@openai/agents-core 0.8.5 → 0.9.0

package/dist/sandbox/sandboxes/unixLocal.js

@@ -0,0 +1,863 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnixLocalSandboxClient = exports.UnixLocalSandboxSession = void 0;
+const errors_1 = require("../../errors.js");
+const applyDiff_1 = require("../../utils/applyDiff.js");
+const promises_1 = require("node:fs/promises");
+const node_fs_1 = require("node:fs");
+const node_child_process_1 = require("node:child_process");
+const node_path_1 = require("node:path");
+const node_os_1 = require("node:os");
+const client_1 = require("../client.js");
+const session_1 = require("../session.js");
+const manifest_1 = require("../manifest.js");
+const errors_2 = require("../errors.js");
+const workspacePaths_1 = require("../workspacePaths.js");
+const localWorkspace_1 = require("./shared/localWorkspace.js");
+const manifestPersistence_1 = require("./shared/manifestPersistence.js");
+const hostPath_1 = require("../shared/hostPath.js");
+const media_1 = require("../shared/media.js");
+const output_1 = require("../shared/output.js");
+const localSnapshots_1 = require("./shared/localSnapshots.js");
+const pty_1 = require("./shared/pty.js");
+const runProcess_1 = require("./shared/runProcess.js");
+const shellCommand_1 = require("./shared/shellCommand.js");
+const sessionStateValues_1 = require("./shared/sessionStateValues.js");
+const DEFAULT_EXEC_YIELD_TIME_MS = 10_000;
+const DEFAULT_WRITE_STDIN_YIELD_TIME_MS = 250;
+const MAX_ACTIVE_PROCESS_OUTPUT_CHARS = 1024 * 1024;
+const RUN_AS_LOOKUP_TIMEOUT_MS = 10_000;
+const DEFAULT_SANDBOX_COMMAND_PATH = '/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin';
+class UnixLocalSandboxSession {
+    state;
+    defaultShell;
+    activeProcesses = new Map();
+    nextSessionId = 1;
+    closed = false;
+    constructor(args) {
+        this.state = args.state;
+        this.defaultShell = args.defaultShell;
+    }
+    createEditor(runAs) {
+        return new UnixLocalSandboxEditor(this, runAs);
+    }
+    supportsPty() {
+        return true;
+    }
+    async resolveExposedPort(port) {
+        const exposedPort = (0, session_1.normalizeExposedPort)(port);
+        const configuredPorts = this.state.configuredExposedPorts ?? [];
+        if (configuredPorts.length > 0 && !configuredPorts.includes(exposedPort)) {
+            throw new errors_2.SandboxConfigurationError(`UnixLocalSandboxClient was not configured to expose port ${exposedPort}.`, {
+                provider: 'UnixLocalSandboxClient',
+                port: exposedPort,
+                configuredPorts,
+            });
+        }
+        return (0, session_1.recordExposedPortEndpoint)(this.state, {
+            host: '127.0.0.1',
+            port: exposedPort,
+            tls: false,
+        });
+    }
+    async execCommand(args) {
+        return (0, output_1.formatExecResponse)(await this.exec(args));
+    }
+    async exec(args) {
+        const start = Date.now();
+        const cwd = this.resolveCommandWorkdir(args.workdir);
+        const logicalCwd = this.logicalWorkdirForPath(args.workdir);
+        const child = await this.spawnShellCommand(this.translateCommandInput(args.cmd), {
+            cwd,
+            logicalCwd,
+            shell: args.shell,
+            login: args.login ?? true,
+            runAs: args.runAs,
+            tty: args.tty ?? false,
+        });
+        const activeProcess = this.trackChildProcess(child, {
+            tty: args.tty ?? false,
+        });
+        if (!args.tty) {
+            await waitForProcessOrTimeout(activeProcess, args.yieldTimeMs ?? DEFAULT_EXEC_YIELD_TIME_MS);
+            const processOutput = consumeActiveProcessOutput(activeProcess);
+            if (activeProcess.done) {
+                const output = (0, output_1.truncateOutput)(this.translateCommandOutput(processOutput.output), args.maxOutputTokens);
+                return {
+                    output: output.text,
+                    stdout: this.translateCommandOutput(processOutput.stdout),
+                    stderr: this.translateCommandOutput(processOutput.stderr),
+                    wallTimeSeconds: (0, output_1.elapsedSeconds)(start),
+                    exitCode: activeProcess.exitCode ?? 1,
+                    originalTokenCount: output.originalTokenCount,
+                };
+            }
+            const output = (0, output_1.truncateOutput)(this.translateCommandOutput(processOutput.output), args.maxOutputTokens);
+            const sessionId = this.allocateProcessId(activeProcess);
