@hackerai/local 0.6.0 → 0.7.1

package/dist/utils.d.ts

@@ -4,41 +4,11 @@
  */
 export declare const MAX_OUTPUT_SIZE = 12288;
 export declare const TRUNCATION_MARKER = "\n\n[... OUTPUT TRUNCATED - middle content removed to fit context limits ...]\n\n";
-/**
- * Required Docker capabilities for penetration testing tools.
- * - NET_RAW: ping, nmap, masscan, hping3, arp-scan, tcpdump, raw sockets
- * - NET_ADMIN: network interface manipulation, arp-scan, netdiscover
- * - SYS_PTRACE: gdb, strace, ltrace (debugging tools)
- */
-export declare const DOCKER_CAPABILITIES: readonly ["NET_RAW", "NET_ADMIN", "SYS_PTRACE"];
 /**
  * Truncates output using 25% head + 75% tail strategy.
  * This preserves both the command start (context) and the end (final results/errors).
  */
 export declare function truncateOutput(content: string, maxSize?: number): string;
-/**
- * Build Docker capability flags for the docker run command.
- */
-export declare function buildDockerCapabilityFlags(): string;
-/**
- * Build the full docker run command for creating a container.
- */
-export declare function buildDockerRunCommand(options: {
-    image: string;
-    containerName?: string;
-    capabilities?: boolean;
-}): string;
-/**
- * Determine the sandbox mode based on configuration.
- */
-export declare function getSandboxMode(config: {
-    dangerous?: boolean;
-}): "docker" | "dangerous";
-/**
- * Parse shell detection output to find available shell.
- * Returns the first valid shell path found.
- */
-export declare function parseShellDetectionOutput(output: string): string;
 export interface ShellConfig {
     shell: string;
     shellFlag: string;

package/dist/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,eAAO,MAAM,eAAe,QAAQ,CAAC;AAGrC,eAAO,MAAM,iBAAiB,sFACuD,CAAC;AAEtF;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,iDAItB,CAAC;AAEX;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,MAAwB,GAChC,MAAM,CAcR;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,MAAM,CAEnD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE;IAC7C,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB,GAAG,MAAM,CAOT;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE;IACrC,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,GAAG,QAAQ,GAAG,WAAW,CAKzB;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAOhE;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,CAM7D"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,eAAO,MAAM,eAAe,QAAQ,CAAC;AAGrC,eAAO,MAAM,iBAAiB,sFACuD,CAAC;AAEtF;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,MAAwB,GAChC,MAAM,CAcR;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,CAM7D"}

package/dist/utils.js

@@ -4,28 +4,13 @@
  * Extracted for testability.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DOCKER_CAPABILITIES = exports.TRUNCATION_MARKER = exports.MAX_OUTPUT_SIZE = void 0;
+exports.TRUNCATION_MARKER = exports.MAX_OUTPUT_SIZE = void 0;
 exports.truncateOutput = truncateOutput;
-exports.buildDockerCapabilityFlags = buildDockerCapabilityFlags;
-exports.buildDockerRunCommand = buildDockerRunCommand;
-exports.getSandboxMode = getSandboxMode;
-exports.parseShellDetectionOutput = parseShellDetectionOutput;
 exports.getDefaultShell = getDefaultShell;
 // Align with LLM context limits (~4096 tokens ≈ 12288 chars)
 exports.MAX_OUTPUT_SIZE = 12288;
 // Truncation marker for 25% head + 75% tail strategy
 exports.TRUNCATION_MARKER = "\n\n[... OUTPUT TRUNCATED - middle content removed to fit context limits ...]\n\n";
-/**
- * Required Docker capabilities for penetration testing tools.
- * - NET_RAW: ping, nmap, masscan, hping3, arp-scan, tcpdump, raw sockets
- * - NET_ADMIN: network interface manipulation, arp-scan, netdiscover
- * - SYS_PTRACE: gdb, strace, ltrace (debugging tools)
- */
-exports.DOCKER_CAPABILITIES = [
-    "NET_RAW",
-    "NET_ADMIN",
-    "SYS_PTRACE",
-];
 /**
  * Truncates output using 25% head + 75% tail strategy.
