@rlemaigre/sbx 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 earendil-works
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,82 @@
+# sbx
+
+Sandboxed AI Agents — TypeScript API and CLI for [Gondolin](https://github.com/earendil-works/gondolin) micro-VMs.
+
+## Install
+
+```bash
+npm install -g sbx
+```
+
+## Usage
+
+### CLI
+
+```bash
+# Generate a config file at ~/.config/sbx/<name>.yaml
+sbx init pi
+
+# Deploy shim scripts for named configs
+sbx deploy pi
+
+# Run a command inside the sandbox
+sbx run pi -- echo hello
+```
+
+### API
+
+```typescript
+import { Sandbox, SandboxConfig } from "sbx";
+
+const config = SandboxConfig.load("~/.config/sbx/pi.yaml");
+const sandbox = await Sandbox.create(config, "~/.cache/sbx/pi");
+
+const result = await (await sandbox.exec("pi --help")).exit;
+console.log(result.stdout);
+
+await sandbox.shutdown();
+```
+
+Or use `execAndAttach()` for PTY mode with stream passthrough:
+
+```typescript
+const exitCode = await sandbox.execAndAttach("pi");
+```
+
+## Config
+
+Configs live in `~/.config/sbx/<name>.yaml`. Run `sbx init <name>` to scaffold one.
+
+```yaml
+cmd: pi
+
+setup:
+  - apk add --no-cache nodejs npm git ripgrep
+
+network:
+  allowedHosts:
+    - api.anthropic.com
+    - "*.github.com"
+  allowedInternalHosts: []
+
+mounts:
+  - hostPath: "/home/user/project"
+    guestPath: "/workspace"
+    readOnly: false
+
+shadow:
+  - ".env"
+  - ".npmrc"
+
+env:
+  NODE_ENV: production
+
+secrets:
+  ANTHROPIC_API_KEY:
+    hosts:
+      - api.anthropic.com
+```
+
+## License
+
+MIT

package/dist/api.d.ts

@@ -0,0 +1,91 @@
+import { VM } from "@earendil-works/gondolin";
+import { SandboxConfig } from "./config";
+export { loadConfig, SandboxConfig } from "./config";
+export type { INetworkPolicy, IMount, ISecretConfig, } from "./config";
+/**
+ * Options for sandbox process execution.
+ * stdout/stderr default to "pipe" (buffered in ExecResult).
+ */
+export interface IExecOptions {
+    pty?: boolean;
+    stdin?: boolean;
+    stdout?: "pipe" | "inherit";
+    stderr?: "pipe" | "inherit";
+}
+/**
+ * Async process handle returned by sandbox.exec().
+ * Use attach() for PTY/streaming mode, or await exit for buffered results.
+ */
+export interface IProcess {
+    attach(stdin: NodeJS.ReadStream, stdout: NodeJS.WriteStream, stderr?: NodeJS.WriteStream): Promise<void>;
+    exit: Promise<IExecResult>;
+}
+/**
+ * Result of a sandbox process execution.
+ */
+export interface IExecResult {
+    exitCode: number;
+    /**
+     * Extension: captured stdout (not in SPECS §4.2).
+     */
+    stdout: string;
+    /**
+     * Extension: captured stderr (not in SPECS §4.2).
+     */
+    stderr: string;
+}
+/**
+ * Sandbox handle — wraps the underlying Gondolin VM.
+ * The guest disk is disposable: modifications via `exec()` are never persisted.
+ * The checkpoint (post-setup snapshot) is managed automatically by `Sandbox.create()`.
+ * To persist data, write through `mounts` backed by `RealFSProvider`.
+ */
+export declare class Sandbox {
+    /**
+     * The sandbox configuration used at creation time.
+     */
+    readonly config: SandboxConfig;
+    private readonly vm;
+    constructor(vm: VM, config: SandboxConfig);
+    /**
+     * Create a sandboxed agent VM.
+     *
+     * On first run: fresh boot → run `setup` → save disk snapshot + manifest into `cacheDir`.
+     * On subsequent runs: if `setup` matches the saved manifest, restore the snapshot;
+     * otherwise re-run setup from scratch and save a new snapshot.
+     * Mounts, network, and secrets are always rebuilt from the caller-supplied config.
+     * User modifications via `exec()` are never persisted.
