@rlemaigre/sbx 0.1.0 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/api.d.ts +6 -13
- package/dist/api.d.ts.map +1 -1
- package/dist/api.js +58 -118
- package/dist/api.js.map +1 -1
- package/dist/cli.d.ts +1 -0
- package/dist/cli.js +6 -4
- package/dist/cli.js.map +1 -1
- package/dist/config.d.ts +4 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +8 -2
- package/dist/config.js.map +1 -1
- package/dist/templates/config.template.yaml +19 -14
- package/package.json +3 -2
- package/dist/commands/deploy.d.ts +0 -6
- package/dist/commands/deploy.d.ts.map +0 -1
- package/dist/commands/deploy.js +0 -49
- package/dist/commands/deploy.js.map +0 -1
- package/dist/commands/init.d.ts +0 -6
- package/dist/commands/init.d.ts.map +0 -1
- package/dist/commands/init.js +0 -21
- package/dist/commands/init.js.map +0 -1
- package/dist/commands/run.d.ts +0 -9
- package/dist/commands/run.d.ts.map +0 -1
- package/dist/commands/run.js +0 -49
- package/dist/commands/run.js.map +0 -1
- package/dist/commands/undeploy.d.ts +0 -6
- package/dist/commands/undeploy.d.ts.map +0 -1
- package/dist/commands/undeploy.js +0 -28
- package/dist/commands/undeploy.js.map +0 -1
- package/dist/lib/config.d.ts +0 -51
- package/dist/lib/config.d.ts.map +0 -1
- package/dist/lib/config.js +0 -47
- package/dist/lib/config.js.map +0 -1
- package/dist/lib/network.d.ts +0 -18
- package/dist/lib/network.d.ts.map +0 -1
- package/dist/lib/network.js +0 -31
- package/dist/lib/network.js.map +0 -1
- package/dist/lib/paths.d.ts +0 -12
- package/dist/lib/paths.d.ts.map +0 -1
- package/dist/lib/paths.js +0 -21
- package/dist/lib/paths.js.map +0 -1
- package/dist/lib/vfs.d.ts +0 -15
- package/dist/lib/vfs.d.ts.map +0 -1
- package/dist/lib/vfs.js +0 -44
- package/dist/lib/vfs.js.map +0 -1
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@ Sandboxed AI Agents — TypeScript API and CLI for [Gondolin](https://github.com
|
|
|
5
5
|
## Install
|
|
6
6
|
|
|
7
7
|
```bash
|
|
8
|
-
npm install -g sbx
|
|
8
|
+
npm install -g @rlemaigre/sbx
|
|
9
9
|
```
|
|
10
10
|
|
|
11
11
|
## Usage
|
|
@@ -26,7 +26,7 @@ sbx run pi -- echo hello
|
|
|
26
26
|
### API
|
|
27
27
|
|
|
28
28
|
```typescript
|
|
29
|
-
import { Sandbox, SandboxConfig } from "sbx";
|
|
29
|
+
import { Sandbox, SandboxConfig } from "@rlemaigre/sbx";
|
|
30
30
|
|
|
31
31
|
const config = SandboxConfig.load("~/.config/sbx/pi.yaml");
|
|
32
32
|
const sandbox = await Sandbox.create(config, "~/.cache/sbx/pi");
|
package/dist/api.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { VM } from "@earendil-works/gondolin";
|
|
2
|
-
import { SandboxConfig } from "./config";
|
|
2
|
+
import { SandboxConfig, type IMount } from "./config";
|
|
3
3
|
export { loadConfig, SandboxConfig } from "./config";
|
|
4
4
|
export type { INetworkPolicy, IMount, ISecretConfig, } from "./config";
|
|
5
5
|
/**
|
|
@@ -36,9 +36,7 @@ export interface IExecResult {
|
|
|
36
36
|
}
|
|
37
37
|
/**
|
|
38
38
|
* Sandbox handle — wraps the underlying Gondolin VM.
|
|
39
|
-
*
|
|
40
|
-
* The checkpoint (post-setup snapshot) is managed automatically by `Sandbox.create()`.
|
|
41
|
-
* To persist data, write through `mounts` backed by `RealFSProvider`.
|
|
39
|
+
* Setup commands run on every start. Persist data through `mounts` backed by `RealFSProvider`.
|
|
42
40
|
*/
|
|
43
41
|
export declare class Sandbox {
|
|
44
42
|
/**
|
|
@@ -50,13 +48,12 @@ export declare class Sandbox {
|
|
|
50
48
|
/**
|
|
51
49
|
* Create a sandboxed agent VM.
|
|
52
50
|
*
|
|
53
|
-
*
|
|
54
|
-
* On subsequent runs: if `setup` matches the saved manifest, restore the snapshot;
|
|
55
|
-
* otherwise re-run setup from scratch and save a new snapshot.
|
|
51
|
+
* Every run: fresh boot → run `setup` commands.
|
|
56
52
|
* Mounts, network, and secrets are always rebuilt from the caller-supplied config.
|
|
57
|
-
* User modifications via `exec()` are never persisted.
|
|
53
|
+
* User modifications via `exec()` are never persisted — `shutdown()` is destructive.
|
|
54
|
+
* @param extraMounts - Additional mounts merged with config mounts (same shadow rules apply).
|
|
58
55
|
*/
|
|
59
|
-
static create(config: SandboxConfig,
|
|
56
|
+
static create(config: SandboxConfig, extraMounts?: IMount[]): Promise<Sandbox>;
|
|
60
57
|
/**
|
|
61
58
|
* Run each setup command from the config inside an existing sandbox.
|
|
62
59
|
*/
|
|
@@ -83,9 +80,5 @@ export declare class Sandbox {
|
|
|
83
80
|
* Tear down the VM. Does not save state — shutdown is destructive.
|
|
84
81
|
*/
|
|
85
82
|
shutdown(): Promise<void>;
|
|
86
|
-
/**
|
|
87
|
-
* Checkpoint the current VM state to a path on disk.
|
|
88
|
-
*/
|
|
89
|
-
save(path: string): Promise<void>;
|
|
90
83
|
}
|
|
91
84
|
//# sourceMappingURL=api.d.ts.map
|
package/dist/api.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,EAAE,EAAoB,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAc,aAAa,EAAE,KAAK,MAAM,EAAE,MAAM,UAAU,CAAC;AAElE,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AA0BrD,YAAY,EACV,cAAc,EACd,MAAM,EACN,aAAa,GACd,MAAM,UAAU,CAAC;AAElB;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,CACJ,KAAK,EAAE,MAAM,CAAC,UAAU,EACxB,MAAM,EAAE,MAAM,CAAC,WAAW,EAC1B,MAAM,CAAC,EAAE,MAAM,CAAC,WAAW,GAC1B,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,qBAAa,OAAO;IAClB;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAK;gBAEZ,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,aAAa;IAKzC;;;;;;;OAOG;WACU,MAAM,CAAC,MAAM,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAYpF;;OAEG;mBACkB,QAAQ;IAkB7B;;;OAGG;IACG,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC;IAWlE;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAO/B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAgB/B;;;OAGG;IACG,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMjD;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAIhC"}
|
package/dist/api.js
CHANGED
|
@@ -1,17 +1,40 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.Sandbox = exports.SandboxConfig = exports.loadConfig = void 0;
|
|
4
|
+
const node_child_process_1 = require("node:child_process");
|
|
4
5
|
const node_fs_1 = require("node:fs");
|
|
5
6
|
const node_path_1 = require("node:path");
|
|
7
|
+
const node_os_1 = require("node:os");
|
|
6
8
|
const gondolin_1 = require("@earendil-works/gondolin");
|
|
7
9
|
var config_1 = require("./config");
|
|
8
10
|
Object.defineProperty(exports, "loadConfig", { enumerable: true, get: function () { return config_1.loadConfig; } });
|
|
9
11
|
Object.defineProperty(exports, "SandboxConfig", { enumerable: true, get: function () { return config_1.SandboxConfig; } });
|
|
12
|
+
const IMAGE_URL = "https://github.com/rlemaigre/agent-sandboxes/releases/download/v0.1.3-image/sbx-assets.tar.gz";
|
|
13
|
+
const IMAGE_CACHE_DIR = (0, node_path_1.join)((0, node_os_1.homedir)(), ".cache", "sbx", "image");
|
|
14
|
+
/**
|
|
15
|
+
* Ensure the custom sbx image is downloaded and extracted.
|
|
16
|
+
* Returns the path to the image assets directory.
|
|
17
|
+
*/
|
|
18
|
+
async function ensureImage() {
|
|
19
|
+
if ((0, node_fs_1.existsSync)((0, node_path_1.join)(IMAGE_CACHE_DIR, "manifest.json"))) {
|
|
20
|
+
return IMAGE_CACHE_DIR;
|
|
21
|
+
}
|
|
22
|
+
(0, node_fs_1.mkdirSync)(IMAGE_CACHE_DIR, { recursive: true });
|
|
23
|
+
const tarball = (0, node_path_1.join)(IMAGE_CACHE_DIR, "..", "sbx-assets.tar.gz");
|
|
24
|
+
console.error("[sbx] downloading image...");
|
|
25
|
+
const resp = await fetch(IMAGE_URL);
|
|
26
|
+
if (!resp.ok)
|
|
27
|
+
throw new Error(`Image download failed: ${resp.status}`);
|
|
28
|
+
const buffer = await resp.arrayBuffer();
|
|
29
|
+
require("node:fs").writeFileSync(tarball, Buffer.from(buffer));
|
|
30
|
+
console.error("[sbx] extracting image...");
|
|
31
|
+
(0, node_child_process_1.execFileSync)("tar", ["xzf", tarball, "-C", IMAGE_CACHE_DIR]);
|
|
32
|
+
require("node:fs").unlinkSync(tarball);
|
|
33
|
+
return IMAGE_CACHE_DIR;
|
|
34
|
+
}
|
|
10
35
|
/**
|
|
11
36
|
* Sandbox handle — wraps the underlying Gondolin VM.
