@machina.ai/cell-cli-core 1.38.1-rc2 → 1.40.1-rc2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/AFTER_MERGE_PROMPT.md +1 -1
- package/dist/docs/admin/enterprise-controls.md +1 -1
- package/dist/docs/changelogs/index.md +42 -0
- package/dist/docs/changelogs/latest.md +254 -361
- package/dist/docs/changelogs/preview.md +237 -406
- package/dist/docs/cli/acp-mode.md +6 -6
- package/dist/docs/cli/auto-memory.md +143 -0
- package/dist/docs/cli/checkpointing.md +5 -5
- package/dist/docs/cli/cli-reference.md +12 -11
- package/dist/docs/cli/creating-skills.md +2 -2
- package/dist/docs/cli/custom-commands.md +15 -14
- package/dist/docs/cli/enterprise.md +17 -14
- package/dist/docs/cli/gemini-ignore.md +2 -2
- package/dist/docs/cli/generation-settings.md +21 -20
- package/dist/docs/cli/model-routing.md +2 -2
- package/dist/docs/cli/model-steering.md +1 -1
- package/dist/docs/cli/plan-mode.md +11 -6
- package/dist/docs/cli/sandbox.md +7 -5
- package/dist/docs/cli/settings.md +32 -28
- package/dist/docs/cli/system-prompt.md +8 -8
- package/dist/docs/cli/telemetry.md +18 -11
- package/dist/docs/cli/themes.md +2 -2
- package/dist/docs/cli/trusted-folders.md +41 -13
- package/dist/docs/cli/tutorials/mcp-setup.md +1 -1
- package/dist/docs/cli/tutorials/memory-management.md +3 -1
- package/dist/docs/cli/tutorials/plan-mode-steering.md +2 -2
- package/dist/docs/cli/tutorials/session-management.md +1 -1
- package/dist/docs/cli/tutorials/shell-commands.md +1 -1
- package/dist/docs/cli/tutorials/task-planning.md +3 -3
- package/dist/docs/core/index.md +5 -6
- package/dist/docs/core/local-model-routing.md +1 -1
- package/dist/docs/core/remote-agents.md +1 -1
- package/dist/docs/core/subagents.md +38 -8
- package/dist/docs/extensions/best-practices.md +5 -4
- package/dist/docs/extensions/reference.md +6 -5
- package/dist/docs/extensions/releasing.md +6 -5
- package/dist/docs/extensions/writing-extensions.md +11 -11
- package/dist/docs/get-started/{authentication.md → authentication.mdx} +139 -93
- package/dist/docs/get-started/gemini-3.md +1 -1
- package/dist/docs/get-started/index.md +4 -4
- package/dist/docs/get-started/installation.mdx +201 -0
- package/dist/docs/hooks/best-practices.md +18 -17
- package/dist/docs/hooks/index.md +10 -8
- package/dist/docs/hooks/reference.md +10 -10
- package/dist/docs/ide-integration/ide-companion-spec.md +14 -14
- package/dist/docs/ide-integration/index.md +4 -4
- package/dist/docs/index.md +2 -2
- package/dist/docs/integration-tests.md +84 -2
- package/dist/docs/issue-and-pr-automation.md +8 -7
- package/dist/docs/npm.md +2 -2
- package/dist/docs/reference/commands.md +11 -11
- package/dist/docs/reference/configuration.md +150 -47
- package/dist/docs/reference/keyboard-shortcuts.md +79 -2
- package/dist/docs/reference/memport.md +2 -3
- package/dist/docs/reference/policy-engine.md +60 -26
- package/dist/docs/reference/tools.md +38 -4
- package/dist/docs/release-confidence.md +1 -1
- package/dist/docs/releases.md +19 -19
- package/dist/docs/resources/faq.md +5 -5
- package/dist/docs/resources/tos-privacy.md +10 -9
- package/dist/docs/resources/troubleshooting.md +17 -16
- package/dist/docs/resources/uninstall.md +5 -4
- package/dist/docs/sidebar.json +13 -1
- package/dist/docs/tools/ask-user.md +3 -3
- package/dist/docs/tools/file-system.md +7 -7
- package/dist/docs/tools/mcp-resources.md +44 -0
- package/dist/docs/tools/mcp-server.md +42 -39
- package/dist/docs/tools/shell.md +5 -5
- package/dist/docs/tools/tracker.md +61 -0
- package/dist/package.json +5 -4
- package/dist/src/agent/content-utils.d.ts +0 -6
- package/dist/src/agent/content-utils.js +0 -14
- package/dist/src/agent/content-utils.js.map +1 -1
- package/dist/src/agent/content-utils.test.js +1 -18
- package/dist/src/agent/content-utils.test.js.map +1 -1
- package/dist/src/agent/event-translator.js +8 -3
- package/dist/src/agent/event-translator.js.map +1 -1
- package/dist/src/agent/event-translator.test.js +14 -9
- package/dist/src/agent/event-translator.test.js.map +1 -1
- package/dist/src/agent/legacy-agent-session.js +9 -3
- package/dist/src/agent/legacy-agent-session.js.map +1 -1
- package/dist/src/agent/legacy-agent-session.test.js +4 -3
- package/dist/src/agent/legacy-agent-session.test.js.map +1 -1
- package/dist/src/agent/tool-display-utils.d.ts +30 -0
- package/dist/src/agent/tool-display-utils.js +69 -0
- package/dist/src/agent/tool-display-utils.js.map +1 -0
- package/dist/src/agent/tool-display-utils.test.js +101 -0
- package/dist/src/agent/tool-display-utils.test.js.map +1 -0
- package/dist/src/agent/types.d.ts +25 -5
- package/dist/src/agents/a2aUtils.js +28 -15
- package/dist/src/agents/a2aUtils.js.map +1 -1
- package/dist/src/agents/a2aUtils.test.js +43 -0
- package/dist/src/agents/a2aUtils.test.js.map +1 -1
- package/dist/src/agents/agent-tool.d.ts +31 -0
- package/dist/src/agents/agent-tool.js +155 -0
- package/dist/src/agents/agent-tool.js.map +1 -0
- package/dist/src/agents/agent-tool.test.js +110 -0
- package/dist/src/agents/agent-tool.test.js.map +1 -0
- package/dist/src/agents/agentLoader.d.ts +79 -4
- package/dist/src/agents/agentLoader.js +40 -2
- package/dist/src/agents/agentLoader.js.map +1 -1
- package/dist/src/agents/agentLoader.test.js +32 -0
- package/dist/src/agents/agentLoader.test.js.map +1 -1
- package/dist/src/agents/browser/analyzeScreenshot.js +1 -1
- package/dist/src/agents/browser/analyzeScreenshot.js.map +1 -1
- package/dist/src/agents/browser/analyzeScreenshot.test.js +19 -7
- package/dist/src/agents/browser/analyzeScreenshot.test.js.map +1 -1
- package/dist/src/agents/browser/browserAgentInvocation.d.ts +2 -2
- package/dist/src/agents/browser/browserAgentInvocation.js +2 -1
- package/dist/src/agents/browser/browserAgentInvocation.js.map +1 -1
- package/dist/src/agents/browser/browserAgentInvocation.test.js +61 -17
- package/dist/src/agents/browser/browserAgentInvocation.test.js.map +1 -1
- package/dist/src/agents/browser/mcpToolWrapper.js +1 -1
- package/dist/src/agents/browser/mcpToolWrapper.js.map +1 -1
- package/dist/src/agents/browser/mcpToolWrapper.test.js +22 -10
- package/dist/src/agents/browser/mcpToolWrapper.test.js.map +1 -1
- package/dist/src/agents/codebase-investigator.js +2 -2
- package/dist/src/agents/codebase-investigator.js.map +1 -1
- package/dist/src/agents/generalist-agent.js +3 -2
- package/dist/src/agents/generalist-agent.js.map +1 -1
- package/dist/src/agents/generalist-agent.test.js +1 -0
- package/dist/src/agents/generalist-agent.test.js.map +1 -1
- package/dist/src/agents/local-executor.d.ts +1 -1
- package/dist/src/agents/local-executor.js +10 -7
- package/dist/src/agents/local-executor.js.map +1 -1
- package/dist/src/agents/local-executor.test.js +5 -3
- package/dist/src/agents/local-executor.test.js.map +1 -1
- package/dist/src/agents/local-invocation.d.ts +2 -2
- package/dist/src/agents/local-invocation.js +8 -2
- package/dist/src/agents/local-invocation.js.map +1 -1
- package/dist/src/agents/local-invocation.test.js +29 -13
- package/dist/src/agents/local-invocation.test.js.map +1 -1
- package/dist/src/agents/registry.d.ts +2 -0
- package/dist/src/agents/registry.js +20 -19
- package/dist/src/agents/registry.js.map +1 -1
- package/dist/src/agents/registry.test.js +19 -30
- package/dist/src/agents/registry.test.js.map +1 -1
- package/dist/src/agents/remote-invocation.d.ts +3 -4
- package/dist/src/agents/remote-invocation.js +2 -1
- package/dist/src/agents/remote-invocation.js.map +1 -1
- package/dist/src/agents/remote-invocation.test.js +45 -18
- package/dist/src/agents/remote-invocation.test.js.map +1 -1
- package/dist/src/agents/skill-extraction-agent.d.ts +3 -2
- package/dist/src/agents/skill-extraction-agent.js +99 -56
- package/dist/src/agents/skill-extraction-agent.js.map +1 -1
- package/dist/src/agents/skill-extraction-agent.test.js +54 -0
- package/dist/src/agents/skill-extraction-agent.test.js.map +1 -0
- package/dist/src/availability/policyCatalog.js +1 -1
- package/dist/src/availability/policyCatalog.js.map +1 -1
- package/dist/src/availability/policyCatalog.test.js +1 -1
- package/dist/src/availability/policyCatalog.test.js.map +1 -1
- package/dist/src/code_assist/oauth2.js +14 -4
- package/dist/src/code_assist/oauth2.js.map +1 -1
- package/dist/src/commands/memory.d.ts +77 -0
- package/dist/src/commands/memory.js +494 -0
- package/dist/src/commands/memory.js.map +1 -1
- package/dist/src/commands/memory.test.js +720 -1
- package/dist/src/commands/memory.test.js.map +1 -1
- package/dist/src/config/config-agents-reload.test.js +26 -31
- package/dist/src/config/config-agents-reload.test.js.map +1 -1
- package/dist/src/config/config.d.ts +24 -10
- package/dist/src/config/config.js +148 -82
- package/dist/src/config/config.js.map +1 -1
- package/dist/src/config/config.test.js +373 -10
- package/dist/src/config/config.test.js.map +1 -1
- package/dist/src/config/constants.d.ts +1 -0
- package/dist/src/config/constants.js +2 -0
- package/dist/src/config/constants.js.map +1 -1
- package/dist/src/config/defaultModelConfigs.js +7 -7
- package/dist/src/config/defaultModelConfigs.js.map +1 -1
- package/dist/src/config/memory.js +1 -1
- package/dist/src/config/memory.js.map +1 -1
- package/dist/src/config/path-validation.test.js +15 -6
- package/dist/src/config/path-validation.test.js.map +1 -1
- package/dist/src/config/projectRegistry.js +113 -32