+     */
+    static create(config: SandboxConfig, cacheDir?: string): Promise<Sandbox>;
+    /**
+     * Run each setup command from the config inside an existing sandbox.
+     */
+    private static runSetup;
+    /**
+     * Execute a command inside the sandbox.
+     * Returns a process handle — use `exit` for buffered results or `attach()` for PTY streaming.
+     */
+    exec(cmd: string, options?: IExecOptions): Promise<IProcess>;
+    /**
+     * Build Gondolin ExecOptions from user-facing IExecOptions.
+     */
+    private static buildExecOptions;
+    /**
+     * Build the exit result promise — buffered or PTY mode.
+     */
+    private static buildExitPromise;
+    /**
+     * Execute a command inside the sandbox, attach to the current process streams,
+     * and return the exit code.
+     */
+    execAndAttach(cmd: string): Promise<number>;
+    /**
+     * Tear down the VM. Does not save state — shutdown is destructive.
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Checkpoint the current VM state to a path on disk.
+     */
+    save(path: string): Promise<void>;
+}
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,EAAE,EAAkC,MAAM,0BAA0B,CAAC;AAC9E,OAAO,EAAc,aAAa,EAAE,MAAM,UAAU,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAErD,YAAY,EACV,cAAc,EACd,MAAM,EACN,aAAa,GACd,MAAM,UAAU,CAAC;AAElB;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,CACJ,KAAK,EAAE,MAAM,CAAC,UAAU,EACxB,MAAM,EAAE,MAAM,CAAC,WAAW,EAC1B,MAAM,CAAC,EAAE,MAAM,CAAC,WAAW,GAC1B,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,qBAAa,OAAO;IAClB;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAK;gBAEZ,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,aAAa;IAKzC;;;;;;;;OAQG;WACU,MAAM,CACjB,MAAM,EAAE,aAAa,EACrB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC;IAwBnB;;OAEG;mBACkB,QAAQ;IAS7B;;;OAGG;IACG,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC;IAWlE;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAO/B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAgB/B;;;OAGG;IACG,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMjD;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAI/B;;OAEG;IACG,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAIxC"}

package/dist/api.js

@@ -0,0 +1,216 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Sandbox = exports.SandboxConfig = exports.loadConfig = void 0;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const gondolin_1 = require("@earendil-works/gondolin");
+var config_1 = require("./config");
+Object.defineProperty(exports, "loadConfig", { enumerable: true, get: function () { return config_1.loadConfig; } });
+Object.defineProperty(exports, "SandboxConfig", { enumerable: true, get: function () { return config_1.SandboxConfig; } });
+/**
+ * Sandbox handle — wraps the underlying Gondolin VM.
+ * The guest disk is disposable: modifications via `exec()` are never persisted.
+ * The checkpoint (post-setup snapshot) is managed automatically by `Sandbox.create()`.
+ * To persist data, write through `mounts` backed by `RealFSProvider`.
+ */
+class Sandbox {
+    /**
+     * The sandbox configuration used at creation time.
+     */
+    config;
+    vm;
+    constructor(vm, config) {
+        this.vm = vm;
+        this.config = config;
+    }
+    /**
+     * Create a sandboxed agent VM.
+     *
+     * On first run: fresh boot → run `setup` → save disk snapshot + manifest into `cacheDir`.
+     * On subsequent runs: if `setup` matches the saved manifest, restore the snapshot;
+     * otherwise re-run setup from scratch and save a new snapshot.
+     * Mounts, network, and secrets are always rebuilt from the caller-supplied config.
+     * User modifications via `exec()` are never persisted.
+     */
+    static async create(config, cacheDir) {
+        const vmOptions = buildVmOptions(config);
+        const cache = cacheDir ? new CacheDir(cacheDir) : null;
+        // Restore from cache if manifest matches
+        if (cache?.matches(config)) {
+            return cache.restore(config);
+        }
+        // Fresh boot — run setup
+        const setupVm = await gondolin_1.VM.create(vmOptions);
+        const sandbox = new Sandbox(setupVm, config);
+        await Sandbox.runSetup(sandbox, config);
+        // If caching, checkpoint and resume from snapshot
+        if (cache) {
+            await cache.save(setupVm, config);
+            await setupVm.close();
+            return cache.restore(config);
+        }
+        return sandbox;
+    }
+    /**
+     * Run each setup command from the config inside an existing sandbox.
