@inkeep/agents-run-api 0.39.2 → 0.39.3

package/dist/SandboxExecutorFactory.cjs

@@ -0,0 +1,895 @@
+const require_chunk = require('./chunk.cjs');
+require('./logger2.cjs');
+const require_execution_limits = require('./execution-limits.cjs');
+let node_child_process = require("node:child_process");
+let node_crypto = require("node:crypto");
+node_crypto = require_chunk.__toESM(node_crypto);
+let node_fs = require("node:fs");
+let node_os = require("node:os");
+let node_path = require("node:path");
+let __vercel_sandbox = require("@vercel/sandbox");
+let __inkeep_agents_core = require("@inkeep/agents-core");
+
+//#region src/tools/sandbox-utils.ts
+/**
+* Shared utilities for sandbox executors
+*/
+/**
+* Create an execution wrapper that handles input/output for function tools
+* This is used by both Native and Vercel sandbox executors
+*/
+function createExecutionWrapper(executeCode, args) {
+	return `
+// Function tool execution wrapper
+const args = ${JSON.stringify(args, null, 2)};
+
+// User's function code
+const execute = ${executeCode}
+
+// Execute the function and output the result
+(async () => {
+  try {
+    const result = await execute(args);
+    // Output result as JSON on the last line
+    console.log(JSON.stringify({ success: true, result }));
+  } catch (error) {
+    console.error(JSON.stringify({ 
+      success: false, 
+      error: error instanceof Error ? error.message : String(error) 
+    }));
+    process.exit(1);
+  }
+})();
+`;
+}
+/**
+* Parse execution result from stdout
+* Returns the parsed result or the raw stdout if parsing fails
+*/
+function parseExecutionResult(stdout, functionId, logger$3) {
+	try {
+		const outputLines = stdout.split("\n").filter((line) => line.trim());
+		const resultLine = outputLines[outputLines.length - 1];
+		return JSON.parse(resultLine);
+	} catch (parseError) {
+		if (logger$3) logger$3.warn({
+			functionId,
+			stdout,
+			parseError
+		}, "Failed to parse execution result");
+		return stdout;
+	}
+}
+
+//#endregion
+//#region src/tools/NativeSandboxExecutor.ts
+/**
+* NativeSandboxExecutor - Function Tool Execution Engine
+* ========================================================
+*
+* Executes user-defined function tools in isolated sandboxes using native Node.js processes.
+* The main challenge here is that we can't just eval() user code - that's a security nightmare.
+* Instead, we spin up separate Node.js processes with their own dependency trees.
+*
+* The tricky part is making this fast. Installing deps every time would be brutal
+* (2-5s per execution), so we cache sandboxes based on their dependency fingerprint.
+*
+* How it works:
+*
+* 1. User calls a function tool
+* 2. We hash the dependencies (e.g., "axios@1.6.0,lodash@4.17.21")
+* 3. Check if we already have a sandbox with those deps installed
+* 4. If yes: reuse it. If no: create new one, install deps, cache it
+* 5. Write the user's function code to a temp file
+* 6. Execute it in the sandboxed process with resource limits
+* 7. Return the result
+*
+* Sandbox lifecycle:
+* - Created when first needed for a dependency set
+* - Reused up to 50 times or 5 minutes, whichever comes first
+* - Automatically cleaned up when expired
+* - Failed sandboxes are immediately destroyed
+*
+* Security stuff:
+* - Each execution runs in its own process (not just a function call)
+* - Output limited to 1MB to prevent memory bombs
+* - Timeouts with graceful SIGTERM, then SIGKILL if needed
+* - Runs as non-root when possible
+* - Uses OS temp directory so it gets cleaned up automatically
+*
+* Performance:
+* - Cold start: ~100-500ms (vs 2-5s without caching)
+* - Hot path: ~50-100ms (just execution, no install)
+* - Memory bounded by pool size limits
+*
+* Deployment notes:
+* - Uses /tmp on Linux/macOS, %TEMP% on Windows
+* - Works in Docker, Kubernetes, serverless (Vercel, Lambda)
+* - No files left in project directory (no git pollution)
+*
+* The singleton pattern here is important - we need one shared pool
+* across all tool executions, otherwise caching doesn't work.