- package/dist/src/config/projectRegistry.js.map +1 -1
- package/dist/src/config/projectRegistry.test.js +51 -0
- package/dist/src/config/projectRegistry.test.js.map +1 -1
- package/dist/src/config/storage.d.ts +5 -1
- package/dist/src/config/storage.js +14 -1
- package/dist/src/config/storage.js.map +1 -1
- package/dist/src/config/storage.test.js +12 -0
- package/dist/src/config/storage.test.js.map +1 -1
- package/dist/src/confirmation-bus/message-bus.d.ts +4 -1
- package/dist/src/confirmation-bus/message-bus.js +39 -1
- package/dist/src/confirmation-bus/message-bus.js.map +1 -1
- package/dist/src/confirmation-bus/message-bus.test.js +43 -0
- package/dist/src/confirmation-bus/message-bus.test.js.map +1 -1
- package/dist/src/context/config/configLoader.d.ts +13 -0
- package/dist/src/context/config/configLoader.js +65 -0
- package/dist/src/context/config/configLoader.js.map +1 -0
- package/dist/src/context/config/configLoader.test.d.ts +6 -0
- package/dist/src/context/config/configLoader.test.js +79 -0
- package/dist/src/context/config/configLoader.test.js.map +1 -0
- package/dist/src/context/config/profiles.d.ts +17 -0
- package/dist/src/context/config/profiles.js +93 -0
- package/dist/src/context/config/profiles.js.map +1 -0
- package/dist/src/context/config/registry.d.ts +21 -0
- package/dist/src/context/config/registry.js +32 -0
- package/dist/src/context/config/registry.js.map +1 -0
- package/dist/src/context/config/schema.d.ts +45 -0
- package/dist/src/context/config/schema.js +47 -0
- package/dist/src/context/config/schema.js.map +1 -0
- package/dist/src/context/config/types.d.ts +39 -0
- package/dist/src/context/config/types.js +7 -0
- package/dist/src/context/config/types.js.map +1 -0
- package/dist/src/context/contextManager.barrier.test.d.ts +6 -0
- package/dist/src/context/contextManager.barrier.test.js +56 -0
- package/dist/src/context/contextManager.barrier.test.js.map +1 -0
- package/dist/src/context/contextManager.d.ts +49 -0
- package/dist/src/context/contextManager.js +120 -0
- package/dist/src/context/contextManager.js.map +1 -0
- package/dist/src/context/eventBus.d.ts +28 -0
- package/dist/src/context/eventBus.js +27 -0
- package/dist/src/context/eventBus.js.map +1 -0
- package/dist/src/context/graph/behaviorRegistry.d.ts +28 -0
- package/dist/src/context/graph/behaviorRegistry.js +14 -0
- package/dist/src/context/graph/behaviorRegistry.js.map +1 -0
- package/dist/src/context/graph/builtinBehaviors.d.ts +11 -0
- package/dist/src/context/graph/builtinBehaviors.js +145 -0
- package/dist/src/context/graph/builtinBehaviors.js.map +1 -0
- package/dist/src/context/graph/fromGraph.d.ts +9 -0
- package/dist/src/context/graph/fromGraph.js +34 -0
- package/dist/src/context/graph/fromGraph.js.map +1 -0
- package/dist/src/context/graph/mapper.d.ts +16 -0
- package/dist/src/context/graph/mapper.js +16 -0
- package/dist/src/context/graph/mapper.js.map +1 -0
- package/dist/src/context/graph/render.d.ts +15 -0
- package/dist/src/context/graph/render.js +72 -0
- package/dist/src/context/graph/render.js.map +1 -0
- package/dist/src/context/graph/toGraph.d.ts +10 -0
- package/dist/src/context/graph/toGraph.js +172 -0
- package/dist/src/context/graph/toGraph.js.map +1 -0
- package/dist/src/context/graph/types.d.ts +139 -0
- package/dist/src/context/graph/types.js +36 -0
- package/dist/src/context/graph/types.js.map +1 -0
- package/dist/src/context/historyObserver.d.ts +27 -0
- package/dist/src/context/historyObserver.js +64 -0
- package/dist/src/context/historyObserver.js.map +1 -0
- package/dist/src/context/pipeline/contextWorkingBuffer.d.ts +33 -0
- package/dist/src/context/pipeline/contextWorkingBuffer.js +197 -0
- package/dist/src/context/pipeline/contextWorkingBuffer.js.map +1 -0
- package/dist/src/context/pipeline/contextWorkingBuffer.test.d.ts +6 -0
- package/dist/src/context/pipeline/contextWorkingBuffer.test.js +89 -0
- package/dist/src/context/pipeline/contextWorkingBuffer.test.js.map +1 -0
- package/dist/src/context/pipeline/environment.d.ts +27 -0
- package/dist/src/context/pipeline/environment.js +2 -0
- package/dist/src/context/pipeline/environment.js.map +1 -0
- package/dist/src/context/pipeline/environmentImpl.d.ts +28 -0
- package/dist/src/context/pipeline/environmentImpl.js +40 -0
- package/dist/src/context/pipeline/environmentImpl.js.map +1 -0
- package/dist/src/context/pipeline/environmentImpl.test.d.ts +1 -0
- package/dist/src/context/pipeline/environmentImpl.test.js +32 -0
- package/dist/src/context/pipeline/environmentImpl.test.js.map +1 -0
- package/dist/src/context/pipeline/inbox.d.ts +15 -0
- package/dist/src/context/pipeline/inbox.js +52 -0
- package/dist/src/context/pipeline/inbox.js.map +1 -0
- package/dist/src/context/pipeline/inbox.test.d.ts +1 -0
- package/dist/src/context/pipeline/inbox.test.js +36 -0
- package/dist/src/context/pipeline/inbox.test.js.map +1 -0
- package/dist/src/context/pipeline/orchestrator.d.ts +22 -0
- package/dist/src/context/pipeline/orchestrator.js +126 -0
- package/dist/src/context/pipeline/orchestrator.js.map +1 -0
- package/dist/src/context/pipeline/orchestrator.test.d.ts +6 -0
- package/dist/src/context/pipeline/orchestrator.test.js +154 -0
- package/dist/src/context/pipeline/orchestrator.test.js.map +1 -0
- package/dist/src/context/pipeline.d.ts +52 -0
- package/dist/src/context/pipeline.js +7 -0
- package/dist/src/context/pipeline.js.map +1 -0
- package/dist/src/context/processors/blobDegradationProcessor.d.ts +6 -0
- package/dist/src/context/processors/blobDegradationProcessor.js +127 -0
- package/dist/src/context/processors/blobDegradationProcessor.js.map +1 -0
- package/dist/src/context/processors/blobDegradationProcessor.test.d.ts +6 -0
- package/dist/src/context/processors/blobDegradationProcessor.test.js +72 -0
- package/dist/src/context/processors/blobDegradationProcessor.test.js.map +1 -0
- package/dist/src/context/processors/historyTruncationProcessor.d.ts +11 -0
- package/dist/src/context/processors/historyTruncationProcessor.js +61 -0
- package/dist/src/context/processors/historyTruncationProcessor.js.map +1 -0
- package/dist/src/context/processors/nodeDistillationProcessor.d.ts +8 -0
- package/dist/src/context/processors/nodeDistillationProcessor.js +167 -0
- package/dist/src/context/processors/nodeDistillationProcessor.js.map +1 -0
- package/dist/src/context/processors/nodeDistillationProcessor.test.d.ts +6 -0
- package/dist/src/context/processors/nodeDistillationProcessor.test.js +77 -0
- package/dist/src/context/processors/nodeDistillationProcessor.test.js.map +1 -0
- package/dist/src/context/processors/nodeTruncationProcessor.d.ts +8 -0
- package/dist/src/context/processors/nodeTruncationProcessor.js +109 -0
- package/dist/src/context/processors/nodeTruncationProcessor.js.map +1 -0
- package/dist/src/context/processors/nodeTruncationProcessor.test.d.ts +6 -0
- package/dist/src/context/processors/nodeTruncationProcessor.test.js +71 -0
- package/dist/src/context/processors/nodeTruncationProcessor.test.js.map +1 -0
- package/dist/src/context/processors/rollingSummaryProcessor.d.ts +8 -0
- package/dist/src/context/processors/rollingSummaryProcessor.js +129 -0
- package/dist/src/context/processors/rollingSummaryProcessor.js.map +1 -0
- package/dist/src/context/processors/rollingSummaryProcessor.test.d.ts +1 -0
- package/dist/src/context/processors/rollingSummaryProcessor.test.js +60 -0
- package/dist/src/context/processors/rollingSummaryProcessor.test.js.map +1 -0
- package/dist/src/context/processors/stateSnapshotAsyncProcessor.d.ts +9 -0
- package/dist/src/context/processors/stateSnapshotAsyncProcessor.js +75 -0
- package/dist/src/context/processors/stateSnapshotAsyncProcessor.js.map +1 -0
- package/dist/src/context/processors/stateSnapshotAsyncProcessor.test.d.ts +1 -0
- package/dist/src/context/processors/stateSnapshotAsyncProcessor.test.js +80 -0
- package/dist/src/context/processors/stateSnapshotAsyncProcessor.test.js.map +1 -0
- package/dist/src/context/processors/stateSnapshotProcessor.d.ts +9 -0
- package/dist/src/context/processors/stateSnapshotProcessor.js +130 -0
- package/dist/src/context/processors/stateSnapshotProcessor.js.map +1 -0
- package/dist/src/context/processors/stateSnapshotProcessor.test.d.ts +1 -0
- package/dist/src/context/processors/stateSnapshotProcessor.test.js +91 -0
- package/dist/src/context/processors/stateSnapshotProcessor.test.js.map +1 -0
- package/dist/src/context/processors/toolMaskingProcessor.d.ts +8 -0
- package/dist/src/context/processors/toolMaskingProcessor.js +194 -0
- package/dist/src/context/processors/toolMaskingProcessor.js.map +1 -0
- package/dist/src/context/processors/toolMaskingProcessor.test.d.ts +1 -0
- package/dist/src/context/processors/toolMaskingProcessor.test.js +50 -0
- package/dist/src/context/processors/toolMaskingProcessor.test.js.map +1 -0
- package/dist/src/context/system-tests/lifecycle.golden.test.d.ts +6 -0
- package/dist/src/context/system-tests/lifecycle.golden.test.js +195 -0
- package/dist/src/context/system-tests/lifecycle.golden.test.js.map +1 -0
- package/dist/src/context/system-tests/simulationHarness.d.ts +41 -0
- package/dist/src/context/system-tests/simulationHarness.js +88 -0
- package/dist/src/context/system-tests/simulationHarness.js.map +1 -0
- package/dist/src/context/testing/contextTestUtils.d.ts +44 -0
