npm - @probelabs/visor - Versions diffs - 0.1.144 → 0.1.145 - Mend

@probelabs/visor 0.1.144 → 0.1.145

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/dist/sdk/{chunk-AKCHIYWU.mjs → chunk-YOKAA4IU.mjs} RENAMED Viewed

@@ -2728,6 +2728,11 @@ var init_config_schema = __esm({
         SandboxConfig: {
           type: "object",
           properties: {
+            engine: {
+              type: "string",
+              enum: ["docker", "bubblewrap", "seatbelt"],
+              description: "Sandbox engine type: 'docker' (default), 'bubblewrap' (Linux namespaces), or 'seatbelt' (macOS sandbox-exec)"
+            },
             image: {
               type: "string",
               description: 'Docker image to use (e.g., "node:20-alpine")'
@@ -4104,92 +4109,120 @@ ${errors}`);
             message: `Sandbox name '${name}' contains invalid characters. Only letters, numbers, dots, hyphens, underscores allowed.`
           });
         }
-        const modes = [
-          config.image ? "image" : null,
-          config.dockerfile || config.dockerfile_inline ? "dockerfile" : null,
-          config.compose ? "compose" : null
-        ].filter(Boolean);
-        if (modes.length === 0) {
-          errors.push({
-            field: `sandboxes.${name}`,
-            message: `Sandbox '${name}' must specify one of: image, dockerfile, dockerfile_inline, or compose`
-          });
-        } else if (modes.length > 1) {
-          errors.push({
-            field: `sandboxes.${name}`,
-            message: `Sandbox '${name}' has multiple modes (${modes.join(", ")}). Specify exactly one.`
-          });
-        }
-        if (config.compose && !config.service) {
+        if (config.engine && !["docker", "bubblewrap", "seatbelt"].includes(config.engine)) {
           errors.push({
-            field: `sandboxes.${name}.service`,
-            message: `Sandbox '${name}' uses compose mode but is missing required 'service' field`
+            field: `sandboxes.${name}.engine`,
+            message: `Sandbox '${name}' has invalid engine '${config.engine}'. Must be 'docker', 'bubblewrap', or 'seatbelt'.`
           });
         }
-        if (config.dockerfile && /\.\./.test(config.dockerfile)) {
-          errors.push({
-            field: `sandboxes.${name}.dockerfile`,
-            message: `Dockerfile path '${config.dockerfile}' in sandbox '${name}' must not contain '..' path traversal`
-          });
-        }
-        if (config.compose && /\.\./.test(config.compose)) {
-          errors.push({
-            field: `sandboxes.${name}.compose`,
-            message: `Compose file path '${config.compose}' in sandbox '${name}' must not contain '..' path traversal`
-          });
-        }
-        if (config.workdir) {
-          if (!config.workdir.startsWith("/")) {
+        const isNativeEngine = config.engine === "bubblewrap" || config.engine === "seatbelt";
+        if (isNativeEngine) {
+          const dockerOnlyFields = [
+            ["image", config.image],
+            ["dockerfile", config.dockerfile],
+            ["dockerfile_inline", config.dockerfile_inline],
+            ["compose", config.compose],
+            ["service", config.service],
+            ["cache", config.cache],
+            ["visor_path", config.visor_path],
+            ["resources", config.resources]
+          ];
+          for (const [field, value] of dockerOnlyFields) {
+            if (value !== void 0) {
+              errors.push({
+                field: `sandboxes.${name}.${field}`,
+                message: `Sandbox '${name}' uses ${config.engine} engine but has Docker-only field '${field}'. Remove it or switch to engine: docker.`
+              });
+            }
+          }
+        } else {
+          const modes = [
+            config.image ? "image" : null,
+            config.dockerfile || config.dockerfile_inline ? "dockerfile" : null,
+            config.compose ? "compose" : null
+          ].filter(Boolean);
+          if (modes.length === 0) {
             errors.push({
-              field: `sandboxes.${name}.workdir`,
-              message: `Workdir '${config.workdir}' in sandbox '${name}' must be an absolute path (start with /)`
+              field: `sandboxes.${name}`,
+              message: `Sandbox '${name}' must specify one of: image, dockerfile, dockerfile_inline, or compose`
+            });
+          } else if (modes.length > 1) {
+            errors.push({
+              field: `sandboxes.${name}`,
+              message: `Sandbox '${name}' has multiple modes (${modes.join(", ")}). Specify exactly one.`
             });
           }
-          if (/\.\./.test(config.workdir)) {
+          if (config.compose && !config.service) {
             errors.push({
