@sanity/ailf 0.5.0 → 1.0.0

package/dist/pipeline/compiler/sandbox/fixture-provisioner.js

@@ -0,0 +1,189 @@
+/**
+ * Fixture provisioner — five-stage pipeline for preparing sandbox state.
+ *
+ * Pipeline stages:
+ *   Resolve → Fetch → Cache → Transform → Inject
+ *
+ * Handles three URI schemes for v1:
+ * - file:// — local filesystem path (relative to task)
+ * - template:// — built-in project templates
+ * - sanity:// — Content Lake document by ID or query
+ *
+ * @see docs/design-docs/architecture-overhaul/fixtures-artifacts.md
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { createHash } from "crypto";
+import { basename, dirname, resolve } from "path";
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Run the five-stage fixture provisioning pipeline.
+ *
+ * @param refs - Fixture references from the task definition
+ * @param options - Provisioning configuration
+ * @returns Provisioned fixtures and injection metadata
+ */
+export async function provisionFixtures(refs, options) {
+    const fixtures = [];
+    const vars = {};
+    const warnings = [];
+    const manifest = {};
+    for (const ref of refs) {
+        try {
+            // Stage 1: Resolve — parse URI, determine backend
+            const resolved = resolveFixtureURI(ref.uri, options.rootDir);
+            // Stage 2: Fetch — read content from source
+            const content = await fetchFixtureContent(resolved, warnings);
+            if (content === null)
+                continue;
+            // Stage 3: Cache — store in content-addressable cache
+            const contentHash = hashContent(content);
+            if (options.cacheDir) {
+                cacheFixture(options.cacheDir, contentHash, content);
+            }
+            manifest[ref.uri] = contentHash;
+            // Stage 4: Transform — apply preprocessing
+            const transformed = applyTransform(content, ref.transform);
+            // Stage 5: Inject — place into target
+            const provisioned = {
+                uri: ref.uri,
+                content: transformed,
+                contentHash,
+                inject: ref.inject,
+                key: ref.key,
+            };
+            fixtures.push(provisioned);
+            // Handle injection targets
+            switch (ref.inject) {
+                case "vars":
+                    if (ref.key) {
+                        vars[ref.key] = transformed;
+                    }
+                    break;
+                case "working_dir":
+                    if (options.sandbox) {
+                        injectIntoWorkingDir(options.sandbox.workingDir, ref.key ?? basename(ref.uri), transformed);
+                    }
+                    break;
+                case "system_prompt":
+                case "provider_config":
+                    // These are handled by the caller when assembling the Promptfoo config
+                    break;
+            }
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            warnings.push(`Fixture "${ref.uri}": ${msg}`);
+        }
+    }
+    return { fixtures, vars, warnings, manifest };
+}
+function assertPathContained(absolutePath, rootDir) {
+    const normalizedBase = resolve(rootDir) + "/";
+    if (!absolutePath.startsWith(normalizedBase) &&
+        absolutePath !== resolve(rootDir)) {
+        throw new Error(`Path traversal detected: "${absolutePath}" resolves outside rootDir "${rootDir}"`);
+    }
+}
+function resolveFixtureURI(uri, rootDir) {
+    if (uri.startsWith("file://")) {
+        const relativePath = uri.slice(7);
+        const absolutePath = resolve(rootDir, relativePath);
+        assertPathContained(absolutePath, rootDir);
+        return { scheme: "file", path: relativePath, absolutePath };
+    }
+    if (uri.startsWith("template://")) {
+        return { scheme: "template", path: uri.slice(11) };
+    }
+    if (uri.startsWith("sanity://")) {
