@pugi/cli 0.1.0-beta.98 → 1.0.0-alpha.1

package/dist/core/retry-budget/retry-cap.js

@@ -1,74 +0,0 @@
-const DEFAULT_CAP = 3;
-const DEFAULT_RESET_AFTER_MS = 300_000;
-export function createRetryBudget(options = {}) {
-    const cap = normalizePositiveInteger(options.cap, DEFAULT_CAP);
-    const resetAfterMs = normalizeNonNegativeInteger(options.resetAfterMs, DEFAULT_RESET_AFTER_MS);
-    const states = new Map();
-    function clone(state) {
-        return { ...state };
-    }
-    function getFreshState(operationKey, now = Date.now()) {
-        const state = states.get(operationKey);
-        if (!state)
-            return null;
-        if (now - state.lastAttemptAt >= resetAfterMs) {
-            states.delete(operationKey);
-            return null;
-        }
-        return state;
-    }
-    return {
-        record(operationKey) {
-            const now = Date.now();
-            const existing = getFreshState(operationKey, now);
-            const attempts = (existing?.attempts ?? 0) + 1;
-            const next = {
-                operationKey,
-                attempts,
-                firstAttemptAt: existing?.firstAttemptAt ?? now,
-                lastAttemptAt: now,
-                exhausted: attempts >= cap,
-            };
-            states.set(operationKey, next);
-            return clone(next);
-        },
-        reset(operationKey) {
-            states.delete(operationKey);
-        },
-        isExhausted(operationKey) {
-            return getFreshState(operationKey)?.exhausted ?? false;
-        },
-        getState(operationKey) {
-            const state = getFreshState(operationKey);
-            return state ? clone(state) : null;
-        },
-    };
-}
-export function validatePromptWordCount(text, opts) {
-    const words = countWords(text);
-    const chars = text.length;
-    if (opts.min !== undefined && words < opts.min) {
-        return { valid: false, words, chars, reason: 'too-short' };
-    }
-    if (opts.max !== undefined && words > opts.max) {
-        return { valid: false, words, chars, reason: 'too-long' };
-    }
-    return { valid: true, words, chars };
-}
-function countWords(text) {
-    const trimmed = text.trim();
-    if (trimmed.length === 0)
-        return 0;
-    return trimmed.split(/\s+/).length;
-}
-function normalizePositiveInteger(value, fallback) {
-    if (value === undefined || !Number.isFinite(value))
-        return fallback;
-    return Math.max(1, Math.floor(value));
-}
-function normalizeNonNegativeInteger(value, fallback) {
-    if (value === undefined || !Number.isFinite(value))
-        return fallback;
-    return Math.max(0, Math.floor(value));
-}
-//# sourceMappingURL=retry-cap.js.map

package/dist/core/routing/lead-worker.js

@@ -1,43 +0,0 @@
-export function assignRoles(opts) {
-    let hasAssignedWriteLead = false;
-    return opts.steps.map((step) => {
-        const role = assignRole(step, hasAssignedWriteLead);
-        if (step.intent === 'write' && role.role === 'lead') {
-            hasAssignedWriteLead = true;
-        }
-        return {
-            step: step.id,
-            role: role.role,
-            model: role.role === 'lead' ? opts.leadModel : opts.workerModel,
-            reason: role.reason,
-        };
-    });
-}
-function assignRole(step, hasAssignedWriteLead) {
-    if (step.intent === 'plan') {
-        return { role: 'lead', reason: 'planning step requires lead orchestration' };
-    }
-    if (hasLeadHeuristic(step.id)) {
-        return { role: 'lead', reason: 'step id indicates planning or orchestration' };
-    }
-    if (step.intent === 'write' && !hasAssignedWriteLead) {
-        return { role: 'lead', reason: 'first write step needs lead architecture' };
-    }
-    if (step.intent === 'write') {
-        return { role: 'worker', reason: 'subsequent write step is bulk execution' };
-    }
-    if (step.intent === 'read' || step.intent === 'verify') {
-        return { role: 'worker', reason: 'read and verify steps are worker execution' };
-    }
-    if (step.intent === 'explain') {
-        return { role: 'worker', reason: 'explanation step can run on worker model' };
-    }
-    return { role: 'lead', reason: 'unknown intent defaults to lead defensively' };
-}
-function hasLeadHeuristic(stepId) {
-    const normalized = stepId.toLowerCase();
-    return (normalized.includes('plan') ||
-        normalized.includes('design') ||
-        normalized.includes('orchestrate'));
-}
-//# sourceMappingURL=lead-worker.js.map