-              field: `sandboxes.${name}.workdir`,
-              message: `Workdir '${config.workdir}' in sandbox '${name}' must not contain '..' path traversal`
+              field: `sandboxes.${name}.service`,
+              message: `Sandbox '${name}' uses compose mode but is missing required 'service' field`
             });
           }
-        }
-        if (config.visor_path) {
-          if (!config.visor_path.startsWith("/")) {
+          if (config.dockerfile && /\.\./.test(config.dockerfile)) {
             errors.push({
-              field: `sandboxes.${name}.visor_path`,
-              message: `visor_path '${config.visor_path}' in sandbox '${name}' must be an absolute path (start with /)`
+              field: `sandboxes.${name}.dockerfile`,
+              message: `Dockerfile path '${config.dockerfile}' in sandbox '${name}' must not contain '..' path traversal`
             });
           }
-          if (/\.\./.test(config.visor_path)) {
+          if (config.compose && /\.\./.test(config.compose)) {
             errors.push({
-              field: `sandboxes.${name}.visor_path`,
-              message: `visor_path '${config.visor_path}' in sandbox '${name}' must not contain '..' path traversal`
+              field: `sandboxes.${name}.compose`,
+              message: `Compose file path '${config.compose}' in sandbox '${name}' must not contain '..' path traversal`
             });
           }
-        }
-        if (config.cache?.paths) {
-          for (const p of config.cache.paths) {
-            if (!p.startsWith("/")) {
+          if (config.visor_path) {
+            if (!config.visor_path.startsWith("/")) {
               errors.push({
-                field: `sandboxes.${name}.cache.paths`,
-                message: `Cache path '${p}' in sandbox '${name}' must be absolute (start with /)`,
-                value: p
+                field: `sandboxes.${name}.visor_path`,
+                message: `visor_path '${config.visor_path}' in sandbox '${name}' must be an absolute path (start with /)`
               });
             }
-            if (/\.\./.test(p)) {
+            if (/\.\./.test(config.visor_path)) {
               errors.push({
-                field: `sandboxes.${name}.cache.paths`,
-                message: `Cache path '${p}' in sandbox '${name}' must not contain '..' path traversal`,
-                value: p
+                field: `sandboxes.${name}.visor_path`,
+                message: `visor_path '${config.visor_path}' in sandbox '${name}' must not contain '..' path traversal`
+              });
+            }
+          }
+          if (config.cache?.paths) {
+            for (const p of config.cache.paths) {
+              if (!p.startsWith("/")) {
+                errors.push({
+                  field: `sandboxes.${name}.cache.paths`,
+                  message: `Cache path '${p}' in sandbox '${name}' must be absolute (start with /)`,
+                  value: p
+                });
+              }
+              if (/\.\./.test(p)) {
+                errors.push({
+                  field: `sandboxes.${name}.cache.paths`,
+                  message: `Cache path '${p}' in sandbox '${name}' must not contain '..' path traversal`,
+                  value: p
+                });
+              }
+            }
+          }
+          if (config.resources?.cpu !== void 0) {
+            if (typeof config.resources.cpu !== "number" || config.resources.cpu <= 0) {
+              errors.push({
+                field: `sandboxes.${name}.resources.cpu`,
+                message: `CPU limit in sandbox '${name}' must be a positive number`,
+                value: config.resources.cpu
               });
             }
           }
         }
-        if (config.resources?.cpu !== void 0) {
-          if (typeof config.resources.cpu !== "number" || config.resources.cpu <= 0) {
+        if (config.workdir) {
+          if (!config.workdir.startsWith("/")) {
             errors.push({
-              field: `sandboxes.${name}.resources.cpu`,
-              message: `CPU limit in sandbox '${name}' must be a positive number`,
-              value: config.resources.cpu
+              field: `sandboxes.${name}.workdir`,
+              message: `Workdir '${config.workdir}' in sandbox '${name}' must be an absolute path (start with /)`
+            });
+          }
+          if (/\.\./.test(config.workdir)) {
+            errors.push({
+              field: `sandboxes.${name}.workdir`,
+              message: `Workdir '${config.workdir}' in sandbox '${name}' must not contain '..' path traversal`
             });
           }
         }
@@ -4933,4 +4966,4 @@ export {
   config_exports,
   init_config
 };
-//# sourceMappingURL=chunk-AKCHIYWU.mjs.map
+//# sourceMappingURL=chunk-YOKAA4IU.mjs.map