@polos/sdk 0.2.0 → 0.2.2

package/dist/index.d.cts

@@ -4787,15 +4787,15 @@ declare function stripAnsi(text: string): string;
 declare function createExecTool(getEnv: () => Promise<ExecutionEnvironment>, config?: ExecToolConfig): ToolWorkflow;
 
 /**
- * Path-based approval for read-only sandbox tools.
+ * Path-based approval for sandbox tools.
  *
- * When pathRestriction is set, read-only tools (read, glob, grep) allow
+ * When pathRestriction is set, tools (read, write, edit, glob, grep) allow
  * operations within the restricted path without approval. Operations
  * outside the restriction suspend for user approval.
  */
 
 /**
- * Configuration for path-restricted approval on read-only tools.
+ * Configuration for path-restricted approval on sandbox tools.
  */
 interface PathRestrictionConfig {
     /** Directory to allow without approval. Paths outside require approval. */
@@ -4816,21 +4816,43 @@ declare function createReadTool(getEnv: () => Promise<ExecutionEnvironment>, pat
 
 /**
  * Write tool — create or overwrite files in the execution environment.
+ *
+ * When pathRestriction is set, writes within the restriction proceed
+ * without approval. Writes outside the restriction suspend for user approval.
+ * Set approval to 'always' to require approval for every write, or 'none'
+ * to skip approval entirely (overrides path restriction).
  */
 
+interface WriteToolConfig {
+    /** Explicit approval override. 'always' = approve every write, 'none' = never approve. */
+    approval?: ToolApproval;
+    /** Path restriction config — writes inside are allowed, outside require approval. */
+    pathConfig?: PathRestrictionConfig;
+}
 /**
  * Create the write tool for writing file contents.
  */
-declare function createWriteTool(getEnv: () => Promise<ExecutionEnvironment>, approval?: ToolApproval): ToolWorkflow;
+declare function createWriteTool(getEnv: () => Promise<ExecutionEnvironment>, config?: WriteToolConfig): ToolWorkflow;
 
 /**
  * Edit tool — find-and-replace text in files in the execution environment.
+ *
+ * When pathRestriction is set, edits within the restriction proceed
+ * without approval. Edits outside the restriction suspend for user approval.
+ * Set approval to 'always' to require approval for every edit, or 'none'
+ * to skip approval entirely (overrides path restriction).
  */
 
+interface EditToolConfig {
+    /** Explicit approval override. 'always' = approve every edit, 'none' = never approve. */
+    approval?: ToolApproval;
+    /** Path restriction config — edits inside are allowed, outside require approval. */
+    pathConfig?: PathRestrictionConfig;
+}
 /**
  * Create the edit tool for find-and-replace in files.
  */
-declare function createEditTool(getEnv: () => Promise<ExecutionEnvironment>, approval?: ToolApproval): ToolWorkflow;
+declare function createEditTool(getEnv: () => Promise<ExecutionEnvironment>, config?: EditToolConfig): ToolWorkflow;
 
 /**
  * Glob tool — find files by pattern in the execution environment.

package/dist/index.d.ts

@@ -4787,15 +4787,15 @@ declare function stripAnsi(text: string): string;
 declare function createExecTool(getEnv: () => Promise<ExecutionEnvironment>, config?: ExecToolConfig): ToolWorkflow;
 
 /**
- * Path-based approval for read-only sandbox tools.
+ * Path-based approval for sandbox tools.
  *
- * When pathRestriction is set, read-only tools (read, glob, grep) allow
+ * When pathRestriction is set, tools (read, write, edit, glob, grep) allow
  * operations within the restricted path without approval. Operations
  * outside the restriction suspend for user approval.
  */
 
 /**
- * Configuration for path-restricted approval on read-only tools.
+ * Configuration for path-restricted approval on sandbox tools.
  */
 interface PathRestrictionConfig {
     /** Directory to allow without approval. Paths outside require approval. */
@@ -4816,21 +4816,43 @@ declare function createReadTool(getEnv: () => Promise<ExecutionEnvironment>, pat
 
 /**
  * Write tool — create or overwrite files in the execution environment.
+ *
+ * When pathRestriction is set, writes within the restriction proceed
+ * without approval. Writes outside the restriction suspend for user approval.
+ * Set approval to 'always' to require approval for every write, or 'none'
+ * to skip approval entirely (overrides path restriction).
  */
 
+interface WriteToolConfig {
+    /** Explicit approval override. 'always' = approve every write, 'none' = never approve. */
+    approval?: ToolApproval;
+    /** Path restriction config — writes inside are allowed, outside require approval. */
+    pathConfig?: PathRestrictionConfig;
+}
 /**
  * Create the write tool for writing file contents.
  */
-declare function createWriteTool(getEnv: () => Promise<ExecutionEnvironment>, approval?: ToolApproval): ToolWorkflow;
+declare function createWriteTool(getEnv: () => Promise<ExecutionEnvironment>, config?: WriteToolConfig): ToolWorkflow;
 