|
|
12
|
-
*
|
|
13
|
-
* The checkpoint (post-setup snapshot) is managed automatically by `Sandbox.create()`.
|
|
14
|
-
* To persist data, write through `mounts` backed by `RealFSProvider`.
|
|
37
|
+
* Setup commands run on every start. Persist data through `mounts` backed by `RealFSProvider`.
|
|
15
38
|
*/
|
|
16
39
|
class Sandbox {
|
|
17
40
|
/**
|
|
@@ -26,37 +49,37 @@ class Sandbox {
|
|
|
26
49
|
/**
|
|
27
50
|
* Create a sandboxed agent VM.
|
|
28
51
|
*
|
|
29
|
-
*
|
|
30
|
-
* On subsequent runs: if `setup` matches the saved manifest, restore the snapshot;
|
|
31
|
-
* otherwise re-run setup from scratch and save a new snapshot.
|
|
52
|
+
* Every run: fresh boot → run `setup` commands.
|
|
32
53
|
* Mounts, network, and secrets are always rebuilt from the caller-supplied config.
|
|
33
|
-
* User modifications via `exec()` are never persisted.
|
|
54
|
+
* User modifications via `exec()` are never persisted — `shutdown()` is destructive.
|
|
55
|
+
* @param extraMounts - Additional mounts merged with config mounts (same shadow rules apply).
|
|
34
56
|
*/
|
|
35
|
-
static async create(config,
|
|
36
|
-
const
|
|
37
|
-
const
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
const setupVm = await gondolin_1.VM.create(vmOptions);
|
|
44
|
-
const sandbox = new Sandbox(setupVm, config);
|
|
45
|
-
await Sandbox.runSetup(sandbox, config);
|
|
46
|
-
// If caching, checkpoint and resume from snapshot
|
|
47
|
-
if (cache) {
|
|
48
|
-
await cache.save(setupVm, config);
|
|
49
|
-
await setupVm.close();
|
|
50
|
-
return cache.restore(config);
|
|
51
|
-
}
|
|
57
|
+
static async create(config, extraMounts) {
|
|
58
|
+
const imageDir = config.image ?? await ensureImage();
|
|
59
|
+
const vmOptions = buildVmOptions(config, imageDir, extraMounts);
|
|
60
|
+
const debug = config.debug;
|
|
61
|
+
debug && console.error("[sbx] fresh boot, running setup");
|
|
62
|
+
const vm = await gondolin_1.VM.create(vmOptions);
|
|
63
|
+
const sandbox = new Sandbox(vm, config);
|
|
64
|
+
await Sandbox.runSetup(sandbox, config, debug);
|
|
52
65
|
return sandbox;
|
|
53
66
|
}
|
|
54
67
|
/**
|
|
55
68
|
* Run each setup command from the config inside an existing sandbox.
|
|
56
69
|
*/
|
|
57
|
-
static async runSetup(sandbox, config) {
|
|
70
|
+
static async runSetup(sandbox, config, debug) {
|
|
58
71
|
for (const cmd of config.setup ?? []) {
|
|
59
|
-
await (await sandbox.exec(cmd)).exit;
|
|
72
|
+
const result = await (await sandbox.exec(cmd)).exit;
|
|
73
|
+
if (debug) {
|
|
74
|
+
console.error(`[sbx] setup: ${cmd}`);
|
|
75
|
+
if (result.stdout)
|
|
76
|
+
console.error(result.stdout);
|
|
77
|
+
if (result.stderr)
|
|
78
|
+
console.error(result.stderr);
|
|
79
|
+
if (result.exitCode !== 0) {
|
|
80
|
+
console.error(`[sbx] setup exited with code ${result.exitCode}`);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
60
83
|
}
|
|
61
84
|
}
|
|
62
85
|
/**
|
|
@@ -111,106 +134,23 @@ class Sandbox {
|
|
|
111
134
|
async shutdown() {
|
|
112
135
|
return this.vm.close();
|
|
113
136
|
}
|
|
114
|
-
/**
|
|
115
|
-
* Checkpoint the current VM state to a path on disk.
|
|
116
|
-
*/
|
|
117
|
-
async save(path) {
|
|
118
|
-
const cache = new CacheDir(path);
|
|
119
|
-
await cache.save(this.vm, this.config);
|
|
120
|
-
}
|
|
121
137
|
}
|
|
122
138
|
exports.Sandbox = Sandbox;
|
|
123
|
-
/**
|
|
124
|
-
* Cache directory handle — manages checkpoint save/restore and manifest validation.
|
|
125
|
-
*/
|
|
126
|
-
class CacheDir {
|
|
127
|
-
path;
|
|
128
|
-
constructor(path) {
|
|
129
|
-
this.path = path;
|
|
130
|
-
}
|
|
131
|
-
/**
|
|
132
|
-
* Load the cached manifest (verbatim setup commands).
|
|
133
|
-
* Returns undefined if manifest.txt is missing.
|
|
134
|
-
*/
|
|
135
|
-
loadManifest() {
|
|
136
|
-
const path = (0, node_path_1.join)(this.path, "manifest.txt");
|
|
137
|
-
if (!(0, node_fs_1.existsSync)(path))
|
|
138
|
-
return undefined;
|
|
139
|
-
try {
|
|
140
|
-
return (0, node_fs_1.readFileSync)(path, "utf-8").split("\n").filter(Boolean);
|
|
141
|
-
}
|
|
142
|
-
catch {
|
|
143
|
-
return undefined;
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
/**
|
|
147
|
-
* Load a cached disk checkpoint.
|
|
148
|
-
* Returns undefined if the file is missing or corrupt.
|
|
149
|
-
*/
|
|
150
|
-
async loadCheckpoint() {
|
|
151
|
-
const path = (0, node_path_1.join)(this.path, "disk.qcow2");
|
|
152
|
-
if (!(0, node_fs_1.existsSync)(path))
|
|
153
|
-
return undefined;
|
|
154
|
-
try {
|
|
155
|
-
return await gondolin_1.VmCheckpoint.load(path);
|
|
156
|
-
}
|
|
157
|
-
catch {
|
|
158
|
-
return undefined;
|
|
159
|
-
}
|
|
160
|
-
}
|
|
161
|
-
/**
|
|
162
|
-
* Returns true if the cached manifest matches the config setup commands.
|
|
163
|
-
*/
|
|
164
|
-
matches(config) {
|
|
165
|
-
const manifest = this.loadManifest();
|
|
166
|
-
if (!manifest)
|
|
167
|
-
return false;
|
|
168
|
-
const setup = config.setup ?? [];
|
|
169
|
-
if (manifest.length !== setup.length)
|
|
170
|
-
return false;
|
|
171
|
-
return manifest.every((cmd, i) => cmd === setup[i]);
|
|
172
|
-
}
|
|
173
|
-
/**
|
|
174
|
-
* Restore a sandbox from the cached checkpoint.
|
|
175
|
-
* Throws if the manifest does not match the config.
|
|
176
|
-
*/
|
|
177
|
-
async restore(config) {
|
|
178
|
-
if (!this.matches(config)) {
|
|
179
|
-
throw new Error("checkpoint manifest mismatch");
|
|
180
|
-
}
|
|
181
|
-
const checkpoint = await this.loadCheckpoint();
|
|
182
|
-
if (!checkpoint)
|
|
183
|
-
throw new Error("checkpoint not found");
|
|
184
|
-
const vmOptions = buildVmOptions(config);
|
|
185
|
-
const vm = await checkpoint.resume(vmOptions);
|
|
186
|
-
return new Sandbox(vm, config);
|
|
187
|
-
}
|
|
188
|
-
/**
|
|
189
|
-
* Save the current VM disk and manifest into the cache directory.
|
|
190
|
-
*/
|
|
191
|
-
async save(vm, config) {
|
|
192
|
-
(0, node_fs_1.mkdirSync)(this.path, { recursive: true });
|
|
193
|
-
try {
|
|
194
|
-
await vm.checkpoint((0, node_path_1.join)(this.path, "disk.qcow2"));
|
|
195
|
-
(0, node_fs_1.writeFileSync)((0, node_path_1.join)(this.path, "manifest.txt"), (config.setup ?? []).join("\n"));
|
|
196
|
-
}
|
|
197
|
-
catch {
|
|
198
|
-
// checkpoint failed — VM still runs
|
|
199
|
-
}
|
|
200
|
-
}
|
|
201
|
-
}
|
|
202
139
|
/**
|
|
203
140
|
* Build VM options from a sandbox config.
|
|
204
|
-
* Derives network hooks, VFS mounts, merged env, and
|
|
141
|
+
* Derives network hooks, VFS mounts, merged env, DNS mode, and custom image path.
