@machina.ai/cell-cli-core 1.36.0-rc1 → 1.38.1-rc2

package/dist/src/sandbox/{macos → utils}/commandSafety.d.ts

@@ -1,3 +1,14 @@
+/**
+ * Determines if a command is strictly approved for execution on macOS.
+ * A command is approved if it's composed entirely of tools explicitly listed in `approvedTools`
+ * OR if it's composed of known safe, read-only POSIX commands.
+ *
+ * @param command - The full command string to execute.
+ * @param args - The arguments for the command.
+ * @param approvedTools - A list of explicitly approved tool names (e.g., ['npm', 'git']).
+ * @returns true if the command is strictly approved, false otherwise.
+ */
+export declare function isStrictlyApproved(command: string, args: string[], approvedTools?: string[]): Promise<boolean>;
 /**
  * Checks if a command with its arguments is known to be safe to execute
  * without requiring user confirmation. This is primarily used to allow

package/dist/src/sandbox/{macos → utils}/commandSafety.js

@@ -4,6 +4,42 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 import { parse as shellParse } from 'shell-quote';
+import { extractStringFromParseEntry, initializeShellParsers, splitCommands, stripShellWrapper, } from '../../utils/shell-utils.js';
+/**
+ * Determines if a command is strictly approved for execution on macOS.
+ * A command is approved if it's composed entirely of tools explicitly listed in `approvedTools`
+ * OR if it's composed of known safe, read-only POSIX commands.
+ *
+ * @param command - The full command string to execute.
+ * @param args - The arguments for the command.
+ * @param approvedTools - A list of explicitly approved tool names (e.g., ['npm', 'git']).
+ * @returns true if the command is strictly approved, false otherwise.
+ */
+export async function isStrictlyApproved(command, args, approvedTools) {
+    const tools = approvedTools ?? [];
+    await initializeShellParsers();
+    const fullCmd = [command, ...args].join(' ');
+    const stripped = stripShellWrapper(fullCmd);
+    const pipelineCommands = splitCommands(stripped);
+    // Fallback for simple commands or parsing failures
+    if (pipelineCommands.length === 0) {
+        // For simple commands, we check the root command.
+        // If it's explicitly approved OR it's a known safe POSIX command, we allow it.
+        return tools.includes(command) || isKnownSafeCommand([command, ...args]);
+    }
+    // Check every segment of the pipeline
+    return pipelineCommands.every((cmdString) => {
+        const trimmed = cmdString.trim();
+        if (!trimmed)
+            return true;
+        const parsedArgs = shellParse(trimmed).map(extractStringFromParseEntry);
+        if (parsedArgs.length === 0)
+            return true;
+        const root = parsedArgs[0];
+        // The segment is approved if the root tool is in the allowlist OR if the whole segment is safe.
+        return tools.includes(root) || isKnownSafeCommand(parsedArgs);
+    });
+}
 /**
  * Checks if a command with its arguments is known to be safe to execute
  * without requiring user confirmation. This is primarily used to allow
@@ -37,23 +73,18 @@ export function isKnownSafeCommand(args) {
             if (/[()<>]/g.test(script)) {
                 return false;
             }
-            const commands = script.split(/&&|\|\||\||;/);
-            let allSafe = true;
-            for (const cmd of commands) {
+            const commands = splitCommands(script);
+            if (commands.length === 0)
+                return false;
+            return commands.every((cmd) => {
                 const trimmed = cmd.trim();
                 if (!trimmed)
-                    continue;
-                const parsed = shellParse(trimmed).map(String);
+                    return true;
+                const parsed = shellParse(trimmed).map(extractStringFromParseEntry);
                 if (parsed.length === 0)
-                    continue;
-                if (!isSafeToCallWithExec(parsed)) {
-                    allSafe = false;
-                    break;
-                }
-            }
-            if (allSafe && commands.length > 0) {
-                return true;
-            }
+                    return true;
+                return isSafeToCallWithExec(parsed);
+            });
         }
         catch {
             return false;
@@ -75,6 +106,8 @@ function isSafeToCallWithExec(args) {
         return false;
     const cmd = args[0];
     const safeCommands = new Set([
+        '__read',
+        '__write',
         'cat',
         'cd',
         'cut',