+        return { scheme: "sanity", path: uri.slice(9) };
+    }
+    // Bare path — treat as file
+    const absolutePath = resolve(rootDir, uri);
+    assertPathContained(absolutePath, rootDir);
+    return { scheme: "file", path: uri, absolutePath };
+}
+// ---------------------------------------------------------------------------
+// Stage 2: Fetch
+// ---------------------------------------------------------------------------
+async function fetchFixtureContent(resolved, warnings) {
+    switch (resolved.scheme) {
+        case "file": {
+            if (!resolved.absolutePath || !existsSync(resolved.absolutePath)) {
+                warnings.push(`Fixture file not found: ${resolved.absolutePath ?? resolved.path}`);
+                return null;
+            }
+            return readFileSync(resolved.absolutePath, "utf-8");
+        }
+        case "template": {
+            // Template fixtures are resolved from built-in templates
+            // For v1, return a placeholder — template registry is a future enhancement
+            warnings.push(`Template fixture "${resolved.path}" — template registry not yet implemented, ` +
+                "returning placeholder content");
+            return `<!-- Template: ${resolved.path} -->\n`;
+        }
+        case "sanity": {
+            // Sanity fixtures require the DocFetcher port (injected at eval time)
+            // At compile time, return a deferred marker
+            warnings.push(`Sanity fixture "${resolved.path}" — deferred to eval time ` +
+                "(requires DocFetcher port)");
+            return `<!-- Sanity document: ${resolved.path} -->\n`;
+        }
+        default:
+            warnings.push(`Unknown fixture scheme: ${resolved.scheme}`);
+            return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Stage 3: Cache
+// ---------------------------------------------------------------------------
+function hashContent(content) {
+    return createHash("sha256").update(content).digest("hex");
+}
+function cacheFixture(cacheDir, hash, content) {
+    const cachePath = resolve(cacheDir, hash);
+    if (!existsSync(cachePath)) {
+        mkdirSync(dirname(cachePath), { recursive: true });
+        writeFileSync(cachePath, content);
+    }
+}
+// ---------------------------------------------------------------------------
+// Stage 4: Transform
+// ---------------------------------------------------------------------------
+function applyTransform(content, transform) {
+    if (!transform || transform === "none")
+        return content;
+    switch (transform) {
+        case "strip-html":
+            return content.replace(/<[^>]*>/g, "").trim();
+        case "extract-text":
+            // Remove all markup, normalize whitespace
+            return content
+                .replace(/<[^>]*>/g, " ")
+                .replace(/\s+/g, " ")
+                .trim();
+        case "truncate":
+            // Default truncation: 10,000 characters
+            return content.length > 10_000
+                ? content.slice(0, 10_000) + "\n... (truncated)"
+                : content;
+        default:
+            return content;
+    }
+}
+// ---------------------------------------------------------------------------
+// Stage 5: Inject
+// ---------------------------------------------------------------------------
+function injectIntoWorkingDir(workingDir, targetPath, content) {
+    const fullPath = resolve(workingDir, targetPath);
+    const normalizedBase = resolve(workingDir) + "/";
+    // Path containment: prevent targetPath like "../../etc/cron.d/evil"
+    if (!fullPath.startsWith(normalizedBase) &&
+        fullPath !== resolve(workingDir)) {
+        throw new Error(`Path traversal detected: "${targetPath}" resolves outside sandbox "${workingDir}"`);
+    }
+    mkdirSync(dirname(fullPath), { recursive: true });
+    writeFileSync(fullPath, content);
+}

