@isarai/maestro 0.1.2 → 0.1.3

package/dist/server.js

@@ -22,108 +22,6 @@ function resolveBinaryPath(binary) {
     return null;
   }
 }
-function runNsjailSelfTest(binaryPath) {
-  const args = [
-    "--mode",
-    "o",
-    "--chroot",
-    "/",
-    "--user",
-    "0",
-    "--group",
-    "0",
-    "--disable_clone_newuser",
-    "--disable_clone_newnet",
-    "--cwd",
-    "/",
-    "--bindmount_ro",
-    "/usr:/usr",
-    "--bindmount_ro",
-    "/bin:/bin",
-    "--bindmount_ro",
-    "/lib:/lib",
-    "--bindmount_ro",
-    "/sbin:/sbin",
-    "--bindmount_ro",
-    "/etc:/etc",
-    "--bindmount",
-    "/dev:/dev",
-    "--tmpfsmount",
-    "/tmp"
-  ];
-  if (fs.existsSync("/lib64")) {
-    args.push("--bindmount_ro", "/lib64:/lib64");
-  }
-  args.push("--", "/bin/true");
-  try {
-    execFileSync(binaryPath, args, {
-      stdio: ["ignore", "ignore", "pipe"]
-    });
-    return { ok: true, reason: null };
-  } catch (error) {
-    return {
-      ok: false,
-      reason: formatNsjailSelfTestError(error)
-    };
-  }
-}
-function formatNsjailSelfTestError(error) {
-  const appArmorProfile = getCurrentAppArmorProfile();
-  if (error && typeof error === "object" && "stderr" in error && (typeof error.stderr === "string" || Buffer.isBuffer(error.stderr))) {
-    const stderr = String(error.stderr).split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
-    const detail = stderr.find((line) => line.includes("Permission denied")) || stderr.find((line) => line.includes("buildMountTree()")) || stderr.find((line) => line.includes("runChild()")) || stderr.at(-1);
-    if (detail) {
-      return buildNsjailUnavailableReason(detail, appArmorProfile);
-    }
-  }
-  return buildNsjailUnavailableReason("nsjail runtime self-test failed", appArmorProfile);
-}
-function buildNsjailUnavailableReason(detail, appArmorProfile) {
-  if (detail.includes("Permission denied")) {
-    if (appArmorProfile && appArmorProfile !== "unconfined") {
-      return `${detail}. Active AppArmor profile '${appArmorProfile}' is likely blocking mount namespace setup; when running Maestro in Docker, add \`security_opt: ["seccomp=unconfined", "apparmor=unconfined"]\` to the server container or run it with \`--privileged\`.`;
-    }
-    return `${detail}. The runtime is blocking mount namespace setup required by nsjail; when running in Docker, allow unconfined AppArmor/seccomp or run with \`--privileged\`.`;
-  }
-  return detail;
-}
-function getCurrentAppArmorProfile() {
-  try {
-    const profile = fs.readFileSync("/proc/self/attr/current", "utf-8").trim();
-    return profile || null;
-  } catch {
-    return null;
-  }
-}
-function isNsjailAvailable() {
-  if (process.platform !== "linux") {
-    nsjailUnavailableReason = `nsjail is only supported on Linux (current platform: ${process.platform})`;
-    return false;
-  }
-  if (nsjailPath === void 0) {
-    nsjailPath = resolveBinaryPath("nsjail");
-  }
-  if (!nsjailPath) {
-    nsjailUnavailableReason = "nsjail binary was not found in PATH";
-    return false;
-  }
-  if (nsjailRuntimeAvailable === void 0) {
-    const result = runNsjailSelfTest(nsjailPath);
-    nsjailRuntimeAvailable = result.ok;