|
|
205
142
|
*/
|
|
206
|
-
function buildVmOptions(config) {
|
|
143
|
+
function buildVmOptions(config, imageDir, extraMounts) {
|
|
207
144
|
const { httpHooks, env } = config.buildHttpHooks();
|
|
208
|
-
const
|
|
209
|
-
|
|
145
|
+
const vfsMounts = config.buildVFSProviders(extraMounts);
|
|
146
|
+
const mergedEnv = { ...env, ...config.env };
|
|
147
|
+
const options = {
|
|
148
|
+
sandbox: { imagePath: imageDir },
|
|
210
149
|
httpHooks,
|
|
211
|
-
env:
|
|
150
|
+
env: mergedEnv,
|
|
212
151
|
dns: { mode: "synthetic" },
|
|
213
|
-
vfs: { mounts },
|
|
152
|
+
vfs: Object.keys(vfsMounts).length ? { mounts: vfsMounts } : undefined,
|
|
214
153
|
};
|
|
154
|
+
return options;
|
|
215
155
|
}
|
|
216
156
|
//# sourceMappingURL=api.js.map
|
package/dist/api.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":";;;AAAA,2DAAkD;AAClD,qCAAgD;AAChD,yCAA0C;AAC1C,qCAAkC;AAClC,uDAAgE;AAGhE,mCAAqD;AAA5C,oGAAA,UAAU,OAAA;AAAE,uGAAA,aAAa,OAAA;AAElC,MAAM,SAAS,GAAG,+FAA+F,CAAC;AAClH,MAAM,eAAe,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAElE;;;GAGG;AACH,KAAK,UAAU,WAAW;IACxB,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,eAAe,EAAE,eAAe,CAAC,CAAC,EAAE,CAAC;QACvD,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,IAAA,mBAAS,EAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,IAAA,gBAAI,EAAC,eAAe,EAAE,IAAI,EAAE,mBAAmB,CAAC,CAAC;IACjE,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,CAAC;IACpC,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,CAAC,SAAS,CAAC,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC3C,IAAA,iCAAY,EAAC,KAAK,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,OAAO,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACvC,OAAO,eAAe,CAAC;AACzB,CAAC;AA+CD;;;GAGG;AACH,MAAa,OAAO;IAClB;;OAEG;IACM,MAAM,CAAgB;IACd,EAAE,CAAK;IAExB,YAAY,EAAM,EAAE,MAAqB;QACvC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAqB,EAAE,WAAsB;QAC/D,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,WAAW,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAE3B,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAC1D,MAAM,EAAE,GAAG,MAAM,aAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACxC,MAAM,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,KAAK,CAAC,QAAQ,CAC3B,OAAgB,EAChB,MAAqB,EACrB,KAAe;QAEf,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;YACpD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,gBAAgB,GAAG,EAAE,CAAC,CAAC;gBACrC,IAAI,MAAM,CAAC,MAAM;oBAAE,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,MAAM,CAAC,MAAM;oBAAE,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;oBAC1B,OAAO,CAAC,KAAK,CAAC,gCAAgC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACnE,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,GAAW,EAAE,OAAsB;QAC5C,MAAM,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;QAClE,OAAO;YACL,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAChC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YACrD,IAAI,EAAE,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC;SAChD,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,gBAAgB,CAAC,OAAsB;QACpD,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC;QAChC,OAAO,SAAS;YACd,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE;YAC9B,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACxG,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,gBAAgB,CAC7B,IAA4B,EAC5B,SAAkB;QAElB,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,IAAI,EAAE;gBACjB,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC;gBACrB,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;YACtE,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;QACD,OAAO,CAAC,KAAK,IAAI,EAAE;YACjB,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QAC1D,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,GAAW;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACjE,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,OAAO,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;CAEF;AAlHD,0BAkHC;AAED;;;GAGG;AACH,SAAS,cAAc,CACrB,MAAqB,EACrB,QAAgB,EAChB,WAAsB;IAEtB,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;IACnD,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,EAAE,GAAG,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAoC;QAC/C,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;QAChC,SAAS;QACT,GAAG,EAAE,SAAS;QACd,GAAG,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;QAC1B,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS;KACvE,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/cli.d.ts
CHANGED
package/dist/cli.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
1
2
|
"use strict";
|
|
2
3
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
4
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
@@ -5,6 +6,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
7
|
const commander_1 = require("commander");
|
|
7
8
|
const node_fs_1 = require("node:fs");
|
|
9
|
+
const node_process_1 = require("node:process");
|
|
8
10
|
const node_path_1 = require("node:path");
|
|
9
11
|
const tiny_invariant_1 = __importDefault(require("tiny-invariant"));
|
|
10
12
|
const config_1 = require("./config");
|
|
@@ -16,7 +18,6 @@ const CONFIG_DIR = (0, node_path_1.resolve)((0, node_path_1.join)(home, ".config
|
|
|
16
18
|
const SHIM_DIR = process.platform === "win32"
|
|
17
19
|
? (0, node_path_1.resolve)((0, node_path_1.join)(home, "AppData", "Roaming", "bin"))
|
|
18
20
|
: (0, node_path_1.resolve)((0, node_path_1.join)(home, ".local", "bin"));
|
|
19
|
-
const CACHE_DIR = (0, node_path_1.resolve)((0, node_path_1.join)(home, ".cache", "sbx"));
|
|
20
21
|
/**
|
|
21
22
|
* Commander program instance with registered sub-commands.
|
|
22
23
|
*/
|
|
@@ -24,7 +25,7 @@ const program = new commander_1.Command();
|
|
|
24
25
|
program
|
|
25
26
|
.name("sbx")
|
|
26
27
|
.description("Sandboxed AI Agents — CLI for Gondolin micro-VMs")
|
|
27
|
-
.version(
|
|
28
|
+
.version(JSON.parse((0, node_fs_1.readFileSync)((0, node_path_1.join)(__dirname, "..", "package.json"), "utf-8")).version);
|
|
28
29
|
program
|
|
29
30
|
.command("init")
|
|
30
31
|
.description("Generate a config file at ~/.config/sbx/<name>.yaml")
|
|
@@ -109,10 +110,11 @@ async function handleRun(args, opts) {
|
|
|
109
110
|
(0, tiny_invariant_1.default)(shimName, "Missing --shim-name");
|
|
110
111
|
const config = config_1.SandboxConfig.load((0, node_path_1.join)(CONFIG_DIR, `${shimName}.yaml`));
|
|
111
112
|
(0, tiny_invariant_1.default)(config.cmd, `Config for ${shimName} must specify cmd`);
|
|
112
|
-
const
|
|
113
|
+
const autoMount = { hostPath: (0, node_process_1.cwd)(), guestPath: "/workspace" };
|
|
114
|
+
const sandbox = await api_1.Sandbox.create(config, [autoMount]);
|
|
113
115
|
const cmd = buildCommand(config.cmd, args);
|
|
114
116
|
try {
|
|
115
|
-
const exitCode = await sandbox.execAndAttach(cmd);
|
|
117
|
+
const exitCode = await sandbox.execAndAttach(`cd /workspace && ${cmd}`);
|
|
116
118
|
process.exit(exitCode);
|
|
117
119
|
}
|
|
118
120
|
finally {
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;;;;AACA,yCAAoC;AACpC,qCAAkH;AAClH,+CAAmC;AACnC,yCAAmD;AACnD,oEAAuC;AACvC,qCAAsD;AACtD,+BAAgC;AAEhC,+EAA+E;AAE/E,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;AAC9B,IAAA,wBAAS,EAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC;AAErD,MAAM,UAAU,GAAG,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;AACzD,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,OAAO;IAC1B,CAAC,CAAC,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC,CAAC,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAG3C;;GAEG;AACH,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,KAAK,CAAC;KACX,WAAW,CAAC,kDAAkD,CAAC;KAC/D,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,IAAA,gBAAI,EAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;AAE7F,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,qDAAqD,CAAC;KAClE,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;KACzC,MAAM,CAAC,UAAU,CAAC,CAAC;AAEtB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,wCAAwC,CAAC;KACrD,QAAQ,CAAC,YAAY,EAAE,wBAAwB,CAAC;KAChD,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,qBAAqB,CAAC;KAClC,QAAQ,CAAC,YAAY,EAAE,sBAAsB,CAAC;KAC9C,MAAM,CAAC,cAAc,CAAC,CAAC;AAE1B,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,iEAAiE,CAAC;KAC9E,QAAQ,CAAC,WAAW,EAAE,wCAAwC,CAAC;KAC/D,MAAM,CAAC,oBAAoB,EAAE,6BAA6B,CAAC;KAC3D,kBAAkB,CAAC,IAAI,CAAC;KACxB,MAAM,CAAC,SAAS,CAAC,CAAC;AAErB,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAE5B,gFAAgF;AAEhF;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,MAAM,GAAG,IAAA,gBAAI,EAAC,UAAU,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;IAChD,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,IAAA,sBAAY,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,WAAW,EAAE,sBAAsB,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAe;IACnC,IAAA,mBAAS,EAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,SAAS,CAAC,IAAI,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACvC,IAAA,uBAAa,EAAC,QAAQ,EAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,IAAA,mBAAS,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAe;IACrC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,UAAU,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAA,oBAAU,EAAC,QAAQ,CAAC,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,WAAW,QAAQ,EAAE,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,IAAc,EAAE,IAA2B;IAClE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC/B,IAAA,wBAAS,EAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAG,sBAAa,CAAC,IAAI,CAAC,IAAA,gBAAI,EAAC,UAAU,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC,CAAC;IACxE,IAAA,wBAAS,EAAC,MAAM,CAAC,GAAG,EAAE,cAAc,QAAQ,mBAAmB,CAAC,CAAC;IAEjE,MAAM,SAAS,GAAW,EAAE,QAAQ,EAAE,IAAA,kBAAG,GAAE,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;IACvE,MAAM,OAAO,GAAG,MAAM,aAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAE3C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,oBAAoB,GAAG,EAAE,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzB,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,GAAW,EAAE,IAAc;IAC/C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IAClC,OAAO,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,gFAAgF;AAEhF;;GAEG;AACH,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,IAAA,gBAAI,EAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;AAC7E,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAY;IACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,kBAAkB,CAAC;IACzF,OAAO,IAAA,sBAAY,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;AACpG,CAAC"}
|
package/dist/config.d.ts
CHANGED
|
@@ -34,11 +34,13 @@ export interface ISecretConfig {
|
|
|
34
34
|
export declare class SandboxConfig {
|
|
35
35
|
readonly cmd?: string;
|
|
36
36
|
readonly setup?: string[];
|
|
37
|
+
readonly image?: string;
|
|
37
38
|
readonly network?: INetworkPolicy;
|
|
38
39
|
readonly mounts?: IMount[];
|
|
39
40
|
readonly shadow?: string[];
|
|
40
41
|
readonly env?: Record<string, string>;
|
|
41
42
|
readonly secrets?: Record<string, ISecretConfig>;
|
|
43
|
+
readonly debug?: boolean;
|
|
42
44
|
/**
|
|
43
45
|
* Create a SandboxConfig from a plain object.
