@neurosec/sentry 1.0.20 → 1.1.0

package/dist/redirect/platform-redirect.js

@@ -0,0 +1,229 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PlatformRedirect = void 0;
+const child_process_1 = require("child_process");
+const os_1 = __importDefault(require("os"));
+const logger_1 = require("../logger");
+/**
+ * Platform-specific traffic redirect: divert outbound port-443 from agent
+ * processes to the local Sentry HTTPS proxy.
+ *
+ * Fixes vs prior implementation:
+ *   - Linux (S-C13): no longer excludes root via `--uid-owner 0`. Many
+ *     containerized agents run as root; excluding them silently bypassed
+ *     enforcement. The new rule scopes by destination port + a marked
+ *     packet match (when available) so root agents are captured but the
+ *     Sentry daemon's own outbound calls are not (matched by setting a
+ *     marker UID/GID when daemon socket() runs is out of scope; we instead
+ *     skip traffic whose dest IP IS the proxy itself).
+ *   - macOS (S-C14): previous rule used `on lo0` (loopback) which sees no
+ *     outbound LAN traffic. New rule binds to the primary egress interface
+ *     resolved at install time via `route -n get default`. Falls back to
+ *     `pfctl -E` so the redirect anchor stays attached if pf is disabled.
+ *   - All execs use execFileSync with array args — no shell interpolation.
+ */
+class PlatformRedirect {
+    constructor(config) {
+        /** Records the exact rule arguments we installed so removeRedirect can undo them. */
+        this.installedRules = [];
+        this.config = config;
+        this.platform = os_1.default.platform();
+    }
+    async installRedirect() {
+        try {
+            switch (this.platform) {
+                case 'linux': return await this.installLinuxRedirect();
+                case 'darwin': return await this.installMacOSRedirect();
+                case 'win32': return await this.installWindowsRedirect();
+                default:
+                    logger_1.logger.warn('No redirect support for platform', { platform: this.platform });
+                    return false;
+            }
+        }
+        catch (err) {
+            logger_1.logger.error('Failed to install traffic redirect', {
+                platform: this.platform,
+                err: err.message,
+            });
+            return false;
+        }
+    }
+    async removeRedirect() {
+        try {
+            switch (this.platform) {
+                case 'linux': return await this.removeLinuxRedirect();
+                case 'darwin': return await this.removeMacOSRedirect();
+                case 'win32': return await this.removeWindowsRedirect();
+                default: return false;
+            }
+        }
+        catch (err) {
+            logger_1.logger.error('Failed to remove traffic redirect', {
+                platform: this.platform,
+                err: err.message,
+            });
+            return false;
+        }
+    }
+    /** Internal: visible for tests so we can snapshot the exact rule shape. */
+    _getInstalledRules() {
+        return [...this.installedRules];
+    }
+    // ── Linux ────────────────────────────────────────────────────────────────
+    async installLinuxRedirect() {
+        const iptables = this.resolveBin('iptables');
+        if (!iptables) {
+            logger_1.logger.warn('iptables not available; Linux redirect not installed');
+            return false;
+        }
+        const proxyPort = this.config.port;
+        // (S-C13) Redirect ALL outbound port-443 (regardless of UID) EXCEPT when
+        // destined for the proxy itself (avoids loops with the daemon's own
+        // upstream calls). We don't exclude root: containerized agents commonly
+        // run as root and were previously silently bypassed.
+        const args = [
+            '-t', 'nat',
+            '-A', 'OUTPUT',
+            '-p', 'tcp',
+            '--dport', '443',
+            '-m', 'addrtype', '!', '--dst-type', 'LOCAL',
+            '-j', 'REDIRECT',
+            '--to-port', String(proxyPort),
+        ];
+        try {
+            (0, child_process_1.execFileSync)(iptables, args, { timeout: 5000, stdio: 'ignore' });
+            this.installedRules.push({ kind: 'iptables', args });
+            logger_1.logger.info('Linux iptables redirect installed', { proxyPort, args });
+            return true;
+        }
+        catch (err) {
+            logger_1.logger.warn('iptables rule install failed (non-root?)', { err: err.message });
+            return false;
+        }
+    }
+    async removeLinuxRedirect() {
+        const iptables = this.resolveBin('iptables');
+        if (!iptables)
+            return false;
+        for (const rule of this.installedRules) {
+            if (rule.kind !== 'iptables')
+                continue;
+            const deleteArgs = rule.args.map((a) => (a === '-A' ? '-D' : a));
+            try {
+                (0, child_process_1.execFileSync)(iptables, deleteArgs, { timeout: 5000, stdio: 'ignore' });