package/dist/src/sandbox/utils/commandSafety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commandSafety.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/commandSafety.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,KAAK,IAAI,UAAU,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,aAAa,EACb,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AAEpC;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAe,EACf,IAAc,EACd,aAAwB;IAExB,MAAM,KAAK,GAAG,aAAa,IAAI,EAAE,CAAC;IAElC,MAAM,sBAAsB,EAAE,CAAC;IAE/B,MAAM,OAAO,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,gBAAgB,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAEjD,mDAAmD;IACnD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,kDAAkD;QAClD,+EAA+E;QAC/E,OAAO,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,sCAAsC;IACtC,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE;QAC1C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACxE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEzC,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC3B,gGAAgG;QAChG,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAc;IAC/C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,wBAAwB;IACxB,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,IAAI,oBAAoB,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2BAA2B;IAC3B,IACE,cAAc,CAAC,MAAM,KAAK,CAAC;QAC3B,cAAc,CAAC,CAAC,CAAC,KAAK,MAAM;QAC5B,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,cAAc,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,EAC3D,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YAEjC,oFAAoF;YACpF,mFAAmF;YACnF,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAExC,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC5B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC3B,IAAI,CAAC,OAAO;oBAAE,OAAO,IAAI,CAAC;gBAE1B,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;gBACpE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAErC,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAAC,IAAc;IAC1C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEpB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAC3B,QAAQ;QACR,SAAS;QACT,KAAK;QACL,IAAI;QACJ,KAAK;QACL,MAAM;QACN,MAAM;QACN,OAAO;QACP,MAAM;QACN,MAAM;QACN,IAAI;QACJ,IAAI;QACJ,IAAI;QACJ,OAAO;QACP,KAAK;QACL,KAAK;QACL,KAAK;QACL,MAAM;QACN,MAAM;QACN,IAAI;QACJ,MAAM;QACN,OAAO;QACP,MAAM;QACN,IAAI;QACJ,OAAO;QACP,QAAQ;QACR,QAAQ;QACR,KAAK;KACN,CAAC,CAAC;IAEH,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QACrB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI;aACT,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,CAAC,GAAG,EAAE,EAAE,CACN,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC;YAC3B,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,KAAK,IAAI,CAAC,CACzC,CAAC;IACN,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;YAC5B,OAAO;YACP,UAAU;YACV,KAAK;YACL,QAAQ;YACR,SAAS;YACT,MAAM;YACN,SAAS;YACT,UAAU;YACV,UAAU;SACX,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC5D,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC,CAAC;QAE1D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACxB,IAAI,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAC;YAC5C,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;gBACjC,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC;oBAAE,OAAO,IAAI,CAAC;YAC5D,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,IAAI,gCAAgC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,iBAAiB,CAAC,IAAI,EAAE;YAClD,QAAQ;YACR,KAAK;YACL,MAAM;YACN,MAAM;YACN,QAAQ;SACT,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAE3C,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,OAAO,4BAA4B,CAAC,cAAc,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,CACL,4BAA4B,CAAC,cAAc,CAAC;gBAC5C,mBAAmB,CAAC,cAAc,CAAC,CACpC,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,+BAA+B;QAC/B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,iBAAiB,CACxB,IAAc,EACd,WAAqB;IAErB,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,KAAK,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC