@jshookmcp/jshook 0.3.0 → 0.3.1

package/dist/handlers-BWXEy6ef.mjs

@@ -1,917 +0,0 @@
-import { fn as SANDBOX_EXEC_TIMEOUT_MS, mn as SANDBOX_MEMORY_LIMIT_MB, pn as SANDBOX_MAX_TIMEOUT_MS } from "./constants-CDZLOoVv.mjs";
-import { randomUUID } from "node:crypto";
-import { getQuickJS } from "quickjs-emscripten";
-//#region src/server/sandbox/SandboxHelpers.ts
-/**
-* SandboxHelpers — Pre-built pure-JS utility libraries for the sandbox.
-*
-* These helpers are evaluated inside QuickJS before user code runs,
-* providing common utilities (base64, hex, hashing, JSON, array, string)
-* without requiring Node.js APIs.
-*/
-/**
-* Pure-JS source string that is eval'd inside the sandbox environment.
-* All implementations are self-contained with no external dependencies.
-*/
-const SANDBOX_HELPER_SOURCE = `
-(function() {
-  var helpers = {};
-
-  // ── base64 ──
-  helpers.base64 = {
-    _chars: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=',
-    encode: function(str) {
-      var output = '';
-      var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
-      var i = 0;
-      while (i < str.length) {
-        chr1 = str.charCodeAt(i++);
-        chr2 = str.charCodeAt(i++);
-        chr3 = str.charCodeAt(i++);
-        enc1 = chr1 >> 2;
-        enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
-        enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
-        enc4 = chr3 & 63;
-        if (isNaN(chr2)) { enc3 = enc4 = 64; }
-        else if (isNaN(chr3)) { enc4 = 64; }
-        output += this._chars.charAt(enc1) + this._chars.charAt(enc2) +
-                  this._chars.charAt(enc3) + this._chars.charAt(enc4);
-      }
-      return output;
-    },
-    decode: function(str) {
-      var output = '';
-      var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
-      var i = 0;
-      str = str.replace(/[^A-Za-z0-9+/=]/g, '');
-      while (i < str.length) {
-        enc1 = this._chars.indexOf(str.charAt(i++));
-        enc2 = this._chars.indexOf(str.charAt(i++));
-        enc3 = this._chars.indexOf(str.charAt(i++));
-        enc4 = this._chars.indexOf(str.charAt(i++));
-        chr1 = (enc1 << 2) | (enc2 >> 4);
-        chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
-        chr3 = ((enc3 & 3) << 6) | enc4;
-        output += String.fromCharCode(chr1);
-        if (enc3 !== 64) output += String.fromCharCode(chr2);
-        if (enc4 !== 64) output += String.fromCharCode(chr3);
-      }
-      return output;
-    }
-  };
-
-  // ── hex ──
-  helpers.hex = {
-    encode: function(str) {
-      var hex = '';
-      for (var i = 0; i < str.length; i++) {
-        hex += ('0' + str.charCodeAt(i).toString(16)).slice(-2);
-      }
-      return hex;
-    },
-    decode: function(hex) {
-      var str = '';
-      for (var i = 0; i < hex.length; i += 2) {
-        str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
-      }
-      return str;
-    }
-  };
-
-  // ── hash (simple djb2/fnv for in-sandbox use; NOT cryptographic!) ──
-  helpers.hash = {
-    djb2: function(str) {
-      var hash = 5381;
-      for (var i = 0; i < str.length; i++) {
-        hash = ((hash << 5) + hash) + str.charCodeAt(i);
-        hash = hash & hash; // Convert to 32-bit
-      }
-      return (hash >>> 0).toString(16);
-    },
-    fnv1a: function(str) {
-      var hash = 0x811c9dc5;
-      for (var i = 0; i < str.length; i++) {
-        hash ^= str.charCodeAt(i);
-        hash = Math.imul(hash, 0x01000193);
-      }
-      return (hash >>> 0).toString(16);
-    },
-    /** Simple MD5 — pure JS implementation */
-    md5: function(str) {
-      // Lightweight MD5 for sandbox use
-      function md5cycle(x, k) {
-        var a = x[0], b = x[1], c = x[2], d = x[3];
-        a = ff(a,b,c,d,k[0],7,-680876936);d=ff(d,a,b,c,k[1],12,-389564586);c=ff(c,d,a,b,k[2],17,606105819);b=ff(b,c,d,a,k[3],22,-1044525330);