  * This preserves both the command start (context) and the end (final results/errors).
@@ -42,42 +27,6 @@ function truncateOutput(content, maxSize = exports.MAX_OUTPUT_SIZE) {
     const tail = content.slice(-tailBudget);
     return head + exports.TRUNCATION_MARKER + tail;
 }
-/**
- * Build Docker capability flags for the docker run command.
- */
-function buildDockerCapabilityFlags() {
-    return exports.DOCKER_CAPABILITIES.map((cap) => `--cap-add=${cap}`).join(" ");
-}
-/**
- * Build the full docker run command for creating a container.
- */
-function buildDockerRunCommand(options) {
-    const { image, containerName, capabilities = true } = options;
-    const nameFlag = containerName ? `--name ${containerName} ` : "";
-    const capFlags = capabilities ? `${buildDockerCapabilityFlags()} ` : "";
-    return `docker run -d ${nameFlag}${capFlags}--network host ${image} tail -f /dev/null`;
-}
-/**
- * Determine the sandbox mode based on configuration.
- */
-function getSandboxMode(config) {
-    if (config.dangerous) {
-        return "dangerous";
-    }
-    return "docker";
-}
-/**
- * Parse shell detection output to find available shell.
- * Returns the first valid shell path found.
- */
-function parseShellDetectionOutput(output) {
-    if (!output || !output.trim()) {
-        return "/bin/sh";
-    }
-    // Take first line (first result from 'command -v bash || command -v sh')
-    const shell = output.trim().split("\n")[0];
-    return shell || "/bin/sh";
-}
 /**
  * Get the default shell for a given platform.
  * On Windows, uses cmd.exe (not PowerShell, which aliases curl to Invoke-WebRequest

package/dist/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAyBH,wCAiBC;AAKD,gEAEC;AAKD,sDAWC;AAKD,wCAOC;AAMD,8DAOC;AAYD,0CAMC;AA1GD,6DAA6D;AAChD,QAAA,eAAe,GAAG,KAAK,CAAC;AAErC,qDAAqD;AACxC,QAAA,iBAAiB,GAC5B,mFAAmF,CAAC;AAEtF;;;;;GAKG;AACU,QAAA,mBAAmB,GAAG;IACjC,SAAS;IACT,WAAW;IACX,YAAY;CACJ,CAAC;AAEX;;;GAGG;AACH,SAAgB,cAAc,CAC5B,OAAe,EACf,UAAkB,uBAAe;IAEjC,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE9C,MAAM,YAAY,GAAG,yBAAiB,CAAC,MAAM,CAAC;IAC9C,MAAM,gBAAgB,GAAG,OAAO,GAAG,YAAY,CAAC;IAEhD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,gBAAgB,GAAG,UAAU,CAAC;IAEjD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;IAExC,OAAO,IAAI,GAAG,yBAAiB,GAAG,IAAI,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,SAAgB,0BAA0B;IACxC,OAAO,2BAAmB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACxE,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,OAIrC;IACC,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,YAAY,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE9D,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,UAAU,aAAa,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACjE,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,GAAG,0BAA0B,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAExE,OAAO,iBAAiB,QAAQ,GAAG,QAAQ,kBAAkB,KAAK,oBAAoB,CAAC;AACzF,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAE9B;IACC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,MAAc;IACtD,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QAC9B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,yEAAyE;IACzE,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,OAAO,KAAK,IAAI,SAAS,CAAC;AAC5B,CAAC;AAOD;;;;GAIG;AACH,SAAgB,eAAe,CAAC,QAAgB;IAC9C,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC/C,CAAC;IACD,yCAAyC;IACzC,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACjD,CAAC"}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAaH,wCAiBC;AAYD,0CAMC;AA9CD,6DAA6D;AAChD,QAAA,eAAe,GAAG,KAAK,CAAC;AAErC,qDAAqD;AACxC,QAAA,iBAAiB,GAC5B,mFAAmF,CAAC;AAEtF;;;GAGG;AACH,SAAgB,cAAc,CAC5B,OAAe,EACf,UAAkB,uBAAe;IAEjC,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE9C,MAAM,YAAY,GAAG,yBAAiB,CAAC,MAAM,CAAC;IAC9C,MAAM,gBAAgB,GAAG,OAAO,GAAG,YAAY,CAAC;IAEhD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,gBAAgB,GAAG,UAAU,CAAC;IAEjD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;IAExC,OAAO,IAAI,GAAG,yBAAiB,GAAG,IAAI,CAAC;AACzC,CAAC;AAOD;;;;GAIG;AACH,SAAgB,eAAe,CAAC,QAAgB;IAC9C,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC/C,CAAC;IACD,yCAAyC;IACzC,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACjD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hackerai/local",
-  "version": "0.6.0",
+  "version": "0.7.1",
   "description": "HackerAI Local Sandbox Client - Execute commands on your local machine",
   "bin": {
     "hackerai-local": "./dist/index.js"

package/dist/pty-manager.d.ts

@@ -1,95 +0,0 @@
-/**
- * PTY Session Manager for the local sandbox client.
