npm - @giselles-ai/sandkit - Versions diffs - 0.1.0 - Mend

@giselles-ai/sandkit 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

package/LICENSE +21 -0
package/README.md +163 -0
package/dist/adapters/drizzle.d.ts +83 -0
package/dist/adapters/drizzle.js +9 -0
package/dist/adapters/drizzle.js.map +1 -0
package/dist/adapters/memory.d.ts +6 -0
package/dist/adapters/memory.js +8 -0
package/dist/adapters/memory.js.map +1 -0
package/dist/adapters/sqlite-bun.d.ts +7 -0
package/dist/adapters/sqlite-bun.js +8 -0
package/dist/adapters/sqlite-bun.js.map +1 -0
package/dist/bin.js +697 -0
package/dist/bin.js.map +1 -0
package/dist/chunk-7DLK7LOM.js +44 -0
package/dist/chunk-7DLK7LOM.js.map +1 -0
package/dist/chunk-BDPTYR6V.js +407 -0
package/dist/chunk-BDPTYR6V.js.map +1 -0
package/dist/chunk-CSOBTLWV.js +202 -0
package/dist/chunk-CSOBTLWV.js.map +1 -0
package/dist/chunk-DLGUA3H7.js +9 -0
package/dist/chunk-DLGUA3H7.js.map +1 -0
package/dist/chunk-FSDVHEEX.js +45 -0
package/dist/chunk-FSDVHEEX.js.map +1 -0
package/dist/chunk-HVYCAAZQ.js +25 -0
package/dist/chunk-HVYCAAZQ.js.map +1 -0
package/dist/chunk-LC3IYBAL.js +100 -0
package/dist/chunk-LC3IYBAL.js.map +1 -0
package/dist/chunk-REGOUXVI.js +58 -0
package/dist/chunk-REGOUXVI.js.map +1 -0
package/dist/chunk-RMMOQD5Y.js +211 -0
package/dist/chunk-RMMOQD5Y.js.map +1 -0
package/dist/chunk-UDFWES6J.js +486 -0
package/dist/chunk-UDFWES6J.js.map +1 -0
package/dist/chunk-VISDS5T7.js +202 -0
package/dist/chunk-VISDS5T7.js.map +1 -0
package/dist/chunk-XM4HGRXW.js +37 -0
package/dist/chunk-XM4HGRXW.js.map +1 -0
package/dist/cli/index.d.ts +19 -0
package/dist/cli/index.js +397 -0
package/dist/cli/index.js.map +1 -0
package/dist/index.d.ts +78 -0
package/dist/index.js +1102 -0
package/dist/index.js.map +1 -0
package/dist/integrations/mock.d.ts +19 -0
package/dist/integrations/mock.js +207 -0
package/dist/integrations/mock.js.map +1 -0
package/dist/integrations/vercel.d.ts +7 -0
package/dist/integrations/vercel.js +400 -0
package/dist/integrations/vercel.js.map +1 -0
package/dist/policies/ai-gateway.d.ts +15 -0
package/dist/policies/ai-gateway.js +12 -0
package/dist/policies/ai-gateway.js.map +1 -0
package/dist/policies/codex.d.ts +10 -0
package/dist/policies/codex.js +12 -0
package/dist/policies/codex.js.map +1 -0
package/dist/policies/gemini.d.ts +10 -0
package/dist/policies/gemini.js +12 -0
package/dist/policies/gemini.js.map +1 -0
package/dist/schema/index.d.ts +60 -0
package/dist/schema/index.js +31 -0
package/dist/schema/index.js.map +1 -0
package/dist/types-BCgprbo8.d.ts +47 -0
package/dist/types-BEKQnjeb.d.ts +139 -0
package/dist/types-Cy36bS1j.d.ts +138 -0
package/package.json +126 -0

package/dist/chunk-VISDS5T7.js ADDED Viewed

@@ -0,0 +1,202 @@
+// src/policies/dsl.ts
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isStringArray(value) {
+  return Array.isArray(value) && value.every((entry) => typeof entry === "string");
+}
+function isRecordArray(value) {
+  return Array.isArray(value) && value.every((entry) => isRecord(entry));
+}
+function normalizeCredentialSource(source) {
+  if (source.kind === "default") {
+    return { kind: "default" };
+  }
+  if (source.kind === "value") {
+    if (!source.value) {
+      throw new Error("Policy credential value must not be empty.");
+    }
+    return { kind: "value", value: source.value };
+  }
+  return { kind: "redacted" };
+}
+function normalizeHeaderTransform(header) {
+  const headerName = header.headerName.trim().toLowerCase();
+  if (!headerName) {
+    throw new Error("Policy header transform must include a header name.");
+  }
+  return {
+    headerName,
+    valuePrefix: header.valuePrefix,
+    credential: normalizeCredentialSource(header.credential)
+  };
+}
+function normalizeService(service) {
+  const id = service.id.trim();
+  const name = service.name.trim();
+  const domains = [
+    ...new Set(service.domains.map((domain) => domain.trim()).filter(Boolean))
+  ].sort();
+  if (!id) {
+    throw new Error("Policy service id must not be empty.");
+  }
+  if (!name) {
+    throw new Error(`Policy service "${id}" must have a name.`);
+  }
+  if (domains.length === 0) {
+    throw new Error(`Policy service "${id}" must declare at least one domain.`);