-    nsjailUnavailableReason = result.reason;
-  }
-  return nsjailRuntimeAvailable;
-}
-function getNsjailPath() {
-  if (!isNsjailAvailable() || !nsjailPath) {
-    const reason = nsjailUnavailableReason ? `: ${nsjailUnavailableReason}` : "";
-    throw new Error(`nsjail is not available${reason}`);
-  }
-  return nsjailPath;
-}
-function getNsjailUnavailableReason() {
-  return isNsjailAvailable() ? null : nsjailUnavailableReason ?? null;
-}
 function isDockerAvailable() {
   if (dockerPath === void 0) {
     dockerPath = resolveBinaryPath("docker");
@@ -151,126 +49,22 @@ function getDockerPath() {
   return dockerPath;
 }
 function normalizeSandboxProvider(value, legacyEnabled = false) {
-  if (value === "none" || value === "nsjail" || value === "docker") {
+  if (value === "none" || value === "docker") {
     return value;
   }
-  return legacyEnabled ? "nsjail" : "none";
+  return legacyEnabled ? "docker" : "none";
 }
 function resolveSandboxProviderAvailability(requested, availability) {
   if (requested === "docker") {
     return availability.dockerAvailable ? "docker" : "none";
   }
-  if (requested === "nsjail") {
-    return availability.nsjailAvailable ? "nsjail" : "none";
-  }
   return "none";
 }
 function resolveSandboxProvider(requested) {
   return resolveSandboxProviderAvailability(requested, {
-    nsjailAvailable: isNsjailAvailable(),
     dockerAvailable: isDockerAvailable()
   });
 }
-function ensureSandboxWritable(dirPath) {
-  try {
-    execSync(`chown -R ${SANDBOX_UID}:${SANDBOX_GID} ${JSON.stringify(dirPath)}`, {
-      stdio: "ignore"
-    });
-  } catch {
-  }
-}
-function buildNsjailArgs(config) {
-  const home = os.homedir();
-  const sandboxHome = "/home/sandbox";
-  const mountedReadonlyRoots = [...BASE_READONLY_MOUNTS];
-  const nodeBin = getNodeBinaryDir();
-  const npmGlobalPrefix = getNpmGlobalPrefix();
-  const codexCompanionBinDir = getCliCompanionBinDir("codex");
-  const args = [
-    "--mode",
-    "o",
-    "--chroot",
-    "/",
-    "--user",
-    `${SANDBOX_UID}`,
-    "--group",
-    `${SANDBOX_GID}`,
-    "--disable_clone_newuser",
-    "--disable_clone_newnet",
-    "--forward_signals",
-    "--cwd",
-    config.cwd,
-    "--detect_cgroupv2",
-    "--cgroup_mem_max",
-    String(config.memoryLimit ?? DEFAULT_MEMORY_LIMIT),
-    "--cgroup_pids_max",
-    String(config.maxProcesses ?? DEFAULT_MAX_PROCESSES),
-    "--rlimit_cpu",
-    "soft",
-    "--rlimit_fsize",
-    "1024",
-    "--rlimit_nproc",
-    String(config.maxProcesses ?? DEFAULT_MAX_PROCESSES),
-    "--rlimit_nofile",
-    "1024",
-    "--really_quiet"
-  ];
-  for (const dir of BASE_READONLY_MOUNTS) {
-    if (fs.existsSync(dir)) {
-      args.push("--bindmount_ro", `${dir}:${dir}`);
-    }
-  }
-  if (fs.existsSync("/lib64")) {
-    args.push("--bindmount_ro", "/lib64:/lib64");
-  }
-  args.push("--bindmount", "/dev:/dev");
-  args.push("--tmpfsmount", "/tmp");
-  args.push("--bindmount", `${config.cwd}:${config.cwd}`);
-  if (fs.existsSync("/nix")) {
-    args.push("--bindmount_ro", "/nix:/nix");
-  }
-  if (nodeBin && !isAlreadyMounted(nodeBin, mountedReadonlyRoots)) {
-    args.push("--bindmount_ro", `${nodeBin}:${nodeBin}`);