;QAC3C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,GAAG,KAAK,CAAC;YACjB,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtB,IACE,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC;YAC/B,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YAC9B,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC;YAC5B,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YAC9B,GAAG,CAAC,UAAU,CAAC,iBAAiB,CAAC;YACjC,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YAC9B,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,EAClE,CAAC;YACD,SAAS;QACX,CAAC;QAED,IACE,GAAG,KAAK,IAAI;YACZ,GAAG,KAAK,IAAI;YACZ,GAAG,KAAK,cAAc;YACtB,GAAG,KAAK,aAAa;YACrB,GAAG,KAAK,WAAW;YACnB,GAAG,KAAK,aAAa;YACrB,GAAG,KAAK,gBAAgB;YACxB,GAAG,KAAK,aAAa,EACrB,CAAC;YACD,QAAQ,GAAG,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;QAClC,CAAC;QAED,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AACvC,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,gCAAgC,CAAC,IAAc;IACtD,OAAO,IAAI,CAAC,IAAI,CACd,CAAC,GAAG,EAAE,EAAE,CACN,GAAG,KAAK,IAAI;QACZ,GAAG,KAAK,cAAc;QACtB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;QACxC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,CAClC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,4BAA4B,CAAC,IAAc;IAClD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;QAC1B,UAAU;QACV,YAAY;QACZ,YAAY;QACZ,QAAQ;QACR,YAAY;KACb,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,IAAI,CACf,CAAC,GAAG,EAAE,EAAE,CACN,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC;QACpB,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC;QAC3B,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAC5B,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,IAAc;IACzC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,IAAI,eAAe,GAAG,KAAK,CAAC;IAC5B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IACE;YACE,QAAQ;YACR,IAAI;YACJ,gBAAgB;YAChB,IAAI;YACJ,OAAO;YACP,IAAI;YACJ,WAAW;YACX,IAAI;YACJ,KAAK;YACL,WAAW;SACZ,CAAC,QAAQ,CAAC,GAAG,CAAC,EACf,CAAC;YACD,eAAe,GAAG,IAAI,CAAC;QACzB,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,eAAe,GAAG,IAAI,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,cAAc,CAAC,GAAuB;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IAEvB,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAE9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,CAAC;SAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnB,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAc;IAC/C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEpB,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC;IACpE,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;YAC5B,OAAO;YACP,UAAU;YACV,KAAK;YACL,QAAQ;YACR,SAAS;YACT,MAAM;YACN,SAAS;YACT,UAAU;YACV,UAAU;SACX,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC5D,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC,CAAC;QAE1D,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAC;YAC5C,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;gBACjC,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC;oBAAE,OAAO,IAAI,CAAC;YAC5D,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,IAAI,gCAAgC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,iBAAiB,CAAC,IAAI,EAAE;YAClD,QAAQ;YACR,KAAK;YACL,MAAM;YACN,MAAM;YACN,QAAQ;SACT,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,4DAA4D;YAC5D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAE3C,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,OAAO,CAAC,4BAA4B,CAAC,cAAc,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,CACN,4BAA4B,CAAC,cAAc,CAAC;gBAC5C,mBAAmB,CAAC,cAAc,CAAC,CACpC,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QACrB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;QAClD,OAAO,IAAI;aACR,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,CAAC,GAAG,EAAE,EAAE,CACN,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC;YAC3B,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,KAAK,IAAI,CAAC,CACzC,CAAC;IACN,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/sandbox/utils/commandUtils.d.ts