package/dist/pipeline/compiler/sandbox/git-worktree-sandbox.d.ts

@@ -0,0 +1,20 @@
+/**
+ * GitWorktreeSandboxStrategy — sandbox using `git worktree` for repo-based tasks.
+ *
+ * Creates a git worktree at a specific ref, providing a deterministic
+ * starting state for tasks that modify a git repository.
+ *
+ * All git CLI calls use `execFileSync` (array form, no shell) to prevent
+ * injection from task-supplied values like git refs or repo paths.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+import type { SandboxArtifacts, SandboxInfo, SandboxProvisionOptions, SandboxStrategy } from "./sandbox-strategy.js";
+export declare class GitWorktreeSandboxStrategy implements SandboxStrategy {
+    readonly name = "Git Worktree";
+    readonly type: "git-worktree";
+    isAvailable(): Promise<boolean>;
+    provision(options: SandboxProvisionOptions): Promise<SandboxInfo>;
+    collectArtifacts(sandbox: SandboxInfo): Promise<SandboxArtifacts>;
+    teardown(sandbox: SandboxInfo): Promise<void>;
+}

package/dist/pipeline/compiler/sandbox/git-worktree-sandbox.js

@@ -0,0 +1,114 @@
+/**
+ * GitWorktreeSandboxStrategy — sandbox using `git worktree` for repo-based tasks.
+ *
+ * Creates a git worktree at a specific ref, providing a deterministic
+ * starting state for tasks that modify a git repository.
+ *
+ * All git CLI calls use `execFileSync` (array form, no shell) to prevent
+ * injection from task-supplied values like git refs or repo paths.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+import { randomUUID } from "crypto";
+import { execFileSync } from "child_process";
+import { existsSync, rmSync } from "fs";
+import { tmpdir } from "os";
+import { resolve } from "path";
+/** Validate a git ref contains no shell metacharacters or path traversal */
+function validateGitRef(ref) {
+    // Git refs: alphanumeric, -, _, /, ., ~, ^ — no spaces, no shell metacharacters
+    if (!/^[a-zA-Z0-9._\-/~^]+$/.test(ref)) {
+        throw new Error(`Invalid git ref: "${ref}" — must contain only alphanumeric, -, _, /, ., ~, ^ characters`);
+    }
+    // Disallow path traversal via ".." segments
+    if (ref.includes("..")) {
+        throw new Error(`Invalid git ref: "${ref}" — must not contain ".." (path traversal)`);
+    }
+}
+export class GitWorktreeSandboxStrategy {
+    name = "Git Worktree";
+    type = "git-worktree";
+    async isAvailable() {
+        try {
+            execFileSync("git", ["--version"], { stdio: "ignore", timeout: 5000 });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async provision(options) {
+        const repoPath = options.repoPath;
+        if (!repoPath) {
+            throw new Error("GitWorktreeSandboxStrategy requires repoPath — " +
+                "the path to the git repository to create a worktree from");
+        }
+        const ref = options.gitRef ?? "HEAD";
+        validateGitRef(ref);
+        const id = `ailf-worktree-${randomUUID().slice(0, 8)}`;
+        const workingDir = resolve(tmpdir(), id);
+        try {
+            // Array form — no shell, prevents injection via repoPath/workingDir/ref
+            execFileSync("git", ["-C", repoPath, "worktree", "add", workingDir, ref], {
+                encoding: "utf-8",
+                timeout: 30_000,
+            });
+            return {
+                id,
+                workingDir,
+                strategy: "git-worktree",
+                gitRef: ref,
+                createdAt: new Date().toISOString(),
+            };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`Failed to create git worktree at "${ref}": ${msg}`, {
+                cause: err,
+            });
+        }
+    }
+    async collectArtifacts(sandbox) {
+        const modifiedFiles = [];
+        let diff;
+        if (existsSync(sandbox.workingDir)) {
+            try {
+                diff = execFileSync("git", ["-C", sandbox.workingDir, "diff"], {
+                    encoding: "utf-8",
+                    timeout: 10_000,
+                }).trim();
+                const statusOutput = execFileSync("git", ["-C", sandbox.workingDir, "status", "--porcelain"], { encoding: "utf-8", timeout: 10_000 }).trim();
+                if (statusOutput) {
+                    for (const line of statusOutput.split("\n")) {
+                        const file = line.slice(3).trim();
+                        if (file)
+                            modifiedFiles.push(file);
+                    }
+                }
+            }
+            catch {
+                // Best-effort artifact collection
+            }
+        }
+        return {
+            modifiedFiles,
+            diff: diff || undefined,
+            durationMs: Date.now() - new Date(sandbox.createdAt).getTime(),
+        };
+    }
+    async teardown(sandbox) {
+        if (existsSync(sandbox.workingDir)) {
+            try {
+                execFileSync("git", ["worktree", "remove", sandbox.workingDir, "--force"], { stdio: "ignore", timeout: 10_000 });
+            }
+            catch {
+                // If worktree remove fails, fall back to manual cleanup.
+                // Guard: only delete under tmpdir to prevent accidental deletion.
+                const tmp = resolve(tmpdir());
+                if (resolve(sandbox.workingDir).startsWith(tmp)) {
+                    rmSync(sandbox.workingDir, { recursive: true, force: true });
+                }
+            }
+        }
+    }
+}

package/dist/pipeline/compiler/sandbox/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Sandbox infrastructure — isolated execution environments for agent harness mode.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+export type { SandboxArtifacts, SandboxInfo, SandboxProvisionOptions, SandboxStrategy, SandboxType, } from "./sandbox-strategy.js";
+export { DockerSandboxStrategy } from "./docker-sandbox.js";
+export { GitWorktreeSandboxStrategy } from "./git-worktree-sandbox.js";
+export { TempDirSandboxStrategy } from "./tempdir-sandbox.js";
+export { createSandboxStrategy, selectSandboxStrategy, type SandboxSelectionResult, } from "./sandbox-selector.js";

