");
+        }
+        catch {
+            try {
+                process.kill(pid, "SIGKILL");
+            }
+            catch {
+                // Process already dead
+            }
+        }
+    }
+}
+export function shellEscape(s) {
+    // Escape for passing to sh -c
+    return `'${s.replace(/'/g, "'\\''")}'`;
+}
+//# sourceMappingURL=utils.js.map

package/dist/sandbox/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/sandbox/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAEtC,MAAM,UAAU,UAAU,CAAC,GAAW,EAAE,IAAc;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACtE,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE;YAC7B,MAAM,IAAI,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE;YAC7B,MAAM,IAAI,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,CAAC,MAAM,CAAC,CAAC;;gBAC3B,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,IAAI,aAAa,IAAI,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,KAAK,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE;gBACnD,KAAK,EAAE,QAAQ;gBACf,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,CAAS;IACnC,8BAA8B;IAC9B,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;AACzC,CAAC","sourcesContent":["import { spawn } from \"child_process\";\n\nexport function execSimple(cmd: string, args: string[]): Promise<string> {\n  return new Promise((resolve, reject) => {\n    const child = spawn(cmd, args, { stdio: [\"ignore\", \"pipe\", \"pipe\"] });\n    let stdout = \"\";\n    let stderr = \"\";\n    child.stdout?.on(\"data\", (d) => {\n      stdout += d;\n    });\n    child.stderr?.on(\"data\", (d) => {\n      stderr += d;\n    });\n    child.on(\"close\", (code) => {\n      if (code === 0) resolve(stdout);\n      else reject(new Error(stderr || `Exit code ${code}`));\n    });\n  });\n}\n\nexport function killProcessTree(pid: number): void {\n  if (process.platform === \"win32\") {\n    try {\n      spawn(\"taskkill\", [\"/F\", \"/T\", \"/PID\", String(pid)], {\n        stdio: \"ignore\",\n        detached: true,\n      });\n    } catch {\n      // Ignore errors\n    }\n  } else {\n    try {\n      process.kill(-pid, \"SIGKILL\");\n    } catch {\n      try {\n        process.kill(pid, \"SIGKILL\");\n      } catch {\n        // Process already dead\n      }\n    }\n  }\n}\n\nexport function shellEscape(s: string): string {\n  // Escape for passing to sh -c\n  return `'${s.replace(/'/g, \"'\\\\''\")}'`;\n}\n"]}

package/dist/sandbox.d.ts

@@ -1,40 +1,2 @@
-export type SandboxConfig = {
-    type: "host";
-} | {
-    type: "docker";
-    container: string;
-} | {
-    type: "firecracker";
-    vmId: string;
-    hostPath: string;
-    sshUser?: string;
-    sshPort?: number;
-};
-export declare function parseSandboxArg(value: string): SandboxConfig;
-export declare function validateSandbox(config: SandboxConfig): Promise<void>;
-/**
- * Create an executor that runs commands either on host, in Docker container, or in Firecracker VM
- */
-export declare function createExecutor(config: SandboxConfig): Executor;
-export interface Executor {
-    /**
-     * Execute a bash command
-     */
-    exec(command: string, options?: ExecOptions): Promise<ExecResult>;
-    /**
-     * Get the workspace path prefix for this executor
-     * Host: returns the actual path
-     * Docker: returns /workspace
-     */
-    getWorkspacePath(hostPath: string): string;
-}
-export interface ExecOptions {
-    timeout?: number;
-    signal?: AbortSignal;
-}
-export interface ExecResult {
-    stdout: string;
-    stderr: string;
-    code: number;
-}
+export * from "./sandbox/index.js";
 //# sourceMappingURL=sandbox.d.ts.map

package/dist/sandbox.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,aAAa,GACrB;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,GAChB;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GACrC;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEhG,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CA8C5D;AAED,wBAAsB,eAAe,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAmF1E;AAoBD;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,QAAQ,CAQ9D;AAED,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAElE;;;;OAIG;IACH,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC;CAC5C;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;CACd","sourcesContent":["import { spawn } from \"child_process\";\n\nexport type