- *
- * Manages node-pty processes, batches output for Convex relay,
- * and handles stdin/resize/kill from the backend.
- *
- * Cross-platform: macOS (forkpty), Linux (forkpty), Windows (conpty).
- */
-import type { ConvexClient } from "convex/browser";
-interface SignedSession {
-  userId: string;
-  expiresAt: number;
-  signature: string;
-}
-export declare class PtyManager {
-  private convex;
-  private token;
-  private connectionId;
-  private session;
-  private mode;
-  private containerId?;
-  private containerShell?;
-  private sessions;
-  private sessionSubscription;
-  private ptyAvailable;
-  constructor(
-    convex: ConvexClient,
-    token: string,
-    connectionId: string,
-    session: SignedSession,
-    mode: "docker" | "dangerous",
-    containerId?: string | undefined,
-    containerShell?: string | undefined,
-  );
-  /**
-   * Fix node-pty spawn-helper permissions.
-   * npm/pnpm can strip the execute bit from prebuilt binaries during install.
-   * Without +x, posix_spawnp fails on macOS/Linux.
-   */
-  private fixSpawnHelperPermissions;
-  /**
-   * Update the signed session (called after heartbeat refresh).
-   */
-  updateSession(session: SignedSession): void;
-  /**
-   * Start listening for new PTY session requests from the backend.
-   */
-  startSessionSubscription(): void;
-  /**
-   * Stop the session subscription.
-   */
-  stopSessionSubscription(): void;
-  /**
-   * Handle a request to create a new PTY session.
-   */
-  private handleCreateSession;
-  /**
-   * Buffer PTY output and flush periodically to reduce Convex writes.
-   */
-  private bufferOutput;
-  /**
-   * Flush buffered output to Convex.
-   */
-  private flushOutput;
-  /**
-   * Subscribe to stdin input from the backend for a session.
-   */
-  private startInputSubscription;
-  /**
-   * Handle a kill request for a session (called when backend detects killed status).
-   */
-  killSession(sessionId: string): boolean;
-  /**
-   * Resize a PTY session.
-   */
-  resizeSession(sessionId: string, cols: number, rows: number): boolean;
-  /**
-   * Clean up a session's resources.
-   */
-  private cleanupSession;
-  /**
-   * Clean up all sessions and stop subscriptions.
-   */
-  cleanup(): Promise<void>;
-  /**
-   * Check if PTY support is available.
-   */
-  get isAvailable(): boolean;
-  /**
-   * Get the number of active sessions.