+  }
+  return {
+    id,
+    name,
+    description: service.description?.trim() || void 0,
+    domains,
+    headers: service.headers?.map((header) => normalizeHeaderTransform(header))
+  };
+}
+function normalizeServices(services) {
+  if (services.length === 0) {
+    throw new Error("allowServices(...) requires at least one service descriptor.");
+  }
+  const deduped = /* @__PURE__ */ new Map();
+  for (const service of services) {
+    const normalized = normalizeService(service);
+    deduped.set(normalized.id, normalized);
+  }
+  return [...deduped.values()].sort((left, right) => left.id.localeCompare(right.id));
+}
+function allowAll() {
+  return { mode: "allow-all" };
+}
+function denyAll() {
+  return { mode: "deny-all" };
+}
+function allowService(service) {
+  return allowServices([service]);
+}
+function allowServices(services) {
+  return {
+    mode: "allow-services",
+    services: normalizeServices(services)
+  };
+}
+function describeWorkspacePolicy(policy) {
+  switch (policy.mode) {
+    case "allow-all":
+      return "allow-all";
+    case "deny-all":
+      return "deny-all";
+    case "allow-services":
+      return `allow-services:${policy.services.map((service) => service.id).join(",")}`;
+  }
+}
+function serializeWorkspacePolicy(policy) {
+  return policy;
+}
+function redactWorkspacePolicy(policy) {
+  if (policy.mode !== "allow-services") {
+    return policy;
+  }
+  return {
+    mode: "allow-services",
+    services: policy.services.map((service) => ({
+      ...service,
+      headers: service.headers?.map((header) => ({
+        headerName: header.headerName,
+        valuePrefix: header.valuePrefix,
+        credential: header.credential.kind === "value" ? { kind: "redacted" } : header.credential
+      }))
+    }))
+  };
+}
+function assertWorkspacePolicyIsDurable(policy) {
+  if (policy.mode !== "allow-services") {
+    return;
+  }
+  for (const service of policy.services) {
+    for (const header of service.headers ?? []) {
+      if (header.credential.kind === "value") {
+        throw new Error(
+          `Workspace policy for service "${service.id}" contains an explicit secret and cannot be stored durably.`
+        );
+      }
+    }
+  }
+}
+function parseWorkspacePolicy(value) {
+  if (!isRecord(value) || typeof value.mode !== "string") {
+    throw new Error("expected workspace policy object");
+  }
+  if (value.mode === "allow-all") {
+    return allowAll();
+  }
+  if (value.mode === "deny-all") {
+    return denyAll();
+  }
+  if (value.mode === "allow-services") {
+    if (!Array.isArray(value.services)) {
+      throw new Error("allow-services policy must include a services array");
+    }
+    const services = value.services.map((service, index) => {
+      if (!isRecord(service)) {
+        throw new Error(`service at index ${index} must be an object`);
+      }
+      if (typeof service.id !== "string" || typeof service.name !== "string" || !isStringArray(service.domains)) {
+        throw new Error(`service at index ${index} has an invalid shape`);
+      }
+      const headers = service.headers === void 0 ? void 0 : (() => {
+        if (!isRecordArray(service.headers)) {
+          throw new Error(`service at index ${index} has invalid headers`);
+        }
+        return service.headers.map((header, headerIndex) => {
+          if (typeof header.headerName !== "string" || !isRecord(header.credential) || typeof header.credential.kind !== "string") {
+            throw new Error(
+              `service at index ${index} has invalid header transform at ${headerIndex}`
+            );
+          }
+          if (header.credential.kind === "default") {
+            return normalizeHeaderTransform({
+              headerName: header.headerName,
+              valuePrefix: typeof header.valuePrefix === "string" ? header.valuePrefix : void 0,
+              credential: {
+                kind: "default"
+              }
+            });
+          }
+          if (header.credential.kind === "redacted") {
+            return normalizeHeaderTransform({
+              headerName: header.headerName,
+              valuePrefix: typeof header.valuePrefix === "string" ? header.valuePrefix : void 0,