+*/
+const logger$2 = (0, __inkeep_agents_core.getLogger)("native-sandbox-executor");
+/**
+* Semaphore for limiting concurrent executions based on vCPU allocation
+*/
+var ExecutionSemaphore = class {
+	permits;
+	waitQueue = [];
+	maxWaitTime;
+	constructor(permits, maxWaitTimeMs = require_execution_limits.FUNCTION_TOOL_SANDBOX_QUEUE_WAIT_TIMEOUT_MS) {
+		this.permits = Math.max(1, permits);
+		this.maxWaitTime = maxWaitTimeMs;
+	}
+	async acquire(fn) {
+		await new Promise((resolve, reject) => {
+			if (this.permits > 0) {
+				this.permits--;
+				resolve();
+				return;
+			}
+			const timeoutId = setTimeout(() => {
+				const index = this.waitQueue.findIndex((item) => item.resolve === resolve);
+				if (index !== -1) {
+					this.waitQueue.splice(index, 1);
+					reject(/* @__PURE__ */ new Error(`Function execution queue timeout after ${this.maxWaitTime}ms. Too many concurrent executions.`));
+				}
+			}, this.maxWaitTime);
+			this.waitQueue.push({
+				resolve: () => {
+					clearTimeout(timeoutId);
+					this.permits--;
+					resolve();
+				},
+				reject
+			});
+		});
+		try {
+			return await fn();
+		} finally {
+			this.permits++;
+			const next = this.waitQueue.shift();
+			if (next) next.resolve();
+		}
+	}
+	getAvailablePermits() {
+		return this.permits;
+	}
+	getQueueLength() {
+		return this.waitQueue.length;
+	}
+};
+var NativeSandboxExecutor = class NativeSandboxExecutor {
+	tempDir;
+	sandboxPool = {};
+	static instance = null;
+	executionSemaphores = /* @__PURE__ */ new Map();
+	constructor() {
+		this.tempDir = (0, node_path.join)((0, node_os.tmpdir)(), "inkeep-sandboxes");
+		this.ensureTempDir();
+		this.startPoolCleanup();
+	}
+	static getInstance() {
+		if (!NativeSandboxExecutor.instance) NativeSandboxExecutor.instance = new NativeSandboxExecutor();
+		return NativeSandboxExecutor.instance;
+	}
+	getSemaphore(vcpus) {
+		const effectiveVcpus = Math.max(1, vcpus || 1);
+		if (!this.executionSemaphores.has(effectiveVcpus)) {
+			logger$2.debug({ vcpus: effectiveVcpus }, "Creating new execution semaphore");
+			this.executionSemaphores.set(effectiveVcpus, new ExecutionSemaphore(effectiveVcpus));
+		}
+		const semaphore = this.executionSemaphores.get(effectiveVcpus);
+		if (!semaphore) throw new Error(`Failed to create semaphore for ${effectiveVcpus} vCPUs`);
+		return semaphore;
+	}
+	getExecutionStats() {
+		const stats = {};
+		for (const [vcpus, semaphore] of this.executionSemaphores.entries()) stats[`vcpu_${vcpus}`] = {
+			availablePermits: semaphore.getAvailablePermits(),
+			queueLength: semaphore.getQueueLength()
+		};
+		return stats;
+	}
+	ensureTempDir() {
+		try {
+			(0, node_fs.mkdirSync)(this.tempDir, { recursive: true });
+		} catch {}
+	}
+	generateDependencyHash(dependencies) {
+		const sortedDeps = Object.keys(dependencies).sort().map((key) => `${key}@${dependencies[key]}`).join(",");
+		return (0, node_crypto.createHash)("sha256").update(sortedDeps).digest("hex").substring(0, 16);
+	}
+	getCachedSandbox(dependencyHash) {
+		const poolKey = dependencyHash;
+		const sandbox = this.sandboxPool[poolKey];
+		if (sandbox && (0, node_fs.existsSync)(sandbox.sandboxDir)) {
+			const now = Date.now();
+			if (now - sandbox.lastUsed < require_execution_limits.FUNCTION_TOOL_SANDBOX_POOL_TTL_MS && sandbox.useCount < require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT) {
+				sandbox.lastUsed = now;
+				sandbox.useCount++;
+				logger$2.debug({
+					poolKey,
+					useCount: sandbox.useCount,
+					sandboxDir: sandbox.sandboxDir,
+					lastUsed: new Date(sandbox.lastUsed)
+				}, "Reusing cached sandbox");
+				return sandbox.sandboxDir;