+            }
+            catch { /* best effort */ }
+        }
+        this.installedRules = this.installedRules.filter((r) => r.kind !== 'iptables');
+        return true;
+    }
+    // ── macOS ────────────────────────────────────────────────────────────────
+    async installMacOSRedirect() {
+        const pfctl = this.resolveBin('pfctl');
+        if (!pfctl) {
+            logger_1.logger.warn('pfctl not available; macOS redirect not installed');
+            return false;
+        }
+        // (S-C14) Resolve the actual egress interface so we don't bind to lo0.
+        const iface = this.resolveDefaultInterface();
+        if (!iface) {
+            logger_1.logger.warn('Could not resolve default egress interface for pf redirect');
+            return false;
+        }
+        const proxyPort = this.config.port;
+        // We do NOT shell out via `bash -c "echo ... > file"` (S-C2 family).
+        // Use Node fs to write the anchor file directly.
+        const fs = require('fs');
+        const path = require('path');
+        const anchorPath = '/etc/neuroshield/pf-anchor.conf';
+        const rules = `# NeuroShield Sentry — redirect outbound 443 on ${iface} to local proxy\n` +
+            `rdr pass on ${iface} inet proto tcp from any to any port 443 -> 127.0.0.1 port ${proxyPort}\n`;
+        try {
+            fs.mkdirSync(path.dirname(anchorPath), { recursive: true });
+            fs.writeFileSync(anchorPath, rules, 'utf8');
+        }
+        catch (err) {
+            logger_1.logger.warn('Could not write pf anchor file (needs root)', {
+                anchorPath,
+                err: err.message,
+            });
+            return false;
+        }
+        try {
+            (0, child_process_1.execFileSync)(pfctl, ['-a', 'com.neuroshield/sentry', '-f', anchorPath], { timeout: 5000, stdio: 'ignore' });
+            (0, child_process_1.execFileSync)(pfctl, ['-E'], { timeout: 5000, stdio: 'ignore' });
+            this.installedRules.push({ kind: 'pf', args: ['-a', 'com.neuroshield/sentry', '-f', anchorPath] });
+            logger_1.logger.info('macOS pf redirect installed', { iface, proxyPort, anchorPath });
+            return true;
+        }
+        catch (err) {
+            logger_1.logger.warn('macOS pf redirect install failed (needs root)', { err: err.message });
+            return false;
+        }
+    }
+    async removeMacOSRedirect() {
+        const pfctl = this.resolveBin('pfctl');
+        if (!pfctl)
+            return false;
+        try {
+            (0, child_process_1.execFileSync)(pfctl, ['-a', 'com.neuroshield/sentry', '-F', 'all'], { timeout: 5000, stdio: 'ignore' });
+        }
+        catch { /* best effort */ }
+        this.installedRules = this.installedRules.filter((r) => r.kind !== 'pf');
+        return true;
+    }
+    resolveDefaultInterface() {
+        try {
+            const out = (0, child_process_1.execFileSync)('route', ['-n', 'get', 'default'], { timeout: 2000, encoding: 'utf8' });
+            const match = out.match(/interface:\s*(\S+)/);
+            return match ? match[1] : null;
+        }
+        catch {
+            return null;
+        }
+    }
+    // ── Windows ──────────────────────────────────────────────────────────────
+    async installWindowsRedirect() {
+        const netsh = this.resolveBin('netsh.exe') ?? 'netsh.exe';
+        try {
+            const proxyAddr = `127.0.0.1:${this.config.port}`;
+            (0, child_process_1.execFileSync)(netsh, ['winhttp', 'set', 'proxy', proxyAddr], { timeout: 5000, stdio: 'ignore' });
+            this.installedRules.push({ kind: 'winhttp', args: ['winhttp', 'set', 'proxy', proxyAddr] });
+            logger_1.logger.info('Windows WinHTTP proxy configured', { proxy: proxyAddr });
+            return true;
+        }
+        catch (err) {
+            logger_1.logger.warn('Windows WinHTTP proxy config failed', { err: err.message });
+            return false;
+        }
+    }
+    async removeWindowsRedirect() {
+        const netsh = this.resolveBin('netsh.exe') ?? 'netsh.exe';
+        try {
+            (0, child_process_1.execFileSync)(netsh, ['winhttp', 'reset', 'proxy'], { timeout: 5000, stdio: 'ignore' });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    // ── shared ───────────────────────────────────────────────────────────────
+    resolveBin(name) {
+        for (const dir of ['/usr/sbin', '/sbin', '/usr/local/sbin', '/usr/bin', '/bin', 'C:\\Windows\\System32']) {
+            const candidate = dir + (dir.includes('\\') ? '\\' : '/') + name;
+            try {
+                (0, child_process_1.execFileSync)(candidate, ['--version'], { stdio: 'ignore', timeout: 2000 });
+                return candidate;
+            }
+            catch {
+                continue;
+            }
+        }
+        return null;
+    }
+}
+exports.PlatformRedirect = PlatformRedirect;
+//# sourceMappingURL=platform-redirect.js.map