+              credential: { kind: "redacted" }
+            });
+          }
+          throw new Error(
+            `service at index ${index} contains a non-durable credential source`
+          );
+        });
+      })();
+      return normalizeService({
+        id: service.id,
+        name: service.name,
+        description: typeof service.description === "string" ? service.description : void 0,
+        domains: service.domains,
+        headers
+      });
+    });
+    return allowServices(services);
+  }
+  throw new Error(`unsupported workspace policy mode "${value.mode}"`);
+}
+export {
+  allowAll,
+  denyAll,
+  allowService,
+  allowServices,
+  describeWorkspacePolicy,
+  serializeWorkspacePolicy,
+  redactWorkspacePolicy,
+  assertWorkspacePolicyIsDurable,
+  parseWorkspacePolicy
+};
+//# sourceMappingURL=chunk-VISDS5T7.js.map

package/dist/chunk-VISDS5T7.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/policies/dsl.ts"],"sourcesContent":["import type { JsonValue } from \"../types.ts\";\nimport type {\n PolicyServiceCredentialSource,\n PolicyServiceDescriptor,\n PolicyServiceHeaderTransform,\n WorkspacePolicy,\n} from \"./types.ts\";\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\n}\n\nfunction isStringArray(value: unknown): value is string[] {\n return Array.isArray(value) && value.every((entry) => typeof entry === \"string\");\n}\n\nfunction isRecordArray(value: unknown): value is Record<string, unknown>[] {\n return Array.isArray(value) && value.every((entry) => isRecord(entry));\n}\n\nfunction normalizeCredentialSource(\n source: PolicyServiceCredentialSource,\n): PolicyServiceCredentialSource {\n if (source.kind === \"default\") {\n return { kind: \"default\" };\n }\n\n if (source.kind === \"value\") {\n if (!source.value) {\n throw new Error(\"Policy credential value must not be empty.\");\n }\n return { kind: \"value\", value: source.value };\n }\n\n return { kind: \"redacted\" };\n}\n\nfunction normalizeHeaderTransform(\n header: PolicyServiceHeaderTransform,\n): PolicyServiceHeaderTransform {\n const headerName = header.headerName.trim().toLowerCase();\n if (!headerName) {\n throw new Error(\"Policy header transform must include a header name.\");\n }\n\n return {\n headerName,\n valuePrefix: header.valuePrefix,\n credential: normalizeCredentialSource(header.credential),\n };\n}\n\nfunction normalizeService(service: PolicyServiceDescriptor): PolicyServiceDescriptor {\n const id = service.id.trim();\n const name = service.name.trim();\n const domains = [\n ...new Set(service.domains.map((domain) => domain.trim()).filter(Boolean)),\n ].sort();\n\n if (!id) {\n throw new Error(\"Policy service id must not be empty.\");\n }\n\n if (!name) {\n throw new Error(`Policy service \"${id}\" must have a name.`);\n }\n\n if (domains.length === 0) {\n throw new Error(`Policy service \"${id}\" must declare at least one domain.`);\n }\n\n return {\n id,\n name,\n description: service.description?.trim() || undefined,\n domains,\n headers: service.headers?.map((header) => normalizeHeaderTransform(header)),\n };\n}\n\nfunction normalizeServices(\n services: readonly PolicyServiceDescriptor[],\n): readonly PolicyServiceDescriptor[] {\n if (services.length === 0) {\n throw new Error(\"allowServices(...) requires at least one service descriptor.\");\n }\n\n const deduped = new Map<string, PolicyServiceDescriptor>();\n for (const service of services) {\n const normalized = normalizeService(service);\n deduped.set(normalized.id, normalized);\n }\n\n return [...deduped.values()].sort((left, right) => left.id.localeCompare(right.id));\n}\n\nexport function allowAll(): WorkspacePolicy {\n return { mode: \"allow-all\" };\n}\n\nexport function denyAll(): WorkspacePolicy {\n return { mode: \"deny-all\" };\n}\n\nexport function allowService(service: PolicyServiceDescriptor): WorkspacePolicy {\n return allowServices([service]);\n}\n\nexport function allowServices(services: readonly PolicyServiceDescriptor[]): WorkspacePolicy {\n return {\n mode: \"allow-services\",\n services: normalizeServices(services),\n };\n}\n\nexport function describeWorkspacePolicy(policy: WorkspacePolicy): string {\n switch (policy.mode) {\n case \"allow-all\":\n return \"allow-all\";\n case \"deny-all\":\n return \"deny-all\";\n case \"allow-services\":\n return `allow-services:${policy.services.map((service) => service.id).join(\",\")}`;\n }\n}\n\nexport function serializeWorkspacePolicy(policy: WorkspacePolicy): JsonValue {\n return policy as unknown as JsonValue;\n}\n\nexport function redactWorkspacePolicy(policy: WorkspacePolicy): WorkspacePolicy {\n if (policy.mode !