+            return {
+                output: output.text,
+                stdout: this.translateCommandOutput(processOutput.stdout),
+                stderr: this.translateCommandOutput(processOutput.stderr),
+                wallTimeSeconds: (0, output_1.elapsedSeconds)(start),
+                sessionId,
+                originalTokenCount: output.originalTokenCount,
+            };
+        }
+        const yieldTimeMs = args.yieldTimeMs ?? DEFAULT_EXEC_YIELD_TIME_MS;
+        await waitForProcessOrTimeout(activeProcess, yieldTimeMs);
+        if (activeProcess.done) {
+            const processOutput = consumeActiveProcessOutput(activeProcess);
+            const output = (0, output_1.truncateOutput)(this.translateCommandOutput(processOutput.output), args.maxOutputTokens);
+            return {
+                output: output.text,
+                stdout: this.translateCommandOutput(processOutput.stdout),
+                stderr: this.translateCommandOutput(processOutput.stderr),
+                wallTimeSeconds: (0, output_1.elapsedSeconds)(start),
+                exitCode: activeProcess.exitCode ?? 1,
+                originalTokenCount: output.originalTokenCount,
+            };
+        }
+        const sessionId = this.allocateProcessId(activeProcess);
+        const processOutput = consumeActiveProcessOutput(activeProcess);
+        const output = (0, output_1.truncateOutput)(this.translateCommandOutput(processOutput.output), args.maxOutputTokens);
+        return {
+            output: output.text,
+            stdout: this.translateCommandOutput(processOutput.stdout),
+            stderr: this.translateCommandOutput(processOutput.stderr),
+            wallTimeSeconds: (0, output_1.elapsedSeconds)(start),
+            sessionId,
+            originalTokenCount: output.originalTokenCount,
+        };
+    }
+    async writeStdin(args) {
+        const activeProcess = this.activeProcesses.get(args.sessionId);
+        if (!activeProcess) {
+            return (0, output_1.formatExecResponse)({
+                output: `write_stdin failed: session not found: ${args.sessionId}`,
+                wallTimeSeconds: 0,
+                exitCode: 1,
+            });
+        }
+        const start = Date.now();
+        const chars = args.chars ?? '';
+        if (!activeProcess.tty && chars.includes('\u0003')) {
+            activeProcess.child.kill('SIGINT');
+        }
+        const remainingChars = activeProcess.tty
+            ? chars
+            : chars.split('\u0003').join('');
+        if (remainingChars.length > 0) {
+            activeProcess.child.stdin.write(remainingChars);
+        }
+        await waitForProcessOrTimeout(activeProcess, args.yieldTimeMs ?? DEFAULT_WRITE_STDIN_YIELD_TIME_MS);
+        const processOutput = consumeActiveProcessOutput(activeProcess);
+        const output = (0, output_1.truncateOutput)(this.translateCommandOutput(processOutput.output), args.maxOutputTokens);
+        if (activeProcess.done) {
+            this.activeProcesses.delete(args.sessionId);
+            return (0, output_1.formatExecResponse)({
+                output: output.text,
+                wallTimeSeconds: (0, output_1.elapsedSeconds)(start),
+                exitCode: activeProcess.exitCode ?? 1,
+                originalTokenCount: output.originalTokenCount,
+            });
+        }
+        return (0, output_1.formatExecResponse)({
+            output: output.text,
+            wallTimeSeconds: (0, output_1.elapsedSeconds)(start),
+            sessionId: args.sessionId,
+            originalTokenCount: output.originalTokenCount,
+        });
+    }
+    async viewImage(args) {
+        await this.resolveFilesystemRunAs(args.runAs);
+        const filePath = this.resolveSandboxPath(args.path);
+        const info = await (0, promises_1.stat)(filePath).catch(() => {
+            throw new errors_1.UserError(`Image file not found: ${args.path}`);
+        });
+        if (!info.isFile()) {
+            throw new errors_1.UserError(`Image path is not a file: ${args.path}`);
+        }
+        (0, media_1.assertViewImageByteLength)(args.path, info.size);
+        const bytes = await (0, promises_1.readFile)(filePath);
+        return (0, media_1.imageOutputFromBytes)(args.path, bytes);
+    }
+    async pathExists(path, runAs) {
+        await this.resolveFilesystemRunAs(runAs);
+        return await (0, localWorkspace_1.pathExists)(this.resolveSandboxPath(path));
+    }
+    async readFile(args) {