-    mountedReadonlyRoots.push(nodeBin);
-  }
-  if (npmGlobalPrefix && !isAlreadyMounted(npmGlobalPrefix, mountedReadonlyRoots)) {
-    args.push("--bindmount_ro", `${npmGlobalPrefix}:${npmGlobalPrefix}`);
-    mountedReadonlyRoots.push(npmGlobalPrefix);
-  }
-  if (codexCompanionBinDir && !isAlreadyMounted(codexCompanionBinDir, mountedReadonlyRoots)) {
-    args.push("--bindmount_ro", `${codexCompanionBinDir}:${codexCompanionBinDir}`);
-    mountedReadonlyRoots.push(codexCompanionBinDir);
-  }
-  mountSharedAgentPaths(args, home);
-  if (config.readonlyMounts) {
-    for (const mountPath of config.readonlyMounts) {
-      if (fs.existsSync(mountPath)) {
-        args.push("--bindmount_ro", `${mountPath}:${mountPath}`);
-      }
-    }
-  }
-  if (config.writableMounts) {
-    for (const mountPath of config.writableMounts) {
-      if (fs.existsSync(mountPath)) {
-        args.push("--bindmount", `${mountPath}:${mountPath}`);
-      }
-    }
-  }
-  args.push("--bindmount", `${sandboxHome}:${sandboxHome}`);
-  for (const [key, value] of Object.entries(config.env)) {
-    args.push("--env", `${key}=${value}`);
-  }
-  const sandboxPath = buildSandboxPath({
-    nodeBin,
-    npmGlobalPrefix,
-    companionBinDirs: [codexCompanionBinDir]
-  });
-  args.push("--env", `PATH=${sandboxPath}`);
-  args.push("--env", `HOME=${sandboxHome}`);
-  args.push("--env", "USER=sandbox");
-  args.push("--env", "TERM=xterm-256color");
-  return args;
-}
 function buildDockerRunArgs(config, command, image = DEFAULT_DOCKER_IMAGE) {
   const args = [
     "run",
@@ -475,15 +269,6 @@ function getSharedAgentPaths(home) {
     readonly: [gitconfig].filter(fs.existsSync)
   };
 }
-function mountSharedAgentPaths(args, home) {
-  const sharedPaths = getSharedAgentPaths(home);
-  for (const dir of sharedPaths.readwrite) {
-    args.push("--bindmount", `${dir}:${dir}`);
-  }
-  for (const dir of sharedPaths.readonly) {
-    args.push("--bindmount_ro", `${dir}:${dir}`);
-  }
-}
 function resolveDockerSandboxDockerfile() {
   const localDir = path.dirname(fileURLToPath(import.meta.url));
   const installRoot = process.env.MAESTRO_INSTALL_ROOT?.trim();
@@ -504,65 +289,10 @@ function isPathWithin(requestedPath, basePath) {
   if (!requestedPath.startsWith(basePath)) return false;
   return requestedPath.charAt(basePath.length) === path.sep;
 }
-function buildSandboxPath(options) {
-  const pathParts = [...BASE_PATH_DIRS];
-  if (options.nodeBin && !pathParts.includes(options.nodeBin)) {
-    pathParts.unshift(options.nodeBin);
-  }
-  const globalBin = options.npmGlobalPrefix ? path.join(options.npmGlobalPrefix, "bin") : null;
-  if (globalBin && !pathParts.includes(globalBin)) {
-    pathParts.unshift(globalBin);
-  }
-  for (const dir of options.companionBinDirs) {
-    if (dir && !pathParts.includes(dir)) {
-      pathParts.unshift(dir);
-    }
-  }
-  return pathParts.join(":");
-}
-function getNodeBinaryDir() {
-  try {
-    const nodePath = execSync("which node", { encoding: "utf-8" }).trim();
-    return nodePath ? path.dirname(nodePath) : null;
-  } catch {
-    return null;
-  }
-}
-function getNpmGlobalPrefix() {
-  try {
-    const prefix = execSync("npm prefix -g", { encoding: "utf-8" }).trim();