 /**
  * Edit tool — find-and-replace text in files in the execution environment.
+ *
+ * When pathRestriction is set, edits within the restriction proceed
+ * without approval. Edits outside the restriction suspend for user approval.
+ * Set approval to 'always' to require approval for every edit, or 'none'
+ * to skip approval entirely (overrides path restriction).
  */
 
+interface EditToolConfig {
+    /** Explicit approval override. 'always' = approve every edit, 'none' = never approve. */
+    approval?: ToolApproval;
+    /** Path restriction config — edits inside are allowed, outside require approval. */
+    pathConfig?: PathRestrictionConfig;
+}
 /**
  * Create the edit tool for find-and-replace in files.
  */
-declare function createEditTool(getEnv: () => Promise<ExecutionEnvironment>, approval?: ToolApproval): ToolWorkflow;
+declare function createEditTool(getEnv: () => Promise<ExecutionEnvironment>, config?: EditToolConfig): ToolWorkflow;
 
 /**
  * Glob tool — find files by pattern in the execution environment.

package/dist/index.js

@@ -292,7 +292,7 @@ var OrchestratorClient = class {
         }
         if (attempt < retries) {
           const delay = Math.min(1e3 * Math.pow(2, attempt), 16e3);
-          await new Promise((resolve8) => setTimeout(resolve8, delay));
+          await new Promise((resolve10) => setTimeout(resolve10, delay));
         }
       }
     }
@@ -744,7 +744,7 @@ var OrchestratorClient = class {
       if (execution.status === "completed" || execution.status === "failed" || execution.status === "cancelled") {
         return execution;
       }
-      await new Promise((resolve8) => setTimeout(resolve8, pollInterval));
+      await new Promise((resolve10) => setTimeout(resolve10, pollInterval));
     }
     throw new Error(`Execution ${executionId} timed out after ${String(timeout)}ms`);
   }
@@ -1670,7 +1670,7 @@ function calculateDelay(attempt, options) {
   return Math.round(delay);
 }
 function sleep(ms) {
-  return new Promise((resolve8) => setTimeout(resolve8, ms));
+  return new Promise((resolve10) => setTimeout(resolve10, ms));
 }
 async function retry(fn, options = {}) {
   const opts = { ...DEFAULT_OPTIONS, ...options };
@@ -1856,7 +1856,7 @@ function createStepHelper(options) {
       if (options2.days) totalSeconds += options2.days * 86400;
       if (options2.weeks) totalSeconds += options2.weeks * 604800;
       const totalMs = totalSeconds * 1e3;
-      await new Promise((resolve8) => setTimeout(resolve8, totalMs));
+      await new Promise((resolve10) => setTimeout(resolve10, totalMs));
       store.set(key, { wait_until: new Date(Date.now() + totalMs).toISOString() });
     },
     async waitUntil(key, date) {
@@ -1864,7 +1864,7 @@ function createStepHelper(options) {
       if (cached) return;
       const now = Date.now();
       const waitMs = Math.max(0, date.getTime() - now);
-      await new Promise((resolve8) => setTimeout(resolve8, waitMs));
+      await new Promise((resolve10) => setTimeout(resolve10, waitMs));
       store.set(key, { wait_until: date.toISOString() });
     },
     // eslint-disable-next-line @typescript-eslint/require-await -- stub implementation
@@ -4504,7 +4504,7 @@ function createOrchestratorStepHelper(orchestratorClient, cachedSteps, execCtx,
       });
       const waitThreshold = Number(process.env["POLOS_WAIT_THRESHOLD_SECONDS"] ?? "10");
       if (totalSeconds <= waitThreshold) {
-        await new Promise((resolve8) => setTimeout(resolve8, totalSeconds * 1e3));
+        await new Promise((resolve10) => setTimeout(resolve10, totalSeconds * 1e3));
         await saveStepOutput(key, { wait_until: waitUntil.toISOString() });
         return;
       }
@@ -4540,7 +4540,7 @@ function createOrchestratorStepHelper(orchestratorClient, cachedSteps, execCtx,
       });
       const waitThreshold = Number(process.env["POLOS_WAIT_THRESHOLD_SECONDS"] ?? "10");
       if (waitSeconds <= waitThreshold) {
-        await new Promise((resolve8) => setTimeout(resolve8, waitSeconds * 1e3));
+        await new Promise((resolve10) => setTimeout(resolve10, waitSeconds * 1e3));
         await saveStepOutput(key, { wait_until: date.toISOString() });
         return;
       }
@@ -5293,7 +5293,7 @@ var DEFAULT_CONTAINER_WORKDIR = "/workspace";
 var DEFAULT_TIMEOUT_SECONDS = 300;
 var DEFAULT_MAX_OUTPUT_CHARS = 1e5;
 function spawnCommand(command, args, options) {