== \"allow-services\") {\n return policy;\n }\n\n return {\n mode: \"allow-services\",\n services: policy.services.map((service) => ({\n ...service,\n headers: service.headers?.map((header) => ({\n headerName: header.headerName,\n valuePrefix: header.valuePrefix,\n credential: header.credential.kind === \"value\" ? { kind: \"redacted\" } : header.credential,\n })),\n })),\n };\n}\n\nexport function assertWorkspacePolicyIsDurable(policy: WorkspacePolicy): void {\n if (policy.mode !== \"allow-services\") {\n return;\n }\n\n for (const service of policy.services) {\n for (const header of service.headers ?? []) {\n if (header.credential.kind === \"value\") {\n throw new Error(\n `Workspace policy for service \"${service.id}\" contains an explicit secret and cannot be stored durably.`,\n );\n }\n }\n }\n}\n\nexport function parseWorkspacePolicy(value: unknown): WorkspacePolicy {\n if (!isRecord(value) || typeof value.mode !== \"string\") {\n throw new Error(\"expected workspace policy object\");\n }\n\n if (value.mode === \"allow-all\") {\n return allowAll();\n }\n\n if (value.mode === \"deny-all\") {\n return denyAll();\n }\n\n if (value.mode === \"allow-services\") {\n if (!Array.isArray(value.services)) {\n throw new Error(\"allow-services policy must include a services array\");\n }\n\n const services = value.services.map((service, index) => {\n if (!isRecord(service)) {\n throw new Error(`service at index ${index} must be an object`);\n }\n\n if (\n typeof service.id !== \"string\" ||\n typeof service.name !== \"string\" ||\n !isStringArray(service.domains)\n ) {\n throw new Error(`service at index ${index} has an invalid shape`);\n }\n\n const headers =\n service.headers === undefined\n ? undefined\n : (() => {\n if (!isRecordArray(service.headers)) {\n throw new Error(`service at index ${index} has invalid headers`);\n }\n\n return service.headers.map((header, headerIndex) => {\n if (\n typeof header.headerName !== \"string\" ||\n !isRecord(header.credential) ||\n typeof header.credential.kind !== \"string\"\n ) {\n throw new Error(\n `service at index ${index} has invalid header transform at ${headerIndex}`,\n );\n }\n\n if (header.credential.kind === \"default\") {\n return normalizeHeaderTransform({\n headerName: header.headerName,\n valuePrefix:\n typeof header.valuePrefix === \"string\" ? header.valuePrefix : undefined,\n credential: {\n kind: \"default\",\n },\n });\n }\n\n if (header.credential.kind === \"redacted\") {\n return normalizeHeaderTransform({\n headerName: header.headerName,\n valuePrefix:\n typeof header.valuePrefix === \"string\" ? header.valuePrefix : undefined,\n credential: { kind: \"redacted\" },\n });\n }\n\n throw new Error(\n `service at index ${index} contains a non-durable credential source`,\n );\n });\n })();\n\n return normalizeService({\n id: service.id,\n name: service.name,\n description: typeof service.description === \"string\" ? service.description : undefined,\n domains: service.domains,\n headers,\n });\n });\n\n return allowServices(services);\n }\n\n throw new Error(`unsupported workspace policy mode \"${value.mode}\"`);\n}\n"],"mappings":";AAQA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;AAEA,SAAS,cAAc,OAAmC;AACxD,SAAO,MAAM,QAAQ,KAAK,KAAK,MAAM,MAAM,CAAC,UAAU,OAAO,UAAU,QAAQ;AACjF;AAEA,SAAS,cAAc,OAAoD;AACzE,SAAO,MAAM,QAAQ,KAAK,KAAK,MAAM,MAAM,CAAC,UAAU,SAAS,KAAK,CAAC;AACvE;AAEA,SAAS,0BACP,QAC+B;AAC/B,MAAI,OAAO,SAAS,WAAW;AAC7B,WAAO,EAAE,MAAM,UAAU;AAAA,EAC3B;AAEA,MAAI,OAAO,SAAS,SAAS;AAC3B,QAAI,CAAC,OAAO,OAAO;AACjB,YAAM,IAAI,MAAM,4CAA4C;AAAA,IAC9D;AACA,WAAO,EAAE,MAAM,SAAS,OAAO,OAAO,MAAM;AAAA,EAC9C;AAEA,SAAO,EAAE,MAAM,WAAW;AAC5B;AAEA,SAAS,yBACP,QAC8B;AAC9B,QAAM,aAAa,OAAO,WAAW,KAAK,EAAE,YAAY;AACxD,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,SAAO;AAAA,IACL;AAAA,IACA,aAAa,OAAO;