+			}
+			this.cleanupSandbox(sandbox.sandboxDir);
+			delete this.sandboxPool[poolKey];
+		}
+		return null;
+	}
+	addToPool(dependencyHash, sandboxDir, dependencies) {
+		const poolKey = dependencyHash;
+		if (this.sandboxPool[poolKey]) this.cleanupSandbox(this.sandboxPool[poolKey].sandboxDir);
+		this.sandboxPool[poolKey] = {
+			sandboxDir,
+			lastUsed: Date.now(),
+			useCount: 1,
+			dependencies
+		};
+		logger$2.debug({
+			poolKey,
+			sandboxDir
+		}, "Added sandbox to pool");
+	}
+	cleanupSandbox(sandboxDir) {
+		try {
+			(0, node_fs.rmSync)(sandboxDir, {
+				recursive: true,
+				force: true
+			});
+			logger$2.debug({ sandboxDir }, "Cleaned up sandbox");
+		} catch (error) {
+			logger$2.warn({
+				sandboxDir,
+				error
+			}, "Failed to clean up sandbox");
+		}
+	}
+	startPoolCleanup() {
+		setInterval(() => {
+			const now = Date.now();
+			const keysToDelete = [];
+			for (const [key, sandbox] of Object.entries(this.sandboxPool)) if (now - sandbox.lastUsed > require_execution_limits.FUNCTION_TOOL_SANDBOX_POOL_TTL_MS || sandbox.useCount >= require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT) {
+				this.cleanupSandbox(sandbox.sandboxDir);
+				keysToDelete.push(key);
+			}
+			keysToDelete.forEach((key) => {
+				delete this.sandboxPool[key];
+			});
+			if (keysToDelete.length > 0) logger$2.debug({ cleanedCount: keysToDelete.length }, "Cleaned up expired sandboxes");
+		}, require_execution_limits.FUNCTION_TOOL_SANDBOX_CLEANUP_INTERVAL_MS);
+	}
+	detectModuleType(executeCode, configuredRuntime) {
+		const esmPatterns = [
+			/import\s+.*\s+from\s+['"]/g,
+			/import\s*\(/g,
+			/export\s+(default|const|let|var|function|class)/g,
+			/export\s*\{/g
+		];
+		const cjsPatterns = [
+			/require\s*\(/g,
+			/module\.exports/g,
+			/exports\./g
+		];
+		const hasEsmSyntax = esmPatterns.some((pattern) => pattern.test(executeCode));
+		const hasCjsSyntax = cjsPatterns.some((pattern) => pattern.test(executeCode));
+		if (configuredRuntime === "typescript") return hasCjsSyntax ? "cjs" : "esm";
+		if (hasEsmSyntax && hasCjsSyntax) {
+			logger$2.warn({ executeCode: `${executeCode.substring(0, 100)}...` }, "Both ESM and CommonJS syntax detected, defaulting to ESM");
+			return "esm";
+		}
+		if (hasEsmSyntax) return "esm";
+		if (hasCjsSyntax) return "cjs";
+		return "cjs";
+	}
+	async executeFunctionTool(toolId, args, config) {
+		const vcpus = config.sandboxConfig?.vcpus || 1;
+		const semaphore = this.getSemaphore(vcpus);
+		logger$2.debug({
+			toolId,
+			vcpus,
+			availablePermits: semaphore.getAvailablePermits(),
+			queueLength: semaphore.getQueueLength(),
+			sandboxConfig: config.sandboxConfig,
+			poolSize: Object.keys(this.sandboxPool).length
+		}, "Acquiring execution slot for function tool");
+		return semaphore.acquire(async () => {
+			return this.executeInSandbox_Internal(toolId, args, config);
+		});
+	}
+	async executeInSandbox_Internal(toolId, args, config) {
+		const dependencies = config.dependencies || {};
+		const dependencyHash = this.generateDependencyHash(dependencies);
+		logger$2.debug({
+			toolId,
+			dependencies,
+			dependencyHash,
+			sandboxConfig: config.sandboxConfig,
+			poolSize: Object.keys(this.sandboxPool).length
+		}, "Executing function tool");
+		let sandboxDir = this.getCachedSandbox(dependencyHash);
+		let isNewSandbox = false;
+		if (!sandboxDir) {
+			sandboxDir = (0, node_path.join)(this.tempDir, `sandbox-${dependencyHash}-${Date.now()}`);
+			(0, node_fs.mkdirSync)(sandboxDir, { recursive: true });
+			isNewSandbox = true;
+			logger$2.debug({
+				toolId,
+				dependencyHash,
+				sandboxDir,