-        a=ff(a,b,c,d,k[4],7,-176418897);d=ff(d,a,b,c,k[5],12,1200080426);c=ff(c,d,a,b,k[6],17,-1473231341);b=ff(b,c,d,a,k[7],22,-45705983);
-        a=ff(a,b,c,d,k[8],7,1770035416);d=ff(d,a,b,c,k[9],12,-1958414417);c=ff(c,d,a,b,k[10],17,-42063);b=ff(b,c,d,a,k[11],22,-1990404162);
-        a=ff(a,b,c,d,k[12],7,1804603682);d=ff(d,a,b,c,k[13],12,-40341101);c=ff(c,d,a,b,k[14],17,-1502002290);b=ff(b,c,d,a,k[15],22,1236535329);
-        a=gg(a,b,c,d,k[1],5,-165796510);d=gg(d,a,b,c,k[6],9,-1069501632);c=gg(c,d,a,b,k[11],14,643717713);b=gg(b,c,d,a,k[0],20,-373897302);
-        a=gg(a,b,c,d,k[5],5,-701558691);d=gg(d,a,b,c,k[10],9,38016083);c=gg(c,d,a,b,k[15],14,-660478335);b=gg(b,c,d,a,k[4],20,-405537848);
-        a=gg(a,b,c,d,k[9],5,568446438);d=gg(d,a,b,c,k[14],9,-1019803690);c=gg(c,d,a,b,k[3],14,-187363961);b=gg(b,c,d,a,k[8],20,1163531501);
-        a=gg(a,b,c,d,k[13],5,-1444681467);d=gg(d,a,b,c,k[2],9,-51403784);c=gg(c,d,a,b,k[7],14,1735328473);b=gg(b,c,d,a,k[12],20,-1926607734);
-        a=hh(a,b,c,d,k[5],4,-378558);d=hh(d,a,b,c,k[8],11,-2022574463);c=hh(c,d,a,b,k[11],16,1839030562);b=hh(b,c,d,a,k[14],23,-35309556);
-        a=hh(a,b,c,d,k[1],4,-1530992060);d=hh(d,a,b,c,k[4],11,1272893353);c=hh(c,d,a,b,k[7],16,-155497632);b=hh(b,c,d,a,k[10],23,-1094730640);
-        a=hh(a,b,c,d,k[13],4,681279174);d=hh(d,a,b,c,k[0],11,-358537222);c=hh(c,d,a,b,k[3],16,-722521979);b=hh(b,c,d,a,k[6],23,76029189);
-        a=hh(a,b,c,d,k[9],4,-640364487);d=hh(d,a,b,c,k[12],11,-421815835);c=hh(c,d,a,b,k[15],16,530742520);b=hh(b,c,d,a,k[2],23,-995338651);
-        a=ii(a,b,c,d,k[0],6,-198630844);d=ii(d,a,b,c,k[7],10,1126891415);c=ii(c,d,a,b,k[14],15,-1416354905);b=ii(b,c,d,a,k[5],21,-57434055);
-        a=ii(a,b,c,d,k[12],6,1700485571);d=ii(d,a,b,c,k[3],10,-1894986606);c=ii(c,d,a,b,k[10],15,-1051523);b=ii(b,c,d,a,k[1],21,-2054922799);
-        a=ii(a,b,c,d,k[8],6,1873313359);d=ii(d,a,b,c,k[15],10,-30611744);c=ii(c,d,a,b,k[6],15,-1560198380);b=ii(b,c,d,a,k[13],21,1309151649);
-        a=ii(a,b,c,d,k[4],6,-145523070);d=ii(d,a,b,c,k[11],10,-1120210379);c=ii(c,d,a,b,k[2],15,718787259);b=ii(b,c,d,a,k[9],21,-343485551);
-        x[0]=add32(a,x[0]);x[1]=add32(b,x[1]);x[2]=add32(c,x[2]);x[3]=add32(d,x[3]);
-      }
-      function cmn(q,a,b,x,s,t){a=add32(add32(a,q),add32(x,t));return add32((a<<s)|(a>>>(32-s)),b)}
-      function ff(a,b,c,d,x,s,t){return cmn((b&c)|((~b)&d),a,b,x,s,t)}
-      function gg(a,b,c,d,x,s,t){return cmn((b&d)|(c&(~d)),a,b,x,s,t)}
-      function hh(a,b,c,d,x,s,t){return cmn(b^c^d,a,b,x,s,t)}
-      function ii(a,b,c,d,x,s,t){return cmn(c^(b|(~d)),a,b,x,s,t)}
-      function add32(a,b){return(a+b)&0xFFFFFFFF}
-
-      var n = str.length;
-      var state = [1732584193,-271733879,-1732584194,271733878];
-      var tail = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];
-      var i;
-      for (i = 64; i <= n; i += 64) {
-        var blk = [];
-        for (var j = i - 64; j < i; j += 4) {
-          blk.push(str.charCodeAt(j)|(str.charCodeAt(j+1)<<8)|(str.charCodeAt(j+2)<<16)|(str.charCodeAt(j+3)<<24));
-        }
-        md5cycle(state, blk);
-      }
-      for (var j = 0; j < 16; j++) tail[j] = 0;
-      for (i = i - 64; i < n; i++) {
-        tail[i>>2] |= str.charCodeAt(i) << ((i%4)<<3);
-      }
-      tail[i>>2] |= 0x80 << ((i%4)<<3);
-      if (i > 55) { md5cycle(state, tail); for (j = 0; j < 16; j++) tail[j] = 0; }
-      tail[14] = n * 8;
-      md5cycle(state, tail);
-
-      var hex_chr = '0123456789abcdef';
-      var s = '';
-      for (i = 0; i < 4; i++) {
-        for (j = 0; j < 4; j++) {
-          s += hex_chr.charAt((state[i] >> (j*8+4)) & 0x0F) + hex_chr.charAt((state[i] >> (j*8)) & 0x0F);
-        }
-      }
-      return s;
-    },
-    sha256: function(str) {
-      // Minimal pure-JS SHA-256