package/dist/core/routing/pre-flight-estimator.js

@@ -1,108 +0,0 @@
-/**
- * Pre-flight token estimator — external tokenEstimation port,
- * adapted for Anvil's 3-tier routing.
- *
- * The auto-compact gate counts tokens AFTER a turn lands. This module
- * runs BEFORE the request leaves the CLI so the router can pick the
- * cheapest pool that still fits. Three pools exist:
- *
- *  cheap    → DeepSeek V4-Pro / Cerebras Qwen3-Coder (128k-256k window)
- *  mid      → Anthropic Sonnet 4.6 / GPT-5 (200k window, 2-3× cheap-pool cost)
- *  long     → Kimi K2.6 / Gemini 2.5 Pro (1M window, 5-10× cheap-pool cost)
- *
- * The estimator is intentionally synchronous, pure, and free of I/O so
- * the call site can run it inside a render loop without yielding to
- * the event loop. The token approximation reuses the existing
- * char-per-token heuristic from `core/compact/token-counter.ts` (4 chars
- * ≈ 1 token, biased high). No tiktoken dependency added.
- */
-import { estimateTokens } from '../compact/token-counter.js';
-/**
- * Default tier ceilings tuned для Anvil 2026-06 routing matrix.
- * cheap-pool models (DeepSeek/Cerebras) hard-cap at 100k effective input.
- * mid-pool (Sonnet/GPT-5) safe through 180k.
- * long-pool (Kimi/Gemini-Pro) accepts к 900k.
- *
- * The numbers stay below the nominal context window к leave room for
- * output tokens, тек streaming overhead, and tokenizer skew.
- */
-const DEFAULT_CHEAP_MAX = 100_000;
-const DEFAULT_MID_MAX = 180_000;
-const DEFAULT_LONG_MAX = 900_000;
-const DEFAULT_OUTPUT_BUFFER = 4_096;
-export function estimatePreFlight(input, options = {}) {
-    const cheapMax = options.cheapTierMaxInput ?? DEFAULT_CHEAP_MAX;
-    const midMax = options.midTierMaxInput ?? DEFAULT_MID_MAX;
-    const longMax = options.longTierMaxInput ?? DEFAULT_LONG_MAX;
-    const outputBuffer = input.expectedOutputTokens
-        ?? options.outputBuffer
-        ?? DEFAULT_OUTPUT_BUFFER;
-    if (cheapMax <= 0 || midMax <= 0 || longMax <= 0) {
-        throw new RangeError('tier max values must be positive');
-    }
-    if (cheapMax > midMax || midMax > longMax) {
-        throw new RangeError('tier ceilings must be monotonic: cheap <= mid <= long');
-    }
-    if (outputBuffer < 0) {
-        throw new RangeError('outputBuffer must be >= 0');
-    }
-    const systemTokens = sumStrings(input.systemPrompt ? [input.systemPrompt] : []);
-    const dialogTokens = sumStrings(input.dialogHistory ?? []);
-    const ragTokens = sumStrings(input.ragContext ?? []);
-    const toolTokens = sumStrings(input.toolResults ?? []);
-    const userTokens = sumStrings(input.userMessage ? [input.userMessage] : []);
-    const inputTokens = systemTokens + dialogTokens + ragTokens + toolTokens + userTokens;
-    const totalTokens = inputTokens + outputBuffer;
-    const tier = pickTier(inputTokens, cheapMax, midMax);
-    const overLongTier = inputTokens > longMax;
-    return {
-        inputTokens,
-        outputBuffer,
-        totalTokens,
-        tier,
-        breakdown: {
-            systemPrompt: systemTokens,
-            dialogHistory: dialogTokens,
-            ragContext: ragTokens,
-            toolResults: toolTokens,
-            userMessage: userTokens,
-        },
-        overLongTier,
-    };
-}
-function sumStrings(parts) {
-    let total = 0;
-    for (const part of parts) {
-        total += estimateTokens(part);
-    }
-    return total;
-}
-function pickTier(inputTokens, cheapMax, midMax) {
-    if (inputTokens <= cheapMax)
-        return 'cheap';
-    if (inputTokens <= midMax)
-        return 'mid';
-    return 'long';
-}
-/**
- * Human-readable explanation для CLI / TUI surfacing.
- * The format is stable and may be parsed by the doctor command.
- */
-export function explainEstimate(estimate) {
-    const lines = [];
-    lines.push(`Input tokens: ${estimate.inputTokens.toLocaleString('en-US')}`);
-    lines.push(`Output buffer: ${estimate.outputBuffer.toLocaleString('en-US')}`);
-    lines.push(`Total: ${estimate.totalTokens.toLocaleString('en-US')}`);
-    lines.push(`Routing tier: ${estimate.tier}`);
-    if (estimate.overLongTier) {
-        lines.push('WARNING: input exceeds long-tier ceiling — request will likely fail');
-    }
-    lines.push('Breakdown:');
-    lines.push(` system prompt: ${estimate.breakdown.systemPrompt.toLocaleString('en-US')}`);
-    lines.push(` dialog:        ${estimate.breakdown.dialogHistory.toLocaleString('en-US')}`);
-    lines.push(` rag:           ${estimate.breakdown.ragContext.toLocaleString('en-US')}`);
-    lines.push(` tool results:  ${estimate.breakdown.toolResults.toLocaleString('en-US')}`);
-    lines.push(` user message:  ${estimate.breakdown.userMessage.toLocaleString('en-US')}`);
-    return lines.join('\n');
-}
-//# sourceMappingURL=pre-flight-estimator.js.map

