@rlemaigre/sbx 0.1.0

package/dist/lib/vfs.js

@@ -0,0 +1,44 @@
+"use strict";
+/**
+ * VFS provider building from config mounts and shadow rules.
+ *
+ * Builds the RealFS → Readonly → Shadow mount chain per SPECS §2.1.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildVFSProviders = buildVFSProviders;
+const node_path_1 = require("node:path");
+const minimatch_1 = require("minimatch");
+const gondolin_1 = require("@earendil-works/gondolin");
+function expandTilde(path) {
+    if (!path.startsWith("~"))
+        return path;
+    const home = process.env.HOME;
+    if (!home)
+        throw new Error("HOME environment variable not set");
+    return (0, node_path_1.resolve)(home, path.slice(1));
+}
+/**
+ * Build VFS providers from config mounts and shadow rules.
+ *
+ * Mount chain: RealFS → Readonly (if readOnly) → Shadow (if shadow paths).
+ * Global shadow is merged with per-mount shadow.
+ */
+function buildVFSProviders(config) {
+    const mounts = {};
+    const globalShadow = config.shadow ?? [];
+    for (const mount of config.mounts ?? []) {
+        let provider = new gondolin_1.RealFSProvider(expandTilde(mount.hostPath));
+        if (mount.readOnly) {
+            provider = new gondolin_1.ReadonlyProvider(provider);
+        }
+        const shadowPaths = [...globalShadow, ...(mount.shadow ?? [])];
+        if (shadowPaths.length > 0) {
+            provider = new gondolin_1.ShadowProvider(provider, {
+                shouldShadow: (info) => shadowPaths.some((p) => (0, minimatch_1.minimatch)(info.path, `/${p}`, { dot: true })),
+            });
+        }
+        mounts[mount.guestPath] = provider;
+    }
+    return mounts;
+}
+//# sourceMappingURL=vfs.js.map

package/dist/lib/vfs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vfs.js","sourceRoot":"","sources":["../../src/lib/vfs.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA2BH,8CA6BC;AAtDD,yCAAoC;AACpC,yCAAsC;AAEtC,uDAIkC;AAKlC,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IAC9B,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAChE,OAAO,IAAA,mBAAO,EAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAC/B,MAAsB;IAEtB,MAAM,MAAM,GAAoC,EAAE,CAAC;IACnD,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IAEzC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACxC,IAAI,QAAQ,GAAoB,IAAI,yBAAc,CAChD,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,CAC5B,CAAC;QAEF,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,QAAQ,GAAG,IAAI,2BAAgB,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAG,YAAY,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,QAAQ,GAAG,IAAI,yBAAc,CAAC,QAAQ,EAAE;gBACtC,YAAY,EAAE,CAAC,IAAI,EAAE,EAAE,CACrB,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACrB,IAAA,qBAAS,EAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAC7C;aACJ,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC;IACrC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/templates/config.template.yaml

@@ -0,0 +1,47 @@
+# Sandboxed Coding Assistant — example config
+# Edit this file and run `sbx deploy <name>` to install the shim.
+
+# Command to run inside the VM (required)
+cmd: pi
+
+# Shell commands to run on first boot
+setup:
+  - apk add --no-cache nodejs npm git ripgrep
+
+# Outbound network policy
+network:
+  # Allowed hostnames for HTTP/TLS egress (wildcards supported)
+  allowedHosts:
+    - api.anthropic.com
+    - "*.github.com"
+  # Scoped exceptions for internal hosts (internal ranges are always blocked)
+  allowedInternalHosts: []
+
+# Host filesystem mounts
+mounts:
+  - hostPath: "/home/user/project"
+    guestPath: "/workspace"
+    readOnly: false
+    # Per-mount shadow rules (added to global shadow)
+    shadow:
+      - ".git"
+
+# Global files/directories to shadow (hide from guest, relative to each mount)
+shadow:
+  - ".env"
+  - ".npmrc"
+  - ".aws/"
+
+# Environment variables to set in the guest
+env:
+  NODE_ENV: production
+
+# Secrets to inject via host-side HTTP interception
+# Key name maps to host env var of the same name (read at runtime)
+secrets:
+  ANTHROPIC_API_KEY:
+    hosts:
+      - api.anthropic.com
+  GITHUB_TOKEN:
+    hosts:
+      - "*.github.com"

package/dist/templates/shim.template.cmd

@@ -0,0 +1,2 @@
+@echo off
+wsl sbx run %* --shim-name {{NAME}}

package/dist/templates/shim.template.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+exec sbx run "$@" --shim-name {{NAME}}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@rlemaigre/sbx",
+  "version": "0.1.0",
+  "description": "Sandboxed AI Agents — TypeScript API and CLI for Gondolin micro-VMs",
+  "main": "dist/api.js",
+  "types": "dist/api.d.ts",
+  "bin": {
+    "sbx": "dist/cli.js"
+  },
+  "files": [
+    "dist/"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/rlemaigre/sbx.git"
+  },
+  "keywords": [
+    "sandbox",
+    "vm",
+    "gondolin",
+    "micro-vm",
+    "ai-agent"
+  ],
+  "scripts": {
+    "build": "tsc && mkdir -p dist/templates && cp src/templates/* dist/templates/",
+    "prepublishOnly": "tsc && mkdir -p dist/templates && cp src/templates/* dist/templates/",
+    "test": "tsx --test --test-concurrency=1 test/*.test.ts"
+  },
+  "dependencies": {
+    "@earendil-works/gondolin": "^0.12.0",
+    "commander": "^15.0.0",
+    "js-yaml": "^4.2.0",
+    "minimatch": "^10.2.5",
+    "tiny-invariant": "^1.3.3"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^24.13.1",
+    "tsx": "^4.22.4",
+    "typescript": "^6.0.3"
+  }
+}