@secure-exec/core 0.0.0-main.bccb3a2

package/dist/ext.js

@@ -0,0 +1,13 @@
+import { toExactArrayBuffer } from "./bytes.js";
+export function toGeneratedExtEnvelope(envelope) {
+    return {
+        namespace: envelope.namespace,
+        payload: toExactArrayBuffer(envelope.payload),
+    };
+}
+export function fromGeneratedExtEnvelope(envelope) {
+    return {
+        namespace: envelope.namespace,
+        payload: Buffer.from(envelope.payload),
+    };
+}

package/dist/filesystem.d.ts

@@ -0,0 +1,41 @@
+import * as protocol from "./generated-protocol.js";
+import { type LiveRootFilesystemEntryEncoding } from "./protocol-maps.js";
+export type { LiveRootFilesystemEntryEncoding } from "./protocol-maps.js";
+export type GuestFilesystemContentEncoding = "utf8" | "base64";
+export interface GuestFilesystemContentResult {
+    path: string;
+    content?: string;
+    encoding?: GuestFilesystemContentEncoding;
+}
+export type LiveRootFilesystemEntry = {
+    path: string;
+    kind: "file" | "directory" | "symlink";
+    mode?: number;
+    uid?: number;
+    gid?: number;
+    content?: string;
+    encoding?: LiveRootFilesystemEntryEncoding;
+    target?: string;
+    executable?: boolean;
+};
+export type LiveRootFilesystemLowerDescriptor = {
+    kind: "snapshot";
+    entries: LiveRootFilesystemEntry[];
+} | {
+    kind: "bundled_base_filesystem";
+};
+export type LiveRootFilesystemDescriptor = {
+    mode?: "ephemeral" | "read_only";
+    disable_default_base_layer?: boolean;
+    lowers?: LiveRootFilesystemLowerDescriptor[];
+    bootstrap_entries?: LiveRootFilesystemEntry[];
+};
+export declare function encodeGuestFilesystemContent(content: string | Uint8Array): {
+    content: string;
+    encoding?: GuestFilesystemContentEncoding;
+};
+export declare function decodeGuestFilesystemContent(response: GuestFilesystemContentResult): Uint8Array;
+export declare function toGeneratedRootFilesystemDescriptor(descriptor: LiveRootFilesystemDescriptor): protocol.RootFilesystemDescriptor;
+export declare function toGeneratedRootFilesystemLower(lower: LiveRootFilesystemLowerDescriptor): protocol.RootFilesystemLowerDescriptor;
+export declare function toGeneratedRootFilesystemEntry(entry: LiveRootFilesystemEntry): protocol.RootFilesystemEntry;
+export declare function fromGeneratedRootFilesystemEntry(entry: protocol.RootFilesystemEntry): LiveRootFilesystemEntry;

package/dist/filesystem.js

@@ -0,0 +1,70 @@
+import { fromGeneratedRootFilesystemEntryEncoding, fromGeneratedRootFilesystemEntryKind, toGeneratedRootFilesystemEntryEncoding, toGeneratedRootFilesystemEntryKind, toGeneratedRootFilesystemMode, } from "./protocol-maps.js";
+export function encodeGuestFilesystemContent(content) {
+    if (typeof content === "string") {
+        return { content };
+    }
+    return {
+        content: Buffer.from(content).toString("base64"),
+        encoding: "base64",
+    };
+}
+export function decodeGuestFilesystemContent(response) {
+    if (response.content === undefined) {
+        throw new Error(`sidecar returned no file content for ${response.path}`);
+    }
+    if (response.encoding === "base64") {
+        return Buffer.from(response.content, "base64");
+    }
+    return Buffer.from(response.content, "utf8");
+}
+export function toGeneratedRootFilesystemDescriptor(descriptor) {
+    return {
+        mode: toGeneratedRootFilesystemMode(descriptor.mode ?? "ephemeral"),
+        disableDefaultBaseLayer: descriptor.disable_default_base_layer ?? false,
+        lowers: (descriptor.lowers ?? []).map(toGeneratedRootFilesystemLower),
+        bootstrapEntries: (descriptor.bootstrap_entries ?? []).map(toGeneratedRootFilesystemEntry),
+    };
+}
+export function toGeneratedRootFilesystemLower(lower) {
+    switch (lower.kind) {
+        case "snapshot":
+            return {
+                tag: "SnapshotRootFilesystemLower",
+                val: {
+                    entries: (lower.entries ?? []).map(toGeneratedRootFilesystemEntry),
+                },
+            };
+        case "bundled_base_filesystem":
+            return { tag: "BundledBaseFilesystemLower", val: null };
+    }
+}
+export function toGeneratedRootFilesystemEntry(entry) {
+    return {
+        path: entry.path,
+        kind: toGeneratedRootFilesystemEntryKind(entry.kind),
+        mode: entry.mode ?? null,
+        uid: entry.uid ?? null,
+        gid: entry.gid ?? null,
+        content: entry.content ?? null,
+        encoding: entry.encoding === undefined
+            ? null
+            : toGeneratedRootFilesystemEntryEncoding(entry.encoding),
+        target: entry.target ?? null,
+        executable: entry.executable ?? false,
+    };
+}
+export function fromGeneratedRootFilesystemEntry(entry) {
+    return {
+        path: entry.path,
+        kind: fromGeneratedRootFilesystemEntryKind(entry.kind),
+        ...(entry.mode !== null ? { mode: entry.mode } : {}),
+        ...(entry.uid !== null ? { uid: entry.uid } : {}),
+        ...(entry.gid !== null ? { gid: entry.gid } : {}),
+        ...(entry.content !== null ? { content: entry.content } : {}),
+        ...(entry.encoding !== null
+            ? { encoding: fromGeneratedRootFilesystemEntryEncoding(entry.encoding) }
+            : {}),
+        ...(entry.target !== null ? { target: entry.target } : {}),
+        executable: entry.executable,
+    };
+}