-    return prefix || null;
-  } catch {
-    return null;
-  }
-}
-function getCliCompanionBinDir(cliName) {
-  try {
-    const cliPath = execSync(`which ${cliName}`, { encoding: "utf-8" }).trim();
-    if (!cliPath) return null;
-    return path.dirname(fs.realpathSync(cliPath));
-  } catch {
-    return null;
-  }
-}
-function isAlreadyMounted(targetPath, mountRoots) {
-  return mountRoots.some((root) => isPathWithin(targetPath, root));
-}
-var SANDBOX_UID, SANDBOX_GID, BASE_READONLY_MOUNTS, BASE_PATH_DIRS, DEFAULT_DOCKER_IMAGE, DEFAULT_MEMORY_LIMIT, DEFAULT_MAX_PROCESSES, nsjailPath, nsjailRuntimeAvailable, nsjailUnavailableReason, dockerPath, dockerServerReachable, dockerImageReadyFor, cachedSelfMounts, runningInsideContainer;
+var DEFAULT_DOCKER_IMAGE, DEFAULT_MEMORY_LIMIT, DEFAULT_MAX_PROCESSES, dockerPath, dockerServerReachable, dockerImageReadyFor, cachedSelfMounts, runningInsideContainer;
 var init_sandbox = __esm({
   "../server/src/agents/sandbox.ts"() {
     "use strict";
-    SANDBOX_UID = 1500;
-    SANDBOX_GID = 1500;
-    BASE_READONLY_MOUNTS = ["/usr", "/bin", "/lib", "/sbin", "/etc"];
-    BASE_PATH_DIRS = [
-      "/usr/local/sbin",
-      "/usr/local/bin",
-      "/usr/sbin",
-      "/usr/bin",
-      "/sbin",
-      "/bin"
-    ];
     DEFAULT_DOCKER_IMAGE = process.env.MAESTRO_DOCKER_SANDBOX_IMAGE || "maestro-sandbox:latest";
     DEFAULT_MEMORY_LIMIT = 512 * 1024 * 1024;
     DEFAULT_MAX_PROCESSES = 64;
@@ -636,38 +366,12 @@ function spawnPty(options) {
   ensureSpawnHelperExecutable();
   const shell = getShellPath(options.env);
   const cwd = options.cwd || os2.homedir();
-  const requestedSandboxProvider = options.sandboxProvider ?? (options.sandbox ? "nsjail" : "none");
+  const requestedSandboxProvider = options.sandboxProvider ?? (options.sandbox ? "docker" : "none");
   const sandboxProvider = resolveSandboxProvider(requestedSandboxProvider);
   let actualSandboxProvider = sandboxProvider;
   const fullEnv = buildChildEnv(options.env);
   let ptyProcess;
-  if (sandboxProvider === "nsjail") {
-    ensureSandboxWritable(cwd);
-    const sandboxConfig = {
-      cwd,
-      homeDir: options.homeDir,
-      env: fullEnv,
-      readonlyMounts: options.readonlyMounts,
-      writableMounts: options.writableMounts,
-      memoryLimit: options.memoryLimit
-    };
-    const nsjailArgs = [
-      ...buildNsjailArgs(sandboxConfig),
-      "--",
-      shell,
-      "-l"
-    ];
-    ptyProcess = pty.spawn(getNsjailPath(), nsjailArgs, {
-      name: "xterm-256color",
-      cols: options.cols ?? 120,
-      rows: options.rows ?? 30,
-      cwd,
-      // nsjail manages env vars via --env flags, but node-pty still needs
-      // a minimal env for the PTY master side
-      env: { TERM: "xterm-256color" }
-    });
-    console.log(`Spawned sandboxed PTY for terminal ${options.terminalId}`);
-  } else if (sandboxProvider === "docker") {
+  if (sandboxProvider === "docker") {
     const sandboxConfig = {
       cwd,
       homeDir: options.homeDir,
@@ -691,12 +395,6 @@ function spawnPty(options) {
     });
     console.log(`Spawned docker-sandboxed PTY for terminal ${options.terminalId}`);
   } else {