package/dist/pipeline/compiler/sandbox/index.js

@@ -0,0 +1,11 @@
+/**
+ * Sandbox infrastructure — isolated execution environments for agent harness mode.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+// Implementations
+export { DockerSandboxStrategy } from "./docker-sandbox.js";
+export { GitWorktreeSandboxStrategy } from "./git-worktree-sandbox.js";
+export { TempDirSandboxStrategy } from "./tempdir-sandbox.js";
+// Selector
+export { createSandboxStrategy, selectSandboxStrategy, } from "./sandbox-selector.js";

package/dist/pipeline/compiler/sandbox/sandbox-selector.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Sandbox selector — chooses the best available sandbox strategy.
+ *
+ * Selection logic:
+ * 1. If task config specifies a strategy, use it
+ * 2. If Docker is available, prefer Docker (better isolation)
+ * 3. Fall back to TempDir (always available)
+ *
+ * CI environments (detected via CI env var) always prefer Docker.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+import type { SandboxStrategy, SandboxType } from "./sandbox-strategy.js";
+/** Result of sandbox selection */
+export interface SandboxSelectionResult {
+    /** The selected strategy */
+    strategy: SandboxStrategy;
+    /** Whether this was a fallback from the preferred strategy */
+    isFallback: boolean;
+    /** Warning message if fallback was used */
+    warning?: string;
+}
+/**
+ * Select the best available sandbox strategy.
+ *
+ * @param preferred - Preferred sandbox type from task config
+ * @param log - Optional log function for diagnostics
+ * @returns The selected strategy with fallback metadata
+ */
+export declare function selectSandboxStrategy(preferred?: SandboxType, log?: (msg: string) => void): Promise<SandboxSelectionResult>;
+/**
+ * Create a specific sandbox strategy by type.
+ * Does NOT check availability — caller should verify first.
+ */
+export declare function createSandboxStrategy(type: SandboxType): SandboxStrategy;

package/dist/pipeline/compiler/sandbox/sandbox-selector.js

@@ -0,0 +1,86 @@
+/**
+ * Sandbox selector — chooses the best available sandbox strategy.
+ *
+ * Selection logic:
+ * 1. If task config specifies a strategy, use it
+ * 2. If Docker is available, prefer Docker (better isolation)
+ * 3. Fall back to TempDir (always available)
+ *
+ * CI environments (detected via CI env var) always prefer Docker.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+import { DockerSandboxStrategy } from "./docker-sandbox.js";
+import { GitWorktreeSandboxStrategy } from "./git-worktree-sandbox.js";
+import { TempDirSandboxStrategy } from "./tempdir-sandbox.js";
+// ---------------------------------------------------------------------------
+// Strategy registry
+// ---------------------------------------------------------------------------
+const strategies = {
+    docker: () => new DockerSandboxStrategy(),
+    "git-worktree": () => new GitWorktreeSandboxStrategy(),
+    none: () => new TempDirSandboxStrategy(), // "none" = tempdir
+    tempdir: () => new TempDirSandboxStrategy(),
+};
+/**
+ * Select the best available sandbox strategy.
+ *
+ * @param preferred - Preferred sandbox type from task config
+ * @param log - Optional log function for diagnostics
+ * @returns The selected strategy with fallback metadata
+ */
+export async function selectSandboxStrategy(preferred, log) {
+    const emit = log ?? (() => { });
+    // If a specific strategy is requested, try it first
+    if (preferred && preferred !== "none") {
+        const strategy = strategies[preferred]();
+        const available = await strategy.isAvailable();
+        if (available) {
+            emit(`Using ${strategy.name} sandbox strategy (requested)`);
+            return { strategy, isFallback: false };
+        }
+        emit(`${strategy.name} is not available, falling back...`);
+    }
+    // CI environments prefer Docker
+    const isCI = Boolean(process.env.CI || process.env.GITHUB_ACTIONS);
+    if (isCI) {
+        const docker = new DockerSandboxStrategy();
+        if (await docker.isAvailable()) {
+            emit("Using Docker sandbox strategy (CI environment)");
+            return { strategy: docker, isFallback: preferred !== "docker" };
+        }
+    }
+    // Default fallback: Docker → TempDir
+    const docker = new DockerSandboxStrategy();
+    if (await docker.isAvailable()) {
+        emit("Using Docker sandbox strategy (auto-detected)");
+        return {
+            strategy: docker,
+            isFallback: preferred !== undefined && preferred !== "docker",
+            ...(preferred && preferred !== "docker"
+                ? {
+                    warning: `Preferred sandbox "${preferred}" unavailable, using Docker instead`,
+                }
+                : {}),
+        };
+    }
+    // Universal fallback
+    const tempdir = new TempDirSandboxStrategy();
+    emit("Using TempDir sandbox strategy (fallback)");
+    return {
+        strategy: tempdir,
+        isFallback: preferred !== undefined && preferred !== "tempdir",
+        ...(preferred && preferred !== "tempdir" && preferred !== "none"
+            ? {
+                warning: `Preferred sandbox "${preferred}" unavailable, using temp directory instead`,
+            }
+            : {}),
+    };
+}
+/**
+ * Create a specific sandbox strategy by type.
+ * Does NOT check availability — caller should verify first.
+ */
+export function createSandboxStrategy(type) {
+    return strategies[type]();
+}