package/dist/core/runs/run-tree.js

@@ -1,103 +0,0 @@
-/**
- * Canonical `.pugi/runs/<id>/` artifact tree .
- *
- * Karpathy hn-time-capsule pattern: every Pugi execution produces a
- * deterministic directory structure where downstream tooling (eval
- * harness, leaderboard, replay, debugging) can find
- * artifacts at predictable paths.
- *
- * Layout per run:
- *  .pugi/runs/<id>/
- *    meta.json      — metadata: id, startedAt, finishedAt?, command, tier
- *    stdout.log     — captured stdout (the engine writes it directly)
- *    stderr.log     — captured stderr
- *    events.jsonl   — structured event stream (NDJSON)
- *    metrics.json   — final metrics summary (written at run end)
- *    artifacts/     — арbitrary file outputs (plans, diffs, exports)
- *
- * The `<id>` is `<ISO-timestamp>-<short-rand>` so runs sort
- * chronologically when listed by directory order.
- *
- * This module only handles the directory + metadata primitive. Actual
- * stream writing (stdout.log, events.jsonl) is the engine's job —
- * we return paths so the engine knows where к write.
- */
-import { mkdir, writeFile, readFile, stat } from 'node:fs/promises';
-import { randomBytes } from 'node:crypto';
-import path from 'node:path';
-export function generateRunId(now = new Date()) {
-    const iso = now.toISOString().replace(/[:.]/g, '-');
-    const rand = randomBytes(3).toString('hex');
-    return `${iso}-${rand}`;
-}
-export function resolveRunPaths(workspaceRoot, id) {
-    const root = path.join(workspaceRoot, '.pugi', 'runs', id);
-    return {
-        root,
-        meta: path.join(root, 'meta.json'),
-        stdout: path.join(root, 'stdout.log'),
-        stderr: path.join(root, 'stderr.log'),
-        events: path.join(root, 'events.jsonl'),
-        metrics: path.join(root, 'metrics.json'),
-        artifacts: path.join(root, 'artifacts'),
-    };
-}
-export async function createRun(options) {
-    if (!options.workspaceRoot) {
-        throw new TypeError('workspaceRoot is required');
-    }
-    const id = options.id ?? generateRunId();
-    if (!/^[A-Za-z0-9_.\-T:Z]+$/.test(id)) {
-        throw new RangeError(`invalid run id: ${id} (forbidden characters)`);
-    }
-    const paths = resolveRunPaths(options.workspaceRoot, id);
-    await mkdir(paths.artifacts, { recursive: true });
-    const meta = {
-        id,
-        startedAt: new Date().toISOString(),
-    };
-    if (options.command !== undefined)
-        meta.command = options.command;
-    if (options.tier !== undefined)
-        meta.tier = options.tier;
-    if (options.extra !== undefined)
-        meta.extra = options.extra;
-    await writeFile(paths.meta, JSON.stringify(meta, null, 2) + '\n');
-    return paths;
-}
-export async function readRunMetadata(paths) {
-    try {
-        const buf = await readFile(paths.meta, 'utf8');
-        return JSON.parse(buf);
-    }
-    catch {
-        return null;
-    }
-}
-export async function finalizeRun(paths, options = {}) {
-    const existing = await readRunMetadata(paths);
-    if (!existing) {
-        throw new Error(`run metadata missing at ${paths.meta}`);
-    }
-    const finished = {
-        ...existing,
-        finishedAt: new Date().toISOString(),
-    };
-    if (options.exitCode !== undefined) {
-        finished.exitCode = options.exitCode;
-    }
-    await writeFile(paths.meta, JSON.stringify(finished, null, 2) + '\n');
-    if (options.metrics !== undefined) {
-        await writeFile(paths.metrics, JSON.stringify(options.metrics, null, 2) + '\n');
-    }
-}
-export async function runExists(paths) {
-    try {
-        const stats = await stat(paths.root);
-        return stats.isDirectory();
-    }
-    catch {
-        return false;
-    }
-}
-//# sourceMappingURL=run-tree.js.map

