@google/gemini-cli-core 0.37.0-preview.1 → 0.38.0-preview.0

package/dist/src/sandbox/utils/proactivePermissions.test.js

@@ -0,0 +1,145 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { getProactiveToolSuggestions, isNetworkReliantCommand, } from './proactivePermissions.js';
+import os from 'node:os';
+import path from 'node:path';
+import fs from 'node:fs';
+vi.mock('node:os');
+vi.mock('node:fs', () => ({
+    default: {
+        promises: {
+            access: vi.fn(),
+        },
+        constants: {
+            F_OK: 0,
+        },
+    },
+    promises: {
+        access: vi.fn(),
+    },
+    constants: {
+        F_OK: 0,
+    },
+}));
+describe('proactivePermissions', () => {
+    const homeDir = '/Users/testuser';
+    beforeEach(() => {
+        vi.clearAllMocks();
+        vi.mocked(os.homedir).mockReturnValue(homeDir);
+        vi.mocked(os.platform).mockReturnValue('darwin');
+    });
+    describe('isNetworkReliantCommand', () => {
+        it('should return true for always-network tools', () => {
+            expect(isNetworkReliantCommand('ssh')).toBe(true);
+            expect(isNetworkReliantCommand('git')).toBe(true);
+            expect(isNetworkReliantCommand('curl')).toBe(true);
+        });
+        it('should return true for network-heavy node subcommands', () => {
+            expect(isNetworkReliantCommand('npm', 'install')).toBe(true);
+            expect(isNetworkReliantCommand('yarn', 'add')).toBe(true);
+            expect(isNetworkReliantCommand('bun', '')).toBe(true);
+        });
+        it('should return false for local node subcommands', () => {
+            expect(isNetworkReliantCommand('npm', 'test')).toBe(false);
+            expect(isNetworkReliantCommand('yarn', 'run')).toBe(false);
+        });
+        it('should return false for unknown tools', () => {
+            expect(isNetworkReliantCommand('ls')).toBe(false);
+        });
+    });
+    describe('getProactiveToolSuggestions', () => {
+        it('should return undefined for unknown tools', async () => {
+            expect(await getProactiveToolSuggestions('ls')).toBeUndefined();
+            expect(await getProactiveToolSuggestions('node')).toBeUndefined();
+        });
+        it('should return permissions for npm if paths exist', async () => {
+            vi.mocked(fs.promises.access).mockImplementation((p, _mode) => {
+                const pathStr = p.toString();
+                if (pathStr === path.join(homeDir, '.npm') ||
+                    pathStr === path.join(homeDir, '.cache') ||
+                    pathStr === path.join(homeDir, '.npmrc')) {
+                    return Promise.resolve();
+                }
+                return Promise.reject(new Error('ENOENT'));
+            });
+            const permissions = await getProactiveToolSuggestions('npm');
+            expect(permissions).toBeDefined();
+            expect(permissions?.network).toBe(true);
+            // .npmrc should be read-only
+            expect(permissions?.fileSystem?.read).toContain(path.join(homeDir, '.npmrc'));
+            expect(permissions?.fileSystem?.write).not.toContain(path.join(homeDir, '.npmrc'));
+            // .npm should be read-write
+            expect(permissions?.fileSystem?.read).toContain(path.join(homeDir, '.npm'));
+            expect(permissions?.fileSystem?.write).toContain(path.join(homeDir, '.npm'));
+            // .cache should be read-write
+            expect(permissions?.fileSystem?.write).toContain(path.join(homeDir, '.cache'));
+            // should NOT contain .ssh or .gitconfig for npm
+            expect(permissions?.fileSystem?.read).not.toContain(path.join(homeDir, '.ssh'));
+        });
+        it('should grant network access and suggest primary cache paths even if they do not exist', async () => {
+            vi.mocked(fs.promises.access).mockRejectedValue(new Error('ENOENT'));
+            const permissions = await getProactiveToolSuggestions('npm');
+            expect(permissions).toBeDefined();
+            expect(permissions?.network).toBe(true);
+            expect(permissions?.fileSystem?.write).toContain(path.join(homeDir, '.npm'));
+            // .cache is optional and should NOT be included if it doesn't exist
+            expect(permissions?.fileSystem?.write).not.toContain(path.join(homeDir, '.cache'));
+        });
+        it('should suggest .ssh and .gitconfig only for git', async () => {
+            vi.mocked(fs.promises.access).mockImplementation((p, _mode) => {
+                const pathStr = p.toString();
+                if (pathStr === path.join(homeDir, '.ssh') ||
+                    pathStr === path.join(homeDir, '.gitconfig')) {
+                    return Promise.resolve();
+                }
+                return Promise.reject(new Error('ENOENT'));
+            });
+            const permissions = await getProactiveToolSuggestions('git');
+            expect(permissions?.network).toBe(true);
+            expect(permissions?.fileSystem?.read).toContain(path.join(homeDir, '.ssh'));
+            expect(permissions?.fileSystem?.read).toContain(path.join(homeDir, '.gitconfig'));
+        });
+        it('should suggest .ssh but NOT .gitconfig for ssh', async () => {
+            vi.mocked(fs.promises.access).mockImplementation((p, _mode) => {
+                const pathStr = p.toString();