package/dist/redirect/platform-redirect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform-redirect.js","sourceRoot":"","sources":["../../src/redirect/platform-redirect.ts"],"names":[],"mappings":";;;;;;AAAA,iDAA6C;AAC7C,4CAAoB;AAEpB,sCAAmC;AAInC;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAa,gBAAgB;IAM3B,YAAY,MAAmB;QAH/B,qFAAqF;QAC7E,mBAAc,GAAmE,EAAE,CAAC;QAG1F,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,YAAE,CAAC,QAAQ,EAAc,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC;YACH,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACtB,KAAK,OAAO,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBACvD,KAAK,QAAQ,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBACxD,KAAK,OAAO,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBACzD;oBACE,eAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;oBAC7E,OAAO,KAAK,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE;gBACjD,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,GAAG,EAAG,GAAa,CAAC,OAAO;aAC5B,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC;YACH,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACtB,KAAK,OAAO,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACtD,KAAK,QAAQ,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACvD,KAAK,OAAO,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBACxD,OAAO,CAAC,CAAC,OAAO,KAAK,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;gBAChD,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,GAAG,EAAG,GAAa,CAAC,OAAO;aAC5B,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,kBAAkB;QAChB,OAAO,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;IAED,4EAA4E;IACpE,KAAK,CAAC,oBAAoB;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,eAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;YACpE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;QACnC,yEAAyE;QACzE,oEAAoE;QACpE,wEAAwE;QACxE,qDAAqD;QACrD,MAAM,IAAI,GAAG;YACX,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,KAAK;YACX,SAAS,EAAE,KAAK;YAChB,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,YAAY,EAAE,OAAO;YAC5C,IAAI,EAAE,UAAU;YAChB,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC;SAC/B,CAAC;QACF,IAAI,CAAC;YACH,IAAA,4BAAY,EAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YACjE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YACrD,eAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACzF,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,mBAAmB;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;gBAAE,SAAS;YACvC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACjE,IAAI,CAAC;gBAAC,IAAA,4BAAY,EAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAAC,CAAC;YAC/E,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;QAC/E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4EAA4E;IACpE,KAAK,CAAC,oBAAoB;QAChC,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,eAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YACjE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,uEAAuE;QACvE,MAAM,KAAK,GAAG,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,eAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;YAC1E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;QACnC,qEAAqE;QACrE,iDAAiD;QACjD,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,MAAM,UAAU,GAAG,iCAAiC,CAAC;QACrD,MAAM,KAAK,GACT,mDAAmD,KAAK,mBAAmB;YAC3E,eAAe,KAAK,8DAA8D,SAAS,IAAI,CAAC;QAElG,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5D,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE;gBACzD,UAAU;gBACV,GAAG,EAAG,GAAa,CAAC,OAAO;aAC5B,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC5G,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAChE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;YACnG,eAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;YAC7E,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9F,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,mBAAmB;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QACzB,IAAI,CAAC;YAAC,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAAC,CAAC;QAC/G,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAC3B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,uBAAuB;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;YACjG,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAC9C,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,4EAA4E;IACpE,KAAK,CAAC,sBAAsB;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,aAAa,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAClD,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAChG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;YAC5F,eAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACpF,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC;QAC1D,IAAI,CAAC;YAAC,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAAC,OAAO,IAAI,CAAC;QAAC,CAAC;QAC5G,MAAM,CAAC;YAAC,OAAO,KAAK,CAAC;QAAC,CAAC;IACzB,CAAC;IAED,4EAA4E;IACpE,UAAU,CAAC,IAAY;QAC7B,KAAK,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,EAAE,uBAAuB,CAAC,EAAE,CAAC;YACzG,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;YACjE,IAAI,CAAC;gBACH,IAAA,4BAAY,EAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC3E,OAAO,SAAS,CAAC;YACnB,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AArMD,4CAqMC"}

package/dist/redirect/platform-redirect.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=platform-redirect.test.d.ts.map

package/dist/redirect/platform-redirect.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform-redirect.test.d.ts","sourceRoot":"","sources":["../../src/redirect/platform-redirect.test.ts"],"names":[],"mappings":""}