-   */
-  get activeSessionCount(): number;
-}
-export {};
-//# sourceMappingURL=pty-manager.d.ts.map

package/dist/pty-manager.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pty-manager.d.ts","sourceRoot":"","sources":["../src/pty-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAmDnD,UAAU,aAAa;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAUD,qBAAa,UAAU;IAMnB,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,YAAY;IACpB,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,IAAI;IACZ,OAAO,CAAC,WAAW,CAAC;IACpB,OAAO,CAAC,cAAc,CAAC;IAXzB,OAAO,CAAC,QAAQ,CAAyC;IACzD,OAAO,CAAC,mBAAmB,CAA6B;IACxD,OAAO,CAAC,YAAY,CAAU;gBAGpB,MAAM,EAAE,YAAY,EACpB,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,aAAa,EACtB,IAAI,EAAE,QAAQ,GAAG,WAAW,EAC5B,WAAW,CAAC,EAAE,MAAM,YAAA,EACpB,cAAc,CAAC,EAAE,MAAM,YAAA;IAejC;;;;OAIG;IACH,OAAO,CAAC,yBAAyB;IAkCjC;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI;IAO3C;;OAEG;IACH,wBAAwB,IAAI,IAAI;IA8BhC;;OAEG;IACH,uBAAuB,IAAI,IAAI;IAO/B;;OAEG;YACW,mBAAmB;IAsIjC;;OAEG;IACH,OAAO,CAAC,YAAY;IAkBpB;;OAEG;YACW,WAAW;IAsCzB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAoD9B;;OAEG;IACH,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAcvC;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAYrE;;OAEG;IACH,OAAO,CAAC,cAAc;IActB;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IA8B9B;;OAEG;IACH,IAAI,WAAW,IAAI,OAAO,CAEzB;IAED;;OAEG;IACH,IAAI,kBAAkB,IAAI,MAAM,CAE/B;CACF"}

package/dist/pty-manager.js

@@ -1,452 +0,0 @@
-"use strict";
-/**
- * PTY Session Manager for the local sandbox client.
- *
- * Manages node-pty processes, batches output for Convex relay,
- * and handles stdin/resize/kill from the backend.
- *
- * Cross-platform: macOS (forkpty), Linux (forkpty), Windows (conpty).
- */
-var __importDefault =
-  (this && this.__importDefault) ||
-  function (mod) {
-    return mod && mod.__esModule ? mod : { default: mod };
-  };
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PtyManager = void 0;
-const os_1 = __importDefault(require("os"));
-const fs_1 = __importDefault(require("fs"));
-const path_1 = __importDefault(require("path"));
-const utils_1 = require("./utils");
-// Convex function references
-const api = {
-  localSandbox: {
-    activatePtySession: "localSandbox:activatePtySession",
-    submitPtyOutput: "localSandbox:submitPtyOutput",
-    updatePtySessionStatus: "localSandbox:updatePtySessionStatus",
-    markPtyInputConsumed: "localSandbox:markPtyInputConsumed",
-    subscribeToPtyInput: "localSandbox:subscribeToPtyInput",
-    getPendingPtySessions: "localSandbox:getPendingPtySessions",
-  },
-};
-// ANSI color codes
-const chalk = {
-  blue: (s) => `\x1b[34m${s}\x1b[0m`,
-  green: (s) => `\x1b[32m${s}\x1b[0m`,
-  red: (s) => `\x1b[31m${s}\x1b[0m`,
-  yellow: (s) => `\x1b[33m${s}\x1b[0m`,
-  cyan: (s) => `\x1b[36m${s}\x1b[0m`,
-  gray: (s) => `\x1b[90m${s}\x1b[0m`,
-};
-// Output batching: buffer for ~75ms before sending to reduce Convex write frequency
-const OUTPUT_BATCH_INTERVAL_MS = 75;
-// Max size of a single output chunk (base64 encoded) to stay under Convex limits
-const MAX_CHUNK_SIZE = 64 * 1024; // 64KB
-class PtyManager {
-  convex;
-  token;
-  connectionId;
-  session;
-  mode;
-  containerId;
-  containerShell;
-  sessions = new Map();
-  sessionSubscription = null;
-  ptyAvailable;
-  constructor(
-    convex,
-    token,
-    connectionId,
-    session,
-    mode,
-    containerId,
-    containerShell,
-  ) {
-    this.convex = convex;
-    this.token = token;
-    this.connectionId = connectionId;
-    this.session = session;
-    this.mode = mode;
-    this.containerId = containerId;
-    this.containerShell = containerShell;
-    // Ensure node-pty's spawn-helper binary is executable (npm may strip the +x bit)
-    this.fixSpawnHelperPermissions();
-    this.ptyAvailable = (0, utils_1.isNodePtyAvailable)();
-    if (!this.ptyAvailable) {
-      console.log(
-        chalk.yellow(
-          "⚠️  node-pty not available - PTY sessions will not be supported",
-        ),
-      );
-    }
-  }
-  /**
-   * Fix node-pty spawn-helper permissions.