package/dist/frame-payload-codec.d.ts

@@ -0,0 +1,8 @@
+export type TransportPayloadCodec = "bare" | "json";
+export declare function encodeJsonFramePayload(frame: unknown): Buffer;
+export declare function decodeJsonFramePayload<TFrame extends {
+    payload?: {
+        type?: string;
+        chunk?: unknown;
+    };
+}>(payload: Uint8Array): TFrame;

package/dist/frame-payload-codec.js

@@ -0,0 +1,14 @@
+export function encodeJsonFramePayload(frame) {
+    // BARE `data` fields are Uint8Array; JSON.stringify renders those as objects, so encode them
+    // as number arrays to match serde_json's Vec<u8> representation on the Rust side.
+    return Buffer.from(JSON.stringify(frame, (_key, value) => value instanceof Uint8Array ? Array.from(value) : value), "utf8");
+}
+export function decodeJsonFramePayload(payload) {
+    const frame = JSON.parse(Buffer.from(payload).toString("utf8"));
+    const decodedPayload = frame.payload;
+    if (decodedPayload?.type === "process_output" &&
+        Array.isArray(decodedPayload.chunk)) {
+        decodedPayload.chunk = Uint8Array.from(decodedPayload.chunk);
+    }
+    return frame;
+}

package/dist/frame-rpc.d.ts

@@ -0,0 +1,38 @@
+import type { Readable, Writable } from "node:stream";
+export type ClassifiedFrame<TResponseFrame, TEventFrame, TSidecarRequestFrame> = {
+    kind: "response";
+    requestId: number;
+    frame: TResponseFrame;
+} | {
+    kind: "event";
+    frame: TEventFrame;
+} | {
+    kind: "sidecarRequest";
+    frame: TSidecarRequestFrame;
+};
+export interface FrameRpcTransportOptions<TReadFrame, TWriteFrame, TResponseFrame, TEventFrame, TSidecarRequestFrame> {
+    stdin: Writable;
+    stdout: Readable;
+    encodeFrame: (frame: TWriteFrame) => Uint8Array;
+    decodeFrame: (payload: Uint8Array) => TReadFrame;
+    classifyFrame: (frame: TReadFrame) => ClassifiedFrame<TResponseFrame, TEventFrame, TSidecarRequestFrame>;
+}
+export declare class FrameRpcTransport<TReadFrame, TWriteFrame, TResponseFrame, TEventFrame, TSidecarRequestFrame> {
+    private readonly frameTransport;
+    private readonly pendingResponses;
+    private readonly eventListeners;
+    private readonly sidecarRequestListeners;
+    constructor(options: FrameRpcTransportOptions<TReadFrame, TWriteFrame, TResponseFrame, TEventFrame, TSidecarRequestFrame>);
+    onEvent(handler: (event: TEventFrame) => void): () => void;
+    onSidecarRequest(handler: (request: TSidecarRequestFrame) => void): () => void;
+    onError(handler: (error: Error) => void): () => void;
+    onEnd(handler: () => void): () => void;
+    sendFrame(requestId: number, frame: TWriteFrame, options: {
+        timeoutMs: number;
+        timeoutMessage: () => string;
+    }): Promise<TResponseFrame>;
+    writeFrame(frame: TWriteFrame): Promise<void>;
+    rejectAll(error: Error): void;
+    dispose(): void;
+    private dispatchFrame;
+}