+				dependencies
+			}, "Creating new sandbox");
+			const moduleType = this.detectModuleType(config.executeCode, config.sandboxConfig?.runtime);
+			const packageJson = {
+				name: `function-tool-${toolId}`,
+				version: "1.0.0",
+				...moduleType === "esm" && { type: "module" },
+				dependencies,
+				scripts: { start: moduleType === "esm" ? "node index.mjs" : "node index.js" }
+			};
+			(0, node_fs.writeFileSync)((0, node_path.join)(sandboxDir, "package.json"), JSON.stringify(packageJson, null, 2), "utf8");
+			if (Object.keys(dependencies).length > 0) await this.installDependencies(sandboxDir);
+			this.addToPool(dependencyHash, sandboxDir, dependencies);
+		}
+		try {
+			const moduleType = this.detectModuleType(config.executeCode, config.sandboxConfig?.runtime);
+			const executionCode = createExecutionWrapper(config.executeCode, args);
+			(0, node_fs.writeFileSync)((0, node_path.join)(sandboxDir, `index.${moduleType === "esm" ? "mjs" : "js"}`), executionCode, "utf8");
+			return await this.executeInSandbox(sandboxDir, config.sandboxConfig?.timeout || require_execution_limits.FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT, moduleType, config.sandboxConfig);
+		} catch (error) {
+			if (isNewSandbox) {
+				this.cleanupSandbox(sandboxDir);
+				const poolKey = dependencyHash;
+				delete this.sandboxPool[poolKey];
+			}
+			throw error;
+		}
+	}
+	async installDependencies(sandboxDir) {
+		return new Promise((resolve, reject) => {
+			const npm = (0, node_child_process.spawn)("npm", [
+				"install",
+				"--no-audit",
+				"--no-fund"
+			], {
+				cwd: sandboxDir,
+				stdio: "pipe",
+				env: {
+					...process.env,
+					npm_config_cache: (0, node_path.join)(sandboxDir, ".npm-cache"),
+					npm_config_logs_dir: (0, node_path.join)(sandboxDir, ".npm-logs"),
+					npm_config_tmp: (0, node_path.join)(sandboxDir, ".npm-tmp"),
+					HOME: sandboxDir,
+					npm_config_update_notifier: "false",
+					npm_config_progress: "false",
+					npm_config_loglevel: "error"
+				}
+			});
+			let stderr = "";
+			npm.stdout?.on("data", () => {});
+			npm.stderr?.on("data", (data) => {
+				stderr += data.toString();
+			});
+			npm.on("close", (code) => {
+				if (code === 0) {
+					logger$2.debug({ sandboxDir }, "Dependencies installed successfully");
+					resolve();
+				} else {
+					logger$2.error({
+						sandboxDir,
+						code,
+						stderr
+					}, "Failed to install dependencies");
+					reject(/* @__PURE__ */ new Error(`npm install failed with code ${code}: ${stderr}`));
+				}
+			});
+			npm.on("error", (err) => {
+				logger$2.error({
+					sandboxDir,
+					error: err
+				}, "Failed to spawn npm install");
+				reject(err);
+			});
+		});
+	}
+	async executeInSandbox(sandboxDir, timeout, moduleType, _sandboxConfig) {
+		return new Promise((resolve, reject) => {
+			const fileExtension = moduleType === "esm" ? "mjs" : "js";
+			const spawnOptions = {
+				cwd: sandboxDir,
+				stdio: "pipe",
+				uid: process.getuid ? process.getuid() : void 0,
+				gid: process.getgid ? process.getgid() : void 0
+			};
+			const node = (0, node_child_process.spawn)("node", [`index.${fileExtension}`], spawnOptions);
+			let stdout = "";
+			let stderr = "";
+			let outputSize = 0;
+			node.stdout?.on("data", (data) => {
+				const dataStr = data.toString();
+				outputSize += dataStr.length;
+				if (outputSize > require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES) {
+					node.kill("SIGTERM");
+					reject(/* @__PURE__ */ new Error(`Output size exceeded limit of ${require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES} bytes`));
+					return;