package/dist/core/sandboxing/adapter.js

@@ -1,29 +0,0 @@
-/**
- * Bash sandbox adapter interface (Trust Sprint item 6).
- *
- * Adapter pattern so the bash tool stays unchanged: a runner wraps the
- * spawn invocation with an OS-level sandbox primitive. Today's variants:
- *
- *   - none           — passthrough (existing behaviour).
- *   - macOS-seatbelt — /usr/bin/sandbox-exec with a workspace-scoped
- *                      write allowlist, read-anywhere, network-allow
- *                      profile.
- *   - docker         — Linux fallback. Throws at boot (deferred to a
- *                      follow-up PR; schema accepts the keyword so
- *                      operators can see it documented).
- *
- * The CLI bash tool itself is owned by a parallel agent (PUGI-VERIFY-
- * GATE). We intentionally do NOT modify `tools/bash.ts` here. Instead
- * the sandbox sits as an indirection layer between higher-level
- * callers (`runtime/cli.ts`, `core/bash-runner.ts` if introduced
- * later) and the existing bash entry-point.
- *
- * Future: replace this with native landlock bindings on Linux and
- * job-object on Windows. The interface is stable, the adapters
- * change.
- */
-export {};
-// The `makeAdapter` resolver lives in `./index.ts` so it can import
-// the concrete adapters via ESM without circular references. This
-// file stays pure interfaces.
-//# sourceMappingURL=adapter.js.map

package/dist/core/sandboxing/index.js

@@ -1,49 +0,0 @@
-/**
- * Sandbox adapter resolver (Trust Sprint item 6).
- *
- * Single re-export surface so consumers (`pugi doctor`, future bash
- * runner indirection, MCP serve diagnostics) can do:
- *
- *   import { makeAdapter, type SandboxMode } from '.../sandboxing';
- *
- * The concrete adapters live in sibling files; this index wires the
- * lookup table without forcing a circular import between the
- * interface (`adapter.ts`) and the implementations.
- */
-import { NoneSandboxAdapter } from './none.js';
-import { SeatbeltSandboxAdapter } from './seatbelt.js';
-export { NoneSandboxAdapter } from './none.js';
-export { SeatbeltSandboxAdapter } from './seatbelt.js';
-/**
- * Resolve a sandbox adapter from a configured mode. Throws for
- * `docker` (documented but not shipped in this PR) and for unknown
- * modes (defends against forward-rolled settings.json files).
- */
-export function makeAdapter(mode) {
-    switch (mode) {
-        case 'none':
-            return new NoneSandboxAdapter();
-        case 'macOS-seatbelt':
-            return new SeatbeltSandboxAdapter();
-        case 'docker':
-            throw new Error('bash sandbox: docker mode is documented but not yet implemented. ' +
-                'Use bash.sandbox = "none" or "macOS-seatbelt" until the docker adapter ships.');
-        default: {
-            const exhaustive = mode;
-            throw new Error(`bash sandbox: unknown mode "${String(exhaustive)}"`);
-        }
-    }
-}
-/**
- * Convenience: probe the configured mode without spawning anything.
- * Used by `pugi doctor` so the sandbox probe can report the same
- * armed state the bash runner would see.
- */
-export function probeSandbox(opts) {
-    const adapter = makeAdapter(opts.mode);
-    return adapter.probe({
-        workspaceRoot: opts.workspaceRoot,
-        ...(opts.extraWritePaths ? { extraWritePaths: opts.extraWritePaths } : {}),
-    });
-}
-//# sourceMappingURL=index.js.map