|
|
44
46
|
*/
|
|
@@ -51,8 +53,9 @@ export declare class SandboxConfig {
|
|
|
51
53
|
/**
|
|
52
54
|
* Build VFS providers from config mounts and shadow rules.
|
|
53
55
|
* Mount chain: RealFS → Readonly (if readOnly) → Shadow (if shadow paths).
|
|
56
|
+
* @param extraMounts - Additional mounts (e.g. auto-mounted PWD) applied with the same shadow rules.
|
|
54
57
|
*/
|
|
55
|
-
buildVFSProviders(): Record<string, VirtualProvider>;
|
|
58
|
+
buildVFSProviders(extraMounts?: IMount[]): Record<string, VirtualProvider>;
|
|
56
59
|
/**
|
|
57
60
|
* Build HTTP hooks and secret env vars from config.
|
|
58
61
|
* Secrets are read from the host environment at runtime.
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAO3E;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAID;;;GAGG;AACH,qBAAa,aAAa;IACxB,SAAgB,GAAG,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAgB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,SAAgB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzC,SAAgB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,SAAgB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,SAAgB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,SAAgB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAO3E;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAID;;;GAGG;AACH,qBAAa,aAAa;IACxB,SAAgB,GAAG,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAgB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,SAAgB,KAAK,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAgB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzC,SAAgB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,SAAgB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,SAAgB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,SAAgB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACxD,SAAgB,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhC;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,aAAa;IAIzD;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa;IASxC,OAAO;IAYP;;;;OAIG;IACH,iBAAiB,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC;IAY1E;;;OAGG;IACH,cAAc,IAAI;QAAE,SAAS,EAAE,SAAS,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE;IAoBvE;;;OAGG;IACH,MAAM,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC;IAI1F;;;OAGG;IACH,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;QAAE,SAAS,EAAE,SAAS,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE;IAM7G;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,cAAc;IAO7B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,aAAa;IAU5B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;CAqB/B;AAID;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAKhD;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,CAEtD"}
|
package/dist/config.js
CHANGED
|
@@ -27,11 +27,13 @@ const gondolin_2 = require("@earendil-works/gondolin");
|
|
|
27
27
|
class SandboxConfig {
|
|
28
28
|
cmd;
|
|
29
29
|
setup;
|
|
30
|
+
image;
|
|
30
31
|
network;
|
|
31
32
|
mounts;
|
|
32
33
|
shadow;
|
|
33
34
|
env;
|
|
34
35
|
secrets;
|
|
36
|
+
debug;
|
|
35
37
|
/**
|
|
36
38
|
* Create a SandboxConfig from a plain object.
|
|
37
39
|
*/
|
|
@@ -52,20 +54,24 @@ class SandboxConfig {
|
|
|
52
54
|
constructor(data) {
|
|
53
55
|
this.cmd = data.cmd;
|
|
54
56
|
this.setup = data.setup;
|
|
57
|
+
this.image = data.image;
|
|
55
58
|
this.network = data.network;
|
|
56
59
|
this.mounts = data.mounts;
|
|
57
60
|
this.shadow = data.shadow;
|
|
58
61
|
this.env = data.env;
|
|
59
62
|
this.secrets = data.secrets;
|
|
63
|
+
this.debug = data.debug;
|
|
60
64
|
}
|
|
61
65
|
/**
|
|
62
66
|
* Build VFS providers from config mounts and shadow rules.
|
|
63
67
|
* Mount chain: RealFS → Readonly (if readOnly) → Shadow (if shadow paths).
|
|
68
|
+
* @param extraMounts - Additional mounts (e.g. auto-mounted PWD) applied with the same shadow rules.
|
|
64
69
|
*/
|
|
65
|
-
buildVFSProviders() {
|
|
70
|
+
buildVFSProviders(extraMounts) {
|
|
66
71
|
const mounts = {};
|
|
67
72
|
const globalShadow = this.shadow ?? [];
|
|
68
|
-
|
|
73
|
+
const allMounts = [...(extraMounts ?? []), ...(this.mounts ?? [])];
|
|
74
|
+
for (const mount of allMounts) {
|
|
69
75
|
mounts[mount.guestPath] = SandboxConfig.buildMountChain(mount, globalShadow);
|
|
70
76
|
}
|
|
71
77
|
return mounts;
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;AAyMH,kCAKC;AAMD,gCAEC;AApND,qCAAuC;AACvC,yCAAoC;AACpC,qCAA+B;AAC/B,yCAAsC;AACtC,oEAAuC;AACvC,uDAA2D;AAE3D,uDAIkC;AA2BlC,gFAAgF;AAEhF;;;GAGG;AACH,MAAa,aAAa;IACR,GAAG,CAAU;IACb,KAAK,CAAY;IACjB,KAAK,CAAU;IACf,OAAO,CAAkB;IACzB,MAAM,CAAY;IAClB,MAAM,CAAY;IAClB,GAAG,CAA0B;IAC7B,OAAO,CAAiC;IACxC,KAAK,CAAW;IAEhC;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,IAA6B;QACvC,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,IAAY;QACtB,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,IAAA,cAAI,EAAC,IAAA,sBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAY,CAAC;QAC7D,IAAA,wBAAS,EAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,+BAA+B,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,GAA8B,CAAC,CAAC;QACjE,aAAa,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,YAAoB,IAA6B;QAC/C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAyB,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAA6B,CAAC;QAChD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAA2B,CAAC;QAC9C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAqC,CAAC;QAC1D,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAA8B,CAAC;QAClD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAA8B,CAAC;QAClD,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAyC,CAAC;QAC1D,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAoD,CAAC;QACzE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAA4B,CAAC;IACjD,CAAC;IAED;;;;OAIG;IACH,iBAAiB,CAAC,WAAsB;QACtC,MAAM,MAAM,GAAoC,EAAE,CAAC;QACnD,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;QACvC,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;QAEnE,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,aAAa,CAAC,eAAe,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QAC/E,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,cAAc;QACZ,MAAM,OAAO,GAAuD,EAAE,CAAC;QAEvE,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;YAChE,OAAO,CAAC,IAAI,CAAC,GAAG;gBACd,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;aAC/B,CAAC;QACJ,CAAC;QAED,OAAO,IAAA,0BAAe,EAAC;YACrB,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,YAAY,IAAI,EAAE;YAC9C,oBAAoB,EAAE,IAAI,CAAC,OAAO,EAAE,oBAAoB,IAAI,EAAE;YAC9D,mBAAmB,EAAE,IAAI;YACzB,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,MAAM,CAAC,iBAAiB,CAAC,MAA+B;QACtD,OAAO,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC,iBAAiB,EAAE,CAAC;IACvD,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,cAAc,CAAC,MAA+B;QACnD,OAAO,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,CAAC;IACpD,CAAC;IAED,8EAA8E;IAE9E;;OAEG;IACK,MAAM,CAAC,cAAc,CAAC,SAAmB,EAAE;QACjD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAA,wBAAS,EAAC,KAAK,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC;YACtD,IAAA,wBAAS,EAAC,KAAK,CAAC,SAAS,EAAE,2BAA2B,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,aAAa,CAAC,WAAqB,EAAE,IAAY;QAC9D,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YAC5B,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,OAAO,IAAI,KAAK,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;YACpD,CAAC;YACD,OAAO,IAAA,qBAAS,EAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,eAAe,CAC5B,KAAa,EACb,YAAsB;QAEtB,IAAI,QAAQ,GAAoB,IAAI,yBAAc,CAChD,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,CAC5B,CAAC;QAEF,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,QAAQ,GAAG,IAAI,2BAAgB,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAG,YAAY,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,QAAQ,GAAG,IAAI,yBAAc,CAAC,QAAQ,EAAE;gBACtC,YAAY,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC;aAC5E,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AApJD,sCAoJC;AAED,gFAAgF;AAEhF;;GAEG;AACH,SAAgB,WAAW,CAAC,IAAY;IACtC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IAC9B,IAAA,wBAAS,EAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC;IACrD,OAAO,IAAA,mBAAO,EAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,SAAgB,UAAU,CAAC,IAAY;IACrC,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAClC,CAAC"}