package/dist/pipeline/compiler/sandbox/sandbox-strategy.d.ts

@@ -0,0 +1,81 @@
+/**
+ * SandboxStrategy — port interface for isolated agent execution environments.
+ *
+ * Three implementations, selected by task config with automatic fallback:
+ *
+ * - DockerSandboxStrategy — full isolation via Docker containers
+ * - TempDirSandboxStrategy — lightweight fallback using OS temp directories
+ * - GitWorktreeSandboxStrategy — uses `git worktree` for repo-based tasks
+ *
+ * Selection: task config specifies preferred strategy; runtime falls back
+ * Docker → TempDir if Docker is unavailable. CI environments prefer Docker.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+/** Metadata describing a provisioned sandbox */
+export interface SandboxInfo {
+    /** Unique sandbox identifier */
+    id: string;
+    /** Absolute path to the sandbox working directory */
+    workingDir: string;
+    /** Which strategy created this sandbox */
+    strategy: SandboxType;
+    /** Docker container ID (when strategy is "docker") */
+    containerId?: string;
+    /** Git worktree ref (when strategy is "git-worktree") */
+    gitRef?: string;
+    /** Timestamp when the sandbox was provisioned */
+    createdAt: string;
+}
+/** Supported sandbox strategies */
+export type SandboxType = "docker" | "git-worktree" | "none" | "tempdir";
+/** Configuration for sandbox provisioning */
+export interface SandboxProvisionOptions {
+    /** Sandbox type to use */
+    type: SandboxType;
+    /** Task ID (used for naming) */
+    taskId: string;
+    /** Docker image (for docker strategy) */
+    image?: string;
+    /** Resource limits */
+    limits?: {
+        cpus?: number;
+        memoryBytes?: number;
+        diskBytes?: number;
+        networkAccess?: boolean;
+    };
+    /** Git ref for git-worktree strategy */
+    gitRef?: string;
+    /** Git repo path for git-worktree strategy */
+    repoPath?: string;
+}
+/** Artifacts collected from sandbox after execution */
+export interface SandboxArtifacts {
+    /** Files modified during execution (relative paths) */
+    modifiedFiles: string[];
+    /** Git diff output (if applicable) */
+    diff?: string;
+    /** Stdout/stderr captured during execution */
+    output?: string;
+    /** Total execution time in milliseconds */
+    durationMs: number;
+}
+/**
+ * Port interface for sandbox lifecycle management.
+ *
+ * Implementations handle the full lifecycle: provision → use → collect → teardown.
+ */
+export interface SandboxStrategy {
+    /** Human-readable strategy name */
+    readonly name: string;
+    /** Strategy type identifier */
+    readonly type: SandboxType;
+    /** Check if this strategy is available in the current environment */
+    isAvailable(): Promise<boolean>;
+    /** Provision a new sandbox environment */
+    provision(options: SandboxProvisionOptions): Promise<SandboxInfo>;
+    /** Collect artifacts from the sandbox after execution */
+    collectArtifacts(sandbox: SandboxInfo): Promise<SandboxArtifacts>;
+    /** Tear down the sandbox (remove files, stop containers) */
+    teardown(sandbox: SandboxInfo): Promise<void>;
+}