+     */
+    static async runSetup(sandbox, config) {
+        for (const cmd of config.setup ?? []) {
+            await (await sandbox.exec(cmd)).exit;
+        }
+    }
+    /**
+     * Execute a command inside the sandbox.
+     * Returns a process handle — use `exit` for buffered results or `attach()` for PTY streaming.
+     */
+    async exec(cmd, options) {
+        await this.vm.start();
+        const useBuffer = !options?.pty;
+        const proc = this.vm.exec(cmd, Sandbox.buildExecOptions(options));
+        return {
+            attach: (stdin, stdout, stderr) => Promise.resolve(proc.attach(stdin, stdout, stderr)),
+            exit: Sandbox.buildExitPromise(proc, useBuffer),
+        };
+    }
+    /**
+     * Build Gondolin ExecOptions from user-facing IExecOptions.
+     */
+    static buildExecOptions(options) {
+        const useBuffer = !options?.pty;
+        return useBuffer
+            ? { ...options, buffer: true }
+            : { pty: options?.pty, stdin: options?.stdin, buffer: false, stdout: "inherit", stderr: "inherit" };
+    }
+    /**
+     * Build the exit result promise — buffered or PTY mode.
+     */
+    static buildExitPromise(proc, useBuffer) {
+        if (useBuffer) {
+            return (async () => {
+                const r = await proc;
+                return { exitCode: r.exitCode, stdout: r.stdout, stderr: r.stderr };
+            })();
+        }
+        return (async () => {
+            const r = await proc.result;
+            return { exitCode: r.exitCode, stdout: "", stderr: "" };
+        })();
+    }
+    /**
+     * Execute a command inside the sandbox, attach to the current process streams,
+     * and return the exit code.
+     */
+    async execAndAttach(cmd) {
+        const proc = await this.exec(cmd, { pty: true, stdin: true });
+        await proc.attach(process.stdin, process.stdout, process.stderr);
+        return (await proc.exit).exitCode;
+    }
+    /**
+     * Tear down the VM. Does not save state — shutdown is destructive.
+     */
+    async shutdown() {
+        return this.vm.close();
+    }
+    /**
+     * Checkpoint the current VM state to a path on disk.
+     */
+    async save(path) {
+        const cache = new CacheDir(path);
+        await cache.save(this.vm, this.config);
+    }
+}
+exports.Sandbox = Sandbox;
+/**
+ * Cache directory handle — manages checkpoint save/restore and manifest validation.
+ */
+class CacheDir {
+    path;
+    constructor(path) {
+        this.path = path;
+    }
+    /**
+     * Load the cached manifest (verbatim setup commands).
+     * Returns undefined if manifest.txt is missing.
+     */
+    loadManifest() {
+        const path = (0, node_path_1.join)(this.path, "manifest.txt");
+        if (!(0, node_fs_1.existsSync)(path))
+            return undefined;
+        try {
+            return (0, node_fs_1.readFileSync)(path, "utf-8").split("\n").filter(Boolean);
+        }
+        catch {
+            return undefined;
+        }
+    }
+    /**
+     * Load a cached disk checkpoint.
+     * Returns undefined if the file is missing or corrupt.
+     */
+    async loadCheckpoint() {
+        const path = (0, node_path_1.join)(this.path, "disk.qcow2");
+        if (!(0, node_fs_1.existsSync)(path))
+            return undefined;
+        try {
+            return await gondolin_1.VmCheckpoint.load(path);
+        }
+        catch {
+            return undefined;
+        }
+    }
+    /**
+     * Returns true if the cached manifest matches the config setup commands.
+     */
+    matches(config) {
+        const manifest = this.loadManifest();
+        if (!manifest)
+            return false;
+        const setup = config.setup ?? [];
+        if (manifest.length !== setup.length)
+            return false;
+        return manifest.every((cmd, i) => cmd === setup[i]);
+    }
+    /**
+     * Restore a sandbox from the cached checkpoint.
+     * Throws if the manifest does not match the config.
+     */
+    async restore(config) {
+        if (!this.matches(config)) {
+            throw new Error("checkpoint manifest mismatch");
+        }
+        const checkpoint = await this.loadCheckpoint();
+        if (!checkpoint)
+            throw new Error("checkpoint not found");
+        const vmOptions = buildVmOptions(config);
+        const vm = await checkpoint.resume(vmOptions);
+        return new Sandbox(vm, config);
+    }
+    /**
+     * Save the current VM disk and manifest into the cache directory.