|
|
@@ -4,9 +4,15 @@
|
|
|
4
4
|
# Command to run inside the VM (required)
|
|
5
5
|
cmd: pi
|
|
6
6
|
|
|
7
|
+
# Path to a custom Gondolin guest image directory (with manifest.json).
|
|
8
|
+
# Defaults to sbx-alpine (pi pre-installed, 2 GB rootfs).
|
|
9
|
+
# Build your own: gondolin build --config my-image.json --output ./my-image
|
|
10
|
+
# image: ./my-image
|
|
11
|
+
|
|
7
12
|
# Shell commands to run on first boot
|
|
8
|
-
|
|
9
|
-
|
|
13
|
+
# (pi, git, ripgrep are pre-installed in the sbx-alpine image)
|
|
14
|
+
# setup:
|
|
15
|
+
# - apk add --no-cache neovim
|
|
10
16
|
|
|
11
17
|
# Outbound network policy
|
|
12
18
|
network:
|
|
@@ -14,17 +20,16 @@ network:
|
|
|
14
20
|
allowedHosts:
|
|
15
21
|
- api.anthropic.com
|
|
16
22
|
- "*.github.com"
|
|
23
|
+
- registry.npmjs.org
|
|
17
24
|
# Scoped exceptions for internal hosts (internal ranges are always blocked)
|
|
18
25
|
allowedInternalHosts: []
|
|
19
26
|
|
|
20
|
-
# Host filesystem mounts
|
|
27
|
+
# Host filesystem mounts (additive to PWD auto-mounted as /workspace when using shim)
|
|
21
28
|
mounts:
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
shadow:
|
|
27
|
-
- ".git"
|
|
29
|
+
# Share pi config so sandboxed and native pi use the same settings
|
|
30
|
+
- hostPath: "~/.config/pi"
|
|
31
|
+
guestPath: "/root/.config/pi"
|
|
32
|
+
readOnly: true
|
|
28
33
|
|
|
29
34
|
# Global files/directories to shadow (hide from guest, relative to each mount)
|
|
30
35
|
shadow:
|
|
@@ -33,8 +38,8 @@ shadow:
|
|
|
33
38
|
- ".aws/"
|
|
34
39
|
|
|
35
40
|
# Environment variables to set in the guest
|
|
36
|
-
env:
|
|
37
|
-
|
|
41
|
+
# env:
|
|
42
|
+
# NODE_ENV: production
|
|
38
43
|
|
|
39
44
|
# Secrets to inject via host-side HTTP interception
|
|
40
45
|
# Key name maps to host env var of the same name (read at runtime)
|
|
@@ -42,6 +47,6 @@ secrets:
|
|
|
42
47
|
ANTHROPIC_API_KEY:
|
|
43
48
|
hosts:
|
|
44
49
|
- api.anthropic.com
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
50
|
+
|
|
51
|
+
# Print setup command output and lifecycle messages to stderr.
|
|
52
|
+
# debug: true
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rlemaigre/sbx",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.3",
|
|
4
4
|
"description": "Sandboxed AI Agents — TypeScript API and CLI for Gondolin micro-VMs",
|
|
5
5
|
"main": "dist/api.js",
|
|
6
6
|
"types": "dist/api.d.ts",
|
|
@@ -25,7 +25,8 @@
|
|
|
25
25
|
"scripts": {
|
|
26
26
|
"build": "tsc && mkdir -p dist/templates && cp src/templates/* dist/templates/",
|
|
27
27
|
"prepublishOnly": "tsc && mkdir -p dist/templates && cp src/templates/* dist/templates/",
|
|
28
|
-
"test": "tsx --test --test-concurrency=1 test/*.test.ts"
|
|
28
|
+
"test": "tsx --test --test-concurrency=1 test/*.test.ts",
|
|
29
|
+
"build-image": "npx @earendil-works/gondolin build --config sbx-image.json --output ../scratch/sbx-assets && (cd ../scratch/sbx-assets && tar czf ../sbx-assets.tar.gz .) && mv ../scratch/sbx-assets.tar.gz ../"
|
|
29
30
|
},
|
|
30
31
|
"dependencies": {
|
|
31
32
|
"@earendil-works/gondolin": "^0.12.0",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/commands/deploy.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAapC,eAAO,MAAM,aAAa,SA0CtB,CAAC"}
|
package/dist/commands/deploy.js
DELETED
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Deploy command — install shim scripts.
|
|
4
|
-
*/
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.deployCommand = void 0;
|
|
7
|
-
const commander_1 = require("commander");
|
|
8
|
-
const node_fs_1 = require("node:fs");
|
|
9
|
-
const node_path_1 = require("node:path");
|
|
10
|
-
const paths_1 = require("../lib/paths");
|
|
11
|
-
function getLinuxShim(name) {
|
|
12
|
-
return `#!/usr/bin/env bash\nexec sbx run "$@" --shim-name ${name}\n`;
|
|
13
|
-
}
|
|
14
|
-
function getWindowsShim(name) {
|
|
15
|
-
return `@echo off\nwsl sbx run %* --shim-name ${name}\n`;
|
|
16
|
-
}
|
|
17
|
-
exports.deployCommand = new commander_1.Command("deploy")
|
|
18
|
-
.description("Install shim scripts for named configs")
|
|
19
|
-
.argument("[names...]", "config names to deploy (default: all)")
|
|
20
|
-
.action((names) => {
|
|
21
|
-
const configNames = names?.length
|
|
22
|
-
? names
|
|
23
|
-
: (0, node_fs_1.readdirSync)(paths_1.CONFIG_DIR)
|
|
24
|
-
.filter((f) => f.endsWith(".yaml"))
|
|
25
|
-
.map((f) => f.replace(/\.yaml$/, ""));
|
|
26
|
-
(0, node_fs_1.mkdirSync)(paths_1.SHIM_DIR, { recursive: true });
|
|
27
|
-
for (const name of configNames) {
|
|
28
|
-
const configPath = (0, node_path_1.join)(paths_1.CONFIG_DIR, `${name}.yaml`);
|
|
29
|
-
if (!(0, node_fs_1.existsSync)(configPath)) {
|
|
30
|
-
console.error(`Config not found for: ${name}`);
|
|
31
|
-
continue;
|
|
32
|
-
}
|
|
33
|
-
const shimPath = process.platform === "win32"
|
|
34
|
-
? (0, node_path_1.join)(paths_1.SHIM_DIR, `${name}.cmd`)
|
|
35
|
-
: (0, node_path_1.join)(paths_1.SHIM_DIR, name);
|
|
36
|
-
const content = process.platform === "win32"
|
|
37
|
-
? getWindowsShim(name)
|
|
38
|
-
: getLinuxShim(name);
|
|
39
|
-
(0, node_fs_1.writeFileSync)(shimPath, content);
|
|
40
|
-
if (process.platform !== "win32") {
|
|
41
|
-
(0, node_fs_1.chmodSync)(shimPath, 0o755);
|
|
42
|
-
}
|
|
43
|
-
console.log(`Deployed ${shimPath}`);
|
|
44
|
-
}
|
|
45
|
-
if (process.platform === "win32") {
|
|
46
|
-
console.log(`\nIf ${paths_1.SHIM_DIR} is not on your PATH, run:\n setx PATH "%PATH%;${paths_1.SHIM_DIR}"`);
|
|
47
|
-
}
|
|
48
|
-
});
|
|
49
|
-
//# sourceMappingURL=deploy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../src/commands/deploy.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,yCAAoC;AACpC,qCAAuF;AACvF,yCAAiC;AACjC,wCAAoD;AAEpD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,sDAAsD,IAAI,IAAI,CAAC;AACxE,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,yCAAyC,IAAI,IAAI,CAAC;AAC3D,CAAC;AAEY,QAAA,aAAa,GAAG,IAAI,mBAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,wCAAwC,CAAC;KACrD,QAAQ,CAAC,YAAY,EAAE,uCAAuC,CAAC;KAC/D,MAAM,CAAC,CAAC,KAAgB,EAAE,EAAE;IAC3B,MAAM,WAAW,GACf,KAAK,EAAE,MAAM;QACX,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,IAAA,qBAAW,EAAC,kBAAU,CAAC;aAClB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;IAEhD,IAAA,mBAAS,EAAC,gBAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,kBAAU,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,IAAA,oBAAU,EAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,IAAA,gBAAI,EAAC,gBAAQ,EAAE,GAAG,IAAI,MAAM,CAAC;YAC/B,CAAC,CAAC,IAAA,gBAAI,EAAC,gBAAQ,EAAE,IAAI,CAAC,CAAC;QAE3B,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC;YACtB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAEzB,IAAA,uBAAa,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAA,mBAAS,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CACT,QAAQ,gBAAQ,mDAAmD,gBAAQ,GAAG,CAC/E,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC"}
|
package/dist/commands/init.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,eAAO,MAAM,WAAW,SASpB,CAAC"}
|
package/dist/commands/init.js
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Init command — copy template config to user config directory.