-      var K = [0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
-               0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
-               0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
-               0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
-               0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
-               0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
-               0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
-               0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2];
-      function rr(x,n){return(x>>>n)|(x<<(32-n))}
-      var H=[0x6a09e667,0xbb67ae85,0x3c6ef372,0xa54ff53a,0x510e527f,0x9b05688c,0x1f83d9ab,0x5be0cd19];
-      var msg=[];
-      for(var i=0;i<str.length;i++)msg.push(str.charCodeAt(i));
-      msg.push(0x80);
-      var l=msg.length;
-      while(l%64!==56){msg.push(0);l++;}
-      var bits=str.length*8;
-      for(i=7;i>=0;i--)msg.push((bits>>>(i*8))&0xff);
-      for(var offset=0;offset<msg.length;offset+=64){
-        var W=[];
-        for(i=0;i<16;i++)W[i]=(msg[offset+i*4]<<24)|(msg[offset+i*4+1]<<16)|(msg[offset+i*4+2]<<8)|msg[offset+i*4+3];
-        for(i=16;i<64;i++){
-          var s0=rr(W[i-15],7)^rr(W[i-15],18)^(W[i-15]>>>3);
-          var s1=rr(W[i-2],17)^rr(W[i-2],19)^(W[i-2]>>>10);
-          W[i]=(W[i-16]+s0+W[i-7]+s1)|0;
-        }
-        var a=H[0],b=H[1],c=H[2],d=H[3],e=H[4],f=H[5],g=H[6],h=H[7];
-        for(i=0;i<64;i++){
-          var S1=rr(e,6)^rr(e,11)^rr(e,25);
-          var ch=(e&f)^((~e)&g);
-          var t1=(h+S1+ch+K[i]+W[i])|0;
-          var S0=rr(a,2)^rr(a,13)^rr(a,22);
-          var maj=(a&b)^(a&c)^(b&c);
-          var t2=(S0+maj)|0;
-          h=g;g=f;f=e;e=(d+t1)|0;d=c;c=b;b=a;a=(t1+t2)|0;
-        }
-        H[0]=(H[0]+a)|0;H[1]=(H[1]+b)|0;H[2]=(H[2]+c)|0;H[3]=(H[3]+d)|0;
-        H[4]=(H[4]+e)|0;H[5]=(H[5]+f)|0;H[6]=(H[6]+g)|0;H[7]=(H[7]+h)|0;
-      }
-      var hex='';
-      for(i=0;i<8;i++)for(var j=7;j>=0;j--)hex+='0123456789abcdef'.charAt((H[i]>>>(j*4))&0xf);
-      return hex;
-    }
-  };
-
-  // ── json ──
-  helpers.json = {
-    safeParse: function(str) {
-      try { return { ok: true, value: JSON.parse(str) }; }
-      catch(e) { return { ok: false, error: e.message }; }
-    }
-  };
-
-  // ── array ──
-  helpers.array = {
-    chunk: function(arr, size) {
-      var result = [];
-      for (var i = 0; i < arr.length; i += size) {
-        result.push(arr.slice(i, i + size));
-      }
-      return result;
-    },
-    flatten: function(arr) {
-      var result = [];
-      for (var i = 0; i < arr.length; i++) {
-        if (Array.isArray(arr[i])) {
-          result = result.concat(this.flatten(arr[i]));
-        } else {
-          result.push(arr[i]);
-        }
-      }
-      return result;
-    },
-    unique: function(arr) {
-      var seen = {};
-      var result = [];
-      for (var i = 0; i < arr.length; i++) {
-        var key = JSON.stringify(arr[i]);
-        if (!seen[key]) {
-          seen[key] = true;
-          result.push(arr[i]);
-        }
-      }
-      return result;
-    }
-  };
-
-  // ── string ──
-  helpers.string = {
-    camelCase: function(s) {
-      return s.replace(/[-_\\s]+(\\w)/g, function(_, c) { return c.toUpperCase(); })
-              .replace(/^\\w/, function(c) { return c.toLowerCase(); });
-    },
-    snakeCase: function(s) {
-      return s.replace(/([A-Z])/g, '_$1').toLowerCase()
-              .replace(/[-\\s]+/g, '_')
-              .replace(/^_/, '');
-    },
-    truncate: function(s, len) {
-      if (s.length <= len) return s;
-      return s.slice(0, len - 3) + '...';
-    }
-  };
-
-  // Expose to global scope
-  globalThis.helpers = helpers;
-})();
-`;
-//#endregion
-//#region src/server/sandbox/QuickJSSandbox.ts
-/**
-* QuickJSSandbox — WASM-isolated JavaScript execution engine.