package/dist/redirect/platform-redirect.test.js

@@ -0,0 +1,76 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Snapshot-style tests for the redirect rule arguments. We can't actually
+ * exec iptables / pfctl in a unit test (would require root and a real
+ * netfilter / pf), so we assert the SHAPE of the arguments — the audit
+ * findings (S-C13: excludes-root, S-C14: lo0-only) are encoded as regressions
+ * we'd see in the arg arrays.
+ */
+const vitest_1 = require("vitest");
+const os_1 = __importDefault(require("os"));
+const platform_redirect_1 = require("./platform-redirect");
+function proxyConfig(port = 9081) {
+    return {
+        enabled: true, port, bindAddress: '127.0.0.1',
+        upstreamTimeoutMs: 0, maxBufferSizeMb: 0,
+        interceptHttps: false, certPath: '', keyPath: '',
+        allowedProviders: ['*'], blockLocalModels: false,
+    };
+}
+(0, vitest_1.describe)('PlatformRedirect rule shapes (S-C13 / S-C14)', () => {
+    (0, vitest_1.it)('Linux rule does NOT exclude root', async () => {
+        if (os_1.default.platform() !== 'linux')
+            return;
+        const r = new platform_redirect_1.PlatformRedirect(proxyConfig());
+        await r.installRedirect().catch(() => undefined);
+        const rules = r._getInstalledRules();
+        // We may not have iptables to install; assert only when at least one tried.
+        for (const rule of rules) {
+            const arg = rule.args.join(' ');
+            (0, vitest_1.expect)(arg).not.toMatch(/--uid-owner\s+0/);
+            (0, vitest_1.expect)(arg).not.toMatch(/!\s*--uid-owner\s+0/);
+        }
+    });
+    (0, vitest_1.it)('Linux rule destination match excludes local addresses (avoid daemon loop)', () => {
+        // We can inspect the SHAPE by calling install and then checking what was
+        // recorded. On non-Linux we simply assert that the install path doesn't
+        // throw uncaught errors.
+        const r = new platform_redirect_1.PlatformRedirect(proxyConfig());
+        (0, vitest_1.expect)(() => r.installRedirect().catch(() => undefined)).not.toThrow();
+    });
+    (0, vitest_1.it)('macOS does not bind to lo0 (S-C14)', async () => {
+        if (os_1.default.platform() !== 'darwin')
+            return;
+        const r = new platform_redirect_1.PlatformRedirect(proxyConfig());
+        await r.installRedirect().catch(() => undefined);
+        const rules = r._getInstalledRules();
+        for (const rule of rules) {
+            if (rule.kind !== 'pf')
+                continue;
+            // The anchor file path may include any interface; the resolved interface
+            // would be a real outbound iface (en0, en1, etc.) — NEVER lo0.
+            const anchorPath = rule.args[rule.args.indexOf('-f') + 1];
+            if (anchorPath) {
+                try {
+                    const content = require('fs').readFileSync(anchorPath, 'utf8');
+                    (0, vitest_1.expect)(content).not.toContain('on lo0 ');
+                }
+                catch {
+                    // file may not exist if we lacked permission to write it
+                }
+            }
+        }
+    });
+    (0, vitest_1.it)('removeRedirect drops the matching rule from the installed list', async () => {
+        const r = new platform_redirect_1.PlatformRedirect(proxyConfig());
+        await r.installRedirect().catch(() => undefined);
+        await r.removeRedirect().catch(() => undefined);
+        // After remove, no rules should remain in the installedRules list
+        (0, vitest_1.expect)(r._getInstalledRules()).toHaveLength(0);
+    });
+});
+//# sourceMappingURL=platform-redirect.test.js.map

package/dist/redirect/platform-redirect.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform-redirect.test.js","sourceRoot":"","sources":["../../src/redirect/platform-redirect.test.ts"],"names":[],"mappings":";;;;;AAAA;;;;;;GAMG;AACH,mCAA8C;AAC9C,4CAAoB;AACpB,2DAAuD;AAGvD,SAAS,WAAW,CAAC,IAAI,GAAG,IAAI;IAC9B,OAAO;QACL,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW;QAC7C,iBAAiB,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC;QACxC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE;QAChD,gBAAgB,EAAE,CAAC,GAAG,CAAC,EAAE,gBAAgB,EAAE,KAAK;KACjD,CAAC;AACJ,CAAC;AAED,IAAA,iBAAQ,EAAC,8CAA8C,EAAE,GAAG,EAAE;IAC5D,IAAA,WAAE,EAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,IAAI,YAAE,CAAC,QAAQ,EAAE,KAAK,OAAO;YAAE,OAAO;QACtC,MAAM,CAAC,GAAG,IAAI,oCAAgB,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9C,MAAM,CAAC,CAAC,eAAe,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,CAAC,CAAC,kBAAkB,EAAE,CAAC;QACrC,4EAA4E;QAC5E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChC,IAAA,eAAM,EAAC,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;YAC3C,IAAA,eAAM,EAAC,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2EAA2E,EAAE,GAAG,EAAE;QACnF,yEAAyE;QACzE,wEAAwE;QACxE,yBAAyB;QACzB,MAAM,CAAC,GAAG,IAAI,oCAAgB,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9C,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,IAAI,YAAE,CAAC,QAAQ,EAAE,KAAK,QAAQ;YAAE,OAAO;QACvC,MAAM,CAAC,GAAG,IAAI,oCAAgB,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9C,MAAM,CAAC,CAAC,eAAe,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,CAAC,CAAC,kBAAkB,EAAE,CAAC;QACrC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACjC,yEAAyE;YACzE,+DAA+D;YAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1D,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;oBAC/D,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBAC3C,CAAC;gBAAC,MAAM,CAAC;oBACP,yDAAyD;gBAC3D,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,CAAC,GAAG,IAAI,oCAAgB,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9C,MAAM,CAAC,CAAC,eAAe,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,CAAC,cAAc,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAChD,kEAAkE;QAClE,IAAA,eAAM,EAAC,CAAC,CAAC,kBAAkB,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/sandbox/index.d.ts