-  return new Promise((resolve8, reject) => {
+  return new Promise((resolve10, reject) => {
     let settled = false;
     const settle = (fn) => {
       if (!settled) {
@@ -5322,21 +5322,42 @@ function spawnCommand(command, args, options) {
       killed = true;
       proc.kill("SIGKILL");
     }, timeoutMs);
+    let exitGraceTimer = null;
+    let exitCode = null;
+    proc.on("exit", (code) => {
+      exitCode = code;
+      exitGraceTimer = setTimeout(() => {
+        clearTimeout(timer);
+        settle(() => {
+          if (killed) {
+            resolve10({
+              exitCode: 137,
+              stdout,
+              stderr: stderr + "\n[Process killed: timeout exceeded]"
+            });
+          } else {
+            resolve10({ exitCode: exitCode ?? 1, stdout, stderr });
+          }
+        });
+      }, 2e3);
+    });
     proc.on("close", (code) => {
+      if (exitGraceTimer) clearTimeout(exitGraceTimer);
       clearTimeout(timer);
       settle(() => {
         if (killed) {
-          resolve8({
+          resolve10({
             exitCode: 137,
             stdout,
             stderr: stderr + "\n[Process killed: timeout exceeded]"
           });
         } else {
-          resolve8({ exitCode: code ?? 1, stdout, stderr });
+          resolve10({ exitCode: code ?? exitCode ?? 1, stdout, stderr });
         }
       });
     });
     proc.on("error", (err) => {
+      if (exitGraceTimer) clearTimeout(exitGraceTimer);
       clearTimeout(timer);
       settle(() => {
         reject(err);
@@ -5549,7 +5570,7 @@ var DockerEnvironment = class {
 var DEFAULT_TIMEOUT_SECONDS2 = 300;
 var DEFAULT_MAX_OUTPUT_CHARS2 = 1e5;
 function spawnLocal(command, options) {
-  return new Promise((resolve8, reject) => {
+  return new Promise((resolve10, reject) => {
     let settled = false;
     const settle = (fn) => {
       if (!settled) {
@@ -5582,21 +5603,42 @@ function spawnLocal(command, options) {
       killed = true;
       proc.kill("SIGKILL");
     }, timeoutMs);
+    let exitGraceTimer = null;
+    let exitCode = null;
+    proc.on("exit", (code) => {
+      exitCode = code;
+      exitGraceTimer = setTimeout(() => {
+        clearTimeout(timer);
+        settle(() => {
+          if (killed) {
+            resolve10({
+              exitCode: 137,
+              stdout,
+              stderr: stderr + "\n[Process killed: timeout exceeded]"
+            });
+          } else {
+            resolve10({ exitCode: exitCode ?? 1, stdout, stderr });
+          }
+        });
+      }, 2e3);
+    });
     proc.on("close", (code) => {
+      if (exitGraceTimer) clearTimeout(exitGraceTimer);
       clearTimeout(timer);
       settle(() => {
         if (killed) {
-          resolve8({
+          resolve10({
             exitCode: 137,
             stdout,
             stderr: stderr + "\n[Process killed: timeout exceeded]"
           });
         } else {
-          resolve8({ exitCode: code ?? 1, stdout, stderr });
+          resolve10({ exitCode: code ?? exitCode ?? 1, stdout, stderr });
         }
       });
     });
     proc.on("error", (err) => {
+      if (exitGraceTimer) clearTimeout(exitGraceTimer);
       clearTimeout(timer);
       settle(() => {
         reject(err);
@@ -6000,8 +6042,8 @@ var SandboxManager = class {
       }
       let resolveLock;
       let rejectLock;
-      const lockPromise = new Promise((resolve8, reject) => {
-        resolveLock = resolve8;
+      const lockPromise = new Promise((resolve10, reject) => {
+        resolveLock = resolve10;
         rejectLock = reject;
       });
       this.sessionCreationLocks.set(ctx.sessionId, lockPromise);
@@ -6193,7 +6235,7 @@ var SandboxManager = class {
   }
 };
 function spawnSimple(command, args) {
-  return new Promise((resolve8, reject) => {
+  return new Promise((resolve10, reject) => {
     const proc = spawn(command, args, { stdio: ["pipe", "pipe", "pipe"] });
     let stdout = "";
     let stderr = "";
@@ -6204,7 +6246,7 @@ function spawnSimple(command, args) {
       stderr += data.toString();
     });
     proc.on("close", (code) => {
-      resolve8({ exitCode: code ?? 1, stdout, stderr });
+      resolve10({ exitCode: code ?? 1, stdout, stderr });
     });
     proc.on("error", reject);
   });
@@ -6339,10 +6381,10 @@ var Worker = class {
     process.on("SIGINT", signalHandler);
     process.on("SIGTERM", signalHandler);