package/dist/core/sandboxing/none.js

@@ -1,19 +0,0 @@
-export class NoneSandboxAdapter {
-    mode = 'none';
-    probe(_opts) {
-        return {
-            mode: 'none',
-            armed: false,
-            reason: "policy 'none' selected — bash dispatches run unsandboxed (classifier + permission FSM still apply).",
-            details: ['mode: none (passthrough)', 'enforcement: bash classifier + permission FSM only'],
-        };
-    }
-    wrap(cmd, _opts) {
-        return {
-            command: cmd.command,
-            args: cmd.args,
-            description: 'sandbox: none (passthrough)',
-        };
-    }
-}
-//# sourceMappingURL=none.js.map

package/dist/core/sandboxing/seatbelt.js

@@ -1,183 +0,0 @@
-/**
- * macOS Seatbelt sandbox adapter (Trust Sprint item 6).
- *
- * Wraps bash command execution with `/usr/bin/sandbox-exec` and a
- * dynamically-generated profile. Policy posture:
- *
- *   - Reads ANYWHERE (so `node_modules` lookups, system headers,
- *     package indices etc all keep working).
- *   - Writes ALLOWED under: workspaceRoot, ~/.pugi/, and any
- *     additional paths the caller explicitly passes (typical: /tmp,
- *     plus the resolved pnpm cache dir if it lives outside ~/.pugi).
- *   - Process execution ALLOWED (we need to spawn child binaries to
- *     run pnpm / git / etc).
- *   - Network egress ALLOWED (npm install, git fetch, web fetch).
- *
- * Profile is rendered to a tmp file per `wrap()` call. The temp file
- * lives in OS tmpdir with mode 0o600. We do NOT cache the profile
- * because workspaceRoot or extraWritePaths can vary per call (e.g.
- * REPL working-directory changes); the file write is cheap.
- *
- * Cancel-cleanup: profile temp files are written with the process
- * pid + random suffix so concurrent calls don't collide. We leave
- * cleanup to the kernel's tmp reaper rather than tracking handles
- * inside the adapter — adding ref-counting would couple the sandbox
- * lifecycle to the bash runner and `pugi mcp serve`, both of which
- * are owned by other agents.
- *
- * Security note: sandbox-exec's profile language is best-effort. It
- * is not a kernel-enforced jail. The intent here is to catch
- * accidental writes outside the workspace (e.g. a renamed test that
- * accidentally writes to $HOME), not to harden against a determined
- * attacker who controls the spawned binary.
- */
-import { execFileSync } from 'node:child_process';
-import { mkdtempSync, writeFileSync } from 'node:fs';
-import { tmpdir } from 'node:os';
-import { isAbsolute, join } from 'node:path';
-const SANDBOX_EXEC_PATH = '/usr/bin/sandbox-exec';
-export class SeatbeltSandboxAdapter {
-    mode = 'macOS-seatbelt';
-    probe(opts) {
-        if (process.platform !== 'darwin') {
-            return {
-                mode: 'macOS-seatbelt',
-                armed: false,
-                reason: `macOS-seatbelt unavailable on ${process.platform} — choose 'none' or 'docker'.`,
-                details: [`platform: ${process.platform}`, `expected: darwin`],
-            };
-        }
-        if (!sandboxExecBinaryAvailable()) {
-            return {
-                mode: 'macOS-seatbelt',
-                armed: false,
-                reason: `sandbox-exec not callable at ${SANDBOX_EXEC_PATH}.`,
-                details: [
-                    `binary: ${SANDBOX_EXEC_PATH}`,
-                    'remediation: verify Apple has not deprecated the binary on this macOS major.',
-                ],
-            };
-        }
-        return {
-            mode: 'macOS-seatbelt',
-            armed: true,
-            details: [
-                'platform: darwin',
-                `binary: ${SANDBOX_EXEC_PATH}`,
-                `workspaceRoot: ${opts.workspaceRoot}`,
-                `extraWritePaths: ${(opts.extraWritePaths ?? []).join(', ') || '<none>'}`,
-            ],
-        };
-    }
-    wrap(cmd, opts) {
-        const armed = this.probe(opts);
-        if (!armed.armed) {
-            throw new Error(`SeatbeltSandboxAdapter.wrap: ${armed.reason}`);
-        }