package/dist/pipeline/compiler/sandbox/sandbox-strategy.js

@@ -0,0 +1,15 @@
+/**
+ * SandboxStrategy — port interface for isolated agent execution environments.
+ *
+ * Three implementations, selected by task config with automatic fallback:
+ *
+ * - DockerSandboxStrategy — full isolation via Docker containers
+ * - TempDirSandboxStrategy — lightweight fallback using OS temp directories
+ * - GitWorktreeSandboxStrategy — uses `git worktree` for repo-based tasks
+ *
+ * Selection: task config specifies preferred strategy; runtime falls back
+ * Docker → TempDir if Docker is unavailable. CI environments prefer Docker.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+export {};

package/dist/pipeline/compiler/sandbox/tempdir-sandbox.d.ts

@@ -0,0 +1,20 @@
+/**
+ * TempDirSandboxStrategy — lightweight sandbox using OS temp directories.
+ *
+ * Creates a temporary directory for each test case, provides it as
+ * the working directory, and cleans up after execution. No isolation
+ * guarantees — the agent has full access to the host filesystem.
+ *
+ * This is the universal fallback when Docker is unavailable.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+import type { SandboxArtifacts, SandboxInfo, SandboxProvisionOptions, SandboxStrategy } from "./sandbox-strategy.js";
+export declare class TempDirSandboxStrategy implements SandboxStrategy {
+    readonly name = "Temporary Directory";
+    readonly type: "tempdir";
+    isAvailable(): Promise<boolean>;
+    provision(options: SandboxProvisionOptions): Promise<SandboxInfo>;
+    collectArtifacts(sandbox: SandboxInfo): Promise<SandboxArtifacts>;
+    teardown(sandbox: SandboxInfo): Promise<void>;
+}

package/dist/pipeline/compiler/sandbox/tempdir-sandbox.js

@@ -0,0 +1,74 @@
+/**
+ * TempDirSandboxStrategy — lightweight sandbox using OS temp directories.
+ *
+ * Creates a temporary directory for each test case, provides it as
+ * the working directory, and cleans up after execution. No isolation
+ * guarantees — the agent has full access to the host filesystem.
+ *
+ * This is the universal fallback when Docker is unavailable.
+ *
+ * @see docs/exec-plans/architecture-overhaul/phase-4-agent-harness.md
+ */
+import { randomUUID } from "crypto";
+import { existsSync, mkdirSync, readdirSync, rmSync } from "fs";
+import { tmpdir } from "os";
+import { resolve } from "path";
+export class TempDirSandboxStrategy {
+    name = "Temporary Directory";
+    type = "tempdir";
+    async isAvailable() {
+        // Always available — every OS has a temp directory
+        return true;
+    }
+    async provision(options) {
+        // Include sanitized taskId for debugging (strip non-alphanumeric for safety)
+        const safeTaskId = (options.taskId ?? "anon")
+            .replace(/[^a-zA-Z0-9_-]/g, "")
+            .slice(0, 20);
+        const id = `ailf-sandbox-${safeTaskId}-${randomUUID().slice(0, 8)}`;
+        const workingDir = resolve(tmpdir(), id);
+        mkdirSync(workingDir, { recursive: true });
+        return {
+            id,
+            workingDir,
+            strategy: "tempdir",
+            createdAt: new Date().toISOString(),
+        };
+    }
+    async collectArtifacts(sandbox) {
+        const modifiedFiles = [];
+        if (existsSync(sandbox.workingDir)) {
+            collectFilesRecursive(sandbox.workingDir, "", modifiedFiles);
+        }
+        return {
+            modifiedFiles,
+            durationMs: Date.now() - new Date(sandbox.createdAt).getTime(),
+        };
+    }
+    async teardown(sandbox) {
+        const workDir = resolve(sandbox.workingDir);
+        // Guard: only delete directories under os.tmpdir() to prevent
+        // accidental deletion if workingDir is corrupted
+        if (existsSync(workDir) && workDir.startsWith(resolve(tmpdir()))) {
+            rmSync(workDir, { recursive: true, force: true });
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function collectFilesRecursive(dir, prefix, files, maxDepth = 20) {
+    if (maxDepth <= 0)
+        return;
+    for (const entry of readdirSync(dir, { withFileTypes: true })) {
+        if (entry.isSymbolicLink())
+            continue; // Skip symlinks to prevent traversal
+        const relative = prefix ? `${prefix}/${entry.name}` : entry.name;
+        if (entry.isDirectory()) {
+            collectFilesRecursive(resolve(dir, entry.name), relative, files, maxDepth - 1);
+        }
+        else {
+            files.push(relative);
+        }
+    }
+}