|
|
4
|
-
*/
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.initCommand = void 0;
|
|
7
|
-
const commander_1 = require("commander");
|
|
8
|
-
const node_fs_1 = require("node:fs");
|
|
9
|
-
const node_path_1 = require("node:path");
|
|
10
|
-
const paths_1 = require("../lib/paths");
|
|
11
|
-
exports.initCommand = new commander_1.Command("init")
|
|
12
|
-
.description("Generate a config file at ~/.config/sbx/<name>.yaml")
|
|
13
|
-
.argument("<name>", "shim name (e.g. pi)")
|
|
14
|
-
.action((name) => {
|
|
15
|
-
const target = (0, node_path_1.join)(paths_1.CONFIG_DIR, `${name}.yaml`);
|
|
16
|
-
(0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(target), { recursive: true });
|
|
17
|
-
(0, node_fs_1.copyFileSync)((0, node_path_1.resolve)(__dirname, "../template.yaml"), target);
|
|
18
|
-
console.log(`Created ${target}`);
|
|
19
|
-
console.log(`Edit it, then run: sbx deploy ${name}`);
|
|
20
|
-
});
|
|
21
|
-
//# sourceMappingURL=init.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,yCAAoC;AACpC,qCAAkD;AAClD,yCAAmD;AACnD,wCAA0C;AAE7B,QAAA,WAAW,GAAG,IAAI,mBAAO,CAAC,MAAM,CAAC;KAC3C,WAAW,CAAC,qDAAqD,CAAC;KAClE,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;KACzC,MAAM,CAAC,CAAC,IAAY,EAAE,EAAE;IACvB,MAAM,MAAM,GAAG,IAAA,gBAAI,EAAC,kBAAU,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;IAChD,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,IAAA,sBAAY,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,kBAAkB,CAAC,EAAE,MAAM,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC"}
|
package/dist/commands/run.d.ts
DELETED
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Run command — execute agent inside sandboxed VM.
|
|
3
|
-
*
|
|
4
|
-
* Invoked by shim scripts. Delegates to the API:
|
|
5
|
-
* loadConfig → createSandbox → exec + TTY forwarding → shutdown
|
|
6
|
-
*/
|
|
7
|
-
import { Command } from "commander";
|
|
8
|
-
export declare const runCommand: Command;
|
|
9
|
-
//# sourceMappingURL=run.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAQpC,eAAO,MAAM,UAAU,SAiCnB,CAAC"}
|
package/dist/commands/run.js
DELETED
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Run command — execute agent inside sandboxed VM.
|
|
4
|
-
*
|
|
5
|
-
* Invoked by shim scripts. Delegates to the API:
|
|
6
|
-
* loadConfig → createSandbox → exec + TTY forwarding → shutdown
|
|
7
|
-
*/
|
|
8
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
9
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.runCommand = void 0;
|
|
13
|
-
const commander_1 = require("commander");
|
|
14
|
-
const node_path_1 = require("node:path");
|
|
15
|
-
const paths_1 = require("../lib/paths");
|
|
16
|
-
const tiny_invariant_1 = __importDefault(require("tiny-invariant"));
|
|
17
|
-
const config_1 = require("../lib/config");
|
|
18
|
-
const api_1 = require("../api");
|
|
19
|
-
exports.runCommand = new commander_1.Command("run")
|
|
20
|
-
.description("Execute agent inside sandboxed VM (internal — invoked by shims)")
|
|
21
|
-
.argument("[args...]", "arguments to pass to the agent command")
|
|
22
|
-
.option("--shim-name <name>", "shim name (resolves config)")
|
|
23
|
-
.allowUnknownOption(true)
|
|
24
|
-
.action(async (args, opts) => {
|
|
25
|
-
const shimName = opts.shimName;
|
|
26
|
-
(0, tiny_invariant_1.default)(shimName, "Missing --shim-name");
|
|
27
|
-
const config = (0, config_1.loadConfig)((0, node_path_1.join)(paths_1.CONFIG_DIR, `${shimName}.yaml`));
|
|
28
|
-
(0, tiny_invariant_1.default)(config.cmd, `Config for ${shimName} must specify cmd`);
|
|
29
|
-
const sandbox = await (0, api_1.createSandbox)({
|
|
30
|
-
config,
|
|
31
|
-
cacheDir: (0, node_path_1.join)(paths_1.CACHE_DIR, shimName),
|
|
32
|
-
});
|
|
33
|
-
const cmd = args.length > 0 ? `${config.cmd} ${args.join(" ")}` : config.cmd;
|
|
34
|
-
try {
|
|
35
|
-
const proc = await sandbox.exec(cmd, {
|
|
36
|
-
pty: true,
|
|
37
|
-
stdin: true,
|
|
38
|
-
stdout: "pipe",
|
|
39
|
-
stderr: "pipe",
|
|
40
|
-
});
|
|
41
|
-
proc.attach(process.stdin, process.stdout, process.stderr);
|
|
42
|
-
const result = await proc.exit;
|
|
43
|
-
process.exit(result.exitCode);
|
|
44
|
-
}
|
|
45
|
-
finally {
|
|
46
|
-
await sandbox.shutdown();
|
|
47
|
-
}
|
|
48
|
-
});
|
|
49
|
-
//# sourceMappingURL=run.js.map
|
package/dist/commands/run.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;AAEH,yCAAoC;AACpC,yCAAiC;AACjC,wCAAqD;AACrD,oEAAuC;AAEvC,0CAA2C;AAC3C,gCAAuC;AAE1B,QAAA,UAAU,GAAG,IAAI,mBAAO,CAAC,KAAK,CAAC;KACzC,WAAW,CAAC,iEAAiE,CAAC;KAC9E,QAAQ,CAAC,WAAW,EAAE,wCAAwC,CAAC;KAC/D,MAAM,CAAC,oBAAoB,EAAE,6BAA6B,CAAC;KAC3D,kBAAkB,CAAC,IAAI,CAAC;KACxB,MAAM,CAAC,KAAK,EAAE,IAAc,EAAE,IAAI,EAAE,EAAE;IACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAkB,CAAC;IACzC,IAAA,wBAAS,EAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAG,IAAA,mBAAU,EAAC,IAAA,gBAAI,EAAC,kBAAU,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC,CAAC;IAChE,IAAA,wBAAS,EAAC,MAAM,CAAC,GAAG,EAAE,cAAc,QAAQ,mBAAmB,CAAC,CAAC;IAEjE,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAa,EAAC;QAClC,MAAM;QACN,QAAQ,EAAE,IAAA,gBAAI,EAAC,iBAAS,EAAE,QAAQ,CAAC;KACpC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;IAE7E,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE;YACnC,GAAG,EAAE,IAAI;YACT,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;AACH,CAAC,CAAC,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"undeploy.d.ts","sourceRoot":"","sources":["../../src/commands/undeploy.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,eAAO,MAAM,eAAe,SAiBxB,CAAC"}
|
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Undeploy command — remove shim scripts.
|
|
4
|
-
*/
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.undeployCommand = void 0;
|
|
7
|
-
const commander_1 = require("commander");
|
|
8
|
-
const node_fs_1 = require("node:fs");
|
|
9
|
-
const node_path_1 = require("node:path");
|
|
10
|
-
const paths_1 = require("../lib/paths");
|
|
11
|
-
exports.undeployCommand = new commander_1.Command("undeploy")
|
|
12
|
-
.description("Remove shim scripts")
|
|
13
|
-
.argument("<names...>", "shim names to remove")
|
|
14
|
-
.action((names) => {
|
|
15
|
-
for (const name of names) {
|
|
16
|
-
const shimPath = process.platform === "win32"
|
|
17
|
-
? (0, node_path_1.join)(paths_1.SHIM_DIR, `${name}.cmd`)
|
|
18
|
-
: (0, node_path_1.join)(paths_1.SHIM_DIR, name);
|
|
19
|
-
if ((0, node_fs_1.existsSync)(shimPath)) {
|
|
20
|
-
(0, node_fs_1.unlinkSync)(shimPath);
|
|
21
|
-
console.log(`Removed ${shimPath}`);
|
|
22
|
-
}
|
|
23
|
-
else {
|
|
24
|
-
console.error(`Shim not found: ${shimPath}`);
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
});
|
|
28
|
-
//# sourceMappingURL=undeploy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"undeploy.js","sourceRoot":"","sources":["../../src/commands/undeploy.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,yCAAoC;AACpC,qCAAiD;AACjD,yCAAiC;AACjC,wCAAwC;AAE3B,QAAA,eAAe,GAAG,IAAI,mBAAO,CAAC,UAAU,CAAC;KACnD,WAAW,CAAC,qBAAqB,CAAC;KAClC,QAAQ,CAAC,YAAY,EAAE,sBAAsB,CAAC;KAC9C,MAAM,CAAC,CAAC,KAAe,EAAE,EAAE;IAC1B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,IAAA,gBAAI,EAAC,gBAAQ,EAAE,GAAG,IAAI,MAAM,CAAC;YAC/B,CAAC,CAAC,IAAA,gBAAI,EAAC,gBAAQ,EAAE,IAAI,CAAC,CAAC;QAE3B,IAAI,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,IAAA,oBAAU,EAAC,QAAQ,CAAC,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,WAAW,QAAQ,EAAE,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC"}
|
package/dist/lib/config.d.ts
DELETED
|
@@ -1,51 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Configuration interfaces and YAML loading/saving.