@@ -1,13 +1,34 @@
 import { TaggedProcess, SandboxProfile } from '../types';
 import { SentryConfig } from '../config';
+/**
+ * Structured result returned by every sandbox backend.
+ *
+ * Honesty contract (replaces the prior boolean return that let backends claim
+ * success without applying anything):
+ *   - `applied` MUST be true only if the kernel actually enforces at least one
+ *     restriction listed in `features`.
+ *   - `features` enumerates what was actually enforced (e.g. ['cgroup_cpu',
+ *     'cgroup_memory']). Empty array + applied=true is a bug.
+ *   - `reason` describes WHY enforcement was partial / not applied — surfaced
+ *     to telemetry so operators see degraded protection in the dashboard
+ *     instead of a false "sandboxed" badge.
+ *
+ * Backends that cannot enforce on a running PID (macOS, fork-time-only Linux
+ * primitives) MUST return applied=false with a clear reason.
+ */
+export interface SandboxResult {
+    applied: boolean;
+    features: string[];
+    reason?: string;
+}
 export interface SandboxBackend {
-    applySandbox(pid: number, profile: SandboxProfile, defaults: SentryConfig['sandboxDefaults']): Promise<boolean>;
+    applySandbox(pid: number, profile: SandboxProfile, defaults: SentryConfig['sandboxDefaults']): Promise<SandboxResult>;
     removeSandbox(pid: number): Promise<boolean>;
     isSandboxed(pid: number): Promise<boolean>;
     getSandboxStats(pid: number): Promise<Record<string, string | number> | null>;
 }
 export declare function getProfileForFramework(frameworkId: string): SandboxProfile | null;
-export declare function applySandbox(process: TaggedProcess, config: SentryConfig): Promise<boolean>;
+export declare function applySandbox(process: TaggedProcess, config: SentryConfig): Promise<SandboxResult>;
 export declare function removeSandbox(pid: number): Promise<boolean>;
 export declare function isSandboxed(pid: number): Promise<boolean>;
 export declare function getSandboxStats(pid: number): Promise<Record<string, string | number> | null>;

package/dist/sandbox/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,cAAc,EAA0B,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAKzC,MAAM,WAAW,cAAc;IAC7B,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAChH,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3C,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;CAC/E;AAyBD,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAYjF;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,CAuBjG;AAED,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAQjE;AAED,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAE/D;AAED,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,CAElG"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,cAAc,EAA0B,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAMzC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACtH,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3C,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;CAC/E;AA2BD,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAYjF;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC,CAoCvG;AAED,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAQjE;AAED,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAE/D;AAED,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,CAElG"}

package/dist/sandbox/index.js

@@ -13,6 +13,7 @@ const types_1 = require("../types");
 const logger_1 = require("../logger");
 const linux_sandbox_1 = require("./linux-sandbox");
 const macos_sandbox_1 = require("./macos-sandbox");
+const windows_sandbox_1 = require("./windows-sandbox");
 let backend = null;
 function getBackend() {
     if (backend)
@@ -24,10 +25,13 @@ function getBackend() {
     else if (platform === 'darwin') {
         backend = new macos_sandbox_1.MacOSSandbox();
     }
+    else if (platform === 'win32') {
+        backend = new windows_sandbox_1.WindowsSandbox();
+    }
     else {
         logger_1.logger.warn('No sandbox backend for platform, using no-op', { platform });
         backend = {
-            applySandbox: async () => false,
+            applySandbox: async () => ({ applied: false, features: [], reason: `platform ${platform} is not supported` }),
             removeSandbox: async () => false,
             isSandboxed: async () => false,
             getSandboxStats: async () => null,
@@ -49,27 +53,40 @@ function getProfileForFramework(frameworkId) {
     return null;
 }
 async function applySandbox(process, config) {
+    // Unknown agents now fall through to default-restrictive so they get
+    // SOMETHING applied rather than nothing (S-C15).
     const profileName = process.sandboxProfileName ?? 'default-restrictive';
     const profile = types_1.AGENT_SANDBOX_PROFILES.find(p => p.name === profileName)
-        ?? getProfileForFramework('unknown');
+        ?? types_1.AGENT_SANDBOX_PROFILES.find(p => p.name === 'default-restrictive')
+        ?? null;
     if (!profile) {
         logger_1.logger.warn('No sandbox profile available for process', { pid: process.pid, framework: process.frameworkId });
-        return false;
+        return { applied: false, features: [], reason: 'no profile available' };
     }
     const bk = getBackend();
     try {
         const result = await bk.applySandbox(process.pid, profile, config.sandboxDefaults);
-        if (result) {
-            logger_1.logger.info('Sandbox applied', { pid: process.pid, framework: process.frameworkId, profile: profile.name });
+        if (result.applied) {
+            logger_1.logger.info('Sandbox applied', {
+                pid: process.pid,
+                framework: process.frameworkId,
+                profile: profile.name,
+                features: result.features,
+            });
         }
         else {
-            logger_1.logger.warn('Sandbox application returned false', { pid: process.pid, framework: process.frameworkId });
+            logger_1.logger.warn('Sandbox NOT applied — telemetry will report unprotected', {
+                pid: process.pid,
+                framework: process.frameworkId,
+                profile: profile.name,
+                reason: result.reason,
+            });
         }
         return result;
     }
     catch (err) {
         logger_1.logger.error('Failed to apply sandbox', { pid: process.pid, framework: process.frameworkId, err: err.message });
-        return false;
+        return { applied: false, features: [], reason: err.message };
     }
 }
 async function removeSandbox(pid) {