+        await this.resolveFilesystemRunAs(args.runAs);
+        const bytes = await (0, promises_1.readFile)(this.resolveSandboxPath(args.path));
+        if (typeof args.maxBytes === 'number' && bytes.byteLength > args.maxBytes) {
+            return bytes.subarray(0, args.maxBytes);
+        }
+        return bytes;
+    }
+    async listDir(args) {
+        await this.resolveFilesystemRunAs(args.runAs);
+        const logicalPath = this.resolveLogicalPath(args.path);
+        const entries = await (0, promises_1.readdir)(this.resolveSandboxPath(args.path), {
+            withFileTypes: true,
+        });
+        return entries.map((entry) => ({
+            name: entry.name,
+            path: logicalPath ? `${logicalPath}/${entry.name}` : entry.name,
+            type: entry.isDirectory() ? 'dir' : entry.isFile() ? 'file' : 'other',
+        }));
+    }
+    async materializeEntry(args) {
+        const runAs = await this.resolveFilesystemRunAs(args.runAs);
+        const logicalPath = this.resolveLogicalPath(args.path);
+        await (0, localWorkspace_1.materializeLocalWorkspaceManifestEntry)(this.state.workspaceRootPath, logicalPath, args.entry);
+        if (runAs) {
+            await (0, localWorkspace_1.applyOwnershipRecursive)(this.resolveSandboxPath(args.path), runAs.uid, runAs.gid);
+        }
+        this.state.manifest = (0, manifestPersistence_1.mergeManifestEntryDelta)(this.state.manifest, logicalPath, args.entry);
+    }
+    async applyManifest(manifest, runAs) {
+        (0, localWorkspace_1.assertLocalWorkspaceManifestMetadataSupported)('UnixLocalSandboxClient', manifest);
+        const identity = await this.resolveFilesystemRunAs(runAs);
+        await (0, localWorkspace_1.materializeLocalWorkspaceManifest)(manifest, this.state.workspaceRootPath);
+        const environment = await manifest.resolveEnvironment();
+        if (identity) {
+            for (const path of Object.keys(manifest.entries)) {
+                await (0, localWorkspace_1.applyOwnershipRecursive)(this.resolveSandboxPath(path), identity.uid, identity.gid);
+            }
+        }
+        this.state.environment = {
+            ...this.state.environment,
+            ...environment,
+        };
+        this.state.manifest = (0, manifestPersistence_1.mergeManifestDelta)(this.state.manifest, manifest);
+    }
+    async persistWorkspace() {
+        return await (0, localSnapshots_1.createWorkspaceArchive)(this.state.workspaceRootPath, this.state.manifest.ephemeralPersistencePaths());
+    }
+    async hydrateWorkspace(data) {
+        await (0, localSnapshots_1.restoreWorkspaceArchive)(data, this.state.workspaceRootPath);
+        await this.materializeRestoredWorkspaceMounts();
+    }
+    async stop() {
+        await this.stopActiveProcesses();
+    }
+    async shutdown() {
+        await this.close();
+    }
+    async delete() {
+        await this.close();
+    }
+    async close() {
+        if (this.closed) {
+            return;
+        }
+        this.closed = true;
+        await this.stopActiveProcesses();
+        if (this.state.workspaceRootOwned) {
+            await (0, promises_1.rm)(this.state.workspaceRootPath, { recursive: true, force: true });
+        }
+    }
+    async stopActiveProcesses() {
+        await Promise.all([...this.activeProcesses.values()].map(async (activeProcess) => {
+            if (!activeProcess.done) {
+                activeProcess.child.kill('SIGTERM');
+                await waitForProcessOrTimeout(activeProcess, 250);
+            }
+            if (!activeProcess.done) {
+                activeProcess.child.kill('SIGKILL');
+                await activeProcess.donePromise.catch(() => { });
+            }
+        }));
+        this.activeProcesses.clear();
+    }
+    resolveSandboxPath(path, options = {}) {
+        const resolved = this.resolveSandboxPathTarget(path, options);
+        const workspaceRelativePath = resolved.workspaceRelativePath ?? '';
+        if (!workspaceRelativePath && !resolved.grant) {
+            return this.state.workspaceRootPath;
+        }
+        if (resolved.grant) {
+            return validateResolvedHostPath({
+                path,
+                resolvedPath: resolved.path,
+                allowedRoot: resolved.grant.path,
+            });
+        }
+        const mountPath = this.resolveLocalBindMountPath(workspaceRelativePath, path, options);
+        if (mountPath) {
+            return mountPath;
+        }
+        const resolvedPath = (0, node_path_1.resolve)(this.state.workspaceRootPath, workspaceRelativePath);