+                if (pathStr === path.join(homeDir, '.ssh')) {
+                    return Promise.resolve();
+                }
+                return Promise.reject(new Error('ENOENT'));
+            });
+            const permissions = await getProactiveToolSuggestions('ssh');
+            expect(permissions?.network).toBe(true);
+            expect(permissions?.fileSystem?.read).toContain(path.join(homeDir, '.ssh'));
+            expect(permissions?.fileSystem?.read).not.toContain(path.join(homeDir, '.gitconfig'));
+        });
+        it('should handle Windows specific paths', async () => {
+            vi.mocked(os.platform).mockReturnValue('win32');
+            const appData = 'C:\\Users\\testuser\\AppData\\Roaming';
+            vi.stubEnv('AppData', appData);
+            vi.mocked(fs.promises.access).mockImplementation((p, _mode) => {
+                const pathStr = p.toString();
+                if (pathStr === path.join(appData, 'npm')) {
+                    return Promise.resolve();
+                }
+                return Promise.reject(new Error('ENOENT'));
+            });
+            const permissions = await getProactiveToolSuggestions('npm.exe');
+            expect(permissions).toBeDefined();
+            expect(permissions?.fileSystem?.read).toContain(path.join(appData, 'npm'));
+            vi.unstubAllEnvs();
+        });
+        it('should include bun, pnpm, and yarn specific paths', async () => {
+            vi.mocked(fs.promises.access).mockResolvedValue(undefined);
+            const bun = await getProactiveToolSuggestions('bun');
+            expect(bun?.fileSystem?.read).toContain(path.join(homeDir, '.bun'));
+            expect(bun?.fileSystem?.read).not.toContain(path.join(homeDir, '.yarn'));
+            const yarn = await getProactiveToolSuggestions('yarn');
+            expect(yarn?.fileSystem?.read).toContain(path.join(homeDir, '.yarn'));
+        });
+    });
+});
+//# sourceMappingURL=proactivePermissions.test.js.map

package/dist/src/sandbox/utils/proactivePermissions.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proactivePermissions.test.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/proactivePermissions.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EACL,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACnB,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;IACxB,OAAO,EAAE;QACP,QAAQ,EAAE;YACR,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;SAChB;QACD,SAAS,EAAE;YACT,IAAI,EAAE,CAAC;SACR;KACF;IACD,QAAQ,EAAE;QACR,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;KAChB;IACD,SAAS,EAAE;QACT,IAAI,EAAE,CAAC;KACR;CACF,CAAC,CAAC,CAAC;AAEJ,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,MAAM,OAAO,GAAG,iBAAiB,CAAC;IAElC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAC/C,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7D,MAAM,CAAC,uBAAuB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3D,MAAM,CAAC,uBAAuB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QAC3C,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,CAAC,MAAM,2BAA2B,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;YAChE,MAAM,CAAC,MAAM,2BAA2B,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;YAChE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,kBAAkB,CAC9C,CAAC,CAAc,EAAE,KAAc,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC7B,IACE,OAAO,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;oBACtC,OAAO,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC;oBACxC,OAAO,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,EACxC,CAAC;oBACD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3B,CAAC;gBACD,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC7C,CAAC,CACF,CAAC;YAEF,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,KAAK,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxC,6BAA6B;YAC7B,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,SAAS,CAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAC7B,CAAC;YACF,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAClD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAC7B,CAAC;YACF,4BAA4B;YAC5B,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,SAAS,CAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAC3B,CAAC;YACF,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,SAAS,CAC9C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAC3B,CAAC;YACF,8BAA8B;YAC9B,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,SAAS,CAC9C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAC7B,CAAC;YACF,gDAAgD;YAChD,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CACjD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAC3B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uFAAuF,EAAE,KAAK,IAAI,EAAE;YACrG,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YACrE,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,KAAK,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxC,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,SAAS,CAC9C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAC3B,CAAC;YACF,oEAAoE;YACpE,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAClD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAC7B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;YAC/D,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,kBAAkB,CAC9C,CAAC,CAAc,EAAE,KAAc,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC7B,IACE,OAAO,