+				}
+				stdout += dataStr;
+			});
+			node.stderr?.on("data", (data) => {
+				const dataStr = data.toString();
+				outputSize += dataStr.length;
+				if (outputSize > require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES) {
+					node.kill("SIGTERM");
+					reject(/* @__PURE__ */ new Error(`Output size exceeded limit of ${require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES} bytes`));
+					return;
+				}
+				stderr += dataStr;
+			});
+			const timeoutId = setTimeout(() => {
+				logger$2.warn({
+					sandboxDir,
+					timeout
+				}, "Function execution timed out, killing process");
+				node.kill("SIGTERM");
+				const forceKillTimeout = Math.min(Math.max(timeout / 10, 2e3), 5e3);
+				setTimeout(() => {
+					try {
+						node.kill("SIGKILL");
+					} catch {}
+				}, forceKillTimeout);
+				reject(/* @__PURE__ */ new Error(`Function execution timed out after ${timeout}ms`));
+			}, timeout);
+			node.on("close", (code, signal) => {
+				clearTimeout(timeoutId);
+				if (code === 0) try {
+					const result = parseExecutionResult(stdout, "function", logger$2);
+					if (typeof result === "object" && result !== null && "success" in result) {
+						const parsed = result;
+						if (parsed.success) resolve(parsed.result);
+						else reject(new Error(parsed.error || "Function execution failed"));
+					} else resolve(result);
+				} catch (parseError) {
+					logger$2.error({
+						stdout,
+						stderr,
+						parseError
+					}, "Failed to parse function result");
+					reject(/* @__PURE__ */ new Error(`Invalid function result: ${stdout}`));
+				}
+				else {
+					const errorMsg = signal ? `Function execution killed by signal ${signal}: ${stderr}` : `Function execution failed with code ${code}: ${stderr}`;
+					logger$2.error({
+						code,
+						signal,
+						stderr
+					}, "Function execution failed");
+					reject(new Error(errorMsg));
+				}
+			});
+			node.on("error", (error) => {
+				clearTimeout(timeoutId);
+				logger$2.error({
+					sandboxDir,
+					error
+				}, "Failed to spawn node process");
+				reject(error);
+			});
+		});
+	}
+};
+
+//#endregion
+//#region src/tools/VercelSandboxExecutor.ts
+const logger$1 = (0, __inkeep_agents_core.getLogger)("VercelSandboxExecutor");
+/**
+* Vercel Sandbox Executor with pooling/reuse
+* Executes function tools in isolated Vercel Sandbox MicroVMs
+* Caches and reuses sandboxes based on dependencies to improve performance
+*/
+var VercelSandboxExecutor = class VercelSandboxExecutor {
+	static instance;
+	config;
+	sandboxPool = /* @__PURE__ */ new Map();
+	cleanupInterval = null;
+	constructor(config) {
+		this.config = config;
+		logger$1.info({
+			teamId: config.teamId,
+			projectId: config.projectId,
+			runtime: config.runtime,
+			timeout: config.timeout,
+			vcpus: config.vcpus
+		}, "VercelSandboxExecutor initialized with pooling");
+		this.startPoolCleanup();
+	}
+	/**
+	* Get singleton instance of VercelSandboxExecutor
+	*/
+	static getInstance(config) {
+		if (!VercelSandboxExecutor.instance) VercelSandboxExecutor.instance = new VercelSandboxExecutor(config);
+		return VercelSandboxExecutor.instance;
+	}
+	/**
+	* Generate a hash for dependencies to use as cache key
+	*/
+	generateDependencyHash(dependencies) {
+		const sorted = Object.keys(dependencies).sort().map((key) => `${key}@${dependencies[key]}`).join(",");
+		return node_crypto.default.createHash("md5").update(sorted).digest("hex").substring(0, 8);
+	}
+	/**
+	* Get a cached sandbox if available and still valid
+	*/
+	getCachedSandbox(dependencyHash) {
+		const cached = this.sandboxPool.get(dependencyHash);