package/dist/sandbox/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":";;;;;AAqCA,wDAYC;AAED,oCAuBC;AAED,sCAQC;AAED,kCAEC;AAED,0CAEC;AA5FD,4CAAoB;AACpB,oCAAiF;AAEjF,sCAAmC;AACnC,mDAA+C;AAC/C,mDAA+C;AAS/C,IAAI,OAAO,GAA0B,IAAI,CAAC;AAE1C,SAAS,UAAU;IACjB,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,QAAQ,GAAG,YAAE,CAAC,QAAQ,EAAE,CAAC;IAC/B,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,GAAG,IAAI,4BAAY,EAAE,CAAC;IAC/B,CAAC;SAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,GAAG,IAAI,4BAAY,EAAE,CAAC;IAC/B,CAAC;SAAM,CAAC;QACN,eAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1E,OAAO,GAAG;YACR,YAAY,EAAE,KAAK,IAAI,EAAE,CAAC,KAAK;YAC/B,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC,KAAK;YAChC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,KAAK;YAC9B,eAAe,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;SAClC,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,sBAAsB,CAAC,WAAmB;IACxD,KAAK,MAAM,OAAO,IAAI,8BAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IACD,KAAK,MAAM,OAAO,IAAI,8BAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;YAC3C,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,YAAY,CAAC,OAAsB,EAAE,MAAoB;IAC7E,MAAM,WAAW,GAAG,OAAO,CAAC,kBAAkB,IAAI,qBAAqB,CAAC;IACxE,MAAM,OAAO,GAAG,8BAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC;WACnE,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAEvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9G,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;QACnF,IAAI,MAAM,EAAE,CAAC;YACX,eAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,eAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1G,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3H,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,aAAa,CAAC,GAAW;IAC7C,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,GAAG,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/E,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,GAAW;IAC3C,OAAO,UAAU,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;AACvC,CAAC;AAEM,KAAK,UAAU,eAAe,CAAC,GAAW;IAC/C,OAAO,UAAU,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":";;;;;AA8DA,wDAYC;AAED,oCAoCC;AAED,sCAQC;AAED,kCAEC;AAED,0CAEC;AAlID,4CAAoB;AACpB,oCAAiF;AAEjF,sCAAmC;AACnC,mDAA+C;AAC/C,mDAA+C;AAC/C,uDAAmD;AA+BnD,IAAI,OAAO,GAA0B,IAAI,CAAC;AAE1C,SAAS,UAAU;IACjB,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,QAAQ,GAAG,YAAE,CAAC,QAAQ,EAAE,CAAC;IAC/B,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,GAAG,IAAI,4BAAY,EAAE,CAAC;IAC/B,CAAC;SAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,GAAG,IAAI,4BAAY,EAAE,CAAC;IAC/B,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,OAAO,GAAG,IAAI,gCAAc,EAAE,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,eAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1E,OAAO,GAAG;YACR,YAAY,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,YAAY,QAAQ,mBAAmB,EAAE,CAAC;YAC7G,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC,KAAK;YAChC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,KAAK;YAC9B,eAAe,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;SAClC,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,sBAAsB,CAAC,WAAmB;IACxD,KAAK,MAAM,OAAO,IAAI,8BAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IACD,KAAK,MAAM,OAAO,IAAI,8BAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;YAC3C,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,YAAY,CAAC,OAAsB,EAAE,MAAoB;IAC7E,qEAAqE;IACrE,iDAAiD;IACjD,MAAM,WAAW,GAAG,OAAO,CAAC,kBAAkB,IAAI,qBAAqB,CAAC;IACxE,MAAM,OAAO,GAAG,8BAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC;WACnE,8BAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC;WAClE,IAAI,CAAC;IAEV,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9G,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAC1E,CAAC;IAED,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;QACnF,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,eAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBAC7B,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,SAAS,EAAE,OAAO,CAAC,WAAW;gBAC9B,OAAO,EAAE,OAAO,CAAC,IAAI;gBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC1B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,eAAM,CAAC,IAAI,CAAC,yDAAyD,EAAE;gBACrE,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,SAAS,EAAE,OAAO,CAAC,WAAW;gBAC9B,OAAO,EAAE,OAAO,CAAC,IAAI;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3H,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IAC1E,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,aAAa,CAAC,GAAW;IAC7C,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,GAAG,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/E,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,GAAW;IAC3C,OAAO,UAAU,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;AACvC,CAAC;AAEM,KAAK,UAAU,eAAe,CAAC,GAAW;IAC/C,OAAO,UAAU,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC"}