-*
-* Uses quickjs-emscripten to run untrusted code inside a QuickJS WASM
-* runtime.  Each `execute()` call spins up a fresh runtime (no state
-* leakage across calls) with configurable timeout and memory limits.
-*
-* Provides stronger isolation than the existing Node.js vm-based
-* ExecutionSandbox because the guest code runs inside WebAssembly —
-* it cannot reach Node.js APIs, the filesystem, or the network even
-* if it escapes the QuickJS VM.
-*/
-const DEFAULT_TIMEOUT_MS = SANDBOX_EXEC_TIMEOUT_MS;
-const DEFAULT_MEMORY_LIMIT_BYTES = SANDBOX_MEMORY_LIMIT_MB * 1024 * 1024;
-const DEFAULT_MAX_BRIDGE_CALLS = 10;
-/**
-* Marshal a host value into a QuickJS handle.
-*
-* Supports primitives, arrays, and plain objects.  Anything else
-* is converted to its JSON representation (string).
-*/
-function marshalToQuickJS(ctx, value) {
-	if (value === null || value === void 0) return ctx.undefined;
-	switch (typeof value) {
-		case "string": return ctx.newString(value);
-		case "number": return ctx.newNumber(value);
-		case "boolean": return value ? ctx.true : ctx.false;
-		case "object": {
-			if (Array.isArray(value)) {
-				const arr = ctx.newArray();
-				for (let i = 0; i < value.length; i++) {
-					const elem = marshalToQuickJS(ctx, value[i]);
-					ctx.setProp(arr, i, elem);
-					elem.dispose();
-				}
-				return arr;
-			}
-			const obj = ctx.newObject();
-			for (const [k, v] of Object.entries(value)) {
-				const prop = marshalToQuickJS(ctx, v);
-				ctx.setProp(obj, k, prop);
-				prop.dispose();
-			}
-			return obj;
-		}
-		default: return ctx.newString(String(value));
-	}
-}
-/**
-* Unmarshal a QuickJS handle back to a host value.
-*/
-function unmarshalFromQuickJS(ctx, handle) {
-	switch (ctx.typeof(handle)) {
-		case "undefined": return;
-		case "number": return ctx.getNumber(handle);
-		case "string": return ctx.getString(handle);
-		case "boolean": return ctx.dump(handle);
-		case "object": return ctx.dump(handle);
-		default: return ctx.dump(handle);
-	}
-}
-var QuickJSSandbox = class {
-	bridge = null;
-	/**
-	* Set an optional MCP bridge for host tool invocation from sandbox.
-	*/
-	setBridge(bridge) {
-		this.bridge = bridge;
-	}
-	/**
-	* Execute JavaScript code inside a fresh WASM-isolated QuickJS runtime.
-	*
-	* Every call creates a new runtime + context, evaluates code, and tears
-	* it down.  There is zero state leakage between calls.
-	*/
-	async execute(code, options = {}) {
-		const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-		const memoryLimitBytes = options.memoryLimitBytes ?? DEFAULT_MEMORY_LIMIT_BYTES;
-		const runtime = (await getQuickJS()).newRuntime();
-		runtime.setMemoryLimit(memoryLimitBytes);
-		const startTime = Date.now();
-		let timedOut = false;
-		runtime.setInterruptHandler(() => {
-			if (Date.now() - startTime > timeoutMs) {
-				timedOut = true;
-				return true;
-			}
-			return false;
-		});
-		const context = runtime.newContext();
-		const logs = [];
-		try {
-			this.injectConsole(context, logs);
-			this.injectHelpers(context);
-			if (this.bridge) this.injectBridge(context, this.bridge, logs);
-			if (options.globals) this.injectGlobals(context, options.globals);
-			const result = context.evalCode(code, "sandbox-eval.js");
-			if (result.error) {
-				const errorMsg = context.dump(result.error);
-				result.error.dispose();
-				if (timedOut) return {
-					ok: false,
-					error: "Execution timed out",
-					timedOut: true,
-					durationMs: Date.now() - startTime,
-					logs
-				};
-				return {
-					ok: false,
-					error: typeof errorMsg === "object" ? JSON.stringify(errorMsg) : String(errorMsg),
-					timedOut: false,
-					durationMs: Date.now() - startTime,
-					logs
-				};
-			}
-			const output = unmarshalFromQuickJS(context, result.value);
-			result.value.dispose();
-			return {
-				ok: true,
-				output,
-				timedOut: false,
-				durationMs: Date.now() - startTime,
-				logs
-			};
-		} catch (err) {
-			return {
-				ok: false,
-				error: err instanceof Error ? err.message : String(err),
-				timedOut,
-				durationMs: Date.now() - startTime,
-				logs
-			};
-		} finally {
-			context.dispose();
-			runtime.dispose();
-		}
-	}
-	/**
-	* Execute JavaScript code with multi-round MCP bridge orchestration.