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;oBACtC,OAAO,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAC5C,CAAC;oBACD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3B,CAAC;gBACD,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC7C,CAAC,CACF,CAAC;YAEF,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,KAAK,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxC,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,SAAS,CAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAC3B,CAAC;YACF,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,SAAS,CAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CACjC,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;YAC9D,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,kBAAkB,CAC9C,CAAC,CAAc,EAAE,KAAc,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC7B,IAAI,OAAO,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,CAAC;oBAC3C,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3B,CAAC;gBACD,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC7C,CAAC,CACF,CAAC;YAEF,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,KAAK,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxC,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,SAAS,CAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAC3B,CAAC;YACF,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CACjD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CACjC,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAChD,MAAM,OAAO,GAAG,uCAAuC,CAAC;YACxD,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAE/B,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,kBAAkB,CAC9C,CAAC,CAAc,EAAE,KAAc,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC7B,IAAI,OAAO,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;oBAC1C,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3B,CAAC;gBACD,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC7C,CAAC,CACF,CAAC;YAEF,MAAM,WAAW,GAAG,MAAM,2BAA2B,CAAC,SAAS,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,SAAS,CAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAC1B,CAAC;YAEF,EAAE,CAAC,aAAa,EAAE,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;YACjE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAE3D,MAAM,GAAG,GAAG,MAAM,2BAA2B,CAAC,KAAK,CAAC,CAAC;YACrD,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;YACpE,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAEzE,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,CAAC;YACvD,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/sandbox/utils/sandboxDenialUtils.d.ts

@@ -3,10 +3,25 @@
  * Copyright 2026 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
+import { LRUCache } from 'mnemonist';
 import { type ParsedSandboxDenial } from '../../services/sandboxManager.js';
 import type { ShellExecutionResult } from '../../services/shellExecutionService.js';
+/**
+ * Type for the sandbox denial error cache.
+ * Stores normalized error output to prevent redundant processing.
+ */
+export type SandboxDenialCache = LRUCache<string, boolean>;
+/**
+ * Creates a new sandbox denial cache with a standard LRU policy.
+ */
+export declare function createSandboxDenialCache(maxSize?: number): SandboxDenialCache;
+/**
+ * Sanitizes extracted paths to prevent path traversal vulnerabilities.
+ * Filters out paths containing '..' or null bytes.
+ */
+export declare function sanitizeExtractedPath(p: string): string | undefined;
 /**
  * Common POSIX-style sandbox denial detection.
  * Used by macOS and Linux sandbox managers.
  */
-export declare function parsePosixSandboxDenials(result: ShellExecutionResult): ParsedSandboxDenial | undefined;
+export declare function parsePosixSandboxDenials(result: ShellExecutionResult, cache?: SandboxDenialCache): ParsedSandboxDenial | undefined;

package/dist/src/sandbox/utils/sandboxDenialUtils.js

@@ -3,21 +3,72 @@
  * Copyright 2026 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
+import { LRUCache } from 'mnemonist';
 import {} from '../../services/sandboxManager.js';
+import { isValidPathString } from '../../utils/paths.js';
+/**
+ * Creates a new sandbox denial cache with a standard LRU policy.
+ */
+export function createSandboxDenialCache(maxSize = 10) {
+    return new LRUCache(maxSize);
+}
+/**
+ * Sanitizes extracted paths to prevent path traversal vulnerabilities.
+ * Filters out paths containing '..' or null bytes.
+ */
+export function sanitizeExtractedPath(p) {
+    if (!isValidPathString(p))
+        return undefined;
+    // Reject paths with directory traversal components
+    const parts = p.split(/[/\\]/);
+    if (parts.includes('..')) {
+        return undefined;
+    }
+    // Reject paths with internal tildes (tilde should only be at the beginning)
+    if (p.indexOf('~') > 0) {
+        return undefined;
+    }
+    // Basic normalization without resolving symlinks or accessing the file system
+    let normalized = p;
+    // Collapse multiple slashes
+    normalized = normalized.replace(/\/+/g, '/');
+    // Remove single dot segments
+    normalized = normalized.replace(/\/\.\//g, '/');
+    // Remove trailing slashes (unless it's exactly '/')
+    if (normalized.length > 1 && normalized.endsWith('/')) {
+        normalized = normalized.slice(0, -1);
+    }
+    return normalized;
+}
 /**
  * Common POSIX-style sandbox denial detection.
  * Used by macOS and Linux sandbox managers.