+		if (!cached) return null;
+		const age = Date.now() - cached.createdAt;
+		if (age > require_execution_limits.FUNCTION_TOOL_SANDBOX_POOL_TTL_MS || cached.useCount >= require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT) {
+			logger$1.debug({
+				dependencyHash,
+				age,
+				useCount: cached.useCount,
+				ttl: require_execution_limits.FUNCTION_TOOL_SANDBOX_POOL_TTL_MS,
+				maxUseCount: require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT
+			}, "Sandbox expired, will create new one");
+			this.removeSandbox(dependencyHash);
+			return null;
+		}
+		logger$1.debug({
+			dependencyHash,
+			useCount: cached.useCount,
+			age
+		}, "Reusing cached sandbox");
+		return cached.sandbox;
+	}
+	/**
+	* Add sandbox to pool
+	*/
+	addToPool(dependencyHash, sandbox, dependencies) {
+		this.sandboxPool.set(dependencyHash, {
+			sandbox,
+			createdAt: Date.now(),
+			useCount: 0,
+			dependencies
+		});
+		logger$1.debug({
+			dependencyHash,
+			poolSize: this.sandboxPool.size
+		}, "Sandbox added to pool");
+	}
+	/**
+	* Increment use count for a sandbox
+	*/
+	incrementUseCount(dependencyHash) {
+		const cached = this.sandboxPool.get(dependencyHash);
+		if (cached) cached.useCount++;
+	}
+	/**
+	* Remove and clean up a sandbox
+	*/
+	async removeSandbox(dependencyHash) {
+		const cached = this.sandboxPool.get(dependencyHash);
+		if (cached) {
+			try {
+				await cached.sandbox.stop();
+				logger$1.debug({ dependencyHash }, "Sandbox stopped");
+			} catch (error) {
+				logger$1.warn({
+					error,
+					dependencyHash
+				}, "Error stopping sandbox");
+			}
+			this.sandboxPool.delete(dependencyHash);
+		}
+	}
+	/**
+	* Start periodic cleanup of expired sandboxes
+	*/
+	startPoolCleanup() {
+		this.cleanupInterval = setInterval(() => {
+			const now = Date.now();
+			const toRemove = [];
+			for (const [hash, cached] of this.sandboxPool.entries()) if (now - cached.createdAt > require_execution_limits.FUNCTION_TOOL_SANDBOX_POOL_TTL_MS || cached.useCount >= require_execution_limits.FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT) toRemove.push(hash);
+			if (toRemove.length > 0) {
+				logger$1.info({
+					count: toRemove.length,
+					poolSize: this.sandboxPool.size
+				}, "Cleaning up expired sandboxes");
+				for (const hash of toRemove) this.removeSandbox(hash);
+			}
+		}, require_execution_limits.FUNCTION_TOOL_SANDBOX_CLEANUP_INTERVAL_MS);
+	}
+	/**
+	* Cleanup all sandboxes and stop cleanup interval
+	*/
+	async cleanup() {
+		if (this.cleanupInterval) {
+			clearInterval(this.cleanupInterval);
+			this.cleanupInterval = null;
+		}
+		logger$1.info({ poolSize: this.sandboxPool.size }, "Cleaning up all sandboxes");
+		const promises = Array.from(this.sandboxPool.keys()).map((hash) => this.removeSandbox(hash));
+		await Promise.all(promises);
+	}
+	/**
+	* Extract environment variable names from code
+	* Matches patterns like process.env.VAR_NAME or process.env['VAR_NAME']
+	*/
+	extractEnvVars(code) {
+		const envVars = /* @__PURE__ */ new Set();
+		const dotNotationRegex = /process\.env\.([A-Z_][A-Z0-9_]*)/g;
+		let match = dotNotationRegex.exec(code);
+		while (match !== null) {
+			envVars.add(match[1]);
+			match = dotNotationRegex.exec(code);
+		}
+		const bracketNotationRegex = /process\.env\[['"]([A-Z_][A-Z0-9_]*)['"]\]/g;
+		match = bracketNotationRegex.exec(code);
+		while (match !== null) {
+			envVars.add(match[1]);
+			match = bracketNotationRegex.exec(code);
+		}
+		return envVars;
+	}
+	/**
+	* Create .env file content from environment variables
+	* Note: Currently creates empty placeholders. Values will be populated in the future.