-	*
-	* The sandbox script can call `mcp.call(name, args)` which enqueues
-	* the request.  After each evaluation round, pending calls are resolved
-	* asynchronously on the host side, and results are injected back as
-	* `__bridgeResults` for the next round.
-	*
-	* The script should check `typeof __bridgeResults !== 'undefined'`
-	* to determine if it's in a continuation round and read prior results.
-	*
-	* @param code - JavaScript source to evaluate
-	* @param bridge - MCPBridge instance for tool dispatch
-	* @param options - Orchestration options (maxBridgeCalls, bridgeAllowlist, etc.)
-	*/
-	async executeWithOrchestration(code, bridge, options = {}) {
-		const maxBridgeCalls = options.maxBridgeCalls ?? DEFAULT_MAX_BRIDGE_CALLS;
-		const startTime = Date.now();
-		const allLogs = [];
-		const allBridgeCalls = [];
-		if (options.bridgeAllowlist) bridge.setAllowlist(options.bridgeAllowlist);
-		let bridgeResults = {};
-		let lastOutput;
-		let round = 0;
-		while (round <= maxBridgeCalls) {
-			const roundGlobals = {
-				...options.globals,
-				__bridgeRound: round
-			};
-			if (round > 0) roundGlobals.__bridgeResults = bridgeResults;
-			const roundResult = await this.executeOneRound(code, bridge, {
-				...options,
-				globals: roundGlobals
-			});
-			allLogs.push(...roundResult.logs);
-			if (!roundResult.ok || roundResult.timedOut) return {
-				...roundResult,
-				logs: allLogs,
-				durationMs: Date.now() - startTime,
-				bridgeCallCount: allBridgeCalls.length,
-				bridgeCalls: allBridgeCalls
-			};
-			lastOutput = roundResult.output;
-			if (!bridge.hasPending()) break;
-			const pending = bridge.drainPending();
-			const roundResults = {};
-			for (const req of pending) try {
-				const result = await bridge.call(req.toolName, req.args);
-				roundResults[req.id] = result;
-				allBridgeCalls.push({
-					toolName: req.toolName,
-					args: req.args,
-					result
-				});
-			} catch (err) {
-				const errorMsg = err instanceof Error ? err.message : String(err);
-				roundResults[req.id] = {
-					__error: true,
-					message: errorMsg
-				};
-				allBridgeCalls.push({
-					toolName: req.toolName,
-					args: req.args,
-					result: {
-						__error: true,
-						message: errorMsg
-					}
-				});
-			}
-			bridgeResults = {
-				...bridgeResults,
-				...roundResults
-			};
-			round++;
-		}
-		return {
-			ok: true,
-			output: lastOutput,
-			timedOut: false,
-			durationMs: Date.now() - startTime,
-			logs: allLogs,
-			bridgeCallCount: allBridgeCalls.length,
-			bridgeCalls: allBridgeCalls
-		};
-	}
-	/**
-	* Run a single evaluation round inside a fresh QuickJS runtime.
-	* Used internally by executeWithOrchestration.
-	*/
-	async executeOneRound(code, bridge, options = {}) {
-		const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-		const memoryLimitBytes = options.memoryLimitBytes ?? DEFAULT_MEMORY_LIMIT_BYTES;
-		const runtime = (await getQuickJS()).newRuntime();
-		runtime.setMemoryLimit(memoryLimitBytes);
-		const startTime = Date.now();
-		let timedOut = false;
-		runtime.setInterruptHandler(() => {
-			if (Date.now() - startTime > timeoutMs) {
-				timedOut = true;
-				return true;
-			}
-			return false;
-		});
-		const context = runtime.newContext();
-		const logs = [];
-		try {
-			this.injectConsole(context, logs);
-			this.injectHelpers(context);
-			this.injectBridgeForOrchestration(context, bridge, logs);
-			if (options.globals) this.injectGlobals(context, options.globals);
-			const result = context.evalCode(code, "sandbox-eval.js");
-			if (result.error) {
-				const errorMsg = context.dump(result.error);
-				result.error.dispose();
-				if (timedOut) return {
-					ok: false,
-					error: "Execution timed out",
-					timedOut: true,
-					durationMs: Date.now() - startTime,
-					logs
-				};
-				return {
-					ok: false,
-					error: typeof errorMsg === "object" ? JSON.stringify(errorMsg) : String(errorMsg),
-					timedOut: false,
-					durationMs: Date.now() - startTime,
-					logs
-				};
-			}
-			const output = unmarshalFromQuickJS(context, result.value);
-			result.value.dispose();
-			return {
-				ok: true,
-				output,
-				timedOut: false,
-				durationMs: Date.now() - startTime,
-				logs
-			};
-		} catch (err) {
-			return {
-				ok: false,
-				error: err instanceof Error ? err.message : String(err),
-				timedOut,
-				durationMs: Date.now() - startTime,
-				logs
-			};
-		} finally {
-			context.dispose();
-			runtime.dispose();
-		}
-	}
-	/**
-	* Inject a `console` object into the sandbox whose `log` method
-	* pushes stringified arguments into the captured `logs` array.