package/dist/sandbox/linux-sandbox.d.ts

@@ -1,14 +1,25 @@
 import { SandboxProfile } from '../types';
-import { SandboxBackend } from './index';
+import { SandboxBackend, SandboxResult } from './index';
 export declare class LinuxSandbox implements SandboxBackend {
     private cgroupV2;
     constructor();
     private detectCgroupVersion;
+    /**
+     * Apply available cgroups limits to an existing PID. Linux kernel primitives
+     * for syscall filtering (seccomp), filesystem access (Landlock), and
+     * capability dropping all REQUIRE fork-time application — they cannot be
+     * retroactively applied to a running process. We report this honestly via
+     * the `features` array so telemetry doesn't claim coverage we don't have.
+     *
+     * For full per-process restrictions, deploy the agent through Sentry's
+     * launcher wrapper (planned), which forks → applies seccomp/Landlock/caps
+     * → exec()s the agent binary.
+     */
     applySandbox(pid: number, profile: SandboxProfile, defaults: {
         cpuMax: string;
         memoryMax: string;
         pidMax: number;
-    }): Promise<boolean>;
+    }): Promise<SandboxResult>;
     private applyCgroupV2;
     private applyCgroupV1;
     private addPidToCgroup;

package/dist/sandbox/linux-sandbox.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"linux-sandbox.d.ts","sourceRoot":"","sources":["../../src/sandbox/linux-sandbox.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAMzC,qBAAa,YAAa,YAAW,cAAc;IACjD,OAAO,CAAC,QAAQ,CAAU;;IAM1B,OAAO,CAAC,mBAAmB;IAYrB,YAAY,CAChB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,cAAc,EACvB,QAAQ,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,GAC9D,OAAO,CAAC,OAAO,CAAC;YAuBL,aAAa;YA2Bb,aAAa;YA+Bb,cAAc;IActB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAuB5C,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAS1C,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC;IA2BnF,OAAO,CAAC,gBAAgB;IAexB,OAAO,CAAC,aAAa;CAKtB"}
+{"version":3,"file":"linux-sandbox.d.ts","sourceRoot":"","sources":["../../src/sandbox/linux-sandbox.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAMxD,qBAAa,YAAa,YAAW,cAAc;IACjD,OAAO,CAAC,QAAQ,CAAU;;IAM1B,OAAO,CAAC,mBAAmB;IAY3B;;;;;;;;;;OAUG;IACG,YAAY,CAChB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,cAAc,EACvB,QAAQ,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,GAC9D,OAAO,CAAC,aAAa,CAAC;YAyCX,aAAa;YA8Bb,aAAa;YA+Bb,cAAc;IActB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAuB5C,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAS1C,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC;IA2BnF,OAAO,CAAC,gBAAgB;IAexB,OAAO,CAAC,aAAa;CAKtB"}