AAAA,IACpB,YAAY,0BAA0B,OAAO,UAAU;AAAA,EACzD;AACF;AAEA,SAAS,iBAAiB,SAA2D;AACnF,QAAM,KAAK,QAAQ,GAAG,KAAK;AAC3B,QAAM,OAAO,QAAQ,KAAK,KAAK;AAC/B,QAAM,UAAU;AAAA,IACd,GAAG,IAAI,IAAI,QAAQ,QAAQ,IAAI,CAAC,WAAW,OAAO,KAAK,CAAC,EAAE,OAAO,OAAO,CAAC;AAAA,EAC3E,EAAE,KAAK;AAEP,MAAI,CAAC,IAAI;AACP,UAAM,IAAI,MAAM,sCAAsC;AAAA,EACxD;AAEA,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,MAAM,mBAAmB,EAAE,qBAAqB;AAAA,EAC5D;AAEA,MAAI,QAAQ,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,mBAAmB,EAAE,qCAAqC;AAAA,EAC5E;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,aAAa,KAAK,KAAK;AAAA,IAC5C;AAAA,IACA,SAAS,QAAQ,SAAS,IAAI,CAAC,WAAW,yBAAyB,MAAM,CAAC;AAAA,EAC5E;AACF;AAEA,SAAS,kBACP,UACoC;AACpC,MAAI,SAAS,WAAW,GAAG;AACzB,UAAM,IAAI,MAAM,8DAA8D;AAAA,EAChF;AAEA,QAAM,UAAU,oBAAI,IAAqC;AACzD,aAAW,WAAW,UAAU;AAC9B,UAAM,aAAa,iBAAiB,OAAO;AAC3C,YAAQ,IAAI,WAAW,IAAI,UAAU;AAAA,EACvC;AAEA,SAAO,CAAC,GAAG,QAAQ,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,GAAG,cAAc,MAAM,EAAE,CAAC;AACpF;AAEO,SAAS,WAA4B;AAC1C,SAAO,EAAE,MAAM,YAAY;AAC7B;AAEO,SAAS,UAA2B;AACzC,SAAO,EAAE,MAAM,WAAW;AAC5B;AAEO,SAAS,aAAa,SAAmD;AAC9E,SAAO,cAAc,CAAC,OAAO,CAAC;AAChC;AAEO,SAAS,cAAc,UAA+D;AAC3F,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,kBAAkB,QAAQ;AAAA,EACtC;AACF;AAEO,SAAS,wBAAwB,QAAiC;AACvE,UAAQ,OAAO,MAAM;AAAA,IACnB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO,kBAAkB,OAAO,SAAS,IAAI,CAAC,YAAY,QAAQ,EAAE,EAAE,KAAK,GAAG,CAAC;AAAA,EACnF;AACF;AAEO,SAAS,yBAAyB,QAAoC;AAC3E,SAAO;AACT;AAEO,SAAS,sBAAsB,QAA0C;AAC9E,MAAI,OAAO,SAAS,kBAAkB;AACpC,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,OAAO,SAAS,IAAI,CAAC,aAAa;AAAA,MAC1C,GAAG;AAAA,MACH,SAAS,QAAQ,SAAS,IAAI,CAAC,YAAY;AAAA,QACzC,YAAY,OAAO;AAAA,QACnB,aAAa,OAAO;AAAA,QACpB,YAAY,OAAO,WAAW,SAAS,UAAU,EAAE,MAAM,WAAW,IAAI,OAAO;AAAA,MACjF,EAAE;AAAA,IACJ,EAAE;AAAA,EACJ;AACF;AAEO,SAAS,+BAA+B,QAA+B;AAC5E,MAAI,OAAO,SAAS,kBAAkB;AACpC;AAAA,EACF;AAEA,aAAW,WAAW,OAAO,UAAU;AACrC,eAAW,UAAU,QAAQ,WAAW,CAAC,GAAG;AAC1C,UAAI,OAAO,WAAW,SAAS,SAAS;AACtC,cAAM,IAAI;AAAA,UACR,iCAAiC,QAAQ,EAAE;AAAA,QAC7C;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,qBAAqB,OAAiC;AACpE,MAAI,CAAC,SAAS,KAAK,KAAK,OAAO,MAAM,SAAS,UAAU;AACtD,UAAM,IAAI,MAAM,kCAAkC;AAAA,EACpD;AAEA,MAAI,MAAM,SAAS,aAAa;AAC9B,WAAO,SAAS;AAAA,EAClB;AAEA,MAAI,MAAM,SAAS,YAAY;AAC7B,WAAO,QAAQ;AAAA,EACjB;AAEA,MAAI,MAAM,SAAS,kBAAkB;AACnC,QAAI,CAAC,MAAM,QAAQ,MAAM,QAAQ,GAAG;AAClC,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AAEA,UAAM,WAAW,MAAM,SAAS,IAAI,CAAC,SAAS,UAAU;AACtD,UAAI,CAAC,SAAS,OAAO,GAAG;AACtB,cAAM,IAAI,MAAM,oBAAoB,KAAK,oBAAoB;AAAA,MAC/D;AAEA,UACE,OAAO,QAAQ,OAAO,YACtB,OAAO,QAAQ,SAAS,YACxB,CAAC,cAAc,QAAQ,OAAO,GAC9B;AACA,cAAM,IAAI,MAAM,oBAAoB,KAAK,uBAAuB;AAAA,MAClE;AAEA,YAAM,UACJ,QAAQ,YAAY,SAChB,UACC,MAAM;AACL,YAAI,CAAC,cAAc,QAAQ,OAAO,GAAG;AACnC,gBAAM,IAAI,MAAM,oBAAoB,KAAK,sBAAsB;AAAA,QACjE;AAEA,eAAO,QAAQ,QAAQ,IAAI,CAAC,QAAQ,gBAAgB;AAClD,cACE,OAAO,OAAO,eAAe,YAC7B,CAAC,SAAS,OAAO,UAAU,KAC3B,OAAO,OAAO,WAAW,SAAS,UAClC;AACA,kBAAM,IAAI;AAAA,cACR,oBAAoB,KAAK,oCAAoC,WAAW;AAAA,YAC1E;AAAA,UACF;AAEA,cAAI,OAAO,WAAW,SAAS,WAAW;AACxC,mBAAO,yBAAyB;AAAA,cAC9B,YAAY,OAAO;AAAA,cACnB,aACE,OAAO,OAAO,gBAAgB,WAAW,OAAO,cAAc;AAAA,cAChE,YAAY;AAAA,gBACV,MAAM;AAAA,cACR;AAAA,YACF,CAAC;AAAA,UACH;AAEA,cAAI,OAAO,WAAW,SAAS,YAAY;AACzC,mBAAO,yBAAyB;AAAA,cAC9B,YAAY,OAAO;AAAA,cACnB,aACE,OAAO,OAAO,gBAAgB,WAAW,OAAO,cAAc;AAAA,cAChE,YAAY,EAAE,MAAM,WAAW;AAAA,YACjC,CAAC;AAAA,UACH;AAEA,gBAAM,IAAI;AAAA,YACR,oBAAoB,KAAK;AAAA,UAC3B;AAAA,QACF,CAAC;AAAA,MACH,GAAG;AAET,aAAO,iBAAiB;AAAA,QACtB,IAAI,QAAQ;AAAA,QACZ,MAAM,QAAQ;AAAA,QACd,aAAa,OAAO,QAAQ,gBAAgB,WAAW,QAAQ,cAAc;AAAA,QAC7E,SAAS,QAAQ;AAAA,QACjB;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAED,WAAO,cAAc,QAAQ;AAAA,EAC/B;AAEA,QAAM,IAAI,MAAM,sCAAsC,MAAM,IAAI,GAAG;AACrE;","names":[]}

package/dist/chunk-XM4HGRXW.js ADDED Viewed

@@ -0,0 +1,37 @@
+// src/policies/github.ts
+var GITHUB_DOMAINS = ["github.com", "*.github.com", "api.github.com", "*.githubusercontent.com"];
+function resolveGithubCredential(options) {
+  if (options === void 0) {
+    return { kind: "default" };
+  }
+  if (typeof options.apiKey !== "string" || options.apiKey.trim().length === 0) {
+    throw new Error(
+      'github(...) explicit override requires a non-empty "apiKey". Omit the options object to use GITHUB_TOKEN.'