-        if (!isAbsolute(opts.workspaceRoot)) {
-            throw new Error(`SeatbeltSandboxAdapter.wrap: workspaceRoot must be absolute, got "${opts.workspaceRoot}"`);
-        }
-        for (const p of opts.extraWritePaths ?? []) {
-            if (!isAbsolute(p)) {
-                throw new Error(`SeatbeltSandboxAdapter.wrap: extraWritePaths entry must be absolute, got "${p}"`);
-            }
-        }
-        const profilePath = writeProfileFile(opts);
-        return {
-            command: SANDBOX_EXEC_PATH,
-            args: ['-f', profilePath, cmd.command, ...cmd.args],
-            description: `sandbox: macOS-seatbelt (profile=${profilePath})`,
-        };
-    }
-    /**
-     * Render the Seatbelt profile (TCL/Lisp-ish) for the given write
-     * allowlist. Exposed for unit tests; the live wrap path uses
-     * `writeProfileFile` internally.
-     */
-    renderProfile(opts) {
-        return renderProfile(opts);
-    }
-}
-function sandboxExecBinaryAvailable() {
-    try {
-        // `sandbox-exec` exits non-zero with a usage banner on `-h`. We
-        // capture the banner via stderr and accept any rapid exit as
-        // evidence the binary is callable.
-        execFileSync(SANDBOX_EXEC_PATH, ['-h'], {
-            stdio: ['ignore', 'ignore', 'pipe'],
-            timeout: 3000,
-        });
-        return true;
-    }
-    catch (err) {
-        const e = err;
-        // ENOENT means the binary itself is missing. A non-zero exit code
-        // (sandbox-exec usage banner) is success for our purposes.
-        if (e?.code === 'ENOENT')
-            return false;
-        return true;
-    }
-}
-function writeProfileFile(opts) {
-    const profile = renderProfile(opts);
-    const dir = mkdtempSync(join(tmpdir(), 'pugi-seatbelt-'));
-    const path = join(dir, 'profile.sb');
-    writeFileSync(path, profile, { mode: 0o600 });
-    return path;
-}
-/**
- * Generate the Seatbelt profile. Keep the language tight:
- *
- *   - (version 1) — required header.
- *   - (deny default) — start from no permissions.
- *   - (allow process*) — allow spawning child processes.
- *   - (allow file-read*) — reads unrestricted.
- *   - (allow file-write* (subpath "...")) — writes scoped.
- *   - (allow network*) — egress unrestricted.
- *   - (allow signal) + sysctl-read for normal node operation.
- */
-function renderProfile(opts) {
-    const writePaths = [opts.workspaceRoot, ...(opts.extraWritePaths ?? [])];
-    const writeRules = writePaths
-        .map((p) => `  (subpath ${quoteForSeatbelt(p)})`)
-        .join('\n');
-    // Devices required for normal stdout/stderr piping. /dev/null is
-    // table stakes; pts/* keeps interactive PTY-based tools (pagers,
-    // editors) working when an operator runs them under the sandbox.
-    const devicePaths = ['/dev/null', '/dev/dtracehelper', '/dev/tty', '/dev/stdout', '/dev/stderr'];
-    const deviceRules = devicePaths
-        .map((p) => `  (literal ${quoteForSeatbelt(p)})`)
-        .join('\n');
-    return [
-        '(version 1)',
-        '(deny default)',
-        '(allow process-exec)',
-        '(allow process-fork)',
-        '(allow signal (target self))',
-        '(allow sysctl-read)',
-        '(allow file-read*)',
-        '(allow file-write*',
-        writeRules,
-        ')',
-        '(allow file-write*',
-        deviceRules,
-        ')',
-        '(allow network*)',
-        '(allow mach-lookup)',
-        '(allow ipc-posix-shm)',
-        '',
-    ].join('\n');
-}
-/**
- * Seatbelt profile string literals use TCL-style double-quoted
- * strings. We need to escape `"` and `\` but the profile language
- * does not accept arbitrary control chars; reject any input that
- * contains them so we never silently emit a malformed profile.
- */
-function quoteForSeatbelt(value) {
-    if (/[\x00-\x1f"\\]/.test(value)) {
-        throw new Error(`SeatbeltSandboxAdapter: refusing to render profile with non-printable or quote chars in "${value}"`);
-    }
-    return `"${value}"`;
-}
-//# sourceMappingURL=seatbelt.js.map