+     */
+    async save(vm, config) {
+        (0, node_fs_1.mkdirSync)(this.path, { recursive: true });
+        try {
+            await vm.checkpoint((0, node_path_1.join)(this.path, "disk.qcow2"));
+            (0, node_fs_1.writeFileSync)((0, node_path_1.join)(this.path, "manifest.txt"), (config.setup ?? []).join("\n"));
+        }
+        catch {
+            // checkpoint failed — VM still runs
+        }
+    }
+}
+/**
+ * Build VM options from a sandbox config.
+ * Derives network hooks, VFS mounts, merged env, and DNS mode.
+ */
+function buildVmOptions(config) {
+    const { httpHooks, env } = config.buildHttpHooks();
+    const mounts = config.buildVFSProviders();
+    return {
+        httpHooks,
+        env: { ...env, ...config.env },
+        dns: { mode: "synthetic" },
+        vfs: { mounts },
+    };
+}
+//# sourceMappingURL=api.js.map

package/dist/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":";;;AAAA,qCAA6E;AAC7E,yCAAiC;AACjC,uDAA8E;AAG9E,mCAAqD;AAA5C,oGAAA,UAAU,OAAA;AAAE,uGAAA,aAAa,OAAA;AA+ClC;;;;;GAKG;AACH,MAAa,OAAO;IAClB;;OAEG;IACM,MAAM,CAAgB;IACd,EAAE,CAAK;IAExB,YAAY,EAAM,EAAE,MAAqB;QACvC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CACjB,MAAqB,EACrB,QAAiB;QAEjB,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEvD,yCAAyC;QACzC,IAAI,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,MAAM,aAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAExC,kDAAkD;QAClD,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAClC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,KAAK,CAAC,QAAQ,CAC3B,OAAgB,EAChB,MAAqB;QAErB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;YACrC,MAAM,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,GAAW,EAAE,OAAsB;QAC5C,MAAM,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;QAClE,OAAO;YACL,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAChC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YACrD,IAAI,EAAE,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC;SAChD,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,gBAAgB,CAAC,OAAsB;QACpD,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC;QAChC,OAAO,SAAS;YACd,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE;YAC9B,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACxG,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,gBAAgB,CAC7B,IAA4B,EAC5B,SAAkB;QAElB,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,IAAI,EAAE;gBACjB,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC;gBACrB,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;YACtE,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;QACD,OAAO,CAAC,KAAK,IAAI,EAAE;YACjB,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QAC1D,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,GAAW;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACjE,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,OAAO,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;CACF;AAhID,0BAgIC;AAED;;GAEG;AACH,MAAM,QAAQ;IACK,IAAI,CAAS;IAE9B,YAAY,IAAY;QACtB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED;;;OAGG;IACK,YAAY;QAClB,MAAM,IAAI,GAAG,IAAA,gBAAI,EAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAA,oBAAU,EAAC,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QACxC,IAAI,CAAC;YACH,OAAO,IAAA,sBAAY,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc;QAC1B,MAAM,IAAI,GAAG,IAAA,gBAAI,EAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAA,oBAAU,EAAC,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QACxC,IAAI,CAAC;YACH,OAAO,MAAM,uBAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,MAAqB;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACrC,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACnD,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,MAAqB;QACjC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC/C,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC9C,OAAO,IAAI,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,EAAM,EAAE,MAAqB;QACtC,IAAA,mBAAS,EAAC,IAAI,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,UAAU,CAAC,IAAA,gBAAI,EAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;YACnD,IAAA,uBAAa,EAAC,IAAA,gBAAI,EAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAClF,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,cAAc,CAAC,MAAqB;IAC3C,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;IACnD,MAAM,MAAM,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1C,OAAO;QACL,SAAS;QACT,GAAG,EAAE,EAAE,GAAG,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE;QAC9B,GAAG,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;QAC1B,GAAG,EAAE,EAAE,MAAM,EAAE;KAChB,CAAC;AACJ,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,144 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const tiny_invariant_1 = __importDefault(require("tiny-invariant"));
+const config_1 = require("./config");
+const api_1 = require("./api");
+// ─── Path constants (SPECS §3.2) ────────────────────────────────────────────
+const home = process.env.HOME;
+(0, tiny_invariant_1.default)(home, "HOME environment variable not set");
+const CONFIG_DIR = (0, node_path_1.resolve)((0, node_path_1.join)(home, ".config", "sbx"));
+const SHIM_DIR = process.platform === "win32"
+    ? (0, node_path_1.resolve)((0, node_path_1.join)(home, "AppData", "Roaming", "bin"))
+    : (0, node_path_1.resolve)((0, node_path_1.join)(home, ".local", "bin"));
+const CACHE_DIR = (0, node_path_1.resolve)((0, node_path_1.join)(home, ".cache", "sbx"));
+/**
+ * Commander program instance with registered sub-commands.