-   * npm/pnpm can strip the execute bit from prebuilt binaries during install.
-   * Without +x, posix_spawnp fails on macOS/Linux.
-   */
-  fixSpawnHelperPermissions() {
-    try {
-      // Resolve node-pty's prebuilds directory
-      const nodePtyDir = path_1.default.dirname(
-        require.resolve("node-pty/package.json"),
-      );
-      const prebuildsDir = path_1.default.join(nodePtyDir, "prebuilds");
-      if (!fs_1.default.existsSync(prebuildsDir)) return;
-      for (const platformDir of fs_1.default.readdirSync(prebuildsDir)) {
-        const helperPath = path_1.default.join(
-          prebuildsDir,
-          platformDir,
-          "spawn-helper",
-        );
-        if (!fs_1.default.existsSync(helperPath)) continue;
-        try {
-          const stat = fs_1.default.statSync(helperPath);
-          // Check if execute bit is missing for owner
-          if ((stat.mode & 0o100) === 0) {
-            fs_1.default.chmodSync(helperPath, 0o755);
-            console.debug(
-              `Fixed spawn-helper permissions: ${platformDir}/spawn-helper`,
-            );
-          }
-        } catch {
-          // Non-critical — may not have permission to chmod
-        }
-      }
-    } catch {
-      // Non-critical — node-pty might not be installed
-    }
-  }
-  /**
-   * Update the signed session (called after heartbeat refresh).
-   */
-  updateSession(session) {
-    this.session = session;
-    // Restart subscription with new session
-    this.stopSessionSubscription();
-    this.startSessionSubscription();
-  }
-  /**
-   * Start listening for new PTY session requests from the backend.
-   */
-  startSessionSubscription() {
-    if (!this.ptyAvailable) return;
-    if (this.sessionSubscription) return;
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    this.sessionSubscription = this.convex.onUpdate(
-      api.localSandbox.getPendingPtySessions,
-      {
-        connectionId: this.connectionId,
-        session: {
-          userId: this.session.userId,
-          expiresAt: this.session.expiresAt,
-          signature: this.session.signature,
-        },
-      },
-      async (data) => {
-        if (data?.authError) {
-          console.debug(
-            "PTY session subscription: auth error, will refresh on next heartbeat",
-          );
-          return;
-        }
-        if (!data?.sessions) return;
-        for (const req of data.sessions) {
-          await this.handleCreateSession(req);
-        }
-      },
-    );
-  }
-  /**
-   * Stop the session subscription.
-   */
-  stopSessionSubscription() {
-    if (this.sessionSubscription) {
-      this.sessionSubscription();
-      this.sessionSubscription = null;
-    }
-  }
-  /**
-   * Handle a request to create a new PTY session.
-   */
-  async handleCreateSession(req) {
-    if (this.sessions.has(req.session_id)) return; // Already created
-    console.log(chalk.cyan(`▶ PTY session: ${req.session_id.slice(0, 8)}...`));
-    try {
-      // Dynamic import of node-pty to handle cases where it's not available
-      // eslint-disable-next-line @typescript-eslint/no-var-requires
-      const nodePty = require("node-pty");
-      // Validate cwd exists on the host for dangerous mode.
-      // E2B PTY sessions pass cwd="/home/user" which doesn't exist on macOS/Windows.
-      // For Docker mode, cwd is passed to `docker exec -w` so it's inside the container.