  */
-export function parsePosixSandboxDenials(result) {
+export function parsePosixSandboxDenials(result, cache) {
     const output = result.output || '';
     const errorOutput = result.error?.message;
-    const combined = (output + ' ' + (errorOutput || '')).toLowerCase();
+    const fullText = output + '\n' + (errorOutput || '');
+    const combined = fullText.toLowerCase();
+    // Cache by the first 200 characters of the error to handle variable data (timestamps, PIDs)
+    const cacheKey = combined.trim().slice(0, 200);
+    if (cacheKey && cache?.has(cacheKey)) {
+        return undefined;
+    }
     const isFileDenial = [
         'operation not permitted',
+        'permission denied',
+        'eperm',
+        'eacces',
         'vim:e303',
         'should be read/write',
         'sandbox_apply',
         'sandbox: ',
+        'access denied',
+        'read-only file system',
+        'permissionerror',
+        'fs.permissiondenied',
+        'forbidden',
+        'system.unauthorizedaccessexception',
     ].some((keyword) => combined.includes(keyword));
     const isNetworkDenial = [
         'error connecting to',
@@ -25,41 +76,64 @@ export function parsePosixSandboxDenials(result) {
         'could not resolve host',
         'connection refused',
         'no address associated with hostname',
+        'econnrefused',
+        'enotfound',
+        'etimedout',
+        'econnreset',
+        'network error',
+        'getaddrinfo',
+        'socket hang up',
+        'connect-timeout',
+        'err_pnpm_fetch',
+        'err_pnpm_no_matching_version',
+        "syscall: 'listen'",
+        'socketexception',
+        'networkaccessdenied',
     ].some((keyword) => combined.includes(keyword));
     if (!isFileDenial && !isNetworkDenial) {
         return undefined;
     }
     const filePaths = new Set();
-    // Extract denied paths (POSIX absolute paths)
-    const regex = /(?:^|\s)['"]?(\/[\w.-/]+)['"]?:\s*[Oo]peration not permitted/gi;
-    let match;
-    while ((match = regex.exec(output)) !== null) {
-        filePaths.add(match[1]);
-    }
-    if (errorOutput) {
-        while ((match = regex.exec(errorOutput)) !== null) {
-            filePaths.add(match[1]);
+    // Extract denied paths (POSIX absolute paths or home-relative paths starting with ~)
+    const regexes = [
+        // format: /path: operation not permitted
+        /(?:^|\s)['"]?((?:\/|~)(?:[\w.\-/:~]*[\w.\-/~])?)['"]?[\s:,'"[\]]*operation not permitted/gi,
+        // format: operation not permitted, open '/path'
+        /operation not permitted[\s:,'"[\]]*open[\s:,'"[\]]*['"]?((?:\/|~)(?:[\w.\-/:~]*[\w.\-/~])?)['"]?/gi,
+        // format: permission denied, open '/path'
+        /permission denied[\s:,'"[\]]*open[\s:,'"[\]]*['"]?((?:\/|~)(?:[\w.\-/:~]*[\w.\-/~])?)['"]?/gi,
+        // format: npm error path /path or npm ERR! path /path
+        /npm[\s!]*[A-Za-z]*err[A-Za-z!]*[\s!]+path[\s!]*((?:\/|~)(?:[\w.\-/:~]*[\w.\-/~])?)/gi,
+        // format: eacces: permission denied, mkdir '/path'
+        /eacces[\s:,'"[\]]*permission denied[\s:,'"[\]]*\w+[\s:,'"[\]]*['"]?((?:\/|~)[\w.\-/:~]*[\w.\-/~])?/gi,
+        // format: PermissionError: [Errno 13] Permission denied: '/path'
+        /permissionerror[\s:,'"[\]]*(?:[^'"]*)['"]((?:\/|~)[\w.\-/:~]*[\w.\-/~])?['"]/gi,
+        // format: FileNotFoundError: [Errno 2] No such file or directory: '/path' (sometimes returned in sandbox denials if directory is hidden)
+        /filenotfounderror[\s:,'"[\]]*(?:[^'"]*)['"]((?:\/|~)[\w.\-/:~]*[\w.\-/~])?['"]/gi,
+        // format: Error: EACCES: permission denied, open '/path'
+        /error[\s:,'"[\]]*eacces[\s:,'"[\]]*permission denied[\s:,'"[\]]*(?:[^'"]*)['"]((?:\/|~)[\w.\-/:~]*[\w.\-/~])?['"]/gi,
+    ];
+    for (const regex of regexes) {
+        let match;
+        while ((match = regex.exec(fullText)) !== null) {
+            const sanitized = sanitizeExtractedPath(match[1]);
+            if (sanitized)
+                filePaths.add(sanitized);
         }
     }
     // Fallback heuristic: look for any absolute path in the output if it was a file denial
     if (isFileDenial && filePaths.size === 0) {
         const fallbackRegex = /(?:^|[\s"'[\]])(\/[a-zA-Z0-9_.-]+(?:\/[a-zA-Z0-9_.-]+)+)(?:$|[\s"'[\]:])/gi;
         let m;
-        while ((m = fallbackRegex.exec(output)) !== null) {
-            const p = m[1];
-            if (p && !p.startsWith('/bin/') && !p.startsWith('/usr/bin/')) {
-                filePaths.add(p);
-            }
-        }
-        if (errorOutput) {
-            while ((m = fallbackRegex.exec(errorOutput)) !== null) {
-                const p = m[1];
-                if (p && !p.startsWith('/bin/') && !p.startsWith('/usr/bin/')) {
-                    filePaths.add(p);
-                }
-            }
+        while ((m = fallbackRegex.exec(fullText)) !== null) {
+            const sanitized = sanitizeExtractedPath(m[1]);
+            if (sanitized)
+                filePaths.add(sanitized);
         }