- package/dist/src/context/testing/contextTestUtils.js +176 -0
- package/dist/src/context/testing/contextTestUtils.js.map +1 -0
- package/dist/src/context/testing/testProfile.d.ts +7 -0
- package/dist/src/context/testing/testProfile.js +20 -0
- package/dist/src/context/testing/testProfile.js.map +1 -0
- package/dist/src/context/tracer.d.ts +19 -0
- package/dist/src/context/tracer.js +79 -0
- package/dist/src/context/tracer.js.map +1 -0
- package/dist/src/context/tracer.test.d.ts +6 -0
- package/dist/src/context/tracer.test.js +71 -0
- package/dist/src/context/tracer.test.js.map +1 -0
- package/dist/src/context/utils/contextTokenCalculator.d.ts +53 -0
- package/dist/src/context/utils/contextTokenCalculator.js +97 -0
- package/dist/src/context/utils/contextTokenCalculator.js.map +1 -0
- package/dist/src/context/utils/snapshotGenerator.d.ts +12 -0
- package/dist/src/context/utils/snapshotGenerator.js +43 -0
- package/dist/src/context/utils/snapshotGenerator.js.map +1 -0
- package/dist/src/core/agentChatHistory.d.ts +26 -0
- package/dist/src/core/agentChatHistory.js +50 -0
- package/dist/src/core/agentChatHistory.js.map +1 -0
- package/dist/src/core/client.js +3 -1
- package/dist/src/core/client.js.map +1 -1
- package/dist/src/core/client.test.js +4 -0
- package/dist/src/core/client.test.js.map +1 -1
- package/dist/src/core/contentGenerator.d.ts +8 -1
- package/dist/src/core/contentGenerator.js +46 -4
- package/dist/src/core/contentGenerator.js.map +1 -1
- package/dist/src/core/contentGenerator.test.js +174 -8
- package/dist/src/core/contentGenerator.test.js.map +1 -1
- package/dist/src/core/coreToolHookTriggers.d.ts +1 -1
- package/dist/src/core/coreToolHookTriggers.js +5 -1
- package/dist/src/core/coreToolHookTriggers.js.map +1 -1
- package/dist/src/core/coreToolHookTriggers.test.js +1 -1
- package/dist/src/core/coreToolHookTriggers.test.js.map +1 -1
- package/dist/src/core/geminiChat.d.ts +2 -1
- package/dist/src/core/geminiChat.js +7 -2
- package/dist/src/core/geminiChat.js.map +1 -1
- package/dist/src/core/geminiChat.test.js +19 -6
- package/dist/src/core/geminiChat.test.js.map +1 -1
- package/dist/src/core/geminiChat_network_retry.test.js +42 -0
- package/dist/src/core/geminiChat_network_retry.test.js.map +1 -1
- package/dist/src/core/localLiteRtLmClient.js +2 -0
- package/dist/src/core/localLiteRtLmClient.js.map +1 -1
- package/dist/src/core/localLiteRtLmClient.test.js +7 -0
- package/dist/src/core/localLiteRtLmClient.test.js.map +1 -1
- package/dist/src/core/loggingContentGenerator.js +19 -6
- package/dist/src/core/loggingContentGenerator.js.map +1 -1
- package/dist/src/core/loggingContentGenerator.test.js +55 -0
- package/dist/src/core/loggingContentGenerator.test.js.map +1 -1
- package/dist/src/core/prompts-substitution.test.js +1 -0
- package/dist/src/core/prompts-substitution.test.js.map +1 -1
- package/dist/src/core/prompts.d.ts +1 -1
- package/dist/src/core/prompts.js +2 -2
- package/dist/src/core/prompts.js.map +1 -1
- package/dist/src/core/prompts.test.js +39 -8
- package/dist/src/core/prompts.test.js.map +1 -1
- package/dist/src/generated/git-commit.d.ts +2 -2
- package/dist/src/generated/git-commit.js +2 -2
- package/dist/src/hooks/hookRunner.js +8 -0
- package/dist/src/hooks/hookRunner.js.map +1 -1
- package/dist/src/hooks/hookRunner.test.js +23 -0
- package/dist/src/hooks/hookRunner.test.js.map +1 -1
- package/dist/src/ide/ide-client.js +3 -4
- package/dist/src/ide/ide-client.js.map +1 -1
- package/dist/src/index.d.ts +7 -3
- package/dist/src/index.js +7 -2
- package/dist/src/index.js.map +1 -1
- package/dist/src/mcp/mcpLauncher.js +1 -1
- package/dist/src/mcp/mcpLauncher.js.map +1 -1
- package/dist/src/mcp/oauth-provider.test.js +24 -17
- package/dist/src/mcp/oauth-provider.test.js.map +1 -1
- package/dist/src/policy/config.d.ts +2 -0
- package/dist/src/policy/config.js +67 -12
- package/dist/src/policy/config.js.map +1 -1
- package/dist/src/policy/core-tools-mapping.test.d.ts +6 -0
- package/dist/src/policy/core-tools-mapping.test.js +44 -0
- package/dist/src/policy/core-tools-mapping.test.js.map +1 -0
- package/dist/src/policy/policies/agents.toml +10 -0
- package/dist/src/policy/policies/plan.toml +17 -43
- package/dist/src/policy/policies/read-only.toml +24 -38
- package/dist/src/policy/policy-engine.d.ts +1 -1
- package/dist/src/policy/policy-engine.js +72 -67
- package/dist/src/policy/policy-engine.js.map +1 -1
- package/dist/src/policy/policy-engine.test.js +71 -4
- package/dist/src/policy/policy-engine.test.js.map +1 -1
- package/dist/src/policy/sandboxPolicyManager.js +4 -4
- package/dist/src/policy/sandboxPolicyManager.js.map +1 -1
- package/dist/src/policy/shell-safety-regression.test.d.ts +6 -0
- package/dist/src/policy/shell-safety-regression.test.js +86 -0
- package/dist/src/policy/shell-safety-regression.test.js.map +1 -0
- package/dist/src/policy/shell-safety.test.js +24 -0
- package/dist/src/policy/shell-safety.test.js.map +1 -1
- package/dist/src/policy/shell-substitution.test.d.ts +6 -0
- package/dist/src/policy/shell-substitution.test.js +75 -0
- package/dist/src/policy/shell-substitution.test.js.map +1 -0
- package/dist/src/policy/toml-loader.test.js +25 -11
- package/dist/src/policy/toml-loader.test.js.map +1 -1
- package/dist/src/policy/types.d.ts +6 -2
- package/dist/src/policy/types.js +4 -2
- package/dist/src/policy/types.js.map +1 -1
- package/dist/src/prompts/promptProvider.d.ts +1 -1
- package/dist/src/prompts/promptProvider.js +41 -24
- package/dist/src/prompts/promptProvider.js.map +1 -1
- package/dist/src/prompts/promptProvider.test.js +36 -2
- package/dist/src/prompts/promptProvider.test.js.map +1 -1
- package/dist/src/prompts/snippets-memory-v2.test.d.ts +6 -0
- package/dist/src/prompts/snippets-memory-v2.test.js +94 -0
- package/dist/src/prompts/snippets-memory-v2.test.js.map +1 -0
- package/dist/src/prompts/snippets.d.ts +19 -1
- package/dist/src/prompts/snippets.js +33 -6
- package/dist/src/prompts/snippets.js.map +1 -1
- package/dist/src/prompts/snippets.legacy.d.ts +6 -1
- package/dist/src/prompts/snippets.legacy.js +14 -7
- package/dist/src/prompts/snippets.legacy.js.map +1 -1
- package/dist/src/prompts/utils.test.js +1 -0
- package/dist/src/prompts/utils.test.js.map +1 -1
- package/dist/src/routing/modelRouterService.js +1 -1
- package/dist/src/routing/modelRouterService.js.map +1 -1
- package/dist/src/sandbox/linux/LinuxSandboxManager.d.ts +2 -0
- package/dist/src/sandbox/linux/LinuxSandboxManager.js +43 -19
- package/dist/src/sandbox/linux/LinuxSandboxManager.js.map +1 -1
- package/dist/src/sandbox/linux/LinuxSandboxManager.test.js +16 -0
- package/dist/src/sandbox/linux/LinuxSandboxManager.test.js.map +1 -1
- package/dist/src/sandbox/linux/bwrapArgsBuilder.d.ts +3 -7
- package/dist/src/sandbox/linux/bwrapArgsBuilder.js +96 -105
- package/dist/src/sandbox/linux/bwrapArgsBuilder.js.map +1 -1
- package/dist/src/sandbox/linux/bwrapArgsBuilder.test.js +144 -41
- package/dist/src/sandbox/linux/bwrapArgsBuilder.test.js.map +1 -1
- package/dist/src/sandbox/macos/MacOsSandboxManager.js +19 -10
- package/dist/src/sandbox/macos/MacOsSandboxManager.js.map +1 -1
- package/dist/src/sandbox/macos/MacOsSandboxManager.test.js +24 -37
- package/dist/src/sandbox/macos/MacOsSandboxManager.test.js.map +1 -1
- package/dist/src/sandbox/macos/seatbeltArgsBuilder.d.ts +3 -9
- package/dist/src/sandbox/macos/seatbeltArgsBuilder.js +129 -96
- package/dist/src/sandbox/macos/seatbeltArgsBuilder.js.map +1 -1
- package/dist/src/sandbox/macos/seatbeltArgsBuilder.test.js +78 -77
- package/dist/src/sandbox/macos/seatbeltArgsBuilder.test.js.map +1 -1
- package/dist/src/sandbox/utils/fsUtils.d.ts +2 -3
- package/dist/src/sandbox/utils/fsUtils.js +12 -27
- package/dist/src/sandbox/utils/fsUtils.js.map +1 -1
- package/dist/src/sandbox/utils/fsUtils.test.js +87 -29
- package/dist/src/sandbox/utils/fsUtils.test.js.map +1 -1
- package/dist/src/sandbox/windows/GeminiSandbox.cs +186 -77
- package/dist/src/sandbox/windows/WindowsSandboxManager.d.ts +4 -16
- package/dist/src/sandbox/windows/WindowsSandboxManager.js +138 -204
- package/dist/src/sandbox/windows/WindowsSandboxManager.js.map +1 -1
- package/dist/src/sandbox/windows/WindowsSandboxManager.test.js +105 -122
- package/dist/src/sandbox/windows/WindowsSandboxManager.test.js.map +1 -1
- package/dist/src/scheduler/policy.js +1 -2
- package/dist/src/scheduler/policy.js.map +1 -1
- package/dist/src/scheduler/policy.test.js +58 -2
- package/dist/src/scheduler/policy.test.js.map +1 -1
- package/dist/src/scheduler/scheduler.d.ts +2 -1
- package/dist/src/scheduler/scheduler.js +13 -14
- package/dist/src/scheduler/scheduler.js.map +1 -1
- package/dist/src/scheduler/scheduler.test.js +66 -0
- package/dist/src/scheduler/scheduler.test.js.map +1 -1
- package/dist/src/scheduler/scheduler_hooks.test.js +1 -0
- package/dist/src/scheduler/scheduler_hooks.test.js.map +1 -1
- package/dist/src/scheduler/scheduler_parallel.test.js +2 -0
- package/dist/src/scheduler/scheduler_parallel.test.js.map +1 -1
- package/dist/src/scheduler/tool-executor.js +2 -0
- package/dist/src/scheduler/tool-executor.js.map +1 -1
- package/dist/src/services/chatRecordingService.d.ts +12 -153
- package/dist/src/services/chatRecordingService.js +444 -350
- package/dist/src/services/chatRecordingService.js.map +1 -1