-	*/
-	injectConsole(ctx, logs) {
-		const consoleObj = ctx.newObject();
-		const logFn = ctx.newFunction("log", (...args) => {
-			const parts = args.map((a) => {
-				const val = unmarshalFromQuickJS(ctx, a);
-				return typeof val === "string" ? val : JSON.stringify(val);
-			});
-			logs.push(parts.join(" "));
-		});
-		ctx.setProp(consoleObj, "log", logFn);
-		ctx.setProp(consoleObj, "warn", logFn);
-		ctx.setProp(consoleObj, "error", logFn);
-		ctx.setProp(ctx.global, "console", consoleObj);
-		logFn.dispose();
-		consoleObj.dispose();
-	}
-	/**
-	* Inject user-supplied global variables into the QuickJS context.
-	*/
-	injectGlobals(ctx, globals) {
-		for (const [key, value] of Object.entries(globals)) {
-			const handle = marshalToQuickJS(ctx, value);
-			ctx.setProp(ctx.global, key, handle);
-			handle.dispose();
-		}
-	}
-	/**
-	* Inject pre-built helper libraries (base64, hex, hash, etc.) into the
-	* sandbox global scope by evaluating the helper source code.
-	*/
-	injectHelpers(ctx) {
-		const result = ctx.evalCode(SANDBOX_HELPER_SOURCE, "sandbox-helpers.js");
-		if (result.error) {
-			ctx.dump(result.error);
-			result.error.dispose();
-		} else result.value.dispose();
-	}
-	/**
-	* Inject the `mcp` bridge object into the sandbox (legacy sync stub).
-	*
-	* Because QuickJS doesn't natively support async host functions in sync
-	* mode, `mcp.call()` and `mcp.listTools()` are exposed as synchronous
-	* functions.  Bridge calls capture the request; the caller should use
-	* `MCPBridge.call()` from the host side for actual async dispatch.
-	*
-	* For sandbox scripts that need bridge results inline, the host orchestrator
-	* (AutoCorrectionLoop or handler) resolves bridge calls between executions.
-	*/
-	injectBridge(ctx, bridge, logs) {
-		const mcpObj = ctx.newObject();
-		const callFn = ctx.newFunction("call", (nameHandle, argsHandle) => {
-			const name = ctx.getString(nameHandle);
-			const args = ctx.dump(argsHandle) ?? {};
-			logs.push(`[mcp.call] ${name}(${JSON.stringify(args)})`);
-			return marshalToQuickJS(ctx, {
-				pending: true,
-				tool: name
-			});
-		});
-		const listFn = ctx.newFunction("listTools", () => {
-			return marshalToQuickJS(ctx, bridge.listAvailableTools());
-		});
-		ctx.setProp(mcpObj, "call", callFn);
-		ctx.setProp(mcpObj, "listTools", listFn);
-		ctx.setProp(ctx.global, "mcp", mcpObj);
-		callFn.dispose();
-		listFn.dispose();
-		mcpObj.dispose();
-	}
-	/**
-	* Inject the `mcp` bridge object for orchestration mode.
-	*
-	* `mcp.call()` enqueues the request via `bridge.enqueue()` and returns
-	* a `{ __bridgeCall: true, callId }` marker.  The orchestration loop
-	* resolves these calls between rounds and injects results into
-	* `__bridgeResults[callId]`.