+        const relativeToRoot = (0, node_path_1.relative)(this.state.workspaceRootPath, resolvedPath);
+        if ((0, hostPath_1.relativeHostPathEscapesRoot)(relativeToRoot)) {
+            throw new errors_1.UserError(`Sandbox path "${path}" escapes the workspace root.`);
+        }
+        return validateResolvedHostPath({
+            path,
+            resolvedPath,
+            allowedRoot: this.state.workspaceRootPath,
+        });
+    }
+    resolveCommandWorkdir(path) {
+        return this.resolveSandboxPath(path);
+    }
+    resolveSandboxPathTarget(path, options = {}) {
+        return new workspacePaths_1.WorkspacePathPolicy({
+            root: this.state.manifest.root,
+            extraPathGrants: this.state.manifest.extraPathGrants,
+        }).resolve(path, options);
+    }
+    resolveLocalBindMountPath(workspaceRelativePath, path, options) {
+        for (const { entry, mountPath } of this.state.manifest.mountTargets()) {
+            const source = localBindMountSource(entry);
+            if (!source) {
+                continue;
+            }
+            const mountRelativePath = new workspacePaths_1.WorkspacePathPolicy({
+                root: this.state.manifest.root,
+            }).resolve(mountPath).workspaceRelativePath;
+            if (typeof mountRelativePath !== 'string') {
+                continue;
+            }
+            if (!pathWithinLogicalRoot(workspaceRelativePath, mountRelativePath)) {
+                continue;
+            }
+            if (options.forWrite && entry.readOnly !== false) {
+                throw new errors_1.UserError(`Sandbox path "${path}" is inside a read-only local bind mount.`);
+            }
+            const childPath = workspaceRelativePath === mountRelativePath
+                ? ''
+                : workspaceRelativePath.slice(mountRelativePath.length + 1);
+            const resolvedPath = childPath ? (0, node_path_1.resolve)(source, childPath) : source;
+            return validateResolvedHostPath({
+                path,
+                resolvedPath,
+                allowedRoot: source,
+            });
+        }
+        return undefined;
+    }
+    resolveLogicalPath(path) {
+        if (!path || path.trim().length === 0) {
+            return '';
+        }
+        const logicalRoot = this.state.manifest.root;
+        const trimmed = path.trim();
+        if (trimmed === logicalRoot) {
+            return '';
+        }
+        if (logicalRoot === '/') {
+            return (0, manifest_1.normalizeRelativePath)(trimmed.startsWith('/') ? trimmed.slice(1) : trimmed);
+        }
+        if (trimmed.startsWith(`${logicalRoot}/`)) {
+            return (0, manifest_1.normalizeRelativePath)(trimmed.slice(logicalRoot.length + 1));
+        }
+        if (trimmed.startsWith('/')) {
+            throw new errors_1.UserError(`Sandbox path "${path}" must stay within ${logicalRoot}.`);
+        }
+        return (0, manifest_1.normalizeRelativePath)(trimmed);
+    }
+    async spawnShellCommand(command, args) {
+        const { shellPath, flag } = (0, shellCommand_1.resolveLocalShellCommand)({
+            shell: args.shell,
+            defaultShell: this.defaultShell,
+            envShell: process.env.SHELL,
+            login: args.login,
+        });
+        const runAs = await this.resolveCommandRunAs(args.runAs);
+        const env = buildCommandEnvironment({
+            environment: this.state.environment,
+            shellPath,
+            home: this.state.workspaceRootPath,
+            pwd: args.logicalCwd,
+        });
+        if (args.tty) {
+            return (0, pty_1.spawnInPseudoTerminal)(shellPath, [flag, command], {
+                cwd: args.cwd,
+                env,
+                ...(runAs
+                    ? {
+                        uid: runAs.uid,
+                        gid: runAs.gid,
+                    }
+                    : {}),
+            });
+        }
+        return (0, node_child_process_1.spawn)(shellPath, [flag, command], {
+            cwd: args.cwd,
+            env,
+            ...(runAs
+                ? {
+                    uid: runAs.uid,
+                    gid: runAs.gid,
+                }
+                : {}),
+            stdio: 'pipe',
+        });
+    }
+    translateCommandInput(command) {
+        // Unix-local is not a chroot; command rewriting preserves manifest-root UX while
+        // filesystem APIs continue to enforce host-path containment separately.