SandboxConfig =\n  | { type: \"host\" }\n  | { type: \"docker\"; container: string }\n  | { type: \"firecracker\"; vmId: string; hostPath: string; sshUser?: string; sshPort?: number };\n\nexport function parseSandboxArg(value: string): SandboxConfig {\n  if (value === \"host\") {\n    return { type: \"host\" };\n  }\n  if (value.startsWith(\"docker:\")) {\n    const container = value.slice(\"docker:\".length);\n    if (!container) {\n      console.error(\"Error: docker sandbox requires container name (e.g., docker:mama-sandbox)\");\n      process.exit(1);\n    }\n    return { type: \"docker\", container };\n  }\n  if (value.startsWith(\"firecracker:\")) {\n    const arg = value.slice(\"firecracker:\".length);\n    // Format: firecracker:<vm-id>:<host-path>[:<ssh-user>[:<ssh-port>]]\n    // Example: firecracker:vm1:/home/user/workspace\n    //          firecracker:vm1:/home/user/workspace:root\n    //          firecracker:vm1:/home/user/workspace:root:22\n    const parts = arg.split(\":\");\n    if (parts.length < 2) {\n      console.error(\n        \"Error: firecracker sandbox requires vm-id and host-path\\n\" +\n          \"Usage: firecracker:<vm-id>:<host-path>[:<ssh-user>[:<ssh-port>]]\\n\" +\n          \"Example: firecracker:vm1:/home/user/workspace\",\n      );\n      process.exit(1);\n    }\n    const vmId = parts[0];\n    const hostPath = parts[1];\n    const sshUser = parts[2] || \"root\";\n    const sshPort = parts[3] ? parseInt(parts[3], 10) : 22;\n\n    if (!vmId || !hostPath) {\n      console.error(\"Error: firecracker sandbox requires vm-id and host-path\");\n      process.exit(1);\n    }\n    if (isNaN(sshPort) || sshPort <= 0 || sshPort > 65535) {\n      console.error(\"Error: invalid SSH port\");\n      process.exit(1);\n    }\n    return { type: \"firecracker\", vmId, hostPath, sshUser, sshPort };\n  }\n  console.error(\n    `Error: Invalid sandbox type '${value}'. Use 'host', 'docker:<container-name>', or 'firecracker:<vm-id>:<host-path>'`,\n  );\n  process.exit(1);\n}\n\nexport async function validateSandbox(config: SandboxConfig): Promise<void> {\n  if (config.type === \"host\") {\n    return;\n  }\n\n  if (config.type === \"docker\") {\n    // Check if Docker is available\n    try {\n      await execSimple(\"docker\", [\"--version\"]);\n    } catch {\n      console.error(\"Error: Docker is not installed or not in PATH\");\n      process.exit(1);\n    }\n\n    // Check if container exists and is running\n    try {\n      const result = await execSimple(\"docker\", [\n        \"inspect\",\n        \"-f\",\n        \"{{.State.Running}}\",\n        config.container,\n      ]);\n      if (result.trim() !== \"true\") {\n        console.error(`Error: Container '${config.container}' is not running.`);\n        console.error(`Start it with: docker start ${config.container}`);\n        process.exit(1);\n      }\n    } catch {\n      console.error(`Error: Container '${config.container}' does not exist.`);\n      console.error(\"Create it with: ./docker.sh create <data-dir>\");\n      process.exit(1);\n    }\n\n    console.log(`  Docker container '${config.container}' is running.`);\n    return;\n  }\n\n  if (config.type === \"firecracker\") {\n    // Check if fc-agent or firecracker CLI is available\n    try {\n      await execSimple(\"fc-agent\", [\"--version\"]);\n    } catch {\n      // Try alternative: firecracker\n      try {\n        await execSimple(\"firecracker\", [\"--version\"]);\n      } catch {\n        console.error(\"Error: Firecracker tools (fc-agent or firecracker) not found in PATH\");\n        console.error(\"Install firecracker: https://github.com/firecracker-microvm/firecracker\");\n        process.exit(1);\n      }\n    }\n\n    // Check if VM is running using fc-agent\n    try {\n      const result = await execSimple(\"fc-agent\", [\"status\", config.vmId]);\n      if (!result.includes(\"running\") && !result.includes(\"Running\")) {\n        console.error(`Error: Firecracker VM '${config.vmId}' is not running.`);\n        console.error(`Start it with: fc-agent start ${config.vmId}`);\n        process.exit(1);\n      }\n    } catch {\n      // Try alternative: firecracker-ctl or direct check\n      try {\n        await execSimple(\"firecracker-ctl\", [\"status\", config.vmId]);\n      } catch {\n        console.error(`Warning: Could not verify if VM '${config.vmId}' is running.