- package/dist/src/services/chatRecordingService.test.js +174 -128
- package/dist/src/services/chatRecordingService.test.js.map +1 -1
- package/dist/src/services/chatRecordingTypes.d.ts +111 -0
- package/dist/src/services/chatRecordingTypes.js +10 -0
- package/dist/src/services/chatRecordingTypes.js.map +1 -0
- package/dist/src/services/gitService.d.ts +2 -0
- package/dist/src/services/gitService.js +10 -1
- package/dist/src/services/gitService.js.map +1 -1
- package/dist/src/services/gitService.test.js +6 -2
- package/dist/src/services/gitService.test.js.map +1 -1
- package/dist/src/services/keychainService.d.ts +2 -2
- package/dist/src/services/keychainService.js +9 -9
- package/dist/src/services/keychainService.js.map +1 -1
- package/dist/src/services/keychainService.test.js +7 -7
- package/dist/src/services/keychainService.test.js.map +1 -1
- package/dist/src/services/keychainTypes.d.ts +1 -1
- package/dist/src/services/memoryPatchUtils.d.ts +42 -0
- package/dist/src/services/memoryPatchUtils.js +216 -0
- package/dist/src/services/memoryPatchUtils.js.map +1 -0
- package/dist/src/services/memoryService.d.ts +21 -1
- package/dist/src/services/memoryService.js +405 -64
- package/dist/src/services/memoryService.js.map +1 -1
- package/dist/src/services/memoryService.test.js +686 -2
- package/dist/src/services/memoryService.test.js.map +1 -1
- package/dist/src/services/sandboxManager.d.ts +33 -19
- package/dist/src/services/sandboxManager.integration.test.js +728 -266
- package/dist/src/services/sandboxManager.integration.test.js.map +1 -1
- package/dist/src/services/sandboxManager.js +65 -62
- package/dist/src/services/sandboxManager.js.map +1 -1
- package/dist/src/services/sandboxManager.test.js +17 -114
- package/dist/src/services/sandboxManager.test.js.map +1 -1
- package/dist/src/services/sandboxedFileSystemService.js +72 -62
- package/dist/src/services/sandboxedFileSystemService.js.map +1 -1
- package/dist/src/services/sessionSummaryUtils.d.ts +1 -1
- package/dist/src/services/sessionSummaryUtils.js +111 -38
- package/dist/src/services/sessionSummaryUtils.js.map +1 -1
- package/dist/src/services/sessionSummaryUtils.test.js +204 -51
- package/dist/src/services/sessionSummaryUtils.test.js.map +1 -1
- package/dist/src/services/shellExecutionService.d.ts +19 -0
- package/dist/src/services/shellExecutionService.js +88 -34
- package/dist/src/services/shellExecutionService.js.map +1 -1
- package/dist/src/services/shellExecutionService.test.js +38 -4
- package/dist/src/services/shellExecutionService.test.js.map +1 -1
- package/dist/src/telemetry/activity-monitor.js +1 -0
- package/dist/src/telemetry/activity-monitor.js.map +1 -1
- package/dist/src/telemetry/config.js +3 -0
- package/dist/src/telemetry/config.js.map +1 -1
- package/dist/src/telemetry/conseca-logger.js +18 -20
- package/dist/src/telemetry/conseca-logger.js.map +1 -1
- package/dist/src/telemetry/conseca-logger.test.js +100 -0
- package/dist/src/telemetry/conseca-logger.test.js.map +1 -1
- package/dist/src/telemetry/event-loop-monitor.d.ts +17 -0
- package/dist/src/telemetry/event-loop-monitor.js +76 -0
- package/dist/src/telemetry/event-loop-monitor.js.map +1 -0
- package/dist/src/telemetry/index.d.ts +2 -1
- package/dist/src/telemetry/index.js +2 -1
- package/dist/src/telemetry/index.js.map +1 -1
- package/dist/src/telemetry/llmRole.d.ts +2 -1
- package/dist/src/telemetry/llmRole.js +1 -0
- package/dist/src/telemetry/llmRole.js.map +1 -1
- package/dist/src/telemetry/loggers.test.js +184 -8
- package/dist/src/telemetry/loggers.test.js.map +1 -1
- package/dist/src/telemetry/memory-monitor.d.ts +1 -0
- package/dist/src/telemetry/memory-monitor.js +8 -1
- package/dist/src/telemetry/memory-monitor.js.map +1 -1
- package/dist/src/telemetry/memory-monitor.test.js +6 -1
- package/dist/src/telemetry/memory-monitor.test.js.map +1 -1
- package/dist/src/telemetry/metrics.d.ts +12 -0
- package/dist/src/telemetry/metrics.js +19 -0
- package/dist/src/telemetry/metrics.js.map +1 -1
- package/dist/src/telemetry/sdk.js +20 -1
- package/dist/src/telemetry/sdk.js.map +1 -1
- package/dist/src/telemetry/trace.d.ts +23 -6
- package/dist/src/telemetry/trace.js +71 -22
- package/dist/src/telemetry/trace.js.map +1 -1
- package/dist/src/telemetry/trace.test.js +79 -15
- package/dist/src/telemetry/trace.test.js.map +1 -1
- package/dist/src/telemetry/types.js +61 -15
- package/dist/src/telemetry/types.js.map +1 -1
- package/dist/src/test-utils/mock-tool.d.ts +3 -2
- package/dist/src/test-utils/mock-tool.js +4 -3
- package/dist/src/test-utils/mock-tool.js.map +1 -1
- package/dist/src/tools/activate-skill.js +1 -1
- package/dist/src/tools/activate-skill.js.map +1 -1
- package/dist/src/tools/activate-skill.test.js +6 -2
- package/dist/src/tools/activate-skill.test.js.map +1 -1
- package/dist/src/tools/ask-user.d.ts +2 -2
- package/dist/src/tools/ask-user.js +1 -1
- package/dist/src/tools/ask-user.js.map +1 -1
- package/dist/src/tools/ask-user.test.js +9 -3
- package/dist/src/tools/ask-user.test.js.map +1 -1
- package/dist/src/tools/complete-task.d.ts +2 -2
- package/dist/src/tools/complete-task.js +1 -1
- package/dist/src/tools/complete-task.js.map +1 -1
- package/dist/src/tools/complete-task.test.js +9 -3
- package/dist/src/tools/complete-task.test.js.map +1 -1
- package/dist/src/tools/definitions/base-declarations.d.ts +2 -0
- package/dist/src/tools/definitions/base-declarations.js +3 -0
- package/dist/src/tools/definitions/base-declarations.js.map +1 -1
- package/dist/src/tools/definitions/coreTools.d.ts +3 -1
- package/dist/src/tools/definitions/coreTools.js +13 -1
- package/dist/src/tools/definitions/coreTools.js.map +1 -1
- package/dist/src/tools/definitions/model-family-sets/default-legacy.js +29 -1
- package/dist/src/tools/definitions/model-family-sets/default-legacy.js.map +1 -1
- package/dist/src/tools/definitions/model-family-sets/gemini-3.js +29 -1
- package/dist/src/tools/definitions/model-family-sets/gemini-3.js.map +1 -1
- package/dist/src/tools/definitions/types.d.ts +2 -0
- package/dist/src/tools/edit.js +20 -4
- package/dist/src/tools/edit.js.map +1 -1
- package/dist/src/tools/edit.test.js +41 -18
- package/dist/src/tools/edit.test.js.map +1 -1
- package/dist/src/tools/enter-plan-mode.d.ts +2 -2
- package/dist/src/tools/enter-plan-mode.js +1 -1
- package/dist/src/tools/enter-plan-mode.js.map +1 -1
- package/dist/src/tools/enter-plan-mode.test.js +10 -4
- package/dist/src/tools/enter-plan-mode.test.js.map +1 -1
- package/dist/src/tools/exit-plan-mode.d.ts +2 -2
- package/dist/src/tools/exit-plan-mode.js +9 -12
- package/dist/src/tools/exit-plan-mode.js.map +1 -1
- package/dist/src/tools/exit-plan-mode.test.js +44 -17
- package/dist/src/tools/exit-plan-mode.test.js.map +1 -1
- package/dist/src/tools/get-internal-docs.js +6 -3
- package/dist/src/tools/get-internal-docs.js.map +1 -1
- package/dist/src/tools/get-internal-docs.test.js +4 -4
- package/dist/src/tools/get-internal-docs.test.js.map +1 -1
- package/dist/src/tools/glob.js +1 -1
- package/dist/src/tools/glob.js.map +1 -1
- package/dist/src/tools/glob.test.js +16 -16
- package/dist/src/tools/glob.test.js.map +1 -1
- package/dist/src/tools/grep.js +21 -12
- package/dist/src/tools/grep.js.map +1 -1
- package/dist/src/tools/grep.test.js +18 -18
- package/dist/src/tools/grep.test.js.map +1 -1
- package/dist/src/tools/line-endings.test.js +3 -3
- package/dist/src/tools/line-endings.test.js.map +1 -1
- package/dist/src/tools/list-mcp-resources.d.ts +24 -0
- package/dist/src/tools/list-mcp-resources.js +74 -0
- package/dist/src/tools/list-mcp-resources.js.map +1 -0
- package/dist/src/tools/list-mcp-resources.test.d.ts +6 -0
- package/dist/src/tools/list-mcp-resources.test.js +79 -0
- package/dist/src/tools/list-mcp-resources.test.js.map +1 -0
- package/dist/src/tools/ls.js +2 -2
- package/dist/src/tools/ls.js.map +1 -1
- package/dist/src/tools/ls.test.js +21 -21
- package/dist/src/tools/ls.test.js.map +1 -1
- package/dist/src/tools/mcp-client-manager.d.ts +3 -1
- package/dist/src/tools/mcp-client-manager.js +24 -1
- package/dist/src/tools/mcp-client-manager.js.map +1 -1
- package/dist/src/tools/mcp-client-manager.test.js +43 -0
- package/dist/src/tools/mcp-client-manager.test.js.map +1 -1
- package/dist/src/tools/mcp-client.js +10 -12
- package/dist/src/tools/mcp-client.js.map +1 -1
- package/dist/src/tools/mcp-client.test.js +14 -2
- package/dist/src/tools/mcp-client.test.js.map +1 -1
- package/dist/src/tools/mcp-tool.d.ts +2 -2
- package/dist/src/tools/mcp-tool.js +1 -1
- package/dist/src/tools/mcp-tool.js.map +1 -1
- package/dist/src/tools/mcp-tool.test.js +51 -21
- package/dist/src/tools/mcp-tool.test.js.map +1 -1
- package/dist/src/tools/memoryTool.d.ts +4 -3
- package/dist/src/tools/memoryTool.js +43 -14
- package/dist/src/tools/memoryTool.js.map +1 -1
- package/dist/src/tools/memoryTool.test.js +29 -9
- package/dist/src/tools/memoryTool.test.js.map +1 -1
- package/dist/src/tools/read-file.js +1 -1
- package/dist/src/tools/read-file.js.map +1 -1
- package/dist/src/tools/read-file.test.js +17 -17
- package/dist/src/tools/read-file.test.js.map +1 -1
- package/dist/src/tools/read-many-files.js +4 -4
- package/dist/src/tools/read-many-files.js.map +1 -1
- package/dist/src/tools/read-many-files.test.js +70 -24
- package/dist/src/tools/read-many-files.test.js.map +1 -1
- package/dist/src/tools/read-mcp-resource.d.ts +25 -0