+        if (this.state.manifest.root === '/') {
+            return translateRootManifestCommandInput(command, this.state.workspaceRootPath);
+        }
+        return translateManifestRootCommandInput(command, this.state.manifest.root, this.state.workspaceRootPath);
+    }
+    translateCommandOutput(output) {
+        if (this.state.manifest.root === '/') {
+            return translateRootManifestCommandOutput(output, this.state.workspaceRootPath);
+        }
+        return translateManifestRootCommandOutput(output, this.state.manifest.root, this.state.workspaceRootPath);
+    }
+    async materializeRestoredWorkspaceMounts() {
+        await (0, localWorkspace_1.materializeLocalWorkspaceManifestMounts)(this.state.manifest, this.state.workspaceRootPath);
+    }
+    logicalWorkdirForPath(path) {
+        return this.resolveSandboxPathTarget(path).path;
+    }
+    async resolveCommandRunAs(runAs) {
+        const identity = await this.resolveRunAsIdentity(runAs);
+        if (!identity || identity.isCurrentUser) {
+            return identity;
+        }
+        if (typeof process.getuid !== 'function' || process.getuid() !== 0) {
+            throw new errors_1.UserError(`Unix-local sandbox runAs="${runAs}" requires the host process to run as root or the requested user.`);
+        }
+        return identity;
+    }
+    async resolveFilesystemRunAs(runAs) {
+        const identity = await this.resolveRunAsIdentity(runAs);
+        if (!identity || identity.isCurrentUser) {
+            return identity;
+        }
+        if (typeof process.getuid !== 'function' || process.getuid() !== 0) {
+            throw new errors_1.UserError(`Unix-local sandbox filesystem operations cannot honor runAs="${runAs}" without root privileges.`);
+        }
+        return identity;
+    }
+    async resolveRunAsIdentity(runAs) {
+        if (!runAs || runAs.trim().length === 0) {
+            return undefined;
+        }
+        const requestedUser = runAs.trim();
+        const currentUser = (0, node_os_1.userInfo)().username;
+        const currentUid = typeof process.getuid === 'function' ? process.getuid() : undefined;
+        const currentGid = typeof process.getgid === 'function' ? process.getgid() : undefined;
+        if (requestedUser === currentUser &&
+            currentUid !== undefined &&
+            currentGid !== undefined) {
+            return {
+                username: currentUser,
+                uid: currentUid,
+                gid: currentGid,
+                isCurrentUser: true,
+            };
+        }
+        const [uidResult, gidResult] = await Promise.all([
+            (0, runProcess_1.runSandboxProcess)('id', ['-u', requestedUser], {
+                timeoutMs: RUN_AS_LOOKUP_TIMEOUT_MS,
+            }),
+            (0, runProcess_1.runSandboxProcess)('id', ['-g', requestedUser], {
+                timeoutMs: RUN_AS_LOOKUP_TIMEOUT_MS,
+            }),
+        ]);
+        if (uidResult.status !== 0 || gidResult.status !== 0) {
+            throw new errors_1.UserError(`Sandbox runAs user "${requestedUser}" could not be resolved on this host.`);
+        }
+        const uid = Number(uidResult.stdout.trim());
+        const gid = Number(gidResult.stdout.trim());
+        return {
+            username: requestedUser,
+            uid,
+            gid,
+            isCurrentUser: currentUid !== undefined &&
+                currentGid !== undefined &&
+                uid === currentUid &&
+                gid === currentGid,
+        };
+    }
+    trackChildProcess(child, options = {}) {
+        let resolveDone = () => { };
+        const donePromise = new Promise((resolve) => {
+            resolveDone = resolve;
+        });
+        let resolveOutputClosed = () => { };
+        const outputClosedPromise = new Promise((resolve) => {
+            resolveOutputClosed = resolve;
+        });
+        const activeProcess = {
+            child,
+            tty: options.tty ?? false,
+            output: '',
+            stdout: '',
+            stderr: '',
+            droppedOutputChars: 0,
+            droppedStdoutChars: 0,
+            droppedStderrChars: 0,
+            exitCode: null,
+            done: false,
+            donePromise,
+            resolveDone,
+            outputClosedPromise,
+            resolveOutputClosed,
+        };
+        let openOutputStreams = 2;
+        const markOutputStreamClosed = () => {
+            openOutputStreams -= 1;
+            if (openOutputStreams === 0) {
+                activeProcess.resolveOutputClosed();
+            }
+        };
+        child.stdout.setEncoding('utf8');
+        child.stderr.setEncoding('utf8');
+        child.stdout.on('data', (chunk) => {
+            appendActiveProcessOutput(activeProcess, chunk, 'stdout');
+        });
+        child.stderr.on('data', (chunk) => {
+            appendActiveProcessOutput(activeProcess, chunk, 'stderr');