`);\n        console.error(\"Make sure the VM is started before running mama.\");\n      }\n    }\n\n    // Verify host path exists\n    try {\n      await execSimple(\"ls\", [\"-d\", config.hostPath]);\n    } catch {\n      console.error(`Error: Host path '${config.hostPath}' does not exist.`);\n      process.exit(1);\n    }\n\n    console.log(\n      `  Firecracker VM '${config.vmId}' configured with workspace '${config.hostPath}'.`,\n    );\n    return;\n  }\n}\n\nfunction execSimple(cmd: string, args: string[]): Promise<string> {\n  return new Promise((resolve, reject) => {\n    const child = spawn(cmd, args, { stdio: [\"ignore\", \"pipe\", \"pipe\"] });\n    let stdout = \"\";\n    let stderr = \"\";\n    child.stdout?.on(\"data\", (d) => {\n      stdout += d;\n    });\n    child.stderr?.on(\"data\", (d) => {\n      stderr += d;\n    });\n    child.on(\"close\", (code) => {\n      if (code === 0) resolve(stdout);\n      else reject(new Error(stderr || `Exit code ${code}`));\n    });\n  });\n}\n\n/**\n * Create an executor that runs commands either on host, in Docker container, or in Firecracker VM\n */\nexport function createExecutor(config: SandboxConfig): Executor {\n  if (config.type === \"host\") {\n    return new HostExecutor();\n  }\n  if (config.type === \"docker\") {\n    return new DockerExecutor(config.container);\n  }\n  return new FirecrackerExecutor(config.vmId, config.hostPath, config.sshUser, config.sshPort);\n}\n\nexport interface Executor {\n  /**\n   * Execute a bash command\n   */\n  exec(command: string, options?: ExecOptions): Promise<ExecResult>;\n\n  /**\n   * Get the workspace path prefix for this executor\n   * Host: returns the actual path\n   * Docker: returns /workspace\n   */\n  getWorkspacePath(hostPath: string): string;\n}\n\nexport interface ExecOptions {\n  timeout?: number;\n  signal?: AbortSignal;\n}\n\nexport interface ExecResult {\n  stdout: string;\n  stderr: string;\n  code: number;\n}\n\nclass HostExecutor implements Executor {\n  async exec(command: string, options?: ExecOptions): Promise<ExecResult> {\n    return new Promise((resolve, reject) => {\n      const shell = process.platform === \"win32\" ? \"cmd\" : \"sh\";\n      const shellArgs = process.platform === \"win32\" ? [\"/c\"] : [\"-c\"];\n\n      const child = spawn(shell, [...shellArgs, command], {\n        detached: true,\n        stdio: [\"ignore\", \"pipe\", \"pipe\"],\n      });\n\n      let stdout = \"\";\n      let stderr = \"\";\n      let timedOut = false;\n\n      const timeoutHandle =\n        options?.timeout && options.timeout > 0\n          ? setTimeout(() => {\n              timedOut = true;\n              killProcessTree(child.pid!);\n            }, options.timeout * 1000)\n          : undefined;\n\n      const onAbort = () => {\n        if (child.pid) killProcessTree(child.pid);\n      };\n\n      if (options?.signal) {\n        if (options.signal.aborted) {\n          onAbort();\n        } else {\n          options.signal.addEventListener(\"abort\", onAbort, { once: true });\n        }\n      }\n\n      child.stdout?.on(\"data\", (data) => {\n        stdout += data.toString();\n        if (stdout.length > 10 * 1024 * 1024) {\n          stdout = stdout.slice(0, 10 * 1024 * 1024);\n        }\n      });\n\n      child.stderr?.on(\"data\", (data) => {\n        stderr += data.toString();\n        if (stderr.length > 10 * 1024 * 1024) {\n          stderr = stderr.slice(0, 10 * 1024 * 1024);\n        }\n      });\n\n      child.on(\"close\", (code) => {\n        if (timeoutHandle) clearTimeout(timeoutHandle);\n        if (options?.signal) {\n          options.signal.removeEventListener(\"abort\", onAbort);\n        }\n\n        if (options?.signal?.aborted) {\n          reject(new Error(`${stdout}\\n${stderr}\\nCommand aborted`.trim()));\n          return;\n        }\n\n        if (timedOut) {\n          reject(\n            new Error(\n              `${stdout}\\n${stderr}\\nCommand timed out after ${options?.timeout} seconds`.trim(),\n            ),\n          );\n          return;\n        }\n\n        resolve({ stdout, stderr, code: code ?? 