-	*/
-	injectBridgeForOrchestration(ctx, bridge, logs) {
-		const mcpObj = ctx.newObject();
-		const callFn = ctx.newFunction("call", (nameHandle, argsHandle) => {
-			const name = ctx.getString(nameHandle);
-			const args = ctx.dump(argsHandle) ?? {};
-			try {
-				const callId = bridge.enqueue(name, args);
-				logs.push(`[mcp.call] enqueued ${name}(${JSON.stringify(args)}) → ${callId}`);
-				return marshalToQuickJS(ctx, {
-					__bridgeCall: true,
-					callId
-				});
-			} catch (err) {
-				const errorMsg = err instanceof Error ? err.message : String(err);
-				logs.push(`[mcp.call] rejected ${name}: ${errorMsg}`);
-				return marshalToQuickJS(ctx, {
-					__bridgeCall: false,
-					error: errorMsg
-				});
-			}
-		});
-		const listFn = ctx.newFunction("listTools", () => {
-			return marshalToQuickJS(ctx, bridge.listAvailableTools());
-		});
-		ctx.setProp(mcpObj, "call", callFn);
-		ctx.setProp(mcpObj, "listTools", listFn);
-		ctx.setProp(ctx.global, "mcp", mcpObj);
-		callFn.dispose();
-		listFn.dispose();
-		mcpObj.dispose();
-	}
-};
-//#endregion
-//#region src/server/sandbox/MCPBridge.ts
-/**
-* MCPBridge — Allows sandboxed scripts to invoke host MCP tools.
-*
-* The bridge wraps `executeToolWithTracking` and is injected as the
-* `mcp` global inside QuickJS.  It validates tool names against the
-* registered tool set before dispatching, preventing arbitrary
-* function calls from the sandbox.
-*/
-var MCPBridge = class {
-	ctx;
-	allowlist = null;
-	pendingCalls = [];
-	constructor(ctx) {
-		this.ctx = ctx;
-	}
-	/**
-	* Restrict callable tools to a specific set.
-	* Pass `null` to allow all registered tools (default).
-	*/
-	setAllowlist(toolNames) {
-		this.allowlist = toolNames ? new Set(toolNames) : null;
-	}
-	/**
-	* Enqueue a tool call request from the sandbox.
-	* Returns a unique callId that the sandbox can use to look up the result.
-	*/
-	enqueue(toolName, args = {}) {
-		if (!(this.ctx.selectedTools?.map((t) => t.name) ?? []).includes(toolName)) throw new Error(`Tool "${toolName}" is not a registered MCP tool`);
-		if (this.allowlist && !this.allowlist.has(toolName)) throw new Error(`Tool "${toolName}" is not in the sandbox allowlist`);
-		const id = randomUUID().slice(0, 8);
-		this.pendingCalls.push({
-			id,
-			toolName,
-			args
-		});
-		return id;
-	}
-	/**
-	* Drain all pending call requests. Returns the queued calls and clears the queue.
-	*/
-	drainPending() {
-		const calls = [...this.pendingCalls];
-		this.pendingCalls.length = 0;
-		return calls;
-	}
-	/**
-	* Check whether there are pending calls waiting to be resolved.
-	*/
-	hasPending() {
-		return this.pendingCalls.length > 0;
-	}
-	/**
-	* Call a registered MCP tool by name.
-	*
-	* @throws Error if tool does not exist or is not in the allowlist.
-	*/
-	async call(toolName, args = {}) {
-		if (this.allowlist && !this.allowlist.has(toolName)) throw new Error(`Tool "${toolName}" is not in the sandbox allowlist`);
-		if (!this.listAvailableTools().includes(toolName)) throw new Error(`Tool "${toolName}" is not a registered MCP tool`);
-		const response = await this.ctx.executeToolWithTracking(toolName, args);
-		if (response.content && Array.isArray(response.content)) {
-			const textParts = [];
-			for (const item of response.content) if (item.type === "text") textParts.push(item.text);
-			const combined = textParts.join("\n");
-			try {
-				return JSON.parse(combined);
-			} catch {
-				return combined;
-			}
-		}
-		return response;
-	}
-	/**
-	* Return the names of all tools callable from the sandbox.
-	*/
-	listAvailableTools() {
-		const allTools = this.ctx.selectedTools.map((t) => t.name);
-		if (this.allowlist) return allTools.filter((n) => this.allowlist.has(n));
-		return allTools;
-	}
-};
-//#endregion
-//#region src/server/sandbox/SessionScratchpad.ts
-/**
-* SessionScratchpad — Per-session key/value store for sandbox scripts.
-*
-* Values persist across script executions within the same session.
-* All values are serialized/deserialized via JSON to prevent live
-* object references leaking across sandbox contexts.
-*/
-var SessionScratchpad = class {
-	store = /* @__PURE__ */ new Map();
-	/**
-	* Set a value for a key in a session's scratchpad.
-	* Value is JSON-serialized for safety.
-	*/
-	set(sessionId, key, value) {
-		let session = this.store.get(sessionId);
-		if (!session) {
-			session = /* @__PURE__ */ new Map();
-			this.store.set(sessionId, session);
-		}
-		session.set(key, JSON.stringify(value));
-	}
-	/**
-	* Get a value by key from a session's scratchpad.
-	* Returns undefined if key doesn't exist.