+        });
+        child.stdout.once('close', markOutputStreamClosed);
+        child.stderr.once('close', markOutputStreamClosed);
+        child.on('close', (code, signal) => {
+            activeProcess.exitCode = code ?? signalToExitCode(signal);
+            activeProcess.done = true;
+            activeProcess.resolveDone();
+        });
+        child.on('error', (error) => {
+            appendActiveProcessOutput(activeProcess, `${error.message}\n`, 'stderr');
+            activeProcess.exitCode = 1;
+            activeProcess.done = true;
+            activeProcess.resolveOutputClosed();
+            activeProcess.resolveDone();
+        });
+        return activeProcess;
+    }
+    allocateProcessId(activeProcess) {
+        const sessionId = this.nextSessionId++;
+        this.activeProcesses.set(sessionId, activeProcess);
+        return sessionId;
+    }
+}
+exports.UnixLocalSandboxSession = UnixLocalSandboxSession;
+class UnixLocalSandboxClient {
+    backendId = 'unix_local';
+    supportsDefaultOptions = true;
+    options;
+    constructor(options = {}) {
+        this.options = options;
+    }
+    async create(args, manifestOptions) {
+        const createArgs = (0, client_1.normalizeSandboxClientCreateArgs)(args, manifestOptions);
+        const manifest = createArgs.manifest;
+        const resolvedOptions = {
+            ...this.options,
+            ...createArgs.options,
+            ...(createArgs.snapshot
+                ? { snapshot: createArgs.snapshot }
+                : {}),
+            ...(createArgs.concurrencyLimits
+                ? { concurrencyLimits: createArgs.concurrencyLimits }
+                : {}),
+        };
+        (0, localWorkspace_1.assertLocalWorkspaceManifestMetadataSupported)('UnixLocalSandboxClient', manifest);
+        const workspaceRootPath = await (0, promises_1.mkdtemp)((0, node_path_1.join)(resolvedOptions.workspaceBaseDir ?? (0, node_os_1.tmpdir)(), 'openai-agents-sandbox-'));
+        await (0, localWorkspace_1.materializeLocalWorkspaceManifest)(manifest, workspaceRootPath, {
+            concurrencyLimits: resolvedOptions.concurrencyLimits,
+        });
+        const environment = await manifest.resolveEnvironment();
+        const configuredExposedPorts = (0, sessionStateValues_1.normalizeExposedPorts)(resolvedOptions.exposedPorts);
+        return new UnixLocalSandboxSession({
+            state: {
+                manifest,
+                workspaceRootPath,
+                workspaceRootOwned: true,
+                environment,
+                snapshotSpec: resolvedOptions.snapshot ?? null,
+                snapshot: null,
+                configuredExposedPorts,
+            },
+            defaultShell: resolvedOptions.defaultShell,
+        });
+    }
+    async resume(state) {
+        const restoredState = await this.restoreIfNeeded(state);
+        return new UnixLocalSandboxSession({
+            state: restoredState,
+            defaultShell: this.options.defaultShell,
+        });
+    }
+    async serializeSessionState(state) {
+        const snapshotSpec = state.snapshotSpec ?? this.options.snapshot ?? null;
+        const snapshot = await (0, localSnapshots_1.persistLocalSnapshot)('UnixLocalSandboxClient', state, snapshotSpec);
+        state.snapshotSpec = snapshotSpec;
+        return {
+            manifest: (0, manifestPersistence_1.serializeManifest)(state.manifest),
+            workspaceRootPath: state.workspaceRootPath,
+            workspaceRootOwned: state.workspaceRootOwned,
+            environment: (0, manifestPersistence_1.sanitizeEnvironmentForPersistence)(state),
+            snapshotSpec: (0, localSnapshots_1.serializeLocalSnapshotSpec)(snapshotSpec),
+            snapshot,
+            snapshotFingerprint: state.snapshotFingerprint ?? null,
+            snapshotFingerprintVersion: state.snapshotFingerprintVersion ?? null,
+            configuredExposedPorts: state.configuredExposedPorts ?? [],
+            exposedPorts: state.exposedPorts ?? null,
+        };
+    }
+    async deserializeSessionState(state) {
+        return (0, sessionStateValues_1.deserializeLocalSandboxSessionStateValues)(state, this.options.snapshot);
+    }
+    async restoreIfNeeded(state) {
+        if (await (0, localWorkspace_1.pathExists)(state.workspaceRootPath)) {
+            if (await (0, localSnapshots_1.canReuseLocalSnapshotWorkspace)(state)) {
+                return state;
+            }
+            if (await (0, localSnapshots_1.localSnapshotIsRestorable)(state)) {
+                return await restoreSnapshotAndMounts(state, state.workspaceRootPath);
+            }
+            return state;
+        }
+        if (!(await (0, localSnapshots_1.localSnapshotIsRestorable)(state))) {
+            throw new errors_1.UserError('UnixLocal sandbox workspace is unavailable and no local snapshot could be restored.');