+ */
+const program = new commander_1.Command();
+program
+    .name("sbx")
+    .description("Sandboxed AI Agents — CLI for Gondolin micro-VMs")
+    .version("0.1.0");
+program
+    .command("init")
+    .description("Generate a config file at ~/.config/sbx/<name>.yaml")
+    .argument("<name>", "shim name (e.g. pi)")
+    .action(handleInit);
+program
+    .command("deploy")
+    .description("Install shim scripts for named configs")
+    .argument("<names...>", "config names to deploy")
+    .action(handleDeploy);
+program
+    .command("undeploy")
+    .description("Remove shim scripts")
+    .argument("<names...>", "shim names to remove")
+    .action(handleUndeploy);
+program
+    .command("run")
+    .description("Execute agent inside sandboxed VM (internal — invoked by shims)")
+    .argument("[args...]", "arguments to pass to the agent command")
+    .option("--shim-name <name>", "shim name (resolves config)")
+    .allowUnknownOption(true)
+    .action(handleRun);
+program.parse(process.argv);
+// ─── Handlers ────────────────────────────────────────────────────────────────
+/**
+ * Generate a template config file at ~/.config/sbx/<name>.yaml.
+ */
+function handleInit(name) {
+    const target = (0, node_path_1.join)(CONFIG_DIR, `${name}.yaml`);
+    (0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(target), { recursive: true });
+    (0, node_fs_1.copyFileSync)((0, node_path_1.resolve)(__dirname, "templates", "config.template.yaml"), target);
+    console.log(`Created ${target}`);
+    console.log(`Edit it, then run: sbx deploy ${name}`);
+}
+/**
+ * Write shim scripts to SHIM_DIR.
+ */
+function handleDeploy(names) {
+    (0, node_fs_1.mkdirSync)(SHIM_DIR, { recursive: true });
+    for (const name of names) {
+        writeShim(name);
+    }
+}
+/**
+ * Write a single shim script for the given name.
+ * The config file is resolved at runtime, not at deploy time.
+ */
+function writeShim(name) {
+    const shimPath = resolveShimPath(name);
+    (0, node_fs_1.writeFileSync)(shimPath, generateShimContent(name));
+    if (process.platform !== "win32") {
+        (0, node_fs_1.chmodSync)(shimPath, 0o755);
+    }
+    console.log(`Deployed ${shimPath}`);
+}
+/**
+ * Remove shim scripts for the given names.
+ */
+function handleUndeploy(names) {
+    for (const name of names) {
+        removeShim(name);
+    }
+}
+/**
+ * Remove a single shim script for the given name.
+ */
+function removeShim(name) {
+    const shimPath = resolveShimPath(name);
+    if ((0, node_fs_1.existsSync)(shimPath)) {
+        (0, node_fs_1.unlinkSync)(shimPath);
+        console.log(`Removed ${shimPath}`);
+    }
+    else {
+        console.error(`Shim not found: ${shimPath}`);
+    }
+}
+/**
+ * Execute the agent command inside a sandboxed VM (invoked by shims).
+ */
+async function handleRun(args, opts) {
+    const shimName = opts.shimName;
+    (0, tiny_invariant_1.default)(shimName, "Missing --shim-name");
+    const config = config_1.SandboxConfig.load((0, node_path_1.join)(CONFIG_DIR, `${shimName}.yaml`));
+    (0, tiny_invariant_1.default)(config.cmd, `Config for ${shimName} must specify cmd`);
+    const sandbox = await api_1.Sandbox.create(config, (0, node_path_1.join)(CACHE_DIR, shimName));
+    const cmd = buildCommand(config.cmd, args);
+    try {
+        const exitCode = await sandbox.execAndAttach(cmd);
+        process.exit(exitCode);
+    }
+    finally {
+        await sandbox.shutdown();
+    }
+}
+/**
+ * Build a shell command string from a base command and positional arguments.