+    );
+  }
+  return { kind: "value", value: options.apiKey };
+}
+function resolveGithubDefaultApiKey() {
+  return process.env.GITHUB_TOKEN;
+}
+function github(options) {
+  return {
+    id: "github",
+    name: "GitHub",
+    description: "Allow outbound access commonly needed for GitHub APIs and assets.",
+    domains: GITHUB_DOMAINS,
+    headers: [
+      {
+        headerName: "authorization",
+        valuePrefix: "Bearer ",
+        credential: resolveGithubCredential(options)
+      }
+    ]
+  };
+}
+export {
+  resolveGithubDefaultApiKey,
+  github
+};
+//# sourceMappingURL=chunk-XM4HGRXW.js.map

package/dist/chunk-XM4HGRXW.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/policies/github.ts"],"sourcesContent":["import type { PolicyServiceDescriptor } from \"./types.ts\";\n\nconst GITHUB_DOMAINS = [\"github.com\", \"*.github.com\", \"api.github.com\", \"*.githubusercontent.com\"];\n\nexport interface GithubOptions {\n readonly apiKey?: string;\n}\n\nfunction resolveGithubCredential(options?: GithubOptions) {\n if (options === undefined) {\n return { kind: \"default\" } as const;\n }\n\n if (typeof options.apiKey !== \"string\" || options.apiKey.trim().length === 0) {\n throw new Error(\n 'github(...) explicit override requires a non-empty \"apiKey\". Omit the options object to use GITHUB_TOKEN.',\n );\n }\n\n return { kind: \"value\", value: options.apiKey } as const;\n}\n\nexport function resolveGithubDefaultApiKey(): string | undefined {\n return process.env.GITHUB_TOKEN;\n}\n\nexport function github(options?: GithubOptions): PolicyServiceDescriptor {\n return {\n id: \"github\",\n name: \"GitHub\",\n description: \"Allow outbound access commonly needed for GitHub APIs and assets.\",\n domains: GITHUB_DOMAINS,\n headers: [\n {\n headerName: \"authorization\",\n valuePrefix: \"Bearer \",\n credential: resolveGithubCredential(options),\n },\n ],\n };\n}\n"],"mappings":";AAEA,IAAM,iBAAiB,CAAC,cAAc,gBAAgB,kBAAkB,yBAAyB;AAMjG,SAAS,wBAAwB,SAAyB;AACxD,MAAI,YAAY,QAAW;AACzB,WAAO,EAAE,MAAM,UAAU;AAAA,EAC3B;AAEA,MAAI,OAAO,QAAQ,WAAW,YAAY,QAAQ,OAAO,KAAK,EAAE,WAAW,GAAG;AAC5E,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO,EAAE,MAAM,SAAS,OAAO,QAAQ,OAAO;AAChD;AAEO,SAAS,6BAAiD;AAC/D,SAAO,QAAQ,IAAI;AACrB;AAEO,SAAS,OAAO,SAAkD;AACvE,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,SAAS;AAAA,IACT,SAAS;AAAA,MACP;AAAA,QACE,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,YAAY,wBAAwB,OAAO;AAAA,MAC7C;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/cli/index.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+interface SandkitGenerateResult {
+    command: "generate";
+    provider: "sqlite" | "postgresql" | "mysql";
+    outputTarget: "stdout" | "file";
+    outputFile: string | null;
+    payload: {
+        generatedAt: string;
+        summary: {
+            tableCount: number;
+            tableNames: string[];
+        };
+        schemaText: string;
+    };
+}
+type SandkitRunResult = SandkitGenerateResult;
+declare function runCli(argv?: string[]): Promise<SandkitRunResult>;
+export { type SandkitRunResult, runCli };

package/dist/cli/index.js ADDED Viewed

@@ -0,0 +1,397 @@
+import {
+  createGeneratePayload
+} from "../chunk-LC3IYBAL.js";
+import {
+  createModelSnapshot
+} from "../chunk-RMMOQD5Y.js";
+// src/cli/generate.ts
+import { mkdirSync, writeFileSync } from "fs";
+import { dirname } from "path";
+// src/cli/discovery.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { createInterface } from "readline";
+var drizzleConfigFiles = [
+  "drizzle.config.ts",
+  "drizzle.config.js",
+  "drizzle.config.mjs",
+  "drizzle.config.cjs",
+  "drizzle.config.mts",
+  "drizzle.config.cts",
+  "drizzle.config.json",
+  "drizzle.config.yaml",
+  "drizzle.config.yml"
+];
+var drizzleDependency = "drizzle-orm";
+function parsePackageJsonDependencies(packagePath, evidence) {
+  if (!existsSync(packagePath)) {
+    return [];
+  }
+  let packageData = {};
+  try {
+    packageData = JSON.parse(readFileSync(packagePath, "utf8"));
+  } catch {
+    return [];
+  }
+  const dependencies = { ...packageData.dependencies, ...packageData.devDependencies };
+  const depNames = Object.keys(dependencies);
+  if (!depNames.includes(drizzleDependency)) {
+    return [];
+  }
+  evidence.push({
+    source: "package.json",
+    signal: "Dependency `drizzle-orm` found.",
+    score: 1.1
+  });
+  const sqliteSignals = [
+    ["better-sqlite3", "sqlite"],
+    ["libsql", "sqlite"],
+    ["@libsql/client", "sqlite"],
+    ["@turso", "sqlite"]
+  ].flatMap(
+    ([name, provider]) => depNames.some((dep) => dep.includes(name)) ? [{ provider, weight: 1.6 }] : []
+  );
+  const postgresSignals = [
+    ["pg", "postgresql"],
+    ["postgres", "postgresql"],
+    ["@vercel/postgres", "postgresql"],
+    ["@neondatabase/serverless", "postgresql"]
+  ].flatMap(
+    ([name, provider]) => depNames.some((dep) => dep.includes(name)) ? [{ provider, weight: 1.6 }] : []
+  );
+  const addSignals = (signals) => signals.forEach(
+    (entry) => evidence.push({
+      source: "package.json",
+      signal: `Dependency implies ${entry.provider} driver usage (${entry.provider} signal).`,