+        }
+        const workspaceRootPath = await (0, promises_1.mkdtemp)((0, node_path_1.join)(this.options.workspaceBaseDir ?? (0, node_os_1.tmpdir)(), 'openai-agents-sandbox-'));
+        return await restoreSnapshotAndMounts({
+            ...state,
+            workspaceRootPath,
+            workspaceRootOwned: true,
+        }, workspaceRootPath);
+    }
+}
+exports.UnixLocalSandboxClient = UnixLocalSandboxClient;
+async function restoreSnapshotAndMounts(state, workspaceRootPath) {
+    const restoredState = await (0, localSnapshots_1.restoreLocalSnapshotToWorkspace)(state, workspaceRootPath);
+    await (0, localWorkspace_1.materializeLocalWorkspaceManifestMounts)(restoredState.manifest, restoredState.workspaceRootPath);
+    return restoredState;
+}
+function localBindMountSource(entry) {
+    if (entry.type !== 'mount' || typeof entry.source !== 'string') {
+        return undefined;
+    }
+    if (entry.mountStrategy !== undefined &&
+        entry.mountStrategy.type !== 'local_bind') {
+        return undefined;
+    }
+    return (0, node_path_1.isAbsolute)(entry.source) ? entry.source : undefined;
+}
+function pathWithinLogicalRoot(path, root) {
+    return path === root || path.startsWith(`${root}/`);
+}
+function validateResolvedHostPath(args) {
+    const allowedRootRealPath = realpathForValidation(args.allowedRoot, args.path);
+    const existingPath = nearestExistingPath(args.resolvedPath);
+    if (!existingPath) {
+        throw new errors_1.UserError(`Sandbox path "${args.path}" escapes the workspace root.`);
+    }
+    const realPath = realpathForValidation(existingPath, args.path);
+    if (!(0, hostPath_1.isHostPathWithinRoot)(allowedRootRealPath, realPath)) {
+        throw new errors_1.UserError(`Sandbox path "${args.path}" escapes the workspace root.`);
+    }
+    return args.resolvedPath;
+}
+function nearestExistingPath(path) {
+    let current = path;
+    while (true) {
+        try {
+            (0, node_fs_1.lstatSync)(current);
+            return current;
+        }
+        catch (error) {
+            if (error.code !== 'ENOENT') {
+                throw error;
+            }
+        }
+        const parent = (0, node_path_1.dirname)(current);
+        if (parent === current) {
+            return undefined;
+        }
+        current = parent;
+    }
+}
+function realpathForValidation(path, originalPath) {
+    try {
+        return (0, node_fs_1.realpathSync)(path);
+    }
+    catch {
+        throw new errors_1.UserError(`Sandbox path "${originalPath}" escapes the workspace root.`);
+    }
+}
+class UnixLocalSandboxEditor {
+    session;
+    runAs;
+    constructor(session, runAs) {
+        this.session = session;
+        this.runAs = runAs;
+    }
+    async createFile(operation) {
+        const identity = await this.session.resolveFilesystemRunAs(this.runAs);
+        const filePath = this.session.resolveSandboxPath(operation.path, {
+            forWrite: true,
+        });
+        await (0, promises_1.mkdir)((0, node_path_1.dirname)(filePath), { recursive: true });
+        const content = (0, applyDiff_1.applyDiff)('', operation.diff, 'create');
+        await (0, promises_1.writeFile)(filePath, content, { encoding: 'utf8', flag: 'wx' });
+        if (identity) {
+            await (0, localWorkspace_1.applyOwnershipRecursive)(filePath, identity.uid, identity.gid);
+        }
+        return {};
+    }
+    async updateFile(operation) {
+        const identity = await this.session.resolveFilesystemRunAs(this.runAs);
+        const moveTo = operation.moveTo;
+        const filePath = this.session.resolveSandboxPath(operation.path, {
+            forWrite: true,
+        });
+        const destinationPath = moveTo
+            ? this.session.resolveSandboxPath(moveTo, { forWrite: true })
+            : filePath;
+        const current = await (0, promises_1.readFile)(filePath, 'utf8');
+        const next = (0, applyDiff_1.applyDiff)(current, operation.diff);
+        await (0, promises_1.mkdir)((0, node_path_1.dirname)(destinationPath), { recursive: true });
+        await (0, promises_1.writeFile)(destinationPath, next, 'utf8');
+        if (moveTo && destinationPath !== filePath) {
+            await (0, promises_1.unlink)(filePath);
+        }
+        if (identity) {
+            await (0, localWorkspace_1.applyOwnershipRecursive)(destinationPath, identity.uid, identity.gid);
+        }
+        return {};
+    }
+    async deleteFile(operation) {
+        await this.session.resolveFilesystemRunAs(this.runAs);
+        const filePath = this.session.resolveSandboxPath(operation.path, {
+            forWrite: true,
+        });
+        await (0, promises_1.unlink)(filePath);
+        return {};
+    }
+}
+function buildCommandEnvironment(args) {
+    return {
+        PATH: DEFAULT_SANDBOX_COMMAND_PATH,
+        HOME: args.home,
+        USER: 'sandbox',