@@ -0,0 +1,9 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { type SandboxRequest } from '../../services/sandboxManager.js';
+export declare function isStrictlyApproved(req: SandboxRequest, approvedTools?: string[]): Promise<boolean>;
+export declare function getCommandName(req: SandboxRequest): Promise<string>;
+export declare function verifySandboxOverrides(allowOverrides: boolean, policy: SandboxRequest['policy']): void;

package/dist/src/sandbox/utils/commandUtils.js

@@ -0,0 +1,57 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import {} from '../../services/sandboxManager.js';
+import { getCommandRoots, initializeShellParsers, splitCommands, stripShellWrapper, } from '../../utils/shell-utils.js';
+import { isKnownSafeCommand } from './commandSafety.js';
+import { parse as shellParse } from 'shell-quote';
+import path from 'node:path';
+export async function isStrictlyApproved(req, approvedTools) {
+    if (!approvedTools || approvedTools.length === 0) {
+        return false;
+    }
+    await initializeShellParsers();
+    const fullCmd = [req.command, ...req.args].join(' ');
+    const stripped = stripShellWrapper(fullCmd);
+    const roots = getCommandRoots(stripped);
+    if (roots.length === 0)
+        return false;
+    const allRootsApproved = roots.every((root) => approvedTools.includes(root));
+    if (allRootsApproved) {
+        return true;
+    }
+    const pipelineCommands = splitCommands(stripped);
+    if (pipelineCommands.length === 0)
+        return false;
+    for (const cmdString of pipelineCommands) {
+        const parsedArgs = shellParse(cmdString).map(String);
+        if (!isKnownSafeCommand(parsedArgs)) {
+            return false;
+        }
+    }
+    return true;
+}
+export async function getCommandName(req) {
+    await initializeShellParsers();
+    const fullCmd = [req.command, ...req.args].join(' ');
+    const stripped = stripShellWrapper(fullCmd);
+    const roots = getCommandRoots(stripped).filter((r) => r !== 'shopt' && r !== 'set');
+    if (roots.length > 0) {
+        return roots[0];
+    }
+    return path.basename(req.command);
+}
+export function verifySandboxOverrides(allowOverrides, policy) {
+    if (!allowOverrides) {
+        if (policy?.networkAccess ||
+            policy?.allowedPaths?.length ||
+            policy?.additionalPermissions?.network ||
+            policy?.additionalPermissions?.fileSystem?.read?.length ||
+            policy?.additionalPermissions?.fileSystem?.write?.length) {
+            throw new Error('Sandbox request rejected: Cannot override readonly/network/filesystem restrictions in Plan mode.');
+        }
+    }
+}
+//# sourceMappingURL=commandUtils.js.map

package/dist/src/sandbox/utils/commandUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commandUtils.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/commandUtils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAuB,MAAM,kCAAkC,CAAC;AACvE,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,KAAK,IAAI,UAAU,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,GAAmB,EACnB,aAAwB;IAExB,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,sBAAsB,EAAE,CAAC;IAE/B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,gBAAgB,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7E,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,gBAAgB,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACjD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEhD,KAAK,MAAM,SAAS,IAAI,gBAAgB,EAAE,CAAC;QACzC,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrD,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAmB;IACtD,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC,MAAM,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,KAAK,CACpC,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,cAAuB,EACvB,MAAgC;IAEhC,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,IACE,MAAM,EAAE,aAAa;YACrB,MAAM,EAAE,YAAY,EAAE,MAAM;YAC5B,MAAM,EAAE,qBAAqB,EAAE,OAAO;YACtC,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM;YACvD,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EACxD,CAAC;YACD,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/src/sandbox/utils/fsUtils.d.ts

@@ -0,0 +1,11 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export declare function isErrnoException(e: unknown): e is NodeJS.ErrnoException;
+export declare function tryRealpath(p: string): string;
+export declare function resolveGitWorktreePaths(workspacePath: string): {
+    worktreeGitDir?: string;
+    mainGitDir?: string;
+};