0 });\n      });\n    });\n  }\n\n  getWorkspacePath(hostPath: string): string {\n    return hostPath;\n  }\n}\n\nclass DockerExecutor implements Executor {\n  constructor(private container: string) {}\n\n  async exec(command: string, options?: ExecOptions): Promise<ExecResult> {\n    // Wrap command for docker exec\n    const dockerCmd = `docker exec ${this.container} sh -c ${shellEscape(command)}`;\n    const hostExecutor = new HostExecutor();\n    return hostExecutor.exec(dockerCmd, options);\n  }\n\n  getWorkspacePath(_hostPath: string): string {\n    // Docker container sees /workspace\n    return \"/workspace\";\n  }\n}\n\nclass FirecrackerExecutor implements Executor {\n  constructor(\n    private vmId: string,\n    private hostPath: string,\n    private sshUser: string = \"root\",\n    private sshPort: number = 22,\n  ) {}\n\n  async exec(command: string, options?: ExecOptions): Promise<ExecResult> {\n    // Use direct SSH to execute command in the Firecracker VM\n    // The workspace inside the VM is expected to be mounted at /workspace\n    const sshCmd =\n      this.sshPort === 22\n        ? `ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${this.sshUser}@${this.vmId} sh -c ${shellEscape(command)}`\n        : `ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 -p ${this.sshPort} ${this.sshUser}@${this.vmId} sh -c ${shellEscape(command)}`;\n    const hostExecutor = new HostExecutor();\n    return hostExecutor.exec(sshCmd, options);\n  }\n\n  getWorkspacePath(_hostPath: string): string {\n    // Firecracker VM sees /workspace (assumes hostPath is mounted there)\n    return \"/workspace\";\n  }\n}\n\nfunction killProcessTree(pid: number): void {\n  if (process.platform === \"win32\") {\n    try {\n      spawn(\"taskkill\", [\"/F\", \"/T\", \"/PID\", String(pid)], {\n        stdio: \"ignore\",\n        detached: true,\n      });\n    } catch {\n      // Ignore errors\n    }\n  } else {\n    try {\n      process.kill(-pid, \"SIGKILL\");\n    } catch {\n      try {\n        process.kill(pid, \"SIGKILL\");\n      } catch {\n        // Process already dead\n      }\n    }\n  }\n}\n\nfunction shellEscape(s: string): string {\n  // Escape for passing to sh -c\n  return `'${s.replace(/'/g, \"'\\\\''\")}'`;\n}\n"]}
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC","sourcesContent":["export * from \"./sandbox/index.js\";\n"]}

package/dist/sandbox.js

@@ -1,287 +1,2 @@
-import { spawn } from "child_process";
-export function parseSandboxArg(value) {
-    if (value === "host") {
-        return { type: "host" };
-    }
-    if (value.startsWith("docker:")) {
-        const container = value.slice("docker:".length);
-        if (!container) {
-            console.error("Error: docker sandbox requires container name (e.g., docker:mama-sandbox)");
-            process.exit(1);
-        }
-        return { type: "docker", container };
-    }
-    if (value.startsWith("firecracker:")) {
-        const arg = value.slice("firecracker:".length);
-        // Format: firecracker:<vm-id>:<host-path>[:<ssh-user>[:<ssh-port>]]
-        // Example: firecracker:vm1:/home/user/workspace
-        //          firecracker:vm1:/home/user/workspace:root
-        //          firecracker:vm1:/home/user/workspace:root:22
-        const parts = arg.split(":");
-        if (parts.length < 2) {
-            console.error("Error: firecracker sandbox requires vm-id and host-path\n" +
-                "Usage: firecracker:<vm-id>:<host-path>[:<ssh-user>[:<ssh-port>]]\n" +
-                "Example: firecracker:vm1:/home/user/workspace");
-            process.exit(1);
-        }
-        const vmId = parts[0];
-        const hostPath = parts[1];
-        const sshUser = parts[2] || "root";
-        const sshPort = parts[3] ? parseInt(parts[3], 10) : 22;
-        if (!vmId || !hostPath) {
-            console.error("Error: firecracker sandbox requires vm-id and host-path");
-            process.exit(1);
-        }
-        if (isNaN(sshPort) || sshPort <= 0 || sshPort > 65535) {
-            console.error("Error: invalid SSH port");
-            process.exit(1);
-        }
-        return { type: "firecracker", vmId, hostPath, sshUser, sshPort };
-    }
-    console.error(`Error: Invalid sandbox type '${value}'. Use 'host', 'docker:<container-name>', or 'firecracker:<vm-id>:<host-path>'`);
-    process.exit(1);
-}
-export async function validateSandbox(config) {
-    if (config.type === "host") {
-        return;
-    }
-    if (config.type === "docker") {
-        // Check if Docker is available
-        try {
-            await execSimple("docker", ["--version"]);