|
|
3
|
-
*
|
|
4
|
-
* Mirrors the YAML config keys (SPECS §3.1).
|
|
5
|
-
*/
|
|
6
|
-
/**
|
|
7
|
-
* Outbound network policy.
|
|
8
|
-
*/
|
|
9
|
-
export interface INetworkPolicy {
|
|
10
|
-
allowedHosts?: string[];
|
|
11
|
-
allowedInternalHosts?: string[];
|
|
12
|
-
blockInternalRanges?: boolean;
|
|
13
|
-
dnsMode?: "synthetic" | "trusted" | "open";
|
|
14
|
-
}
|
|
15
|
-
/**
|
|
16
|
-
* Host filesystem mount.
|
|
17
|
-
*/
|
|
18
|
-
export interface IMount {
|
|
19
|
-
hostPath: string;
|
|
20
|
-
guestPath: string;
|
|
21
|
-
readOnly?: boolean;
|
|
22
|
-
shadow?: string[];
|
|
23
|
-
}
|
|
24
|
-
/**
|
|
25
|
-
* Secret injection configuration.
|
|
26
|
-
*/
|
|
27
|
-
export interface ISecretConfig {
|
|
28
|
-
hosts: string[];
|
|
29
|
-
}
|
|
30
|
-
/**
|
|
31
|
-
* Sandbox configuration — mirrors the YAML config keys (SPECS §3.1).
|
|
32
|
-
*/
|
|
33
|
-
export interface ISandboxConfig {
|
|
34
|
-
cmd?: string;
|
|
35
|
-
packages?: string[];
|
|
36
|
-
network?: INetworkPolicy;
|
|
37
|
-
mounts?: IMount[];
|
|
38
|
-
shadow?: string[];
|
|
39
|
-
env?: Record<string, string>;
|
|
40
|
-
secrets?: Record<string, ISecretConfig>;
|
|
41
|
-
}
|
|
42
|
-
/**
|
|
43
|
-
* Load a sandbox configuration from a YAML file.
|
|
44
|
-
* Same syntax as the Coding Assistants config files.
|
|
45
|
-
*/
|
|
46
|
-
export declare function loadConfig(path: string): ISandboxConfig;
|
|
47
|
-
/**
|
|
48
|
-
* Save a sandbox configuration to a YAML file.
|
|
49
|
-
*/
|
|
50
|
-
export declare function saveConfig(path: string, config: ISandboxConfig): void;
|
|
51
|
-
//# sourceMappingURL=config.d.ts.map
|
package/dist/lib/config.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,GAAG,SAAS,GAAG,MAAM,CAAC;CAC5C;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;CACzC;AAYD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,CAOvD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,CAGrE"}
|
package/dist/lib/config.js
DELETED
|
@@ -1,47 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Configuration interfaces and YAML loading/saving.
|
|
4
|
-
*
|
|
5
|
-
* Mirrors the YAML config keys (SPECS §3.1).
|
|
6
|
-
*/
|
|
7
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
8
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
9
|
-
};
|
|
10
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
-
exports.loadConfig = loadConfig;
|
|
12
|
-
exports.saveConfig = saveConfig;
|
|
13
|
-
const node_fs_1 = require("node:fs");
|
|
14
|
-
const node_path_1 = require("node:path");
|
|
15
|
-
const ajv_1 = __importDefault(require("ajv"));
|
|
16
|
-
const js_yaml_1 = require("js-yaml");
|
|
17
|
-
const tiny_invariant_1 = __importDefault(require("tiny-invariant"));
|
|
18
|
-
const config_json_1 = __importDefault(require("../../schema/config.json"));
|
|
19
|
-
const ajv = new ajv_1.default({ strict: false });
|
|
20
|
-
const validate = ajv.compile(config_json_1.default);
|
|
21
|
-
function expandTilde(path) {
|
|
22
|
-
if (!path.startsWith("~"))
|
|
23
|
-
return path;
|
|
24
|
-
const home = process.env.HOME;
|
|
25
|
-
(0, tiny_invariant_1.default)(home, "HOME environment variable not set");
|
|
26
|
-
return (0, node_path_1.resolve)(home, path.slice(1));
|
|
27
|
-
}
|
|
28
|
-
/**
|
|
29
|
-
* Load a sandbox configuration from a YAML file.
|
|
30
|
-
* Same syntax as the Coding Assistants config files.
|
|
31
|
-
*/
|
|
32
|
-
function loadConfig(path) {
|
|
33
|
-
const resolved = expandTilde(path);
|
|
34
|
-
const raw = (0, js_yaml_1.load)((0, node_fs_1.readFileSync)(resolved, "utf-8"));
|
|
35
|
-
if (!validate(raw)) {
|
|
36
|
-
throw new Error(`Config validation failed: ${JSON.stringify(validate.errors)}`);
|
|
37
|
-
}
|
|
38
|
-
return raw;
|
|
39
|
-
}
|
|
40
|
-
/**
|
|
41
|
-
* Save a sandbox configuration to a YAML file.
|
|
42
|
-
*/
|
|
43
|
-
function saveConfig(path, config) {
|
|
44
|
-
const resolved = expandTilde(path);
|
|
45
|
-
(0, node_fs_1.writeFileSync)(resolved, (0, js_yaml_1.dump)(config, { lineWidth: -1 }));
|
|
46
|
-
}
|
|
47
|
-
//# sourceMappingURL=config.js.map
|
package/dist/lib/config.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;AAgEH,gCAOC;AAKD,gCAGC;AA7ED,qCAAsD;AACtD,yCAA0C;AAC1C,8CAAsB;AACtB,qCAAqC;AACrC,oEAAuC;AAEvC,2EAA8C;AA0C9C,MAAM,GAAG,GAAG,IAAI,aAAG,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;AACvC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAM,CAAC,CAAC;AAErC,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IAC9B,IAAA,wBAAS,EAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC;IACrD,OAAO,IAAA,mBAAO,EAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,SAAgB,UAAU,CAAC,IAAY;IACrC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAA,cAAI,EAAC,IAAA,sBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAY,CAAC;IAC7D,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,OAAO,GAAqB,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,IAAY,EAAE,MAAsB;IAC7D,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,IAAA,uBAAa,EAAC,QAAQ,EAAE,IAAA,cAAI,EAAC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}
|
package/dist/lib/network.d.ts
DELETED
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* HTTP hooks building from config network policy and secrets.
|
|
3
|
-
*
|
|
4
|
-
* Maps YAML network + secrets to Gondolin's createHttpHooks.
|
|
5
|
-
*/
|
|
6
|
-
import type { HttpHooks } from "@earendil-works/gondolin";
|
|
7
|
-
import { ISandboxConfig } from "./config";
|
|
8
|
-
/**
|
|
9
|
-
* Build HTTP hooks and secret env vars from config.
|
|
10
|
-
*
|
|
11
|
-
* Secrets are read from the host environment at runtime.
|
|
12
|
-
* Returns { httpHooks, env } — the env maps secret names to placeholder values.
|
|
13
|
-
*/
|
|
14
|
-
export declare function buildHttpHooks(config: ISandboxConfig): {
|
|
15
|
-
httpHooks: HttpHooks;
|
|
16
|
-
env: Record<string, string>;
|
|
17
|
-
};
|
|
18
|
-
//# sourceMappingURL=network.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../src/lib/network.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE1C;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG;IACtD,SAAS,EAAE,SAAS,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC7B,CAmBA"}
|
package/dist/lib/network.js
DELETED
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* HTTP hooks building from config network policy and secrets.
|
|
4
|
-
*
|
|
5
|
-
* Maps YAML network + secrets to Gondolin's createHttpHooks.
|
|
6
|
-
*/
|
|
7
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
|
-
exports.buildHttpHooks = buildHttpHooks;
|
|
9
|
-
const gondolin_1 = require("@earendil-works/gondolin");
|
|
10
|
-
/**
|
|
11
|
-
* Build HTTP hooks and secret env vars from config.
|
|
12
|
-
*
|
|
13
|
-
* Secrets are read from the host environment at runtime.
|
|
14
|
-
* Returns { httpHooks, env } — the env maps secret names to placeholder values.