package/dist/src/sandbox/utils/fsUtils.js

@@ -0,0 +1,84 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { assertValidPathString } from '../../utils/paths.js';
+export function isErrnoException(e) {
+    return e instanceof Error && 'code' in e;
+}
+export function tryRealpath(p) {
+    assertValidPathString(p);
+    try {
+        return fs.realpathSync(p);
+    }
+    catch (e) {
+        if (isErrnoException(e) && e.code === 'ENOENT') {
+            const parentDir = path.dirname(p);
+            if (parentDir === p) {
+                return p;
+            }
+            return path.join(tryRealpath(parentDir), path.basename(p));
+        }
+        throw e;
+    }
+}
+export function resolveGitWorktreePaths(workspacePath) {
+    try {
+        const gitPath = path.join(workspacePath, '.git');
+        const gitStat = fs.lstatSync(gitPath);
+        if (gitStat.isFile()) {
+            const gitContent = fs.readFileSync(gitPath, 'utf8');
+            const match = gitContent.match(/^gitdir:\s+(.+)$/m);
+            if (match && match[1]) {
+                let worktreeGitDir = match[1].trim();
+                if (!path.isAbsolute(worktreeGitDir)) {
+                    worktreeGitDir = path.resolve(workspacePath, worktreeGitDir);
+                }
+                const resolvedWorktreeGitDir = tryRealpath(worktreeGitDir);
+                // Security check: Verify the bidirectional link to prevent sandbox escape
+                let isValid = false;
+                try {
+                    const backlinkPath = path.join(resolvedWorktreeGitDir, 'gitdir');
+                    const backlink = fs.readFileSync(backlinkPath, 'utf8').trim();
+                    // The backlink must resolve to the workspace's .git file
+                    if (tryRealpath(backlink) === tryRealpath(gitPath)) {
+                        isValid = true;
+                    }
+                }
+                catch {
+                    // Fallback for submodules: check core.worktree in config
+                    try {
+                        const configPath = path.join(resolvedWorktreeGitDir, 'config');
+                        const config = fs.readFileSync(configPath, 'utf8');
+                        const match = config.match(/^\s*worktree\s*=\s*(.+)$/m);
+                        if (match && match[1]) {
+                            const worktreePath = path.resolve(resolvedWorktreeGitDir, match[1].trim());
+                            if (tryRealpath(worktreePath) === tryRealpath(workspacePath)) {
+                                isValid = true;
+                            }
+                        }
+                    }
+                    catch {
+                        // Ignore
+                    }
+                }
+                if (!isValid) {
+                    return {}; // Reject: valid worktrees/submodules must have a readable backlink
+                }
+                const mainGitDir = tryRealpath(path.dirname(path.dirname(resolvedWorktreeGitDir)));
+                return {
+                    worktreeGitDir: resolvedWorktreeGitDir,
+                    mainGitDir: mainGitDir.endsWith('.git') ? mainGitDir : undefined,
+                };
+            }
+        }
+    }
+    catch {
+        // Ignore if .git doesn't exist, isn't readable, etc.
+    }
+    return {};
+}
+//# sourceMappingURL=fsUtils.js.map

package/dist/src/sandbox/utils/fsUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fsUtils.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/fsUtils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAE7D,MAAM,UAAU,gBAAgB,CAAC,CAAU;IACzC,OAAO,CAAC,YAAY,KAAK,IAAI,MAAM,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,CAAS;IACnC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;gBACpB,OAAO,CAAC,CAAC;YACX,CAAC;YACD,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,aAAqB;IAI3D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACrB,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACpD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YACpD,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtB,IAAI,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACrC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;oBACrC,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;gBAC/D,CAAC;gBACD,MAAM,sBAAsB,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;gBAE3D,0EAA0E;gBAC1E,IAAI,OAAO,GAAG,KAAK,CAAC;gBACpB,IAAI,CAAC;oBACH,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,QAAQ,CAAC,CAAC;oBACjE,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;oBAC9D,yDAAyD;oBACzD,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;wBACnD,OAAO,GAAG,IAAI,CAAC;oBACjB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,yDAAyD;oBACzD,IAAI,CAAC;wBACH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,QAAQ,CAAC,CAAC;wBAC/D,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;wBACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;wBACxD,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;4BACtB,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAC/B,sBAAsB,EACtB,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAChB,CAAC;4BACF,IAAI,WAAW,CAAC,YAAY,CAAC,KAAK,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;gCAC7D,OAAO,GAAG,IAAI,CAAC;4BACjB,CAAC;wBACH,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,SAAS;oBACX,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,EAAE,CAAC,CAAC,mEAAmE;gBAChF,CAAC;gBAED,MAAM,UAAU,GAAG,WAAW,CAC5B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,CACnD,CAAC;gBACF,OAAO;oBACL,cAAc,EAAE,sBAAsB;oBACtC,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;iBACjE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qDAAqD;IACvD,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/src/sandbox/utils/fsUtils.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/sandbox/utils/fsUtils.test.js