- package/dist/src/tools/read-mcp-resource.js +120 -0
- package/dist/src/tools/read-mcp-resource.js.map +1 -0
- package/dist/src/tools/read-mcp-resource.test.d.ts +6 -0
- package/dist/src/tools/read-mcp-resource.test.js +110 -0
- package/dist/src/tools/read-mcp-resource.test.js.map +1 -0
- package/dist/src/tools/ripGrep.d.ts +3 -2
- package/dist/src/tools/ripGrep.js +26 -55
- package/dist/src/tools/ripGrep.js.map +1 -1
- package/dist/src/tools/ripGrep.test.js +113 -167
- package/dist/src/tools/ripGrep.test.js.map +1 -1
- package/dist/src/tools/shell.d.ts +2 -2
- package/dist/src/tools/shell.js +51 -21
- package/dist/src/tools/shell.js.map +1 -1
- package/dist/src/tools/shell.test.js +479 -76
- package/dist/src/tools/shell.test.js.map +1 -1
- package/dist/src/tools/shellBackgroundTools.d.ts +3 -3
- package/dist/src/tools/shellBackgroundTools.integration.test.js +6 -2
- package/dist/src/tools/shellBackgroundTools.integration.test.js.map +1 -1
- package/dist/src/tools/shellBackgroundTools.js +2 -2
- package/dist/src/tools/shellBackgroundTools.js.map +1 -1
- package/dist/src/tools/shellBackgroundTools.test.js +30 -10
- package/dist/src/tools/shellBackgroundTools.test.js.map +1 -1
- package/dist/src/tools/tool-error.d.ts +1 -0
- package/dist/src/tools/tool-error.js +1 -0
- package/dist/src/tools/tool-error.js.map +1 -1
- package/dist/src/tools/tool-names.d.ts +5 -4
- package/dist/src/tools/tool-names.js +8 -2
- package/dist/src/tools/tool-names.js.map +1 -1
- package/dist/src/tools/tool-registry.js +137 -114
- package/dist/src/tools/tool-registry.js.map +1 -1
- package/dist/src/tools/tool-registry.test.js +3 -1
- package/dist/src/tools/tool-registry.test.js.map +1 -1
- package/dist/src/tools/tools.d.ts +6 -6
- package/dist/src/tools/tools.js +6 -2
- package/dist/src/tools/tools.js.map +1 -1
- package/dist/src/tools/topicTool.d.ts +2 -2
- package/dist/src/tools/topicTool.js +1 -1
- package/dist/src/tools/topicTool.js.map +1 -1
- package/dist/src/tools/topicTool.test.js +6 -2
- package/dist/src/tools/topicTool.test.js.map +1 -1
- package/dist/src/tools/trackerTools.d.ts +7 -7
- package/dist/src/tools/trackerTools.js +6 -6
- package/dist/src/tools/trackerTools.js.map +1 -1
- package/dist/src/tools/web-fetch.js +1 -1
- package/dist/src/tools/web-fetch.js.map +1 -1
- package/dist/src/tools/web-fetch.test.js +59 -23
- package/dist/src/tools/web-fetch.test.js.map +1 -1
- package/dist/src/tools/web-search.js +1 -1
- package/dist/src/tools/web-search.js.map +1 -1
- package/dist/src/tools/web-search.test.js +5 -5
- package/dist/src/tools/web-search.test.js.map +1 -1
- package/dist/src/tools/write-file.js +22 -4
- package/dist/src/tools/write-file.js.map +1 -1
- package/dist/src/tools/write-file.test.js +29 -11
- package/dist/src/tools/write-file.test.js.map +1 -1
- package/dist/src/tools/write-todos.js +1 -1
- package/dist/src/tools/write-todos.js.map +1 -1
- package/dist/src/utils/compatibility.js +6 -1
- package/dist/src/utils/compatibility.js.map +1 -1
- package/dist/src/utils/compatibility.test.js +23 -0
- package/dist/src/utils/compatibility.test.js.map +1 -1
- package/dist/src/utils/errors.d.ts +3 -0
- package/dist/src/utils/errors.js +6 -0
- package/dist/src/utils/errors.js.map +1 -1
- package/dist/src/utils/fileUtils.d.ts +1 -2
- package/dist/src/utils/fileUtils.js +80 -40
- package/dist/src/utils/fileUtils.js.map +1 -1
- package/dist/src/utils/fileUtils.test.js +61 -0
- package/dist/src/utils/fileUtils.test.js.map +1 -1
- package/dist/src/utils/filesearch/fileSearch.d.ts +2 -0
- package/dist/src/utils/filesearch/fileSearch.js +97 -6
- package/dist/src/utils/filesearch/fileSearch.js.map +1 -1
- package/dist/src/utils/filesearch/fileSearch.test.js +54 -0
- package/dist/src/utils/filesearch/fileSearch.test.js.map +1 -1
- package/dist/src/utils/filesearch/fileWatcher.d.ts +25 -0
- package/dist/src/utils/filesearch/fileWatcher.js +86 -0
- package/dist/src/utils/filesearch/fileWatcher.js.map +1 -0
- package/dist/src/utils/filesearch/fileWatcher.test.js +142 -0
- package/dist/src/utils/filesearch/fileWatcher.test.js.map +1 -0
- package/dist/src/utils/getFolderStructure.js +4 -2
- package/dist/src/utils/getFolderStructure.js.map +1 -1
- package/dist/src/utils/gitIgnoreParser.js +1 -1
- package/dist/src/utils/gitIgnoreParser.js.map +1 -1
- package/dist/src/utils/googleQuotaErrors.d.ts +2 -1
- package/dist/src/utils/googleQuotaErrors.js +30 -35
- package/dist/src/utils/googleQuotaErrors.js.map +1 -1
- package/dist/src/utils/googleQuotaErrors.test.js +24 -0
- package/dist/src/utils/googleQuotaErrors.test.js.map +1 -1
- package/dist/src/utils/ignoreFileParser.js +1 -1
- package/dist/src/utils/ignoreFileParser.js.map +1 -1
- package/dist/src/utils/memoryDiscovery.js +15 -5
- package/dist/src/utils/memoryDiscovery.js.map +1 -1
- package/dist/src/utils/oauth-flow.js +17 -5
- package/dist/src/utils/oauth-flow.js.map +1 -1
- package/dist/src/utils/oauth-flow.test.js +20 -0
- package/dist/src/utils/oauth-flow.test.js.map +1 -1
- package/dist/src/utils/paths.d.ts +9 -0
- package/dist/src/utils/paths.js +37 -0
- package/dist/src/utils/paths.js.map +1 -1
- package/dist/src/utils/paths.test.js +45 -1
- package/dist/src/utils/paths.test.js.map +1 -1
- package/dist/src/utils/planUtils.d.ts +11 -2
- package/dist/src/utils/planUtils.js +43 -11
- package/dist/src/utils/planUtils.js.map +1 -1
- package/dist/src/utils/planUtils.test.js +10 -9
- package/dist/src/utils/planUtils.test.js.map +1 -1
- package/dist/src/utils/process-utils.d.ts +2 -1
- package/dist/src/utils/process-utils.js +64 -33
- package/dist/src/utils/process-utils.js.map +1 -1
- package/dist/src/utils/process-utils.test.js +9 -0
- package/dist/src/utils/process-utils.test.js.map +1 -1
- package/dist/src/utils/retry.js +18 -6
- package/dist/src/utils/retry.js.map +1 -1
- package/dist/src/utils/retry.test.js +30 -0
- package/dist/src/utils/retry.test.js.map +1 -1
- package/dist/src/utils/sessionOperations.js +3 -2
- package/dist/src/utils/sessionOperations.js.map +1 -1
- package/dist/src/utils/shell-utils.d.ts +2 -0
- package/dist/src/utils/shell-utils.js +237 -107
- package/dist/src/utils/shell-utils.js.map +1 -1
- package/dist/src/utils/tool-utils.d.ts +1 -29
- package/dist/src/utils/tool-utils.js +0 -39
- package/dist/src/utils/tool-utils.js.map +1 -1
- package/dist/src/utils/tool-utils.test.js +2 -76
- package/dist/src/utils/tool-utils.test.js.map +1 -1
- package/dist/src/utils/tool-visibility.d.ts +40 -0
- package/dist/src/utils/tool-visibility.js +111 -0
- package/dist/src/utils/tool-visibility.js.map +1 -0
- package/dist/src/utils/tool-visibility.test.d.ts +6 -0
- package/dist/src/utils/tool-visibility.test.js +96 -0
- package/dist/src/utils/tool-visibility.test.js.map +1 -0
- package/dist/src/utils/trust.d.ts +64 -0
- package/dist/src/utils/trust.js +276 -0
- package/dist/src/utils/trust.js.map +1 -0
- package/dist/src/utils/trust.test.d.ts +6 -0
- package/dist/src/utils/trust.test.js +159 -0
- package/dist/src/utils/trust.test.js.map +1 -0
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +5 -4
- package/dist/docs/get-started/installation.md +0 -181
- package/dist/src/agents/memory-manager-agent.d.ts +0 -25
- package/dist/src/agents/memory-manager-agent.js +0 -138
- package/dist/src/agents/memory-manager-agent.js.map +0 -1
- package/dist/src/agents/memory-manager-agent.test.js +0 -123
- package/dist/src/agents/memory-manager-agent.test.js.map +0 -1
- package/dist/src/agents/subagent-tool-wrapper.d.ts +0 -38
- package/dist/src/agents/subagent-tool-wrapper.js +0 -58
- package/dist/src/agents/subagent-tool-wrapper.js.map +0 -1
- package/dist/src/agents/subagent-tool-wrapper.test.js +0 -123
- package/dist/src/agents/subagent-tool-wrapper.test.js.map +0 -1
- package/dist/src/agents/subagent-tool.d.ts +0 -18
- package/dist/src/agents/subagent-tool.js +0 -134
- package/dist/src/agents/subagent-tool.js.map +0 -1
- package/dist/src/agents/subagent-tool.test.js +0 -287
- package/dist/src/agents/subagent-tool.test.js.map +0 -1
- package/dist/src/policy/policies/tracker.toml +0 -34
- package/dist/src/prompts/snippets-memory-manager.test.js +0 -31
- package/dist/src/prompts/snippets-memory-manager.test.js.map +0 -1
- /package/dist/src/{agents/memory-manager-agent.test.d.ts → agent/tool-display-utils.test.d.ts} +0 -0
- /package/dist/src/agents/{subagent-tool.test.d.ts → agent-tool.test.d.ts} +0 -0
- /package/dist/src/{prompts/snippets-memory-manager.test.d.ts → agents/skill-extraction-agent.test.d.ts} +0 -0
- /package/dist/src/{agents/subagent-tool-wrapper.test.d.ts → utils/filesearch/fileWatcher.test.d.ts} +0 -0
|
@@ -4,154 +4,133 @@
|
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
6
|
import fs from 'node:fs';
|
|
7
|
-
import { join, dirname
|
|
8
|
-
import { GOVERNANCE_FILES, getSecretFileFindArgs,
|
|
9
|
-
import {
|
|
7
|
+
import { join, dirname } from 'node:path';
|
|
8
|
+
import { GOVERNANCE_FILES, getSecretFileFindArgs, } from '../../services/sandboxManager.js';
|
|
9
|
+
import { isErrnoException } from '../utils/fsUtils.js';
|
|
10
10
|
import { spawnAsync } from '../../utils/shell-utils.js';
|
|
11
11
|
import { debugLogger } from '../../utils/debugLogger.js';
|
|
12
|
+
import { toPathKey } from '../../utils/paths.js';
|
|
12
13
|
/**
|
|
13
14
|
* Builds the list of bubblewrap arguments based on the provided options.