     this.signalHandler = signalHandler;
-    await new Promise((resolve8) => {
+    await new Promise((resolve10) => {
       const checkState = () => {
         if (this.state === "stopping" || this.state === "stopped") {
-          resolve8();
+          resolve10();
         } else {
           setTimeout(checkState, 100);
         }
@@ -6376,7 +6418,7 @@ var Worker = class {
     const waitTimeout = 3e4;
     const waitStart = Date.now();
     while (this.activeExecutions.size > 0 && Date.now() - waitStart < waitTimeout) {
-      await new Promise((resolve8) => setTimeout(resolve8, 100));
+      await new Promise((resolve10) => setTimeout(resolve10, 100));
     }
     if (this.activeExecutions.size > 0) {
       logger9.warn(`${String(this.activeExecutions.size)} executions did not complete in time`);
@@ -7481,7 +7523,7 @@ function createReadTool(getEnv, pathConfig) {
     }
   );
 }
-function createWriteTool(getEnv, approval) {
+function createWriteTool(getEnv, config) {
   return defineTool(
     {
       id: "write",
@@ -7490,16 +7532,23 @@ function createWriteTool(getEnv, approval) {
         path: z.string().describe("Path to the file to write"),
         content: z.string().describe("Content to write to the file")
       }),
-      approval
+      // Only use blanket approval if explicitly set to 'always'
+      approval: config?.approval === "always" ? "always" : void 0
     },
-    async (_ctx, input) => {
+    async (ctx, input) => {
       const env = await getEnv();
+      if (!config?.approval && config?.pathConfig?.pathRestriction) {
+        const resolved = resolve(env.getCwd(), input.path);
+        if (!isPathAllowed(resolved, config.pathConfig.pathRestriction)) {
+          await requirePathApproval(ctx, "write", resolved, config.pathConfig.pathRestriction);
+        }
+      }
       await env.writeFile(input.path, input.content);
       return { success: true, path: input.path };
     }
   );
 }
-function createEditTool(getEnv, approval) {
+function createEditTool(getEnv, config) {
   return defineTool(
     {
       id: "edit",
@@ -7509,10 +7558,17 @@ function createEditTool(getEnv, approval) {
         old_text: z.string().describe("Exact text to find and replace"),
         new_text: z.string().describe("Text to replace the old_text with")
       }),
-      approval
+      // Only use blanket approval if explicitly set to 'always'
+      approval: config?.approval === "always" ? "always" : void 0
     },
-    async (_ctx, input) => {
+    async (ctx, input) => {
       const env = await getEnv();
+      if (!config?.approval && config?.pathConfig?.pathRestriction) {
+        const resolved = resolve(env.getCwd(), input.path);
+        if (!isPathAllowed(resolved, config.pathConfig.pathRestriction)) {
+          await requirePathApproval(ctx, "edit", resolved, config.pathConfig.pathRestriction);
+        }
+      }
       const content = await env.readFile(input.path);
       if (!content.includes(input.old_text)) {
         throw new Error(
@@ -7617,16 +7673,17 @@ function sandboxTools(config) {
     throw new Error("E2B environment is not yet implemented.");
   }
   const effectiveExecConfig = envType === "local" && !config?.exec?.security ? { ...config?.exec, security: "approval-always" } : config?.exec;
-  const fileApproval = config?.fileApproval ?? (envType === "local" ? "always" : void 0);
   const pathConfig = config?.local?.pathRestriction ? { pathRestriction: config.local.pathRestriction } : void 0;
+  const fileApproval = config?.fileApproval;
+  const writeEditConfig = fileApproval ? { approval: fileApproval } : pathConfig ? { pathConfig } : void 0;
   const include = new Set(
     config?.tools ?? ["exec", "read", "write", "edit", "glob", "grep"]
   );
   const tools = [];
   if (include.has("exec")) tools.push(createExecTool(getEnv, effectiveExecConfig));
   if (include.has("read")) tools.push(createReadTool(getEnv, pathConfig));
-  if (include.has("write")) tools.push(createWriteTool(getEnv, fileApproval));
-  if (include.has("edit")) tools.push(createEditTool(getEnv, fileApproval));
+  if (include.has("write")) tools.push(createWriteTool(getEnv, writeEditConfig));
+  if (include.has("edit")) tools.push(createEditTool(getEnv, writeEditConfig));
   if (include.has("glob")) tools.push(createGlobTool(getEnv, pathConfig));
   if (include.has("grep")) tools.push(createGrepTool(getEnv, pathConfig));
   return tools;