@@ -0,0 +1,43 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import fs from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import { tryRealpath } from './fsUtils.js';
+describe('fsUtils', () => {
+    let tempDir;
+    let realTempDir;
+    beforeAll(() => {
+        tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'fs-utils-test-'));
+        realTempDir = fs.realpathSync(tempDir);
+    });
+    afterAll(() => {
+        fs.rmSync(tempDir, { recursive: true, force: true });
+    });
+    describe('tryRealpath', () => {
+        it('should throw error for paths with null bytes', () => {
+            expect(() => tryRealpath(path.join(tempDir, 'foo\0bar'))).toThrow('Invalid path');
+        });
+        it('should resolve existing paths', () => {
+            const resolved = tryRealpath(tempDir);
+            expect(resolved).toBe(realTempDir);
+        });
+        it('should handle non-existent paths by resolving parent', () => {
+            const nonExistentPath = path.join(tempDir, 'non-existent-file-12345');
+            const expected = path.join(realTempDir, 'non-existent-file-12345');
+            const resolved = tryRealpath(nonExistentPath);
+            expect(resolved).toBe(expected);
+        });
+        it('should handle nested non-existent paths', () => {
+            const nonExistentPath = path.join(tempDir, 'dir1', 'dir2', 'file');
+            const expected = path.join(realTempDir, 'dir1', 'dir2', 'file');
+            const resolved = tryRealpath(nonExistentPath);
+            expect(resolved).toBe(expected);
+        });
+    });
+});
+//# sourceMappingURL=fsUtils.test.js.map

package/dist/src/sandbox/utils/fsUtils.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fsUtils.test.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/fsUtils.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;IACvB,IAAI,OAAe,CAAC;IACpB,IAAI,WAAmB,CAAC;IAExB,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACnE,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAC/D,cAAc,CACf,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;YACtC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,yBAAyB,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,WAAW,CAAC,eAAe,CAAC,CAAC;YAC9C,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,WAAW,CAAC,eAAe,CAAC,CAAC;YAC9C,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/sandbox/utils/proactivePermissions.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { type SandboxPermissions } from '../../services/sandboxManager.js';
+/**
+ * Returns true if the command or subcommand is known to be network-reliant.
+ */
+export declare function isNetworkReliantCommand(commandName: string, subCommand?: string): boolean;
+/**
+ * Returns suggested additional permissions for network-reliant tools
+ * based on common configuration and cache directories.
+ */
+/**
+ * Returns suggested additional permissions for network-reliant tools
+ * based on common configuration and cache directories.
+ */
+export declare function getProactiveToolSuggestions(commandName: string): Promise<SandboxPermissions | undefined>;