|
|
14
15
|
*/
|
|
15
16
|
export async function buildBwrapArgs(options) {
|
|
17
|
+
const { resolvedPaths, workspaceWrite, networkAccess, maskFilePath, isReadOnlyCommand, } = options;
|
|
18
|
+
const { workspace } = resolvedPaths;
|
|
16
19
|
const bwrapArgs = [
|
|
17
20
|
'--unshare-all',
|
|
18
21
|
'--new-session', // Isolate session
|
|
19
22
|
'--die-with-parent', // Prevent orphaned runaway processes
|
|
20
23
|
];
|
|
21
|
-
if (
|
|
24
|
+
if (networkAccess) {
|
|
22
25
|
bwrapArgs.push('--share-net');
|
|
23
26
|
}
|
|
24
27
|
bwrapArgs.push('--ro-bind', '/', '/', '--dev', // Creates a safe, minimal /dev (replaces --dev-bind)
|
|
25
28
|
'/dev', '--proc', // Creates a fresh procfs for the unshared PID namespace
|
|
26
29
|
'/proc', '--tmpfs', // Provides an isolated, writable /tmp directory
|
|
27
30
|
'/tmp');
|
|
28
|
-
const
|
|
29
|
-
const bindFlag =
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
}
|
|
31
|
+
const mounts = [];
|
|
32
|
+
const bindFlag = workspaceWrite ? '--bind-try' : '--ro-bind-try';
|
|
33
|
+
mounts.push({
|
|
34
|
+
type: bindFlag,
|
|
35
|
+
src: workspace.original,
|
|
36
|
+
dest: workspace.original,
|
|
37
|
+
});
|
|
38
|
+
if (workspace.resolved !== workspace.original) {
|
|
39
|
+
mounts.push({
|
|
40
|
+
type: bindFlag,
|
|
41
|
+
src: workspace.resolved,
|
|
42
|
+
dest: workspace.resolved,
|
|
43
|
+
});
|
|
41
44
|
}
|
|
42
|
-
const
|
|
43
|
-
|
|
44
|
-
bwrapArgs.push(bindFlag, worktreeGitDir, worktreeGitDir);
|
|
45
|
+
for (const includeDir of resolvedPaths.globalIncludes) {
|
|
46
|
+
mounts.push({ type: '--ro-bind-try', src: includeDir, dest: includeDir });
|
|
45
47
|
}
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
48
|
+
for (const allowedPath of resolvedPaths.policyAllowed) {
|
|
49
|
+
if (fs.existsSync(allowedPath)) {
|
|
50
|
+
mounts.push({ type: '--bind-try', src: allowedPath, dest: allowedPath });
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
const parent = dirname(allowedPath);
|
|
54
|
+
mounts.push({
|
|
55
|
+
type: isReadOnlyCommand ? '--ro-bind-try' : '--bind-try',
|
|
56
|
+
src: parent,
|
|
57
|
+
dest: parent,
|
|
58
|
+
});
|
|
57
59
|
}
|
|
58
60
|
}
|
|
59
|
-
const
|
|
60
|
-
|
|
61
|
-
const resolved = tryRealpath(allowedPath);
|
|
62
|
-
if (!fs.existsSync(resolved)) {
|
|
63
|
-
// If the path doesn't exist, we still want to allow access to its parent
|
|
64
|
-
// if it's explicitly allowed, to enable creating it.
|
|
65
|
-
try {
|
|
66
|
-
const resolvedParent = tryRealpath(dirname(resolved));
|
|
67
|
-
bwrapArgs.push(options.isWriteCommand ? '--bind-try' : bindFlag, resolvedParent, resolvedParent);
|
|
68
|
-
}
|
|
69
|
-
catch {
|
|
70
|
-
// Ignore
|
|
71
|
-
}
|
|
72
|
-
continue;
|
|
73
|
-
}
|
|
74
|
-
const normalizedAllowedPath = normalize(resolved).replace(/\/$/, '');
|
|
75
|
-
if (normalizedAllowedPath !== normalizedWorkspace) {
|
|
76
|
-
bwrapArgs.push('--bind-try', resolved, resolved);
|
|
77
|
-
}
|
|
61
|
+
for (const p of resolvedPaths.policyRead) {
|
|
62
|
+
mounts.push({ type: '--ro-bind-try', src: p, dest: p });
|
|
78
63
|
}
|
|
79
|
-
|
|
80
|
-
for (const p of
|
|
81
|
-
try
|
|
82
|
-
const safeResolvedPath = tryRealpath(p);
|
|
83
|
-
bwrapArgs.push('--ro-bind-try', safeResolvedPath, safeResolvedPath);
|
|
84
|
-
}
|
|
85
|
-
catch (e) {
|
|
86
|
-
debugLogger.warn(e instanceof Error ? e.message : String(e));
|
|
87
|
-
}
|
|
88
|
-
}
|
|
89
|
-
const additionalWrites = sanitizePaths(options.additionalPermissions.fileSystem?.write);
|
|
90
|
-
for (const p of additionalWrites) {
|
|
91
|
-
try {
|
|
92
|
-
const safeResolvedPath = tryRealpath(p);
|
|
93
|
-
bwrapArgs.push('--bind-try', safeResolvedPath, safeResolvedPath);
|
|
94
|
-
}
|
|
95
|
-
catch (e) {
|
|
96
|
-
debugLogger.warn(e instanceof Error ? e.message : String(e));
|
|
97
|
-
}
|
|
64
|
+
// Collect explicit additional write permissions.
|
|
65
|
+
for (const p of resolvedPaths.policyWrite) {
|
|
66
|
+
mounts.push({ type: '--bind-try', src: p, dest: p });
|
|
98
67
|
}
|
|
68
|
+
const policyWriteKeys = new Set(resolvedPaths.policyWrite.map(toPathKey));
|
|
99
69
|
for (const file of GOVERNANCE_FILES) {
|
|
100
|
-
const filePath = join(
|
|
101
|
-
const realPath =
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
70
|
+
const filePath = join(workspace.original, file.path);
|
|
71
|
+
const realPath = join(workspace.resolved, file.path);
|
|
72
|
+
const isExplicitlyWritable = policyWriteKeys.has(toPathKey(filePath)) ||
|
|
73
|
+
policyWriteKeys.has(toPathKey(realPath));
|
|
74
|
+
// If the workspace is writable, we allow editing .gitignore and .geminiignore by default.
|
|
75
|
+
// .git remains protected unless explicitly requested (e.g. for git commands).
|
|
76
|
+
const isImplicitlyWritable = workspaceWrite && file.path !== '.git';
|
|
77
|
+
if (!isExplicitlyWritable && !isImplicitlyWritable) {
|
|
78
|
+
mounts.push({ type: '--ro-bind', src: filePath, dest: filePath });
|
|
79
|
+
if (realPath !== filePath) {
|
|
80
|
+
mounts.push({ type: '--ro-bind', src: realPath, dest: realPath });
|
|
81
|
+
}
|
|
105
82
|
}
|
|
106
83
|
}
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
84
|
+
// Grant read-only access to git worktrees/submodules.
|
|
85
|
+
if (resolvedPaths.gitWorktree) {
|
|
86
|
+
const { worktreeGitDir, mainGitDir } = resolvedPaths.gitWorktree;
|
|
87
|
+
if (worktreeGitDir && !policyWriteKeys.has(toPathKey(worktreeGitDir))) {
|
|
88
|
+
mounts.push({
|
|
89
|
+
type: '--ro-bind-try',
|
|
90
|
+
src: worktreeGitDir,
|
|
91
|
+
dest: worktreeGitDir,
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
if (mainGitDir && !policyWriteKeys.has(toPathKey(mainGitDir))) {
|
|
95
|
+
mounts.push({
|
|
96
|
+
type: '--ro-bind-try',
|
|
97
|
+
src: mainGitDir,
|
|
98
|
+
dest: mainGitDir,
|
|
99
|
+
});
|
|
113
100
|
}
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
101
|
+
}
|
|
102
|
+
for (const p of resolvedPaths.forbidden) {
|
|
103
|
+
if (!fs.existsSync(p))
|
|
117
104
|
continue;
|
|
118
|
-
}
|
|
119
105
|
try {
|
|
120
|
-
const stat = fs.statSync(
|
|
106
|
+
const stat = fs.statSync(p);
|
|
121
107
|
if (stat.isDirectory()) {
|
|
122
|
-
|
|
108
|
+
mounts.push({ type: '--tmpfs-ro', dest: p });
|
|
123
109
|
}
|
|
124
110
|
else {
|
|
125
|
-
|
|
111
|
+
mounts.push({ type: '--ro-bind', src: '/dev/null', dest: p });
|
|
126
112
|
}
|
|
127
113
|
}
|
|
128
114
|
catch (e) {
|
|
129
115
|
if (isErrnoException(e) && e.code === 'ENOENT') {
|
|
130
|
-
|
|
116
|
+
mounts.push({ type: '--symlink', src: '/dev/null', dest: p });
|
|
131
117
|
}
|
|
132
118
|
else {
|
|
133
|
-
debugLogger.warn(`Failed to
|
|
134
|
-
|
|
119
|
+
debugLogger.warn(`Failed to secure forbidden path ${p}: ${e instanceof Error ? e.message : String(e)}`);
|
|
120
|
+
mounts.push({ type: '--ro-bind', src: '/dev/null', dest: p });
|
|
135
121
|
}
|
|
136
122
|
}
|
|
137
123
|
}
|
|
138
124
|
// Mask secret files (.env, .env.*)
|
|
139
|
-
const
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
*/
|
|
146
|
-
async function getSecretFilesArgs(workspace, allowedPaths, maskPath) {
|
|
147
|
-
const args = [];
|
|
148
|
-
const searchDirs = new Set([workspace, ...allowedPaths]);
|
|
125
|
+
const searchDirs = new Set([
|
|
126
|
+
resolvedPaths.workspace.original,
|
|
127
|
+
resolvedPaths.workspace.resolved,
|
|
128
|
+
...resolvedPaths.policyAllowed,
|
|
129
|
+
...resolvedPaths.globalIncludes,
|
|
130
|
+
]);
|
|
149
131
|
const findPatterns = getSecretFileFindArgs();
|
|
150
132
|
for (const dir of searchDirs) {
|
|
151
133
|
try {
|
|
152
|
-
// Use the native 'find' command for performance and to catch nested secrets.
|
|
153
|
-
// We limit depth to 3 to keep it fast while covering common nested structures.
|
|
154
|
-
// We use -prune to skip heavy directories efficiently while matching dotfiles.
|
|
155
134
|
const findResult = await spawnAsync('find', [
|
|
156
135
|
dir,
|
|
157
136
|
'-maxdepth',
|
|
@@ -187,7 +166,7 @@ async function getSecretFilesArgs(workspace, allowedPaths, maskPath) {
|
|
|
187
166
|
const files = findResult.stdout.toString().split('\0');
|
|
188
167
|
for (const file of files) {
|
|
189
168
|
if (file.trim()) {
|
|
190
|
-
|
|
169
|
+
mounts.push({ type: '--bind', src: maskFilePath, dest: file.trim() });
|
|
191
170
|
}
|
|
192
171
|
}
|
|
193
172
|
}
|
|
@@ -195,6 +174,18 @@ async function getSecretFilesArgs(workspace, allowedPaths, maskPath) {
|
|
|
195
174
|
debugLogger.log(`LinuxSandboxManager: Failed to find or mask secret files in ${dir}`, e);
|
|
196
175
|
}
|
|
197
176
|
}
|
|
198
|
-
|
|
177
|
+
// Sort mounts by destination path length to ensure parents are bound before children.