+        LOGNAME: 'sandbox',
+        SHELL: args.shellPath,
+        TMPDIR: '/tmp',
+        ...args.environment,
+        PWD: args.pwd,
+    };
+}
+function translateRootManifestCommandInput(command, workspaceRootPath) {
+    return command.replace(/(^|[\s"'=<>])\/([^\s"'|&;<>(){}]*)/g, (_match, prefix, pathSuffix) => `${prefix}${workspaceRootPath}/${pathSuffix}`);
+}
+function translateManifestRootCommandInput(command, manifestRoot, workspaceRootPath) {
+    const escapedManifestRoot = escapeRegExp(manifestRoot);
+    const pathPrefix = String.raw `(^|[\s"'=<>])`;
+    const pathSuffix = String.raw `(?=$|[\/\s"'|&;<>(){}])`;
+    return command.replace(new RegExp(`${pathPrefix}${escapedManifestRoot}${pathSuffix}`, 'g'), (_match, prefix) => `${prefix}${workspaceRootPath}`);
+}
+function translateRootManifestCommandOutput(output, workspaceRootPath) {
+    return translateWorkspaceRootCommandOutput(output, '/', workspaceRootPath);
+}
+function translateManifestRootCommandOutput(output, manifestRoot, workspaceRootPath) {
+    return translateWorkspaceRootCommandOutput(output, manifestRoot, workspaceRootPath);
+}
+function translateWorkspaceRootCommandOutput(output, manifestRoot, workspaceRootPath) {
+    const nestedPathReplacement = manifestRoot === '/' ? '/' : `${manifestRoot}/`;
+    let translated = output;
+    for (const path of workspaceRootOutputPaths(workspaceRootPath)) {
+        translated = translated
+            .split(`${path}/`)
+            .join(nestedPathReplacement)
+            .split(path)
+            .join(manifestRoot);
+    }
+    return translated;
+}
+function workspaceRootOutputPaths(workspaceRootPath) {
+    const paths = [workspaceRootPath];
+    try {
+        paths.push((0, node_fs_1.realpathSync)(workspaceRootPath));
+    }
+    catch {
+        return paths;
+    }
+    return Array.from(new Set(paths)).sort((a, b) => b.length - a.length);
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+function appendActiveProcessOutput(activeProcess, chunk, stream) {
+    if (chunk.length === 0) {
+        return;
+    }
+    const combined = appendBoundedOutput(activeProcess.output, activeProcess.droppedOutputChars, chunk);
+    activeProcess.output = combined.output;
+    activeProcess.droppedOutputChars = combined.droppedChars;
+    if (stream === 'stdout') {
+        const stdout = appendBoundedOutput(activeProcess.stdout, activeProcess.droppedStdoutChars, chunk);
+        activeProcess.stdout = stdout.output;
+        activeProcess.droppedStdoutChars = stdout.droppedChars;
+        return;
+    }
+    const stderr = appendBoundedOutput(activeProcess.stderr, activeProcess.droppedStderrChars, chunk);
+    activeProcess.stderr = stderr.output;
+    activeProcess.droppedStderrChars = stderr.droppedChars;
+}
+function appendBoundedOutput(output, droppedChars, chunk) {
+    const nextLength = output.length + chunk.length;
+    if (nextLength <= MAX_ACTIVE_PROCESS_OUTPUT_CHARS) {
+        return {
+            output: output + chunk,
+            droppedChars,
+        };
+    }
+    const nextDroppedChars = droppedChars + nextLength - MAX_ACTIVE_PROCESS_OUTPUT_CHARS;
+    if (chunk.length >= MAX_ACTIVE_PROCESS_OUTPUT_CHARS) {
+        return {
+            output: chunk.slice(-MAX_ACTIVE_PROCESS_OUTPUT_CHARS),
+            droppedChars: nextDroppedChars,
+        };
+    }
+    const existingCharsToKeep = MAX_ACTIVE_PROCESS_OUTPUT_CHARS - chunk.length;
+    return {
+        output: output.slice(-existingCharsToKeep) + chunk,
+        droppedChars: nextDroppedChars,
+    };
+}
+function consumeActiveProcessOutput(activeProcess) {
+    const output = withDroppedOutputPrefix(activeProcess.output, activeProcess.droppedOutputChars);
+    const stdout = withDroppedOutputPrefix(activeProcess.stdout, activeProcess.droppedStdoutChars);
+    const stderr = withDroppedOutputPrefix(activeProcess.stderr, activeProcess.droppedStderrChars);
+    activeProcess.output = '';
+    activeProcess.stdout = '';
+    activeProcess.stderr = '';
+    activeProcess.droppedOutputChars = 0;
+    activeProcess.droppedStdoutChars = 0;
+    activeProcess.droppedStderrChars = 0;
+    return { output, stdout, stderr };
+}
+function withDroppedOutputPrefix(output, droppedChars) {
+    if (droppedChars === 0) {
+        return output;
+    }
+    return `[...${droppedChars} characters truncated from process output...]\n${output}`;
+}
+async function waitForProcessOrTimeout(activeProcess, timeoutMs) {
+    if (activeProcess.done) {
+        return;
+    }
+    await Promise.race([
+        activeProcess.donePromise,
+        new Promise((resolve) => setTimeout(resolve, timeoutMs)),
+    ]);
+    if (activeProcess.done) {
+        await activeProcess.outputClosedPromise;
+    }
+}
+function signalToExitCode(signal) {
+    if (signal === 'SIGINT') {
+        return 130;
+    }
+    return 1;
+}
+//# sourceMappingURL=unixLocal.js.map