+      provider: entry.provider,
+      score: entry.weight
+    })
+  );
+  addSignals(sqliteSignals);
+  addSignals(postgresSignals);
+  return [...sqliteSignals, ...postgresSignals];
+}
+function inspectDrizzleConfig(cwd, evidence) {
+  const results = [];
+  for (const filename of drizzleConfigFiles) {
+    const configPath = join(cwd, filename);
+    if (!existsSync(configPath)) {
+      continue;
+    }
+    let text = "";
+    try {
+      text = readFileSync(configPath, "utf8");
+    } catch {
+      continue;
+    }
+    evidence.push({
+      source: filename,
+      signal: `Found drizzle config file: ${filename}.`,
+      score: 0.6
+    });
+    if (/dialect\s*:\s*["']sqlite["']/i.test(text)) {
+      evidence.push({
+        source: filename,
+        signal: "Drizzle config sets dialect to sqlite.",
+        provider: "sqlite",
+        score: 3
+      });
+      return [{ provider: "sqlite", weight: 3 }];
+    }
+    if (/dialect\s*:\s*["']postgresql["']/i.test(text)) {
+      evidence.push({
+        source: filename,
+        signal: "Drizzle config sets dialect to postgresql.",
+        provider: "postgresql",
+        score: 3
+      });
+      return [{ provider: "postgresql", weight: 3 }];
+    }
+    if (/dialect\s*:\s*["']mysql["']/i.test(text)) {
+      evidence.push({
+        source: filename,
+        signal: "Drizzle config sets dialect to mysql.",
+        provider: "mysql",
+        score: 3
+      });
+      return [{ provider: "mysql", weight: 3 }];
+    }
+    const dbUrlMatch = text.match(/url\s*:\s*["'`](.*?)["'`]/i);
+    if (dbUrlMatch?.[1]) {
+      const url = dbUrlMatch[1].toLowerCase();
+      if (url.includes("turso") || url.includes("libsql") || url.includes("sqlite")) {
+        evidence.push({
+          source: filename,
+          signal: "Drizzle config DB URL contains sqlite/libsql/turso hints.",
+          provider: "sqlite",
+          score: 2
+        });
+        results.push({ provider: "sqlite", weight: 2 });
+      }
+      if (url.includes("postgres")) {
+        evidence.push({
+          source: filename,
+          signal: "Drizzle config DB URL contains postgres hints.",
+          provider: "postgresql",
+          score: 2
+        });
+        results.push({ provider: "postgresql", weight: 2 });
+      }
+    }
+  }
+  return results;
+}
+function collectEvidence(cwd) {
+  const evidence = [];
+  const packageSignals = parsePackageJsonDependencies(join(cwd, "package.json"), evidence);
+  const drizzleSignals = inspectDrizzleConfig(cwd, evidence);
+  return {
+    evidence,
+    isDrizzleProject: packageSignals.length > 0 || drizzleSignals.length > 0
+  };
+}
+function rankProviderSignals(evidence) {
+  const totals = { sqlite: 0, postgresql: 0, mysql: 0 };
+  for (const item of evidence) {
+    if (!item.provider) continue;
+    totals[item.provider] += item.score;
+  }
+  const ranked = Object.entries(totals).sort((a, b) => b[1] - a[1]).filter((entry) => entry[1] > 0);
+  if (ranked.length === 0) {
+    return { provider: void 0, confidence: 0 };
+  }
+  const [winner, winnerScore] = ranked[0];
+  const secondScore = ranked[1]?.[1] ?? 0;
+  const confidence = winnerScore === 0 ? 0 : winnerScore / (winnerScore + secondScore);
+  return { provider: winner, confidence };
+}
+function promptWithChoices(question, options, fallback) {
+  return new Promise((resolve) => {
+    const rl = createInterface({
+      input: process.stdin,
+      output: process.stdout
+    });
+    rl.question(question, (answer) => {
+      rl.close();
+      const normalized = answer.trim().toLowerCase();
+      if (options.includes(normalized)) {
+        resolve(normalized);
+        return;
+      }
+      resolve(fallback);
+    });
+  });
+}
+async function resolveProviderWithDiscovery(options, cwd = process.cwd()) {
+  const requestedProvider = options.provider ?? options.dialect;
+  const normalizedProvider = requestedProvider === "pg" ? "postgresql" : requestedProvider;
+  if (normalizedProvider) {
+    if (normalizedProvider !== "sqlite" && normalizedProvider !== "postgresql" && normalizedProvider !== "mysql") {
+      throw new Error("Invalid provider. Use one of: sqlite, postgresql, mysql.");
+    }
+    return {
+      adapter: "drizzle",
+      provider: normalizedProvider,
+      confidence: 1,
+      evidence: [
+        {
+          source: "cli",
+          signal: `Provider explicitly set as ${normalizedProvider}.`,
+          provider: normalizedProvider,
+          score: 100
+        }
+      ],
+      prompted: false
+    };
+  }
+  if (options.adapter && options.adapter !== "drizzle") {
+    throw new Error("Unsupported adapter. This release supports --adapter drizzle only.");
+  }
+  const { evidence, isDrizzleProject } = collectEvidence(cwd);
+  const inference = rankProviderSignals(evidence);
+  const adapter = isDrizzleProject ? "drizzle" : "drizzle";
+  if (!isDrizzleProject) {
+    throw new Error(
+      "Could not detect a drizzle project from this directory. Run inside a Drizzle project and pass --dialect/--adapter explicitly if needed."