     }
+    if (cacheKey && cache) {
+        cache.set(cacheKey, true);
+    }
     return {
         network: isNetworkDenial || undefined,
         filePaths: filePaths.size > 0 ? Array.from(filePaths) : undefined,

package/dist/src/sandbox/utils/sandboxDenialUtils.js.map

@@ -1 +1 @@
-{"version":3,"file":"sandboxDenialUtils.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/sandboxDenialUtils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAA4B,MAAM,kCAAkC,CAAC;AAG5E;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,MAA4B;IAE5B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACnC,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC;IAC1C,MAAM,QAAQ,GAAG,CAAC,MAAM,GAAG,GAAG,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAEpE,MAAM,YAAY,GAAG;QACnB,yBAAyB;QACzB,UAAU;QACV,sBAAsB;QACtB,eAAe;QACf,WAAW;KACZ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAEhD,MAAM,eAAe,GAAG;QACtB,qBAAqB;QACrB,wBAAwB;QACxB,wBAAwB;QACxB,oBAAoB;QACpB,qCAAqC;KACtC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAEhD,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,8CAA8C;IAC9C,MAAM,KAAK,GACT,gEAAgE,CAAC;IACnE,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7C,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC;IACD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,uFAAuF;IACvF,IAAI,YAAY,IAAI,SAAS,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACzC,MAAM,aAAa,GACjB,4EAA4E,CAAC;QAC/E,IAAI,CAAC,CAAC;QACN,OAAO,CAAC,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACjD,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACf,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9D,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QACD,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,CAAC,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACtD,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACf,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC9D,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,eAAe,IAAI,SAAS;QACrC,SAAS,EAAE,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;KAClE,CAAC;AACJ,CAAC"}
+{"version":3,"file":"sandboxDenialUtils.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/sandboxDenialUtils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAA4B,MAAM,kCAAkC,CAAC;AAE5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAQzD;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAO,GAAG,EAAE;IACnD,OAAO,IAAI,QAAQ,CAAkB,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,CAAS;IAC7C,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IAE5C,mDAAmD;IACnD,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,4EAA4E;IAC5E,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,8EAA8E;IAC9E,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,4BAA4B;IAC5B,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7C,6BAA6B;IAC7B,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAEhD,oDAAoD;IACpD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,MAA4B,EAC5B,KAA0B;IAE1B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACnC,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC;IAC1C,MAAM,QAAQ,GAAG,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAExC,4FAA4F;IAC5F,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC/C,IAAI,QAAQ,IAAI,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,YAAY,GAAG;QACnB,yBAAyB;QACzB,mBAAmB;QACnB,OAAO;QACP,QAAQ;QACR,UAAU;QACV,sBAAsB;QACtB,eAAe;QACf,WAAW;QACX,eAAe;QACf,uBAAuB;QACvB,iBAAiB;QACjB,qBAAqB;QACrB,WAAW;QACX,oCAAoC;KACrC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAEhD,MAAM,eAAe,GAAG;QACtB,qBAAqB;QACrB,wBAAwB;QACxB,wBAAwB;QACxB,oBAAoB;QACpB,qCAAqC;QACrC,cAAc;QACd,WAAW;QACX,WAAW;QACX,YAAY;QACZ,eAAe;QACf,aAAa;QACb,gBAAgB;QAChB,iBAAiB;QACjB,gBAAgB;QAChB,8BAA8B;QAC9B,mBAAmB;QACnB,iBAAiB;QACjB,qBAAqB;KACtB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAEhD,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,qFAAqF;IACrF,MAAM,OAAO,GAAG;QACd,yCAAyC;QACzC,4FAA4F;QAC5F,gDAAgD;QAChD,oGAAoG;QACpG,0CAA0C;QAC1C,8FAA8F;QAC9F,sDAAsD;QACtD,sFAAsF;QACtF,mDAAmD;QACnD,sGAAsG;QACtG,iEAAiE;QACjE,gFAAgF;QAChF,yIAAyI;QACzI,kFAAkF;QAClF,yDAAyD;QACzD,qHAAqH;KACtH,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC/C,MAAM,SAAS,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,IAAI,SAAS;gBAAE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,uFAAuF;IACvF,IAAI,YAAY,IAAI,SAAS,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACzC,MAAM,aAAa,GACjB,4EAA4E,CAAC;QAC/E,IAAI,CAAC,CAAC;QACN,OAAO,CAAC,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,SAAS,GAAG,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,IAAI,SAAS;gBAAE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;QACtB,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO;QACL,OAAO,EAAE,eAAe,IAAI,SAAS;QACrC,SAAS,EAAE,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;KAClE,CAAC;AACJ,CAAC"}

package/dist/src/sandbox/utils/sandboxDenialUtils.test.js

@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 import { describe, it, expect } from 'vitest';