-    if (requestedSandboxProvider === "nsjail" && !isNsjailAvailable()) {
-      const reason = getNsjailUnavailableReason();
-      throw new Error(
-        `Sandbox requested for terminal ${options.terminalId} but nsjail is not available (platform: ${process.platform}${reason ? `, reason: ${reason}` : ""}).`
-      );
-    }
     if (requestedSandboxProvider === "docker" && !isDockerAvailable()) {
       throw new Error(
         `Sandbox requested for terminal ${options.terminalId} but docker is not available.`
@@ -2516,11 +2214,7 @@ function getSettings() {
   const agentDefaultDisableSandbox = getSetting("agentDefaultDisableSandbox");
   const agentDefaultSkipPermissions = getSetting("agentDefaultSkipPermissions");
   const agentDefaultWorktreeMode = getSetting("agentDefaultWorktreeMode");
-  const storedSandboxProvider = normalizeSandboxProvider(
-    sandboxProvider,
-    sandbox === "true"
-  );
-  const resolvedSandboxProvider = storedSandboxProvider === "nsjail" ? "docker" : storedSandboxProvider;
+  const resolvedSandboxProvider = normalizeSandboxProvider(sandboxProvider, sandbox === "true");
   return {
     autoUpdateEnabled: enabled !== null ? enabled === "true" : DEFAULTS.autoUpdateEnabled,
     autoUpdateIntervalHours: interval !== null ? Number(interval) : DEFAULTS.autoUpdateIntervalHours,
@@ -2555,9 +2249,8 @@ function updateSettings(patch) {
     }
   }
   if (patch.sandboxProvider !== void 0) {
-    const provider = patch.sandboxProvider === "nsjail" ? "docker" : patch.sandboxProvider;
-    setSetting("sandboxProvider", provider);
-    setSetting("sandboxEnabled", String(provider !== "none"));
+    setSetting("sandboxProvider", patch.sandboxProvider);
+    setSetting("sandboxEnabled", String(patch.sandboxProvider !== "none"));
   }
   if (patch.deepgramApiKey !== void 0) {
     setSetting("deepgramApiKey", patch.deepgramApiKey);
@@ -4620,7 +4313,7 @@ import { z as z2 } from "zod";
 import { z } from "zod";
 var AutoSpawnAgentProviderSchema = z.enum(["claude", "codex"]);
 var AutoSpawnAgentWorktreeModeSchema = z.enum(["none", "new"]);
-var SandboxProviderSchema = z.enum(["none", "nsjail", "docker"]);
+var SandboxProviderSchema = z.enum(["none", "docker"]);
 var SettingsSchema = z.object({
   autoUpdateEnabled: z.boolean().default(false),
   autoUpdateIntervalHours: z.number().min(1).max(168).default(24),
@@ -6959,7 +6652,7 @@ function stopAutoUpdater() {
 }
 
 // ../server/src/services/ollama.ts
-import { mkdirSync as mkdirSync6, writeFileSync as writeFileSync5, readFileSync as readFileSync6, existsSync as existsSync15 } from "node:fs";
+import { mkdirSync as mkdirSync6, writeFileSync as writeFileSync5, readFileSync as readFileSync5, existsSync as existsSync15 } from "node:fs";
 import { join as join16 } from "node:path";
 import { homedir as homedir9 } from "node:os";
 var OLLAMA_HOST = process.env.OLLAMA_HOST || "http://localhost:11434";
@@ -7058,7 +6751,7 @@ function writePiModelsConfig(modelId) {
   let existing = {};
   if (existsSync15(PI_MODELS_PATH)) {
     try {
-      existing = JSON.parse(readFileSync6(PI_MODELS_PATH, "utf-8"));
+      existing = JSON.parse(readFileSync5(PI_MODELS_PATH, "utf-8"));
     } catch {
     }
   }