+    );
+  }
+  if (inference.provider && inference.confidence >= 0.75) {
+    return {
+      adapter,
+      provider: inference.provider,
+      confidence: inference.confidence,
+      evidence,
+      prompted: false
+    };
+  }
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    throw new Error(
+      "Could not infer database provider confidently. Re-run with --dialect <sqlite|postgresql|pg>."
+    );
+  }
+  const prompt = await promptWithChoices(
+    `Could not infer the database provider from repo signals.
+Select provider [sqlite|postgresql|mysql] (default sqlite): `,
+    ["sqlite", "postgresql", "mysql"],
+    "sqlite"
+  );
+  return {
+    adapter,
+    provider: prompt,
+    confidence: inference.confidence,
+    evidence,
+    prompted: true
+  };
+}
+// src/cli/generate.ts
+function usage() {
+  return [
+    "Usage: sandkit generate [--adapter drizzle] [--dialect <sqlite|postgresql|pg>] [--out <file>] [--stdout]",
+    "Example: npx @giselles-ai/sandkit generate --dialect sqlite --stdout",
+    "Example: npx @giselles-ai/sandkit generate --adapter drizzle --dialect postgresql --stdout",
+    "If --stdout is omitted, output is shown to console by default.",
+    "Default output file: db/schema/sandkit.ts"
+  ].join("\n");
+}
+function parseGenerateArgs(argv) {
+  let provider;
+  let dialect;
+  let adapter;
+  let out;
+  let stdout = false;
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i];
+    if (arg === "--adapter") {
+      const next = argv[i + 1];
+      if (next === "drizzle") {
+        adapter = next;
+        i++;
+        continue;
+      }
+      throw new Error("Unsupported --adapter value. Use --adapter drizzle.");
+    }
+    if (arg === "--provider") {
+      const next = argv[i + 1];
+      if (next === "sqlite" || next === "postgresql" || next === "mysql") {
+        provider = next;
+        i++;
+        continue;
+      }
+      throw new Error(`Invalid provider: ${next}`);
+    }
+    if (arg === "--dialect") {
+      const next = argv[i + 1];
+      if (next === "sqlite" || next === "postgresql" || next === "pg") {
+        dialect = next === "pg" ? "postgresql" : next;
+        i++;
+        continue;
+      }
+      throw new Error(`Invalid dialect: ${next}`);
+    }
+    if (arg === "--out") {
+      const next = argv[i + 1];
+      if (!next) {
+        throw new Error("Missing --out path");
+      }
+      out = next;
+      i++;
+      continue;
+    }
+    if (arg === "--stdout") {
+      stdout = true;
+      continue;
+    }
+    if (arg === "--help" || arg === "-h") {
+      throw new Error(usage());
+    }
+    if (arg === "generate") {
+      continue;
+    }
+    throw new Error(`Unknown option: ${arg}`);
+  }
+  return {
+    provider,
+    dialect,
+    adapter,
+    out,
+    stdout
+  };
+}
+function runGenerateCommand(options) {
+  const snapshot = createModelSnapshot(options.provider);
+  const payload = createGeneratePayload(options.provider, snapshot.model);
+  const defaultOutputFile = options.adapter === "drizzle" || options.adapter === void 0 ? "db/schema/sandkit.ts" : `sandkit-schema.${options.provider}.ts`;
+  const outputFile = options.out ?? defaultOutputFile;
+  const result = {
+    command: "generate",
+    provider: options.provider,
+    outputTarget: options.stdout ? "stdout" : "file",
+    outputFile: options.stdout ? null : outputFile,
+    payload: {
+      generatedAt: payload.generatedAt,
+      summary: payload.summary,
+      schemaText: payload.schemaText
+    }
+  };
+  if (!options.stdout) {
+    mkdirSync(dirname(outputFile), { recursive: true });
+    writeFileSync(outputFile, payload.schemaText, "utf8");
+  }
+  return result;
+}
+async function runCliGenerate(argv) {
+  const options = parseGenerateArgs(argv);
+  const discovered = await resolveProviderWithDiscovery({
+    provider: options.provider,
+    adapter: options.adapter,
+    dialect: options.dialect,
+    stdout: false,
+    out: options.out
+  });
+  return runGenerateCommand({
+    provider: discovered.provider,
+    adapter: discovered.adapter,
+    dialect: options.dialect,
+    out: options.out,
+    stdout: options.stdout
+  });
+}
+// src/cli/index.ts
+function buildHelp() {
+  return [
+    "Sandkit CLI",
+    "Commands: generate",
+    "",
+    "  sandkit generate [--adapter drizzle] [--dialect <sqlite|postgresql|pg>] [--stdout] [--out file]",
+    "",
+    "When --stdout is set, output is returned in memory and printed by caller."
+  ].join("\n");
+}
+function parseArgs(argv) {
+  if (argv.length === 0 || argv.includes("--help") || argv.includes("-h")) {
+    throw new Error(buildHelp());
+  }
+  const command = argv[0];
+  if (command !== "generate") {
+    throw new Error(`Unknown command: ${command}`);
+  }
+  const rest = argv.slice(1);
+  const commandOptions = parseGenerateArgs(rest);
+  return { command, ...commandOptions, rest };
+}
+async function runCli(argv = process.argv.slice(2)) {
+  const parsed = parseArgs(argv);
+  if (parsed.command === "generate") {
+    const { rest } = parsed;
+    return runCliGenerate(rest);
+  }
+  throw new Error(`Unhandled command: ${parsed.command}`);
+}
+export {
+  runCli
+};
+//# sourceMappingURL=index.js.map