-      let effectiveCwd = req.cwd;
-      if (this.mode === "dangerous" && effectiveCwd) {
-        try {
-          if (!fs_1.default.existsSync(effectiveCwd)) {
-            console.debug(
-              `PTY cwd "${effectiveCwd}" not found, falling back to home dir`,
-            );
-            effectiveCwd = os_1.default.homedir();
-          }
-        } catch {
-          effectiveCwd = os_1.default.homedir();
-        }
-      }
-      const spawnConfig = (0, utils_1.getPtySpawnConfig)({
-        platform: os_1.default.platform(),
-        mode: this.mode,
-        containerId: this.containerId,
-        containerShell: this.containerShell,
-        cols: req.cols,
-        rows: req.rows,
-        cwd: effectiveCwd,
-        env: req.env,
-      });
-      const ptyProcess = nodePty.spawn(spawnConfig.file, spawnConfig.args, {
-        name: "xterm-256color",
-        ...spawnConfig.options,
-      });
-      const activeSession = {
-        sessionId: req.session_id,
-        process: ptyProcess,
-        outputBuffer: "",
-        outputSequence: 0,
-        batchTimer: null,
-        inputSubscription: null,
-      };
-      this.sessions.set(req.session_id, activeSession);
-      // Report PID and activate session
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      await this.convex.mutation(api.localSandbox.activatePtySession, {
-        token: this.token,
-        sessionId: req.session_id,
-        pid: ptyProcess.pid,
-      });
-      // Set up output handler with batching
-      ptyProcess.onData((data) => {
-        this.bufferOutput(activeSession, data);
-      });
-      // Set up exit handler
-      ptyProcess.onExit(async (e) => {
-        // Flush any remaining output
-        await this.flushOutput(activeSession);
-        // Report exit
-        try {
-          // eslint-disable-next-line @typescript-eslint/no-explicit-any
-          await this.convex.mutation(api.localSandbox.updatePtySessionStatus, {
-            token: this.token,
-            sessionId: req.session_id,
-            status: "exited",
-            exitCode: e.exitCode,
-          });
-        } catch (err) {
-          console.debug(`Failed to report PTY exit: ${err}`);
-        }
-        this.cleanupSession(req.session_id);
-        console.log(
-          chalk.green(
-            `✓ PTY session ${req.session_id.slice(0, 8)}... exited (code: ${e.exitCode})`,
-          ),
-        );
-      });
-      // Start listening for stdin input
-      this.startInputSubscription(activeSession);
-      console.log(
-        chalk.green(
-          `✓ PTY session ${req.session_id.slice(0, 8)}... active (PID: ${ptyProcess.pid})`,
-        ),
-      );
-    } catch (err) {
-      console.error(chalk.red(`✗ Failed to create PTY session: ${err}`));
-      // Report failure
-      try {
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        await this.convex.mutation(api.localSandbox.updatePtySessionStatus, {
-          token: this.token,
-          sessionId: req.session_id,
-          status: "exited",
-          exitCode: -1,
-        });
-      } catch {
-        /* ignore */
-      }
-    }
-  }
-  /**
-   * Buffer PTY output and flush periodically to reduce Convex writes.
-   */
-  bufferOutput(session, data) {
-    session.outputBuffer += data;
-    // If buffer is getting large, flush immediately
-    if (session.outputBuffer.length >= MAX_CHUNK_SIZE) {
-      this.flushOutput(session);
-      return;
-    }
-    // Otherwise, batch with a short timer
-    if (!session.batchTimer) {
-      session.batchTimer = setTimeout(() => {
-        session.batchTimer = null;
-        this.flushOutput(session);
-      }, OUTPUT_BATCH_INTERVAL_MS);
-    }
-  }
-  /**
-   * Flush buffered output to Convex.