+	*/
+	createEnvFileContent(envVarNames) {
+		const envLines = [];
+		for (const varName of envVarNames) {
+			envLines.push(`${varName}=""`);
+			logger$1.debug({ varName }, "Adding environment variable placeholder to sandbox");
+		}
+		return envLines.join("\n");
+	}
+	/**
+	* Execute a function tool in Vercel Sandbox with pooling
+	*/
+	async executeFunctionTool(functionId, args, toolConfig) {
+		const startTime = Date.now();
+		const logs = [];
+		const dependencies = toolConfig.dependencies || {};
+		const dependencyHash = this.generateDependencyHash(dependencies);
+		try {
+			logger$1.info({
+				functionId,
+				functionName: toolConfig.name,
+				dependencyHash,
+				poolSize: this.sandboxPool.size
+			}, "Executing function in Vercel Sandbox");
+			let sandbox = this.getCachedSandbox(dependencyHash);
+			let isNewSandbox = false;
+			if (!sandbox) {
+				isNewSandbox = true;
+				sandbox = await __vercel_sandbox.Sandbox.create({
+					token: this.config.token,
+					teamId: this.config.teamId,
+					projectId: this.config.projectId,
+					timeout: this.config.timeout,
+					resources: { vcpus: this.config.vcpus || 1 },
+					runtime: this.config.runtime
+				});
+				logger$1.info({
+					functionId,
+					sandboxId: sandbox.sandboxId,
+					dependencyHash
+				}, `New sandbox created for function ${functionId}`);
+				this.addToPool(dependencyHash, sandbox, dependencies);
+			} else logger$1.info({
+				functionId,
+				sandboxId: sandbox.sandboxId,
+				dependencyHash
+			}, `Reusing cached sandbox for function ${functionId}`);
+			this.incrementUseCount(dependencyHash);
+			try {
+				if (isNewSandbox && toolConfig.dependencies && Object.keys(toolConfig.dependencies).length > 0) {
+					logger$1.debug({
+						functionId,
+						functionName: toolConfig.name,
+						dependencies: toolConfig.dependencies
+					}, "Installing dependencies in new sandbox");
+					const packageJson = { dependencies: toolConfig.dependencies };
+					const packageJsonContent = JSON.stringify(packageJson, null, 2);
+					await sandbox.writeFiles([{
+						path: "package.json",
+						content: Buffer.from(packageJsonContent, "utf-8")
+					}]);
+					const installCmd = await sandbox.runCommand({
+						cmd: "npm",
+						args: ["install", "--omit=dev"]
+					});
+					const installStdout = await installCmd.stdout();
+					const installStderr = await installCmd.stderr();
+					if (installStdout) logs.push(installStdout);
+					if (installStderr) logs.push(installStderr);
+					if (installCmd.exitCode !== 0) throw new Error(`Failed to install dependencies: ${installStderr}`);
+					logger$1.info({
+						functionId,
+						dependencyHash
+					}, "Dependencies installed successfully");
+				}
+				const executionCode = createExecutionWrapper(toolConfig.executeCode, args);
+				const envVars = this.extractEnvVars(toolConfig.executeCode);
+				const filesToWrite = [];
+				const filename = this.config.runtime === "typescript" ? "execute.ts" : "execute.js";
+				filesToWrite.push({
+					path: filename,
+					content: Buffer.from(executionCode, "utf-8")
+				});
+				if (envVars.size > 0) {
+					const envFileContent = this.createEnvFileContent(envVars);
+					if (envFileContent) {
+						filesToWrite.push({
+							path: ".env",
+							content: Buffer.from(envFileContent, "utf-8")
+						});
+						logger$1.info({
+							functionId,
+							envVarCount: envVars.size,
+							envVars: Array.from(envVars)
+						}, "Creating environment variable placeholders in sandbox");
+					}
+				}
+				await sandbox.writeFiles(filesToWrite);
+				logger$1.info({
+					functionId,
+					runtime: this.config.runtime === "typescript" ? "tsx" : "node",
+					hasEnvVars: envVars.size > 0
+				}, `Execution code written to file for runtime ${this.config.runtime}`);
+				const executeCmd = await (async () => {
+					if (envVars.size > 0) return sandbox.runCommand({
+						cmd: "npx",
+						args: this.config.runtime === "typescript" ? [
+							"--yes",
+							"dotenv-cli",
+							"--",
+							"npx",
+							"tsx",
+							filename
+						] : [
+							"--yes",
+							"dotenv-cli",
+							"--",
+							"node",
+							filename
+						]
+					});
+					const runtime = this.config.runtime === "typescript" ? "tsx" : "node";
+					return sandbox.runCommand({
+						cmd: runtime,
+						args: [filename]
+					});
+				})();