+ */
+function buildCommand(cmd, args) {
+    if (args.length === 0)
+        return cmd;
+    return `${cmd} ${args.map((a) => `'${a}'`).join(" ")}`;
+}
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+/**
+ * Resolve the platform-specific shim path for a given name.
+ */
+function resolveShimPath(name) {
+    return (0, node_path_1.join)(SHIM_DIR, process.platform === "win32" ? `${name}.cmd` : name);
+}
+/**
+ * Generate platform-specific shim content that forwards to `sbx run --shim-name <name>`.
+ */
+function generateShimContent(name) {
+    const template = process.platform === "win32" ? "shim.template.cmd" : "shim.template.sh";
+    return (0, node_fs_1.readFileSync)((0, node_path_1.resolve)(__dirname, "templates", template), "utf-8").replace("{{NAME}}", name);
+}
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;;;AAAA,yCAAoC;AACpC,qCAAkH;AAClH,yCAAmD;AACnD,oEAAuC;AACvC,qCAAyC;AACzC,+BAAgC;AAEhC,+EAA+E;AAE/E,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;AAC9B,IAAA,wBAAS,EAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC;AAErD,MAAM,UAAU,GAAG,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;AACzD,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,OAAO;IAC1B,CAAC,CAAC,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC,CAAC,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAC3C,MAAM,SAAS,GAAG,IAAA,mBAAO,EAAC,IAAA,gBAAI,EAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAEvD;;GAEG;AACH,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,KAAK,CAAC;KACX,WAAW,CAAC,kDAAkD,CAAC;KAC/D,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,qDAAqD,CAAC;KAClE,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;KACzC,MAAM,CAAC,UAAU,CAAC,CAAC;AAEtB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,wCAAwC,CAAC;KACrD,QAAQ,CAAC,YAAY,EAAE,wBAAwB,CAAC;KAChD,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,qBAAqB,CAAC;KAClC,QAAQ,CAAC,YAAY,EAAE,sBAAsB,CAAC;KAC9C,MAAM,CAAC,cAAc,CAAC,CAAC;AAE1B,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,iEAAiE,CAAC;KAC9E,QAAQ,CAAC,WAAW,EAAE,wCAAwC,CAAC;KAC/D,MAAM,CAAC,oBAAoB,EAAE,6BAA6B,CAAC;KAC3D,kBAAkB,CAAC,IAAI,CAAC;KACxB,MAAM,CAAC,SAAS,CAAC,CAAC;AAErB,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAE5B,gFAAgF;AAEhF;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,MAAM,GAAG,IAAA,gBAAI,EAAC,UAAU,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;IAChD,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,IAAA,sBAAY,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,WAAW,EAAE,sBAAsB,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAe;IACnC,IAAA,mBAAS,EAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,SAAS,CAAC,IAAI,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACvC,IAAA,uBAAa,EAAC,QAAQ,EAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,IAAA,mBAAS,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAe;IACrC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,UAAU,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAA,oBAAU,EAAC,QAAQ,CAAC,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,WAAW,QAAQ,EAAE,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,IAAc,EAAE,IAA2B;IAClE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC/B,IAAA,wBAAS,EAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAG,sBAAa,CAAC,IAAI,CAAC,IAAA,gBAAI,EAAC,UAAU,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC,CAAC;IACxE,IAAA,wBAAS,EAAC,MAAM,CAAC,GAAG,EAAE,cAAc,QAAQ,mBAAmB,CAAC,CAAC;IAEjE,MAAM,OAAO,GAAG,MAAM,aAAO,CAAC,MAAM,CAAC,MAAM,EAAE,IAAA,gBAAI,EAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAE3C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzB,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,GAAW,EAAE,IAAc;IAC/C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IAClC,OAAO,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,gFAAgF;AAEhF;;GAEG;AACH,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,IAAA,gBAAI,EAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;AAC7E,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAY;IACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,kBAAkB,CAAC;IACzF,OAAO,IAAA,sBAAY,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;AACpG,CAAC"}

package/dist/commands/deploy.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Deploy command — install shim scripts.