-        }
-        catch {
-            console.error("Error: Docker is not installed or not in PATH");
-            process.exit(1);
-        }
-        // Check if container exists and is running
-        try {
-            const result = await execSimple("docker", [
-                "inspect",
-                "-f",
-                "{{.State.Running}}",
-                config.container,
-            ]);
-            if (result.trim() !== "true") {
-                console.error(`Error: Container '${config.container}' is not running.`);
-                console.error(`Start it with: docker start ${config.container}`);
-                process.exit(1);
-            }
-        }
-        catch {
-            console.error(`Error: Container '${config.container}' does not exist.`);
-            console.error("Create it with: ./docker.sh create <data-dir>");
-            process.exit(1);
-        }
-        console.log(`  Docker container '${config.container}' is running.`);
-        return;
-    }
-    if (config.type === "firecracker") {
-        // Check if fc-agent or firecracker CLI is available
-        try {
-            await execSimple("fc-agent", ["--version"]);
-        }
-        catch {
-            // Try alternative: firecracker
-            try {
-                await execSimple("firecracker", ["--version"]);
-            }
-            catch {
-                console.error("Error: Firecracker tools (fc-agent or firecracker) not found in PATH");
-                console.error("Install firecracker: https://github.com/firecracker-microvm/firecracker");
-                process.exit(1);
-            }
-        }
-        // Check if VM is running using fc-agent
-        try {
-            const result = await execSimple("fc-agent", ["status", config.vmId]);
-            if (!result.includes("running") && !result.includes("Running")) {
-                console.error(`Error: Firecracker VM '${config.vmId}' is not running.`);
-                console.error(`Start it with: fc-agent start ${config.vmId}`);
-                process.exit(1);
-            }
-        }
-        catch {
-            // Try alternative: firecracker-ctl or direct check
-            try {
-                await execSimple("firecracker-ctl", ["status", config.vmId]);
-            }
-            catch {
-                console.error(`Warning: Could not verify if VM '${config.vmId}' is running.`);
-                console.error("Make sure the VM is started before running mama.");
-            }
-        }
-        // Verify host path exists
-        try {
-            await execSimple("ls", ["-d", config.hostPath]);
-        }
-        catch {
-            console.error(`Error: Host path '${config.hostPath}' does not exist.`);
-            process.exit(1);
-        }
-        console.log(`  Firecracker VM '${config.vmId}' configured with workspace '${config.hostPath}'.`);
-        return;
-    }
-}
-function execSimple(cmd, args) {
-    return new Promise((resolve, reject) => {
-        const child = spawn(cmd, args, { stdio: ["ignore", "pipe", "pipe"] });
-        let stdout = "";
-        let stderr = "";
-        child.stdout?.on("data", (d) => {
-            stdout += d;
-        });
-        child.stderr?.on("data", (d) => {
-            stderr += d;
-        });
-        child.on("close", (code) => {
-            if (code === 0)
-                resolve(stdout);
-            else
-                reject(new Error(stderr || `Exit code ${code}`));
-        });
-    });
-}
-/**
- * Create an executor that runs commands either on host, in Docker container, or in Firecracker VM
- */
-export function createExecutor(config) {
-    if (config.type === "host") {
-        return new HostExecutor();
-    }
-    if (config.type === "docker") {
-        return new DockerExecutor(config.container);
-    }
-    return new FirecrackerExecutor(config.vmId, config.hostPath, config.sshUser, config.sshPort);
-}
-class HostExecutor {
-    async exec(command, options) {
-        return new Promise((resolve, reject) => {
-            const shell = process.platform === "win32" ? "cmd" : "sh";
-            const shellArgs = process.platform === "win32" ? ["/c"] : ["-c"];
-            const child = spawn(shell, [...shellArgs, command], {
-                detached: true,
-                stdio: ["ignore", "pipe", "pipe"],
-            });