+				const executeStdout = await executeCmd.stdout();
+				const executeStderr = await executeCmd.stderr();
+				if (executeStdout) logs.push(executeStdout);
+				if (executeStderr) logs.push(executeStderr);
+				const executionTime = Date.now() - startTime;
+				if (executeCmd.exitCode !== 0) {
+					logger$1.error({
+						functionId,
+						exitCode: executeCmd.exitCode,
+						stderr: executeStderr
+					}, "Function execution failed");
+					return {
+						success: false,
+						error: executeStderr || "Function execution failed with non-zero exit code",
+						logs,
+						executionTime
+					};
+				}
+				const result = parseExecutionResult(executeStdout, functionId, logger$1);
+				logger$1.info({
+					functionId,
+					executionTime
+				}, "Function executed successfully in Vercel Sandbox");
+				return {
+					success: true,
+					result,
+					logs,
+					executionTime
+				};
+			} catch (innerError) {
+				await this.removeSandbox(dependencyHash);
+				throw innerError;
+			}
+		} catch (error) {
+			const executionTime = Date.now() - startTime;
+			const errorMessage = error instanceof Error ? error.message : String(error);
+			logger$1.error({
+				functionId,
+				error: errorMessage,
+				executionTime
+			}, "Vercel Sandbox execution error");
+			return {
+				success: false,
+				error: errorMessage,
+				logs,
+				executionTime
+			};
+		}
+	}
+};
+
+//#endregion
+//#region src/tools/SandboxExecutorFactory.ts
+const logger = (0, __inkeep_agents_core.getLogger)("SandboxExecutorFactory");
+/**
+* Factory for creating and managing sandbox executors
+* Routes execution to the appropriate sandbox provider (native or Vercel)
+*/
+var SandboxExecutorFactory = class SandboxExecutorFactory {
+	static instance;
+	nativeExecutor = null;
+	vercelExecutors = /* @__PURE__ */ new Map();
+	constructor() {
+		logger.info({}, "SandboxExecutorFactory initialized");
+	}
+	/**
+	* Get singleton instance of SandboxExecutorFactory
+	*/
+	static getInstance() {
+		if (!SandboxExecutorFactory.instance) SandboxExecutorFactory.instance = new SandboxExecutorFactory();
+		return SandboxExecutorFactory.instance;
+	}
+	/**
+	* Execute a function tool using the appropriate sandbox provider
+	*/
+	async executeFunctionTool(functionId, args, config) {
+		const sandboxConfig = config.sandboxConfig;
+		if (!sandboxConfig) throw new Error("Sandbox configuration is required for function tool execution");
+		if (sandboxConfig.provider === "native") return this.executeInNativeSandbox(functionId, args, config);
+		if (sandboxConfig.provider === "vercel") return this.executeInVercelSandbox(functionId, args, config);
+		throw new Error(`Unknown sandbox provider: ${sandboxConfig.provider}`);
+	}
+	/**
+	* Execute in native sandbox
+	*/
+	async executeInNativeSandbox(functionId, args, config) {
+		if (!this.nativeExecutor) {
+			this.nativeExecutor = NativeSandboxExecutor.getInstance();
+			logger.info({}, "Native sandbox executor created");
+		}
+		return this.nativeExecutor.executeFunctionTool(functionId, args, config);
+	}
+	/**
+	* Execute in Vercel sandbox
+	*/
+	async executeInVercelSandbox(functionId, args, config) {
+		const vercelConfig = config.sandboxConfig;
+		const configKey = `${vercelConfig.teamId}:${vercelConfig.projectId}`;
+		if (!this.vercelExecutors.has(configKey)) {
+			const executor$1 = VercelSandboxExecutor.getInstance(vercelConfig);
+			this.vercelExecutors.set(configKey, executor$1);
+			logger.info({
+				teamId: vercelConfig.teamId,
+				projectId: vercelConfig.projectId
+			}, "Vercel sandbox executor created");
+		}
+		const executor = this.vercelExecutors.get(configKey);
+		if (!executor) throw new Error(`Failed to get Vercel executor for config: ${configKey}`);
+		const result = await executor.executeFunctionTool(functionId, args, config);
+		if (!result.success) throw new Error(result.error || "Vercel sandbox execution failed");
+		return result.result;
+	}
+	/**
+	* Clean up all sandbox executors
+	*/
+	async cleanup() {
+		logger.info({}, "Cleaning up sandbox executors");
+		this.nativeExecutor = null;
+		for (const [key, executor] of this.vercelExecutors.entries()) {
+			await executor.cleanup();
+			this.vercelExecutors.delete(key);
+		}
+		logger.info({}, "Sandbox executor cleanup completed");
+	}
+};
+
+//#endregion
+exports.SandboxExecutorFactory = SandboxExecutorFactory;