-import { parsePosixSandboxDenials } from './sandboxDenialUtils.js';
+import { parsePosixSandboxDenials, createSandboxDenialCache, } from './sandboxDenialUtils.js';
 describe('parsePosixSandboxDenials', () => {
     it('should detect file system denial and extract paths', () => {
         const parsed = parsePosixSandboxDenials({
@@ -33,5 +33,156 @@ describe('parsePosixSandboxDenials', () => {
         });
         expect(parsed).toBeUndefined();
     });
+    it('should detect npm specific file system denials', () => {
+        const output = `
+npm verbose logfile could not be created: Error: EPERM: operation not permitted, open '/Users/galzahavi/.npm/_logs/2026-04-01T02_47_18_624Z-debug-0.log'
+    `;
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed).toBeDefined();
+        expect(parsed?.filePaths).toContain('/Users/galzahavi/.npm/_logs/2026-04-01T02_47_18_624Z-debug-0.log');
+    });
+    it('should detect npm specific path errors', () => {
+        const output = `
+npm error code EPERM
+npm error syscall open
+npm error path /Users/galzahavi/.npm/_cacache/tmp/ccf579a2
+    `;
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed).toBeDefined();
+        expect(parsed?.filePaths).toContain('/Users/galzahavi/.npm/_cacache/tmp/ccf579a2');
+    });
+    it('should detect network denials with ENOTFOUND', () => {
+        const output = `
+npm http fetch GET https://registry.npmjs.org/2 attempt 1 failed with ENOTFOUND
+    `;
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed).toBeDefined();
+        expect(parsed?.network).toBe(true);
+    });
+    it('should detect non-verbose npm path errors', () => {
+        const output = `
+npm ERR! code EPERM
+npm ERR! syscall open
+npm ERR! path /Users/galzahavi/.npm/_cacache/tmp/ccf579a2
+    `;
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed).toBeDefined();
+        expect(parsed?.filePaths).toContain('/Users/galzahavi/.npm/_cacache/tmp/ccf579a2');
+    });
+    it('should detect pnpm specific network errors', () => {
+        const output = `
+ERR_PNPM_FETCH_404 GET https://registry.npmjs.org/nonexistent: Not Found
+    `;
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed).toBeDefined();
+        expect(parsed?.network).toBe(true);
+    });
+    it('should detect pnpm specific file system errors', () => {
+        const output = `
+EACCES: permission denied, mkdir '/Users/galzahavi/.pnpm-store/v3'
+    `;
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed).toBeDefined();
+        expect(parsed?.filePaths).toContain('/Users/galzahavi/.pnpm-store/v3');
+    });
+    it('should detect Python PermissionError and extract path accurately', () => {
+        const output = `Caught exception: [Errno 13] Permission denied: '/etc/test_sandbox_denial'
+Traceback (most recent call last):
+  File "/usr/local/google/home/davidapierce/gemini-cli/repro_sandbox.py", line 9, in <module>
+    raise e
+  File "/usr/local/google/home/davidapierce/gemini-cli/repro_sandbox.py", line 5, in <module>
+    with open('/etc/test_sandbox_denial', 'w') as f:
+         ~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+PermissionError: [Errno 13] Permission denied: '/etc/test_sandbox_denial'`;
+        const parsed = parsePosixSandboxDenials({
+            output,
+            exitCode: 1,
+            error: null,
+        });
+        expect(parsed?.filePaths).toEqual(['/etc/test_sandbox_denial']);
+    });
+    it('should detect new keywords like "access denied" and "forbidden"', () => {
+        const parsed1 = parsePosixSandboxDenials({
+            output: 'Access denied to /var/log/syslog',
+            exitCode: 1,
+            error: null,
+        });
+        expect(parsed1?.filePaths).toContain('/var/log/syslog');
+        const parsed2 = parsePosixSandboxDenials({
+            output: 'Forbidden: access to /root/secret is not allowed',
+            exitCode: 1,
+            error: null,
+        });
+        expect(parsed2?.filePaths).toContain('/root/secret');
+    });
+    it('should detect read-only file system error', () => {
+        const parsed = parsePosixSandboxDenials({
+            output: 'rm: cannot remove /mnt/usb/test: Read-only file system',
+            exitCode: 1,
+            error: null,
+        });
+        expect(parsed?.filePaths).toContain('/mnt/usb/test');
+    });
+    it('should reject paths with directory traversal', () => {
+        const output = 'ls: /etc/shadow/../../etc/passwd: Operation not permitted';
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed?.filePaths || []).not.toContain('/etc/shadow/../../etc/passwd');
+    });
+    it('should reject home-relative paths with directory traversal', () => {
+        const output = "Operation not permitted, open '~/../../etc/shadow'";
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed?.filePaths || []).not.toContain('~/../../etc/shadow');
+    });
+    it('should reject paths with null bytes', () => {
+        const output = "Operation not permitted, open '/etc/passwd\0/foo'";