package/dist/src/sandbox/utils/proactivePermissions.js

@@ -0,0 +1,163 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import os from 'node:os';
+import path from 'node:path';
+import fs from 'node:fs';
+import {} from '../../services/sandboxManager.js';
+import { normalizeCommand } from '../../utils/shell-utils.js';
+const NETWORK_RELIANT_TOOLS = new Set([
+    'npm',
+    'npx',
+    'yarn',
+    'pnpm',
+    'bun',
+    'git',
+    'ssh',
+    'scp',
+    'sftp',
+    'curl',
+    'wget',
+]);
+const NODE_ECOSYSTEM_TOOLS = new Set(['npm', 'npx', 'yarn', 'pnpm', 'bun']);
+const NETWORK_HEAVY_SUBCOMMANDS = new Set([
+    'install',
+    'i',
+    'ci',
+    'update',
+    'up',
+    'publish',
+    'add',
+    'remove',
+    'outdated',
+    'audit',
+]);
+/**
+ * Returns true if the command or subcommand is known to be network-reliant.
+ */
+export function isNetworkReliantCommand(commandName, subCommand) {
+    const normalizedCommand = normalizeCommand(commandName);
+    if (!NETWORK_RELIANT_TOOLS.has(normalizedCommand)) {
+        return false;
+    }
+    // Node ecosystem tools only need network for specific subcommands
+    if (NODE_ECOSYSTEM_TOOLS.has(normalizedCommand)) {
+        // Bare yarn/bun/pnpm is an alias for install
+        if (!subCommand &&
+            (normalizedCommand === 'yarn' ||
+                normalizedCommand === 'bun' ||
+                normalizedCommand === 'pnpm')) {
+            return true;
+        }
+        return (!!subCommand && NETWORK_HEAVY_SUBCOMMANDS.has(subCommand.toLowerCase()));
+    }
+    // Other tools (ssh, git, curl, etc.) are always network-reliant
+    return true;
+}
+/**
+ * Returns suggested additional permissions for network-reliant tools
+ * based on common configuration and cache directories.
+ */
+/**
+ * Returns suggested additional permissions for network-reliant tools
+ * based on common configuration and cache directories.
+ */
+export async function getProactiveToolSuggestions(commandName) {
+    const normalizedCommand = normalizeCommand(commandName);
+    if (!NETWORK_RELIANT_TOOLS.has(normalizedCommand)) {
+        return undefined;
+    }
+    const home = os.homedir();
+    const readOnlyPaths = [];
+    const primaryCachePaths = [];
+    const optionalCachePaths = [];
+    if (normalizedCommand === 'npm' || normalizedCommand === 'npx') {
+        readOnlyPaths.push(path.join(home, '.npmrc'));
+        primaryCachePaths.push(path.join(home, '.npm'));
+        optionalCachePaths.push(path.join(home, '.node-gyp'));
+        optionalCachePaths.push(path.join(home, '.cache'));
+    }
+    else if (normalizedCommand === 'yarn') {
+        readOnlyPaths.push(path.join(home, '.yarnrc'));
+        readOnlyPaths.push(path.join(home, '.yarnrc.yml'));
+        primaryCachePaths.push(path.join(home, '.yarn'));
+        primaryCachePaths.push(path.join(home, '.config', 'yarn'));
+        optionalCachePaths.push(path.join(home, '.cache'));
+    }
+    else if (normalizedCommand === 'pnpm') {
+        readOnlyPaths.push(path.join(home, '.npmrc'));
+        primaryCachePaths.push(path.join(home, '.pnpm-store'));
+        primaryCachePaths.push(path.join(home, '.config', 'pnpm'));
+        optionalCachePaths.push(path.join(home, '.cache'));
+    }
+    else if (normalizedCommand === 'bun') {
+        readOnlyPaths.push(path.join(home, '.bunfig.toml'));
+        primaryCachePaths.push(path.join(home, '.bun'));
+        optionalCachePaths.push(path.join(home, '.cache'));
+    }
+    else if (normalizedCommand === 'git') {
+        readOnlyPaths.push(path.join(home, '.ssh'));
+        readOnlyPaths.push(path.join(home, '.gitconfig'));
+        optionalCachePaths.push(path.join(home, '.cache'));
+    }
+    else if (normalizedCommand === 'ssh' ||
+        normalizedCommand === 'scp' ||
+        normalizedCommand === 'sftp') {
+        readOnlyPaths.push(path.join(home, '.ssh'));
+    }
+    // Windows specific paths
+    if (os.platform() === 'win32') {
+        const appData = process.env['AppData'];
+        const localAppData = process.env['LocalAppData'];
+        if (normalizedCommand === 'npm' || normalizedCommand === 'npx') {
+            if (appData) {
+                primaryCachePaths.push(path.join(appData, 'npm'));
+                optionalCachePaths.push(path.join(appData, 'npm-cache'));
+            }
+            if (localAppData) {
+                optionalCachePaths.push(path.join(localAppData, 'npm-cache'));
+            }
+        }
+    }
+    const finalReadOnly = [];
+    const finalReadWrite = [];
+    const checkExists = async (p) => {
+        try {
+            await fs.promises.access(p, fs.constants.F_OK);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    };
+    const readOnlyChecks = await Promise.all(readOnlyPaths.map(async (p) => ({ path: p, exists: await checkExists(p) })));
+    for (const { path: p, exists } of readOnlyChecks) {
+        if (exists) {
+            finalReadOnly.push(p);
+        }
+    }
+    for (const p of primaryCachePaths) {
+        finalReadWrite.push(p);
+    }
+    const optionalChecks = await Promise.all(optionalCachePaths.map(async (p) => ({
+        path: p,
+        exists: await checkExists(p),
+    })));
+    for (const { path: p, exists } of optionalChecks) {
+        if (exists) {
+            finalReadWrite.push(p);
+        }
+    }
+    return {
+        fileSystem: finalReadOnly.length > 0 || finalReadWrite.length > 0
+            ? {
+                read: [...finalReadOnly, ...finalReadWrite],
+                write: finalReadWrite,
+            }
+            : undefined,
+        network: true,
+    };
+}
+//# sourceMappingURL=proactivePermissions.js.map