|
|
178
|
+
// This prevents hierarchical masking where a parent mount would hide a child mount.
|
|
179
|
+
mounts.sort((a, b) => a.dest.length - b.dest.length);
|
|
180
|
+
// Emit final bwrap arguments
|
|
181
|
+
for (const m of mounts) {
|
|
182
|
+
if (m.type === '--tmpfs-ro') {
|
|
183
|
+
bwrapArgs.push('--tmpfs', m.dest, '--remount-ro', m.dest);
|
|
184
|
+
}
|
|
185
|
+
else {
|
|
186
|
+
bwrapArgs.push(m.type, m.src, m.dest);
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
return bwrapArgs;
|
|
199
190
|
}
|
|
200
191
|
//# sourceMappingURL=bwrapArgsBuilder.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bwrapArgsBuilder.js","sourceRoot":"","sources":["../../../../src/sandbox/linux/bwrapArgsBuilder.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"bwrapArgsBuilder.js","sourceRoot":"","sources":["../../../../src/sandbox/linux/bwrapArgsBuilder.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EACL,gBAAgB,EAChB,qBAAqB,GAEtB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAajD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAyB;IAEzB,MAAM,EACJ,aAAa,EACb,cAAc,EACd,aAAa,EACb,YAAY,EACZ,iBAAiB,GAClB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,SAAS,EAAE,GAAG,aAAa,CAAC;IAEpC,MAAM,SAAS,GAAa;QAC1B,eAAe;QACf,eAAe,EAAE,kBAAkB;QACnC,mBAAmB,EAAE,qCAAqC;KAC3D,CAAC;IAEF,IAAI,aAAa,EAAE,CAAC;QAClB,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAChC,CAAC;IAED,SAAS,CAAC,IAAI,CACZ,WAAW,EACX,GAAG,EACH,GAAG,EACH,OAAO,EAAE,qDAAqD;IAC9D,MAAM,EACN,QAAQ,EAAE,wDAAwD;IAClE,OAAO,EACP,SAAS,EAAE,gDAAgD;IAC3D,MAAM,CACP,CAAC;IAiBF,MAAM,MAAM,GAAY,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAc,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,eAAe,CAAC;IAC5E,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,QAAQ;QACd,GAAG,EAAE,SAAS,CAAC,QAAQ;QACvB,IAAI,EAAE,SAAS,CAAC,QAAQ;KACzB,CAAC,CAAC;IACH,IAAI,SAAS,CAAC,QAAQ,KAAK,SAAS,CAAC,QAAQ,EAAE,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,SAAS,CAAC,QAAQ;YACvB,IAAI,EAAE,SAAS,CAAC,QAAQ;SACzB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,MAAM,UAAU,IAAI,aAAa,CAAC,cAAc,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,KAAK,MAAM,WAAW,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QACtD,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,YAAY;gBACxD,GAAG,EAAE,MAAM;gBACX,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,aAAa,CAAC,UAAU,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,iDAAiD;IACjD,KAAK,MAAM,CAAC,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAE1E,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAErD,MAAM,oBAAoB,GACxB,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACxC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE3C,0FAA0F;QAC1F,8EAA8E;QAC9E,MAAM,oBAAoB,GAAG,cAAc,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC;QAEpE,IAAI,CAAC,oBAAoB,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YAClE,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC,WAAW,CAAC;QACjE,IAAI,cAAc,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACtE,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,cAAc;gBACnB,IAAI,EAAE,cAAc;aACrB,CAAC,CAAC;QACL,CAAC;QACD,IAAI,UAAU,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,UAAU;gBACf,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAChC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,IAAI,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC/C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAChE,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,IAAI,CACd,mCAAmC,CAAC,KAAK,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACtF,CAAC;gBACF,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;QACzB,aAAa,CAAC,SAAS,CAAC,QAAQ;QAChC,aAAa,CAAC,SAAS,CAAC,QAAQ;QAChC,GAAG,aAAa,CAAC,aAAa;QAC9B,GAAG,aAAa,CAAC,cAAc;KAChC,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,qBAAqB,EAAE,CAAC;IAE7C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE;gBAC1C,GAAG;gBACH,WAAW;gBACX,GAAG;gBACH,OAAO;gBACP,GAAG;gBACH,GAAG;gBACH,OAAO;gBACP,MAAM;gBACN,IAAI;gBACJ,OAAO;gBACP,cAAc;gBACd,IAAI;gBACJ,OAAO;gBACP,OAAO;gBACP,IAAI;gBACJ,OAAO;gBACP,aAAa;gBACb,IAAI;gBACJ,OAAO;gBACP,MAAM;gBACN,IAAI;gBACJ,OAAO;gBACP,OAAO;gBACP,GAAG;gBACH,QAAQ;gBACR,IAAI;gBACJ,OAAO;gBACP,GAAG;gBACH,GAAG,YAAY;gBACf,SAAS;aACV,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACvD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;oBAChB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,+DAA+D,GAAG,EAAE,EACpE,CAAC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,sFAAsF;IACtF,oFAAoF;IACpF,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAErD,6BAA6B;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC5B,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -8,6 +8,7 @@ import { buildBwrapArgs } from './bwrapArgsBuilder.js';
|
|
|
8
8
|
import fs from 'node:fs';
|
|
9
9
|
import * as shellUtils from '../../utils/shell-utils.js';
|
|
10
10
|
import os from 'node:os';
|
|
11
|
+
import {} from '../../services/sandboxManager.js';
|
|
11
12
|
vi.mock('node:fs', async () => {
|
|
12
13
|
const actual = await vi.importActual('node:fs');
|
|
13
14
|
return {
|
|
@@ -53,6 +54,18 @@ vi.mock('../../utils/shell-utils.js', async (importOriginal) => {
|
|
|
53
54
|
});
|
|
54
55
|
describe.skipIf(os.platform() === 'win32')('buildBwrapArgs', () => {
|
|
55
56
|
const workspace = '/home/user/workspace';
|
|
57
|
+
const createResolvedPaths = (overrides = {}) => ({
|
|
58
|
+
workspace: {
|
|
59
|
+
original: workspace,
|
|
60
|
+
resolved: workspace,
|
|
61
|
+
},
|
|
62
|
+
forbidden: [],
|
|
63
|
+
globalIncludes: [],
|
|
64
|
+
policyAllowed: [],
|
|
65
|
+
policyRead: [],
|
|
66
|
+
policyWrite: [],
|
|
67
|
+
...overrides,
|
|
68
|
+
});
|
|
56
69
|
beforeEach(() => {
|
|
57
70
|
vi.clearAllMocks();
|
|
58
71
|
vi.mocked(fs.existsSync).mockReturnValue(true);
|
|
@@ -62,15 +75,11 @@ describe.skipIf(os.platform() === 'win32')('buildBwrapArgs', () => {
|
|
|
62
75
|
vi.restoreAllMocks();
|
|
63
76
|
});
|
|
64
77
|
const defaultOptions = {
|
|
65
|
-
|
|
78
|
+
resolvedPaths: createResolvedPaths(),
|
|
66
79
|
workspaceWrite: false,
|
|
67
80
|
networkAccess: false,
|
|
68
|
-
allowedPaths: [],
|
|
69
|
-
forbiddenPaths: [],
|
|
70
|
-
additionalPermissions: {},
|
|
71
|
-
includeDirectories: [],
|
|
72
81
|
maskFilePath: '/tmp/mask',
|
|
73
|
-
|
|
82
|
+
isReadOnlyCommand: false,
|
|
74
83
|
};
|
|
75
84
|
it('should correctly format the base arguments', async () => {
|
|
76
85
|
const args = await buildBwrapArgs(defaultOptions);
|
|
@@ -91,14 +100,14 @@ describe.skipIf(os.platform() === 'win32')('buildBwrapArgs', () => {
|
|
|
91
100
|
workspace,
|
|
92
101
|
workspace,
|
|
93
102
|
'--ro-bind',
|
|
103
|
+
`${workspace}/.git`,
|
|
104
|
+
`${workspace}/.git`,
|
|
105
|
+
'--ro-bind',
|
|
94
106
|
`${workspace}/.gitignore`,
|
|
95
107
|
`${workspace}/.gitignore`,
|
|
96
108
|
'--ro-bind',
|
|
97
109
|
`${workspace}/.geminiignore`,
|
|
98
110
|
`${workspace}/.geminiignore`,
|
|
99
|
-
'--ro-bind',
|
|
100
|
-
`${workspace}/.git`,
|
|
101
|
-
`${workspace}/.git`,
|
|
102
111
|
]);
|
|
103
112
|
});
|
|
104
113
|
it('binds workspace read-write when workspaceWrite is true', async () => {
|
|
@@ -120,35 +129,40 @@ describe.skipIf(os.platform() === 'win32')('buildBwrapArgs', () => {
|
|
|
120
129
|
it('maps explicit write permissions to --bind-try', async () => {
|
|
121
130
|
const args = await buildBwrapArgs({
|
|
122
131
|
...defaultOptions,
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
},
|
|
132
|
+
resolvedPaths: createResolvedPaths({
|
|
133
|
+
policyWrite: ['/home/user/workspace/out/dir'],
|
|
134
|
+
}),
|
|
126
135
|
});
|
|
127
136
|
const index = args.indexOf('--bind-try');
|
|
128
137
|
expect(index).not.toBe(-1);
|
|
129
138
|
expect(args[index + 1]).toBe('/home/user/workspace/out/dir');
|
|
130
139
|
});
|
|
131
140
|
it('should protect both the symlink and the real path of governance files', async () => {
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
141
|
+
const args = await buildBwrapArgs({
|
|
142
|
+
...defaultOptions,
|
|
143
|
+
resolvedPaths: createResolvedPaths({
|
|
144
|
+
workspace: {
|
|
145
|
+
original: workspace,
|
|
146
|
+
resolved: '/shared/global-workspace',
|
|
147
|
+
},
|
|
148
|
+
}),
|
|
136
149
|
});
|
|
137
|
-
const args = await buildBwrapArgs(defaultOptions);
|
|
138
150
|
expect(args).toContain('--ro-bind');
|
|
139
151
|
expect(args).toContain(`${workspace}/.gitignore`);
|
|
140
|
-
expect(args).toContain('/shared/global
|
|
152
|
+
expect(args).toContain('/shared/global-workspace/.gitignore');
|
|
141
153
|
});
|
|
142
|
-
it('should parameterize allowed paths
|
|
154
|
+
it('should parameterize allowed paths', async () => {
|
|
143
155
|
const args = await buildBwrapArgs({