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed?.filePaths || []).not.toContain('/etc/passwd\0/foo');
+    });
+    it('should reject paths with internal tildes', () => {
+        const output = "Operation not permitted, open '/home/user/~/config'";
+        const parsed = parsePosixSandboxDenials({
+            output,
+        });
+        expect(parsed?.filePaths || []).not.toContain('/home/user/~/config');
+    });
+    it('should suppress redundant denials if cache is provided', () => {
+        const cache = createSandboxDenialCache();
+        const result = {
+            output: 'ls: /root: Operation not permitted',
+        };
+        // First call: should process
+        const parsed1 = parsePosixSandboxDenials(result, cache);
+        expect(parsed1).toBeDefined();
+        // Second call: should be suppressed
+        const parsed2 = parsePosixSandboxDenials(result, cache);
+        expect(parsed2).toBeUndefined();
+    });
+    it('should not suppress denials if no cache is provided', () => {
+        const result = {
+            output: 'ls: /root: Operation not permitted',
+        };
+        const parsed1 = parsePosixSandboxDenials(result);
+        expect(parsed1).toBeDefined();
+        const parsed2 = parsePosixSandboxDenials(result);
+        expect(parsed2).toBeDefined();
+    });
 });
 //# sourceMappingURL=sandboxDenialUtils.test.js.map

package/dist/src/sandbox/utils/sandboxDenialUtils.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"sandboxDenialUtils.test.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/sandboxDenialUtils.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AAGnE,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EAAE,oCAAoC;SACV,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EAAE,8CAA8C;SACpB,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EACJ,sEAAsE;SACtC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EAAE,aAAa;SACa,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"sandboxDenialUtils.test.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/sandboxDenialUtils.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAGjC,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EAAE,oCAAoC;SACV,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EAAE,8CAA8C;SACpB,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EACJ,sEAAsE;SACtC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EAAE,aAAa;SACa,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAG;;KAEd,CAAC;QACF,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CACjC,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,MAAM,GAAG;;;;KAId,CAAC;QACF,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CACjC,6CAA6C,CAC9C,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG;;KAEd,CAAC;QACF,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,MAAM,GAAG;;;;KAId,CAAC;QACF,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CACjC,6CAA6C,CAC9C,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,MAAM,GAAG;;KAEd,CAAC;QACF,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAG;;KAEd,CAAC;QACF,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,iCAAiC,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,MAAM,MAAM,GAAG;;;;;;;0EAOuD,CAAC;QAEvE,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;YACN,QAAQ,EAAE,CAAC;YACX,KAAK,EAAE,IAAI;SACuB,CAAC,CAAC;QAEtC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,OAAO,GAAG,wBAAwB,CAAC;YACvC,MAAM,EAAE,kCAAkC;YAC1C,QAAQ,EAAE,CAAC;YACX,KAAK,EAAE,IAAI;SACuB,CAAC,CAAC;QACtC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAExD,MAAM,OAAO,GAAG,wBAAwB,CAAC;YACvC,MAAM,EAAE,kDAAkD;YAC1D,QAAQ,EAAE,CAAC;YACX,KAAK,EAAE,IAAI;SACuB,CAAC,CAAC;QACtC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM,EAAE,wDAAwD;YAChE,QAAQ,EAAE,CAAC;YACX,KAAK,EAAE,IAAI;SACuB,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,2DAA2D,CAAC;QAC3E,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,CAC3C,8BAA8B,CAC/B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,MAAM,GAAG,oDAAoD,CAAC;QACpE,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,mDAAmD,CAAC;QACnE,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,MAAM,GAAG,qDAAqD,CAAC;QACrE,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,MAAM;SAC4B,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,KAAK,GAAG,wBAAwB,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG;YACb,MAAM,EAAE,oCAAoC;SACV,CAAC;QAErC,6BAA6B;QAC7B,MAAM,OAAO,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAE9B,oCAAoC;QACpC,MAAM,OAAO,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,MAAM,GAAG;YACb,MAAM,EAAE,oCAAoC;SACV,CAAC;QAErC,MAAM,OAAO,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAE9B,MAAM,OAAO,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/sandbox/utils/sandboxReadWriteUtils.js

@@ -5,11 +5,15 @@
  */
 import * as path from 'node:path';
 import {} from '../../services/sandboxManager.js';
+import { isValidPathString } from '../../utils/paths.js';
 /**
  * Validates if the requested paths are within the allowed workspace or allowed paths.