|
|
15
|
-
*/
|
|
16
|
-
function buildHttpHooks(config) {
|
|
17
|
-
const secrets = {};
|
|
18
|
-
for (const [name, secret] of Object.entries(config.secrets ?? {})) {
|
|
19
|
-
secrets[name] = {
|
|
20
|
-
hosts: secret.hosts,
|
|
21
|
-
value: process.env[name] ?? "",
|
|
22
|
-
};
|
|
23
|
-
}
|
|
24
|
-
return (0, gondolin_1.createHttpHooks)({
|
|
25
|
-
allowedHosts: config.network?.allowedHosts ?? [],
|
|
26
|
-
allowedInternalHosts: config.network?.allowedInternalHosts ?? [],
|
|
27
|
-
blockInternalRanges: config.network?.blockInternalRanges ?? true,
|
|
28
|
-
secrets,
|
|
29
|
-
});
|
|
30
|
-
}
|
|
31
|
-
//# sourceMappingURL=network.js.map
|
package/dist/lib/network.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"network.js","sourceRoot":"","sources":["../../src/lib/network.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAaH,wCAsBC;AAjCD,uDAA2D;AAK3D;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,MAAsB;IAInD,MAAM,OAAO,GAGT,EAAE,CAAC;IAEP,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,GAAG;YACd,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;SAC/B,CAAC;IACJ,CAAC;IAED,OAAO,IAAA,0BAAe,EAAC;QACrB,YAAY,EAAE,MAAM,CAAC,OAAO,EAAE,YAAY,IAAI,EAAE;QAChD,oBAAoB,EAAE,MAAM,CAAC,OAAO,EAAE,oBAAoB,IAAI,EAAE;QAChE,mBAAmB,EAAE,MAAM,CAAC,OAAO,EAAE,mBAAmB,IAAI,IAAI;QAChE,OAAO;KACR,CAAC,CAAC;AACL,CAAC"}
|
package/dist/lib/paths.d.ts
DELETED
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Platform-aware path constants.
|
|
3
|
-
*
|
|
4
|
-
* Resolves config, shim, and cache directories per SPECS §3.2.
|
|
5
|
-
*/
|
|
6
|
-
/** Config directory: ~/.config/sbx/ */
|
|
7
|
-
export declare const CONFIG_DIR: string;
|
|
8
|
-
/** Shim directory: ~/.local/bin/ (Linux) or mapped WSL path (Windows) */
|
|
9
|
-
export declare const SHIM_DIR: string;
|
|
10
|
-
/** Cache directory: ~/.cache/sbx/ */
|
|
11
|
-
export declare const CACHE_DIR: string;
|
|
12
|
-
//# sourceMappingURL=paths.d.ts.map
|
package/dist/lib/paths.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../../src/lib/paths.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,uCAAuC;AACvC,eAAO,MAAM,UAAU,QAAwC,CAAC;AAEhE,yEAAyE;AACzE,eAAO,MAAM,QAAQ,QAGqB,CAAC;AAE3C,qCAAqC;AACrC,eAAO,MAAM,SAAS,QAAuC,CAAC"}
|
package/dist/lib/paths.js
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Platform-aware path constants.
|
|
4
|
-
*
|
|
5
|
-
* Resolves config, shim, and cache directories per SPECS §3.2.
|
|
6
|
-
*/
|
|
7
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
|
-
exports.CACHE_DIR = exports.SHIM_DIR = exports.CONFIG_DIR = void 0;
|
|
9
|
-
const node_path_1 = require("node:path");
|
|
10
|
-
const home = process.env.HOME;
|
|
11
|
-
if (!home)
|
|
12
|
-
throw new Error("HOME environment variable not set");
|
|
13
|
-
/** Config directory: ~/.config/sbx/ */
|
|
14
|
-
exports.CONFIG_DIR = (0, node_path_1.resolve)((0, node_path_1.join)(home, ".config", "sbx"));
|
|
15
|
-
/** Shim directory: ~/.local/bin/ (Linux) or mapped WSL path (Windows) */
|
|
16
|
-
exports.SHIM_DIR = process.platform === "win32"
|
|
17
|
-
? (0, node_path_1.resolve)((0, node_path_1.join)(home, "AppData", "Roaming", "bin"))
|
|
18
|
-
: (0, node_path_1.resolve)((0, node_path_1.join)(home, ".local", "bin"));
|
|
19
|
-
/** Cache directory: ~/.cache/sbx/ */
|
|
20
|
-
exports.CACHE_DIR = (0, node_path_1.resolve)((0, node_path_1.join)(home, ".cache", "sbx"));
|
|
21
|
-
//# sourceMappingURL=paths.js.map
|
package/dist/lib/paths.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../src/lib/paths.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,yCAA0C;AAE1C,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;AAC9B,IAAI,CAAC,IAAI;IAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;AAEhE,uCAAuC;AAC1B,QAAA,UAAU,GAAG,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;AAEhE,yEAAyE;AAC5D,QAAA,QAAQ,GACnB,OAAO,CAAC,QAAQ,KAAK,OAAO;IAC1B,CAAC,CAAC,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC,CAAC,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAE3C,qCAAqC;AACxB,QAAA,SAAS,GAAG,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC"}
|
package/dist/lib/vfs.d.ts
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* VFS provider building from config mounts and shadow rules.
|
|
3
|
-
*
|
|
4
|
-
* Builds the RealFS → Readonly → Shadow mount chain per SPECS §2.1.
|
|
5
|
-
*/
|
|
6
|
-
import type { VirtualProvider } from "@earendil-works/gondolin";
|
|
7
|
-
import { ISandboxConfig } from "./config";
|
|
8
|
-
/**
|
|
9
|
-
* Build VFS providers from config mounts and shadow rules.
|
|
10
|
-
*
|
|
11
|
-
* Mount chain: RealFS → Readonly (if readOnly) → Shadow (if shadow paths).
|
|
12
|
-
* Global shadow is merged with per-mount shadow.
|
|
13
|
-
*/
|
|
14
|
-
export declare function buildVFSProviders(config: ISandboxConfig): Record<string, VirtualProvider>;
|
|
15
|
-
//# sourceMappingURL=vfs.d.ts.map
|
package/dist/lib/vfs.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"vfs.d.ts","sourceRoot":"","sources":["../../src/lib/vfs.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAEhE,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAS1C;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,cAAc,GACrB,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CA2BjC"}
|
package/dist/lib/vfs.js
DELETED
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* VFS provider building from config mounts and shadow rules.
|
|
4
|
-
*
|
|
5
|
-
* Builds the RealFS → Readonly → Shadow mount chain per SPECS §2.1.
|
|
6
|
-
*/
|
|
7
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
|
-
exports.buildVFSProviders = buildVFSProviders;
|
|
9
|
-
const node_path_1 = require("node:path");
|
|
10
|
-
const minimatch_1 = require("minimatch");
|
|
11
|
-
const gondolin_1 = require("@earendil-works/gondolin");
|
|
12
|
-
function expandTilde(path) {
|
|
13
|
-
if (!path.startsWith("~"))
|
|
14
|
-
return path;
|
|
15
|
-
const home = process.env.HOME;
|
|
16
|
-
if (!home)
|
|
17
|
-
throw new Error("HOME environment variable not set");
|
|
18
|
-
return (0, node_path_1.resolve)(home, path.slice(1));
|
|
19
|
-
}
|
|
20
|
-
/**
|
|
21
|
-
* Build VFS providers from config mounts and shadow rules.
|
|
22
|
-
*
|
|
23
|
-
* Mount chain: RealFS → Readonly (if readOnly) → Shadow (if shadow paths).
|
|
24
|
-
* Global shadow is merged with per-mount shadow.
|
|
25
|
-
*/
|
|
26
|
-
function buildVFSProviders(config) {
|
|
27
|
-
const mounts = {};
|
|
28
|
-
const globalShadow = config.shadow ?? [];
|
|
29
|
-
for (const mount of config.mounts ?? []) {
|
|
30
|
-
let provider = new gondolin_1.RealFSProvider(expandTilde(mount.hostPath));
|
|
31
|
-
if (mount.readOnly) {
|
|
32
|
-
provider = new gondolin_1.ReadonlyProvider(provider);
|
|
33
|
-
}
|
|
34
|
-
const shadowPaths = [...globalShadow, ...(mount.shadow ?? [])];
|
|
35
|
-
if (shadowPaths.length > 0) {
|
|
36
|
-
provider = new gondolin_1.ShadowProvider(provider, {
|
|
37
|
-
shouldShadow: (info) => shadowPaths.some((p) => (0, minimatch_1.minimatch)(info.path, `/${p}`, { dot: true })),
|
|
38
|
-
});
|
|
39
|
-
}
|
|
40
|
-
mounts[mount.guestPath] = provider;
|
|
41
|
-
}
|
|
42
|
-
return mounts;
|
|
43
|
-
}
|
|
44
|
-
//# sourceMappingURL=vfs.js.map
|
package/dist/lib/vfs.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"vfs.js","sourceRoot":"","sources":["../../src/lib/vfs.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA2BH,8CA6BC;AAtDD,yCAAoC;AACpC,yCAAsC;AAEtC,uDAIkC;AAKlC,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IAC9B,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAChE,OAAO,IAAA,mBAAO,EAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAC/B,MAAsB;IAEtB,MAAM,MAAM,GAAoC,EAAE,CAAC;IACnD,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IAEzC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACxC,IAAI,QAAQ,GAAoB,IAAI,yBAAc,CAChD,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,CAC5B,CAAC;QAEF,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,QAAQ,GAAG,IAAI,2BAAgB,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAG,YAAY,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,QAAQ,GAAG,IAAI,yBAAc,CAAC,QAAQ,EAAE;gBACtC,YAAY,EAAE,CAAC,IAAI,EAAE,EAAE,CACrB,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACrB,IAAA,qBAAS,EAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAC7C;aACJ,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC;IACrC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|