|
|
144
156
|
...defaultOptions,
|
|
145
|
-
|
|
157
|
+
resolvedPaths: createResolvedPaths({
|
|
158
|
+
policyAllowed: ['/tmp/cache', '/opt/tools'],
|
|
159
|
+
}),
|
|
146
160
|
});
|
|
147
161
|
expect(args).toContain('--bind-try');
|
|
148
162
|
expect(args[args.indexOf('/tmp/cache') - 1]).toBe('--bind-try');
|
|
149
163
|
expect(args[args.indexOf('/opt/tools') - 1]).toBe('--bind-try');
|
|
150
164
|
});
|
|
151
|
-
it('should bind the parent directory of a non-existent path', async () => {
|
|
165
|
+
it('should bind the parent directory of a non-existent path with --bind-try when isReadOnlyCommand is false', async () => {
|
|
152
166
|
vi.mocked(fs.existsSync).mockImplementation((p) => {
|
|
153
167
|
if (p === '/home/user/workspace/new-file.txt')
|
|
154
168
|
return false;
|
|
@@ -156,14 +170,34 @@ describe.skipIf(os.platform() === 'win32')('buildBwrapArgs', () => {
|
|
|
156
170
|
});
|
|
157
171
|
const args = await buildBwrapArgs({
|
|
158
172
|
...defaultOptions,
|
|
159
|
-
|
|
160
|
-
|
|
173
|
+
isReadOnlyCommand: false,
|
|
174
|
+
resolvedPaths: createResolvedPaths({
|
|
175
|
+
policyAllowed: ['/home/user/workspace/new-file.txt'],
|
|
176
|
+
}),
|
|
161
177
|
});
|
|
162
178
|
const parentDir = '/home/user/workspace';
|
|
163
179
|
const bindIndex = args.lastIndexOf(parentDir);
|
|
164
180
|
expect(bindIndex).not.toBe(-1);
|
|
165
181
|
expect(args[bindIndex - 2]).toBe('--bind-try');
|
|
166
182
|
});
|
|
183
|
+
it('should bind the parent directory of a non-existent path with --ro-bind-try when isReadOnlyCommand is true', async () => {
|
|
184
|
+
vi.mocked(fs.existsSync).mockImplementation((p) => {
|
|
185
|
+
if (p === '/home/user/workspace/new-file.txt')
|
|
186
|
+
return false;
|
|
187
|
+
return true;
|
|
188
|
+
});
|
|
189
|
+
const args = await buildBwrapArgs({
|
|
190
|
+
...defaultOptions,
|
|
191
|
+
isReadOnlyCommand: true,
|
|
192
|
+
resolvedPaths: createResolvedPaths({
|
|
193
|
+
policyAllowed: ['/home/user/workspace/new-file.txt'],
|
|
194
|
+
}),
|
|
195
|
+
});
|
|
196
|
+
const parentDir = '/home/user/workspace';
|
|
197
|
+
const bindIndex = args.lastIndexOf(parentDir);
|
|
198
|
+
expect(bindIndex).not.toBe(-1);
|
|
199
|
+
expect(args[bindIndex - 2]).toBe('--ro-bind-try');
|
|
200
|
+
});
|
|
167
201
|
it('should parameterize forbidden paths and explicitly deny them', async () => {
|
|
168
202
|
vi.mocked(fs.statSync).mockImplementation((p) => {
|
|
169
203
|
if (p.toString().includes('cache')) {
|
|
@@ -173,7 +207,9 @@ describe.skipIf(os.platform() === 'win32')('buildBwrapArgs', () => {
|
|
|
173
207
|
});
|
|
174
208
|
const args = await buildBwrapArgs({
|
|
175
209
|
...defaultOptions,
|
|
176
|
-
|
|
210
|
+
resolvedPaths: createResolvedPaths({
|
|
211
|
+
forbidden: ['/tmp/cache', '/opt/secret.txt'],
|
|
212
|
+
}),
|
|
177
213
|
});
|
|
178
214
|
const cacheIndex = args.indexOf('/tmp/cache');
|
|
179
215
|
expect(args[cacheIndex - 1]).toBe('--tmpfs');
|
|
@@ -181,41 +217,37 @@ describe.skipIf(os.platform() === 'win32')('buildBwrapArgs', () => {
|
|
|
181
217
|
expect(args[secretIndex - 2]).toBe('--ro-bind');
|
|
182
218
|
expect(args[secretIndex - 1]).toBe('/dev/null');
|
|
183
219
|
});
|
|
184
|
-
it('
|
|
220
|
+
it('handles resolved forbidden paths', async () => {
|
|
185
221
|
vi.mocked(fs.statSync).mockImplementation(() => ({ isDirectory: () => false }));
|
|
186
|
-
vi.mocked(fs.realpathSync).mockImplementation((p) => {
|
|
187
|
-
if (p === '/tmp/forbidden-symlink')
|
|
188
|
-
return '/opt/real-target.txt';
|
|
189
|
-
return p.toString();
|
|
190
|
-
});
|
|
191
222
|
const args = await buildBwrapArgs({
|
|
192
223
|
...defaultOptions,
|
|
193
|
-
|
|
224
|
+
resolvedPaths: createResolvedPaths({
|
|
225
|
+
forbidden: ['/opt/real-target.txt'],
|
|
226
|
+
}),
|
|
194
227
|
});
|
|
195
228
|
const secretIndex = args.indexOf('/opt/real-target.txt');
|
|
196
229
|
expect(args[secretIndex - 2]).toBe('--ro-bind');
|
|
197
230
|
expect(args[secretIndex - 1]).toBe('/dev/null');
|
|
198
231
|
});
|
|
199
|
-
it('masks directory
|
|
232
|
+
it('masks directory paths with tmpfs', async () => {
|
|
200
233
|
vi.mocked(fs.statSync).mockImplementation(() => ({ isDirectory: () => true }));
|
|
201
|
-
vi.mocked(fs.realpathSync).mockImplementation((p) => {
|
|
202
|
-
if (p === '/tmp/dir-link')
|
|
203
|
-
return '/opt/real-dir';
|
|
204
|
-
return p.toString();
|
|
205
|
-
});
|
|
206
234
|
const args = await buildBwrapArgs({
|
|
207
235
|
...defaultOptions,
|
|
208
|
-
|
|
236
|
+
resolvedPaths: createResolvedPaths({
|
|
237
|
+
forbidden: ['/opt/real-dir'],
|
|
238
|
+
}),
|
|
209
239
|
});
|
|
210
240
|
const idx = args.indexOf('/opt/real-dir');
|
|
211
241
|
expect(args[idx - 1]).toBe('--tmpfs');
|
|
212
242
|
});
|
|
213
|
-
it('should
|
|
243
|
+
it('should apply forbidden paths after allowed paths', async () => {
|
|
214
244
|
vi.mocked(fs.statSync).mockImplementation(() => ({ isDirectory: () => true }));
|
|
215
245
|
const args = await buildBwrapArgs({
|
|
216
246
|
...defaultOptions,
|
|
217
|
-
|
|
218
|
-
|
|
247
|
+
resolvedPaths: createResolvedPaths({
|
|
248
|
+
policyAllowed: ['/tmp/conflict'],
|
|
249
|
+
forbidden: ['/tmp/conflict'],
|
|
250
|
+
}),
|
|
219
251
|
});
|
|
220
252
|
const bindIndex = args.findIndex((a, i) => a === '--bind-try' && args[i + 1] === '/tmp/conflict');
|
|
221
253
|
const tmpfsIndex = args.findIndex((a, i) => a === '--tmpfs' && args[i + 1] === '/tmp/conflict');
|
|
@@ -243,5 +275,76 @@ describe.skipIf(os.platform() === 'win32')('buildBwrapArgs', () => {
|
|
|
243
275
|
expect(args[envIndex - 2]).toBe('--bind');
|
|
244
276
|
expect(args[envIndex - 1]).toBe('/tmp/mask');
|
|
245
277
|
});
|
|
278
|
+
it('scans globalIncludes for secret files', async () => {
|
|
279
|
+
const includeDir = '/opt/tools';
|
|
280
|
+
vi.mocked(shellUtils.spawnAsync).mockImplementation((cmd, args) => {
|
|
281
|
+
if (cmd === 'find' && args?.[0] === includeDir) {
|
|
282
|
+
return Promise.resolve({
|
|
283
|
+
status: 0,
|
|
284
|
+
stdout: Buffer.from(`${includeDir}/.env\0`),
|
|
285
|
+
});
|
|
286
|
+
}
|
|
287
|
+
return Promise.resolve({
|
|
288
|
+
status: 0,
|
|
289
|
+
stdout: Buffer.from(''),
|
|
290
|
+
});
|
|
291
|
+
});
|
|
292
|
+
const args = await buildBwrapArgs({
|
|
293
|
+
...defaultOptions,
|
|
294
|
+
resolvedPaths: createResolvedPaths({
|
|
295
|
+
globalIncludes: [includeDir],
|
|
296
|
+
}),
|
|
297
|
+
});
|
|
298
|
+
expect(args).toContain(`${includeDir}/.env`);
|
|
299
|
+
const envIndex = args.indexOf(`${includeDir}/.env`);
|
|
300
|
+
expect(args[envIndex - 2]).toBe('--bind');
|
|
301
|
+
});
|
|
302
|
+
it('binds git worktree directories if present', async () => {
|
|
303
|
+
const worktreeGitDir = '/path/to/worktree/.git';
|
|
304
|
+
const mainGitDir = '/path/to/main/.git';
|
|
305
|
+
const args = await buildBwrapArgs({
|
|
306
|
+
...defaultOptions,
|
|
307
|
+
resolvedPaths: createResolvedPaths({
|
|
308
|
+
gitWorktree: {
|
|
309
|
+
worktreeGitDir,
|
|
310
|
+
mainGitDir,
|
|
311
|
+
},
|
|
312
|
+
}),
|
|
313
|
+
});
|
|
314
|
+
expect(args).toContain(worktreeGitDir);
|
|
315
|
+
expect(args).toContain(mainGitDir);
|
|
316
|
+
expect(args[args.indexOf(worktreeGitDir) - 1]).toBe('--ro-bind-try');
|
|
317
|
+
expect(args[args.indexOf(mainGitDir) - 1]).toBe('--ro-bind-try');
|
|
318
|
+
});
|
|
319
|
+
it('enforces read-only binding for git worktrees even if workspaceWrite is true', async () => {
|
|
320
|
+
const worktreeGitDir = '/path/to/worktree/.git';
|
|
321
|
+
const args = await buildBwrapArgs({
|
|
322
|
+
...defaultOptions,
|
|
323
|
+
workspaceWrite: true,
|
|
324
|
+
resolvedPaths: createResolvedPaths({
|
|
325
|
+
gitWorktree: {
|
|
326
|
+
worktreeGitDir,
|
|
327
|
+
},
|
|
328
|
+
}),
|
|
329
|
+
});
|
|
330
|
+
expect(args[args.indexOf(worktreeGitDir) - 1]).toBe('--ro-bind-try');
|
|
331
|
+
});
|
|
332
|
+
it('git worktree read-only bindings should override previous policyWrite bindings', async () => {
|
|
333
|
+
const worktreeGitDir = '/custom/worktree/.git';
|
|
334
|
+
const args = await buildBwrapArgs({
|
|
335
|
+
...defaultOptions,
|
|
336
|
+
resolvedPaths: createResolvedPaths({
|
|
337
|
+
policyWrite: ['/custom/worktree'],
|
|
338
|
+
gitWorktree: {
|
|
339
|
+
worktreeGitDir,
|
|
340
|
+
},
|
|
341
|
+
}),
|
|
342
|
+
});
|
|
343
|
+
const writeBindIndex = args.indexOf('/custom/worktree');
|
|
344
|
+
const worktreeBindIndex = args.lastIndexOf(worktreeGitDir);
|
|
345
|
+
expect(writeBindIndex).toBeGreaterThan(-1);
|
|
346
|
+
expect(worktreeBindIndex).toBeGreaterThan(-1);
|
|
347
|
+
expect(worktreeBindIndex).toBeGreaterThan(writeBindIndex);
|
|
348
|
+
});
|
|
246
349
|
});
|
|
247
350
|
//# sourceMappingURL=bwrapArgsBuilder.test.js.map
|