-            let stdout = "";
-            let stderr = "";
-            let timedOut = false;
-            const timeoutHandle = options?.timeout && options.timeout > 0
-                ? setTimeout(() => {
-                    timedOut = true;
-                    killProcessTree(child.pid);
-                }, options.timeout * 1000)
-                : undefined;
-            const onAbort = () => {
-                if (child.pid)
-                    killProcessTree(child.pid);
-            };
-            if (options?.signal) {
-                if (options.signal.aborted) {
-                    onAbort();
-                }
-                else {
-                    options.signal.addEventListener("abort", onAbort, { once: true });
-                }
-            }
-            child.stdout?.on("data", (data) => {
-                stdout += data.toString();
-                if (stdout.length > 10 * 1024 * 1024) {
-                    stdout = stdout.slice(0, 10 * 1024 * 1024);
-                }
-            });
-            child.stderr?.on("data", (data) => {
-                stderr += data.toString();
-                if (stderr.length > 10 * 1024 * 1024) {
-                    stderr = stderr.slice(0, 10 * 1024 * 1024);
-                }
-            });
-            child.on("close", (code) => {
-                if (timeoutHandle)
-                    clearTimeout(timeoutHandle);
-                if (options?.signal) {
-                    options.signal.removeEventListener("abort", onAbort);
-                }
-                if (options?.signal?.aborted) {
-                    reject(new Error(`${stdout}\n${stderr}\nCommand aborted`.trim()));
-                    return;
-                }
-                if (timedOut) {
-                    reject(new Error(`${stdout}\n${stderr}\nCommand timed out after ${options?.timeout} seconds`.trim()));
-                    return;
-                }
-                resolve({ stdout, stderr, code: code ?? 0 });
-            });
-        });
-    }
-    getWorkspacePath(hostPath) {
-        return hostPath;
-    }
-}
-class DockerExecutor {
-    constructor(container) {
-        this.container = container;
-    }
-    async exec(command, options) {
-        // Wrap command for docker exec
-        const dockerCmd = `docker exec ${this.container} sh -c ${shellEscape(command)}`;
-        const hostExecutor = new HostExecutor();
-        return hostExecutor.exec(dockerCmd, options);
-    }
-    getWorkspacePath(_hostPath) {
-        // Docker container sees /workspace
-        return "/workspace";
-    }
-}
-class FirecrackerExecutor {
-    constructor(vmId, hostPath, sshUser = "root", sshPort = 22) {
-        this.vmId = vmId;
-        this.hostPath = hostPath;
-        this.sshUser = sshUser;
-        this.sshPort = sshPort;
-    }
-    async exec(command, options) {
-        // Use direct SSH to execute command in the Firecracker VM
-        // The workspace inside the VM is expected to be mounted at /workspace
-        const sshCmd = this.sshPort === 22
-            ? `ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${this.sshUser}@${this.vmId} sh -c ${shellEscape(command)}`
-            : `ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 -p ${this.sshPort} ${this.sshUser}@${this.vmId} sh -c ${shellEscape(command)}`;
-        const hostExecutor = new HostExecutor();
-        return hostExecutor.exec(sshCmd, options);
-    }
-    getWorkspacePath(_hostPath) {
-        // Firecracker VM sees /workspace (assumes hostPath is mounted there)
-        return "/workspace";
-    }
-}
-function killProcessTree(pid) {
-    if (process.platform === "win32") {
-        try {
-            spawn("taskkill", ["/F", "/T", "/PID", String(pid)], {
-                stdio: "ignore",
-                detached: true,
-            });
-        }
-        catch {
-            // Ignore errors
-        }
-    }
-    else {
-        try {
-            process.kill(-pid, "SIGKILL");
-        }
-        catch {
-            try {
-                process.kill(pid, "SIGKILL");
-            }
-            catch {
-                // Process already dead
-            }
-        }
-    }
-}
-function shellEscape(s) {
-    // Escape for passing to sh -c
-    return `'${s.replace(/'/g, "'\\''")}'`;
-}
+export * from "./sandbox/index.js";
 //# sourceMappingURL=sandbox.js.map