+ */
+import { Command } from "commander";
+export declare const deployCommand: Command;
+//# sourceMappingURL=deploy.d.ts.map

package/dist/commands/deploy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/commands/deploy.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAapC,eAAO,MAAM,aAAa,SA0CtB,CAAC"}

package/dist/commands/deploy.js

@@ -0,0 +1,49 @@
+"use strict";
+/**
+ * Deploy command — install shim scripts.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deployCommand = void 0;
+const commander_1 = require("commander");
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const paths_1 = require("../lib/paths");
+function getLinuxShim(name) {
+    return `#!/usr/bin/env bash\nexec sbx run "$@" --shim-name ${name}\n`;
+}
+function getWindowsShim(name) {
+    return `@echo off\nwsl sbx run %* --shim-name ${name}\n`;
+}
+exports.deployCommand = new commander_1.Command("deploy")
+    .description("Install shim scripts for named configs")
+    .argument("[names...]", "config names to deploy (default: all)")
+    .action((names) => {
+    const configNames = names?.length
+        ? names
+        : (0, node_fs_1.readdirSync)(paths_1.CONFIG_DIR)
+            .filter((f) => f.endsWith(".yaml"))
+            .map((f) => f.replace(/\.yaml$/, ""));
+    (0, node_fs_1.mkdirSync)(paths_1.SHIM_DIR, { recursive: true });
+    for (const name of configNames) {
+        const configPath = (0, node_path_1.join)(paths_1.CONFIG_DIR, `${name}.yaml`);
+        if (!(0, node_fs_1.existsSync)(configPath)) {
+            console.error(`Config not found for: ${name}`);
+            continue;
+        }
+        const shimPath = process.platform === "win32"
+            ? (0, node_path_1.join)(paths_1.SHIM_DIR, `${name}.cmd`)
+            : (0, node_path_1.join)(paths_1.SHIM_DIR, name);
+        const content = process.platform === "win32"
+            ? getWindowsShim(name)
+            : getLinuxShim(name);
+        (0, node_fs_1.writeFileSync)(shimPath, content);
+        if (process.platform !== "win32") {
+            (0, node_fs_1.chmodSync)(shimPath, 0o755);
+        }
+        console.log(`Deployed ${shimPath}`);
+    }
+    if (process.platform === "win32") {
+        console.log(`\nIf ${paths_1.SHIM_DIR} is not on your PATH, run:\n  setx PATH "%PATH%;${paths_1.SHIM_DIR}"`);
+    }
+});
+//# sourceMappingURL=deploy.js.map

package/dist/commands/deploy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../src/commands/deploy.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,yCAAoC;AACpC,qCAAuF;AACvF,yCAAiC;AACjC,wCAAoD;AAEpD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,sDAAsD,IAAI,IAAI,CAAC;AACxE,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,yCAAyC,IAAI,IAAI,CAAC;AAC3D,CAAC;AAEY,QAAA,aAAa,GAAG,IAAI,mBAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,wCAAwC,CAAC;KACrD,QAAQ,CAAC,YAAY,EAAE,uCAAuC,CAAC;KAC/D,MAAM,CAAC,CAAC,KAAgB,EAAE,EAAE;IAC3B,MAAM,WAAW,GACf,KAAK,EAAE,MAAM;QACX,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,IAAA,qBAAW,EAAC,kBAAU,CAAC;aAClB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;IAEhD,IAAA,mBAAS,EAAC,gBAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,kBAAU,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,IAAA,oBAAU,EAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,IAAA,gBAAI,EAAC,gBAAQ,EAAE,GAAG,IAAI,MAAM,CAAC;YAC/B,CAAC,CAAC,IAAA,gBAAI,EAAC,gBAAQ,EAAE,IAAI,CAAC,CAAC;QAE3B,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC;YACtB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAEzB,IAAA,uBAAa,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAA,mBAAS,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CACT,QAAQ,gBAAQ,mDAAmD,gBAAQ,GAAG,CAC/E,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/commands/init.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Init command — copy template config to user config directory.
+ */
+import { Command } from "commander";
+export declare const initCommand: Command;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,eAAO,MAAM,WAAW,SASpB,CAAC"}