-   */
-  async flushOutput(session) {
-    if (session.batchTimer) {
-      clearTimeout(session.batchTimer);
-      session.batchTimer = null;
-    }
-    if (!session.outputBuffer) return;
-    const data = session.outputBuffer;
-    session.outputBuffer = "";
-    // Split into chunks if necessary
-    const chunks = [];
-    for (let i = 0; i < data.length; i += MAX_CHUNK_SIZE) {
-      const chunk = data.slice(i, i + MAX_CHUNK_SIZE);
-      // Encode as base64 to safely transport binary PTY data through Convex
-      const encoded = Buffer.from(chunk, "utf-8").toString("base64");
-      chunks.push({
-        data: encoded,
-        sequence: ++session.outputSequence,
-      });
-    }
-    try {
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      await this.convex.mutation(api.localSandbox.submitPtyOutput, {
-        token: this.token,
-        sessionId: session.sessionId,
-        chunks,
-      });
-    } catch (err) {
-      console.debug(`Failed to submit PTY output: ${err}`);
-    }
-  }
-  /**
-   * Subscribe to stdin input from the backend for a session.
-   */
-  startInputSubscription(session) {
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    session.inputSubscription = this.convex.onUpdate(
-      api.localSandbox.subscribeToPtyInput,
-      {
-        sessionId: session.sessionId,
-        session: {
-          userId: this.session.userId,
-          expiresAt: this.session.expiresAt,
-          signature: this.session.signature,
-        },
-        connectionId: this.connectionId,
-      },
-      async (data) => {
-        if (data?.authError) return;
-        if (!data?.inputs?.length) return;
-        const inputIds = [];
-        for (const input of data.inputs) {
-          // Decode base64 data and write to PTY
-          const decoded = Buffer.from(input.data, "base64").toString("utf-8");
-          try {
-            session.process.write(decoded);
-          } catch {
-            // Process may have exited
-          }
-          inputIds.push(input._id);
-        }
-        // Mark inputs as consumed
-        if (inputIds.length > 0) {
-          try {
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            await this.convex.mutation(api.localSandbox.markPtyInputConsumed, {
-              token: this.token,
-              inputIds,
-            });
-          } catch {
-            /* ignore */
-          }
-        }
-      },
-    );
-  }
-  /**
-   * Handle a kill request for a session (called when backend detects killed status).
-   */
-  killSession(sessionId) {
-    const session = this.sessions.get(sessionId);
-    if (!session) return false;
-    try {
-      session.process.kill();
-    } catch {
-      /* may already be dead */
-    }
-    this.cleanupSession(sessionId);
-    return true;
-  }
-  /**
-   * Resize a PTY session.
-   */
-  resizeSession(sessionId, cols, rows) {
-    const session = this.sessions.get(sessionId);
-    if (!session) return false;
-    try {
-      session.process.resize(cols, rows);
-      return true;
-    } catch {
-      return false;
-    }
-  }
-  /**
-   * Clean up a session's resources.
-   */
-  cleanupSession(sessionId) {
-    const session = this.sessions.get(sessionId);
-    if (!session) return;
-    if (session.batchTimer) {
-      clearTimeout(session.batchTimer);
-    }
-    if (session.inputSubscription) {
-      session.inputSubscription();
-    }
-    this.sessions.delete(sessionId);
-  }
-  /**
-   * Clean up all sessions and stop subscriptions.
-   */
-  async cleanup() {
-    this.stopSessionSubscription();
-    for (const [sessionId, session] of this.sessions) {
-      try {
-        session.process.kill();
-      } catch {
-        /* ignore */
-      }
-      // Report exit
-      try {
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        await this.convex.mutation(api.localSandbox.updatePtySessionStatus, {
-          token: this.token,
-          sessionId,
-          status: "exited",
-          exitCode: -1,
-        });
-      } catch {
-        /* ignore */
-      }
-      this.cleanupSession(sessionId);
-    }
-  }
-  /**
-   * Check if PTY support is available.
-   */
-  get isAvailable() {
-    return this.ptyAvailable;
-  }
-  /**
-   * Get the number of active sessions.
-   */
-  get activeSessionCount() {
-    return this.sessions.size;
-  }
-}
-exports.PtyManager = PtyManager;
-//# sourceMappingURL=pty-manager.js.map