  */
 function validatePaths(paths, workspace, allowedPaths) {
     for (const p of paths) {
+        if (!isValidPathString(p)) {
+            return false; // Reject malicious paths
+        }
         const resolvedPath = path.resolve(p);
         const resolvedWorkspace = path.resolve(workspace);
         const isInsideWorkspace = resolvedPath.startsWith(resolvedWorkspace + path.sep) ||

package/dist/src/sandbox/utils/sandboxReadWriteUtils.js.map

@@ -1 +1 @@
-{"version":3,"file":"sandboxReadWriteUtils.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/sandboxReadWriteUtils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAGN,MAAM,kCAAkC,CAAC;AAE1C;;GAEG;AACH,SAAS,aAAa,CACpB,KAAe,EACf,SAAiB,EACjB,YAAsB;IAEtB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,iBAAiB,GACrB,YAAY,CAAC,UAAU,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC;YACrD,YAAY,KAAK,iBAAiB,CAAC;QAErC,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9C,IACE,YAAY,CAAC,UAAU,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC;gBACnD,YAAY,KAAK,eAAe,EAChC,CAAC;gBACD,eAAe,GAAG,IAAI,CAAC;gBACvB,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC,CAAC,gDAAgD;QAChE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,GAAmB,EACnB,gBAAoC,EACpC,SAAiB,EACjB,eAAyB,EAAE;IAE3B,IAAI,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC;IAC/B,IAAI,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC;IAEzB,IAAI,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC7B,YAAY,GAAG,UAAU,CAAC;QAC1B,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC;gBACrD,gBAAgB,CAAC,UAAW,CAAC,IAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,oFAAoF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1G,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACrC,YAAY,GAAG,SAAS,CAAC;QACzB,SAAS,GAAG,CAAC,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;QAChE,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC;gBACrD,gBAAgB,CAAC,UAAW,CAAC,KAAM,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,qFAAqF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3G,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC"}
+{"version":3,"file":"sandboxReadWriteUtils.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/sandboxReadWriteUtils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAGN,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD;;GAEG;AACH,SAAS,aAAa,CACpB,KAAe,EACf,SAAiB,EACjB,YAAsB;IAEtB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC,CAAC,yBAAyB;QACzC,CAAC;QACD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,iBAAiB,GACrB,YAAY,CAAC,UAAU,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC;YACrD,YAAY,KAAK,iBAAiB,CAAC;QAErC,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9C,IACE,YAAY,CAAC,UAAU,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC;gBACnD,YAAY,KAAK,eAAe,EAChC,CAAC;gBACD,eAAe,GAAG,IAAI,CAAC;gBACvB,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC,CAAC,gDAAgD;QAChE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,GAAmB,EACnB,gBAAoC,EACpC,SAAiB,EACjB,eAAyB,EAAE;IAE3B,IAAI,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC;IAC/B,IAAI,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC;IAEzB,IAAI,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC7B,YAAY,GAAG,UAAU,CAAC;QAC1B,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC;gBACrD,gBAAgB,CAAC,UAAW,CAAC,IAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,oFAAoF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1G,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACrC,YAAY,GAAG,SAAS,CAAC;QACzB,SAAS,GAAG,CAAC,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;QAChE,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC;gBACrD,gBAAgB,CAAC,UAAW,CAAC,KAAM,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,qFAAqF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3G,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC"}