-	*/
-	get(sessionId, key) {
-		const session = this.store.get(sessionId);
-		if (!session) return void 0;
-		const raw = session.get(key);
-		if (raw === void 0) return void 0;
-		try {
-			return JSON.parse(raw);
-		} catch {
-			return raw;
-		}
-	}
-	/**
-	* Get all key/value pairs for a session.
-	*/
-	getAll(sessionId) {
-		const session = this.store.get(sessionId);
-		if (!session) return {};
-		const result = {};
-		for (const [k, v] of session) try {
-			result[k] = JSON.parse(v);
-		} catch {
-			result[k] = v;
-		}
-		return result;
-	}
-	/**
-	* Get all keys for a session.
-	*/
-	keys(sessionId) {
-		const session = this.store.get(sessionId);
-		if (!session) return [];
-		return Array.from(session.keys());
-	}
-	/**
-	* Clear all state for a specific session.
-	*/
-	clear(sessionId) {
-		this.store.delete(sessionId);
-	}
-	/**
-	* Clear all sessions (server shutdown).
-	*/
-	clearAll() {
-		this.store.clear();
-	}
-};
-//#endregion
-//#region src/server/sandbox/AutoCorrectionLoop.ts
-/**
-* Execute code in the sandbox with automatic retry on error.
-*
-* @param sandbox - QuickJSSandbox instance
-* @param code - JavaScript source to execute
-* @param options - Sandbox execution options
-* @param maxRetries - Maximum number of retries (default 2)
-* @returns Result from the final execution attempt
-*/
-async function executeWithRetry(sandbox, code, options = {}, maxRetries = 2) {
-	let lastResult = null;
-	let currentCode = code;
-	for (let attempt = 0; attempt <= maxRetries; attempt++) {
-		lastResult = await sandbox.execute(currentCode, options);
-		if (lastResult.ok) return {
-			...lastResult,
-			retryCount: attempt
-		};
-		if (lastResult.timedOut) return {
-			...lastResult,
-			retryCount: attempt
-		};
-		if (attempt < maxRetries) currentCode = `/* Previous error (attempt ${attempt + 1}): ${lastResult.error ?? "unknown error"} */\n${code}`;
-	}
-	return {
-		...lastResult,
-		retryCount: maxRetries
-	};
-}
-//#endregion
-//#region src/server/domains/sandbox/handlers.ts
-/**
-* SandboxToolHandlers — Handles sandbox domain MCP tool calls.
-*/
-var SandboxToolHandlers = class {
-	ctx;
-	scratchpad = new SessionScratchpad();
-	constructor(ctx) {
-		this.ctx = ctx;
-	}
-	async handleExecuteSandboxScript(args) {
-		const code = args.code;
-		const sessionId = args.sessionId ?? void 0;
-		const timeoutMs = args.timeoutMs ?? void 0;
-		const autoCorrect = args.autoCorrect ?? false;
-		if (!code || typeof code !== "string") return { content: [{
-			type: "text",
-			text: JSON.stringify({
-				ok: false,
-				error: "code parameter is required"
-			})
-		}] };
-		const sandbox = new QuickJSSandbox();
-		const bridge = new MCPBridge(this.ctx);
-		sandbox.setBridge(bridge);
-		const options = {};
-		if (timeoutMs !== void 0) {
-			const MAX_TIMEOUT = SANDBOX_MAX_TIMEOUT_MS;
-			options.timeoutMs = Math.min(Math.max(1, Number.isFinite(timeoutMs) ? timeoutMs : 0), MAX_TIMEOUT);
-		}
-		if (sessionId) {
-			options.sessionId = sessionId;
-			const scratchpadState = this.scratchpad.getAll(sessionId);
-			options.globals = {
-				...options.globals,
-				__scratchpad: scratchpadState
-			};
-		}
-		let result;
-		if (autoCorrect) result = await executeWithRetry(sandbox, code, options);
-		else result = await sandbox.execute(code, options);
-		if (sessionId && result.ok && result.output && typeof result.output === "object") {
-			const output = result.output;
-			if (output.__scratchpad && typeof output.__scratchpad === "object") for (const [k, v] of Object.entries(output.__scratchpad)) this.scratchpad.set(sessionId, k, v);
-		}
-		return { content: [{
-			type: "text",
-			text: [
-				`**Status:** ${result.ok ? "✓ Success" : "✗ Failed"}`,
-				result.timedOut ? "**Timed out:** yes" : "",
-				`**Duration:** ${result.durationMs}ms`,
-				result.logs.length > 0 ? `**Console output:**\n\`\`\`\n${result.logs.join("\n")}\n\`\`\`` : "",
-				result.output !== void 0 ? `**Result:** ${JSON.stringify(result.output)}` : "",
-				result.error ? `**Error:** ${result.error}` : ""
-			].filter(Boolean).join("\n")
-		}] };
-	}
-};
-//#endregion
-export { SandboxToolHandlers };