package/dist/src/sandbox/utils/proactivePermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proactivePermissions.js","sourceRoot":"","sources":["../../../../src/sandbox/utils/proactivePermissions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAA2B,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAE9D,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAE5E,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACxC,SAAS;IACT,GAAG;IACH,IAAI;IACJ,QAAQ;IACR,IAAI;IACJ,SAAS;IACT,KAAK;IACL,QAAQ;IACR,UAAU;IACV,OAAO;CACR,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,WAAmB,EACnB,UAAmB;IAEnB,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAClD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kEAAkE;IAClE,IAAI,oBAAoB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAChD,6CAA6C;QAC7C,IACE,CAAC,UAAU;YACX,CAAC,iBAAiB,KAAK,MAAM;gBAC3B,iBAAiB,KAAK,KAAK;gBAC3B,iBAAiB,KAAK,MAAM,CAAC,EAC/B,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CACL,CAAC,CAAC,UAAU,IAAI,yBAAyB,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CACxE,CAAC;IACJ,CAAC;IAED,gEAAgE;IAChE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,WAAmB;IAEnB,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAClD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,kBAAkB,GAAa,EAAE,CAAC;IAExC,IAAI,iBAAiB,KAAK,KAAK,IAAI,iBAAiB,KAAK,KAAK,EAAE,CAAC;QAC/D,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC9C,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QAChD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;QACtD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrD,CAAC;SAAM,IAAI,iBAAiB,KAAK,MAAM,EAAE,CAAC;QACxC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC/C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;QACnD,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QACjD,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrD,CAAC;SAAM,IAAI,iBAAiB,KAAK,MAAM,EAAE,CAAC;QACxC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC9C,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;QACvD,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrD,CAAC;SAAM,IAAI,iBAAiB,KAAK,KAAK,EAAE,CAAC;QACvC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC;QACpD,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QAChD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrD,CAAC;SAAM,IAAI,iBAAiB,KAAK,KAAK,EAAE,CAAC;QACvC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QAC5C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;QAClD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrD,CAAC;SAAM,IACL,iBAAiB,KAAK,KAAK;QAC3B,iBAAiB,KAAK,KAAK;QAC3B,iBAAiB,KAAK,MAAM,EAC5B,CAAC;QACD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,yBAAyB;IACzB,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACjD,IAAI,iBAAiB,KAAK,KAAK,IAAI,iBAAiB,KAAK,KAAK,EAAE,CAAC;YAC/D,IAAI,OAAO,EAAE,CAAC;gBACZ,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;gBAClD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC;YAC3D,CAAC;YACD,IAAI,YAAY,EAAE,CAAC;gBACjB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,KAAK,EAAE,CAAS,EAAoB,EAAE;QACxD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAC5E,CAAC;IACF,KAAK,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QACjD,IAAI,MAAM,EAAE,CAAC;YACX,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;QAClC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,kBAAkB,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACnC,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,MAAM,WAAW,CAAC,CAAC,CAAC;KAC7B,CAAC,CAAC,CACJ,CAAC;IACF,KAAK,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QACjD,IAAI,MAAM,EAAE,CAAC;YACX,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EACR,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC;YACnD,CAAC,CAAC;gBACE,IAAI,EAAE,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,CAAC;gBAC3C,KAAK,EAAE,cAAc;aACtB;YACH,CAAC,CAAC,SAAS;QACf,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC"}

package/dist/src/sandbox/utils/proactivePermissions.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};