package/dist/sandbox/linux-sandbox.js

@@ -26,68 +26,102 @@ class LinuxSandbox {
             return false;
         }
     }
+    /**
+     * Apply available cgroups limits to an existing PID. Linux kernel primitives
+     * for syscall filtering (seccomp), filesystem access (Landlock), and
+     * capability dropping all REQUIRE fork-time application — they cannot be
+     * retroactively applied to a running process. We report this honestly via
+     * the `features` array so telemetry doesn't claim coverage we don't have.
+     *
+     * For full per-process restrictions, deploy the agent through Sentry's
+     * launcher wrapper (planned), which forks → applies seccomp/Landlock/caps
+     * → exec()s the agent binary.
+     */
     async applySandbox(pid, profile, defaults) {
         const cgroupPath = path_1.default.join(CGROUP_ROOT, SENTRY_CGROUP_NAME, `sentry-${pid}`);
+        const features = [];
         try {
             await promises_1.default.mkdir(cgroupPath, { recursive: true });
             if (this.cgroupV2) {
-                await this.applyCgroupV2(cgroupPath, pid, profile, defaults);
+                const v2Features = await this.applyCgroupV2(cgroupPath, pid, profile, defaults);
+                features.push(...v2Features);
             }
             else {
-                await this.applyCgroupV1(cgroupPath, pid, profile, defaults);
+                const v1Features = await this.applyCgroupV1(cgroupPath, pid, profile, defaults);
+                features.push(...v1Features);
             }
-            const applied = await this.addPidToCgroup(cgroupPath, pid);
-            if (applied) {
-                logger_1.logger.info('Linux sandbox configured', { pid, cgroupPath, profile: profile.name });
+            const moved = await this.addPidToCgroup(cgroupPath, pid);
+            if (!moved) {
+                return {
+                    applied: false,
+                    features: [],
+                    reason: 'Could not move PID into cgroup (insufficient permissions or process exited)',
+                };
             }
-            return applied;
+            logger_1.logger.info('Linux sandbox configured', { pid, cgroupPath, profile: profile.name, features });
+            const strictFeatures = features.filter(feature => /seccomp|landlock|cap/i.test(feature));
+            return {
+                applied: strictFeatures.length > 0,
+                features,
+                reason: features.length === 0
+                    ? 'No cgroup controllers were available'
+                    : strictFeatures.length > 0
+                        ? 'Strict sandbox features applied'
+                        : 'Applied cgroup resource controls only; seccomp/Landlock/capabilities require fork-time launch',
+            };
         }
         catch (err) {
             logger_1.logger.error('Linux sandbox failed', { pid, err: err.message });
-            return false;
+            return { applied: false, features: [], reason: err.message };
         }
     }
-    async applyCgroupV2(cgroupPath, pid, profile, defaults) {
+    async applyCgroupV2(cgroupPath, _pid, profile, defaults) {
+        const features = [];
         const cpuMax = profile.cpuMax || defaults.cpuMax;
         const memoryMax = profile.memoryMax || defaults.memoryMax;
         const pidMax = profile.pidMax || defaults.pidMax;
-        await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'cpu.max'), `${cpuMax}\n`);
-        await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'memory.max'), this.parseMemoryBytes(memoryMax).toString());
         try {
-            await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'pids.max'), pidMax.toString());
+            await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'cpu.max'), `${cpuMax}\n`);
+            features.push('cgroup_v2_cpu');
         }
-        catch {
-            // pids controller may not be enabled
+        catch { /* controller unavailable */ }
+        try {
+            await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'memory.max'), this.parseMemoryBytes(memoryMax).toString());
+            features.push('cgroup_v2_memory');
         }
-        const ioFile = path_1.default.join(cgroupPath, 'io.max');
+        catch { /* controller unavailable */ }
         try {
-            await promises_1.default.writeFile(ioFile, '8:0 rbps=104857600 wbps=52428800\n');
+            await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'pids.max'), pidMax.toString());
+            features.push('cgroup_v2_pids');
         }
-        catch {
-            // io controller may not be available
+        catch { /* pids controller may not be enabled */ }
+        try {
+            await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'io.max'), '8:0 rbps=104857600 wbps=52428800\n');
+            features.push('cgroup_v2_io');
         }
+        catch { /* io controller may not be available */ }
+        return features;
     }
-    async applyCgroupV1(cgroupPath, pid, profile, defaults) {
+    async applyCgroupV1(cgroupPath, _pid, profile, defaults) {
+        const features = [];
         const memoryMax = profile.memoryMax || defaults.memoryMax;
         try {
             await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'memory.limit_in_bytes'), this.parseMemoryBytes(memoryMax).toString());
+            features.push('cgroup_v1_memory');
         }
-        catch {
-            // memory controller may not be mounted
-        }
+        catch { /* memory controller may not be mounted */ }
         try {
             const cpuCfsQuota = this.parseCpuQuota(profile.cpuMax || defaults.cpuMax);
             await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'cpu.cfs_quota_us'), cpuCfsQuota.toString());
+            features.push('cgroup_v1_cpu');
         }
-        catch {
-            // cpu controller may not be mounted
-        }
+        catch { /* cpu controller may not be mounted */ }
         try {
             await promises_1.default.writeFile(path_1.default.join(cgroupPath, 'pids.max'), (profile.pidMax || defaults.pidMax).toString());
+            features.push('cgroup_v1_pids');
         }
-        catch {
-            // pids controller may not be mounted
-        }
+        catch { /* pids controller may not be mounted */ }
+        return features;
     }
     async addPidToCgroup(cgroupPath, pid) {
         const procsFile = path_1.default.join(cgroupPath, 'cgroup.procs');