package/dist/frame-rpc.js

@@ -0,0 +1,73 @@
+import { PendingResponseRegistry } from "./correlation.js";
+import { StdioFrameTransport } from "./frame-stream.js";
+export class FrameRpcTransport {
+    frameTransport;
+    pendingResponses = new PendingResponseRegistry();
+    eventListeners = new Set();
+    sidecarRequestListeners = new Set();
+    constructor(options) {
+        this.frameTransport = new StdioFrameTransport({
+            stdin: options.stdin,
+            stdout: options.stdout,
+            encodeFrame: options.encodeFrame,
+            decodeFrame: options.decodeFrame,
+        });
+        this.frameTransport.onFrame((frame) => {
+            this.dispatchFrame(options.classifyFrame(frame));
+        });
+    }
+    onEvent(handler) {
+        this.eventListeners.add(handler);
+        return () => {
+            this.eventListeners.delete(handler);
+        };
+    }
+    onSidecarRequest(handler) {
+        this.sidecarRequestListeners.add(handler);
+        return () => {
+            this.sidecarRequestListeners.delete(handler);
+        };
+    }
+    onError(handler) {
+        return this.frameTransport.onError(handler);
+    }
+    onEnd(handler) {
+        return this.frameTransport.onEnd(handler);
+    }
+    async sendFrame(requestId, frame, options) {
+        const response = this.pendingResponses.waitForResponse(requestId, options);
+        void this.writeFrame(frame).catch((error) => {
+            this.pendingResponses.reject(requestId, error instanceof Error ? error : new Error(String(error)));
+        });
+        return await response;
+    }
+    async writeFrame(frame) {
+        await this.frameTransport.writeFrame(frame);
+    }
+    rejectAll(error) {
+        this.pendingResponses.rejectAll(error);
+    }
+    dispose() {
+        this.frameTransport.dispose();
+        this.pendingResponses.rejectAll(new Error("frame rpc transport disposed"));
+        this.eventListeners.clear();
+        this.sidecarRequestListeners.clear();
+    }
+    dispatchFrame(classified) {
+        switch (classified.kind) {
+            case "response":
+                this.pendingResponses.resolve(classified.requestId, classified.frame);
+                return;
+            case "event":
+                for (const listener of this.eventListeners) {
+                    listener(classified.frame);
+                }
+                return;
+            case "sidecarRequest":
+                for (const listener of this.sidecarRequestListeners) {
+                    listener(classified.frame);
+                }
+                return;
+        }
+    }
+}

package/dist/frame-stream.d.ts

@@ -0,0 +1,27 @@
+import type { Readable, Writable } from "node:stream";
+export interface StdioFrameTransportOptions<TReadFrame, TWriteFrame> {
+    stdin: Writable;
+    stdout: Readable;
+    encodeFrame: (frame: TWriteFrame) => Uint8Array;
+    decodeFrame: (payload: Uint8Array) => TReadFrame;
+}
+export declare class StdioFrameTransport<TReadFrame, TWriteFrame = TReadFrame> {
+    private readonly stdin;
+    private readonly stdout;
+    private readonly encodeFrame;
+    private readonly decodeFrame;
+    private readonly frameListeners;
+    private readonly errorListeners;
+    private readonly endListeners;
+    private stdoutBuffer;
+    constructor(options: StdioFrameTransportOptions<TReadFrame, TWriteFrame>);
+    onFrame(handler: (frame: TReadFrame) => void): () => void;
+    onError(handler: (error: Error) => void): () => void;
+    onEnd(handler: () => void): () => void;
+    writeFrame(frame: TWriteFrame): Promise<void>;
+    dispose(): void;
+    private readonly handleData;
+    private readonly handleEnd;
+    private readonly handleError;
+    private drainFrames;
+}

package/dist/frame-stream.js

@@ -0,0 +1,99 @@
+import { encodeLengthPrefixedPayload, tryDecodeLengthPrefixedPayload, } from "./framing.js";
+export class StdioFrameTransport {
+    stdin;
+    stdout;
+    encodeFrame;
+    decodeFrame;
+    frameListeners = new Set();
+    errorListeners = new Set();
+    endListeners = new Set();
+    stdoutBuffer = Buffer.alloc(0);
+    constructor(options) {
+        this.stdin = options.stdin;
+        this.stdout = options.stdout;
+        this.encodeFrame = options.encodeFrame;
+        this.decodeFrame = options.decodeFrame;
+        this.stdout.on("data", this.handleData);
+        this.stdout.on("end", this.handleEnd);
+        this.stdout.on("error", this.handleError);
+    }
+    onFrame(handler) {
+        this.frameListeners.add(handler);
+        return () => {
+            this.frameListeners.delete(handler);
+        };
+    }
+    onError(handler) {
+        this.errorListeners.add(handler);
+        return () => {
+            this.errorListeners.delete(handler);
+        };
+    }
+    onEnd(handler) {
+        this.endListeners.add(handler);
+        return () => {
+            this.endListeners.delete(handler);
+        };
+    }
+    async writeFrame(frame) {
+        const payload = this.encodeFrame(frame);
+        const encoded = encodeLengthPrefixedPayload(payload);
+        await new Promise((resolve, reject) => {
+            this.stdin.write(encoded, (error) => {
+                if (error) {
+                    reject(error);
+                    return;
+                }
+                resolve();
+            });
+        });
+    }
+    dispose() {
+        this.stdout.off("data", this.handleData);
+        this.stdout.off("end", this.handleEnd);
+        this.stdout.off("error", this.handleError);
+        this.frameListeners.clear();
+        this.errorListeners.clear();
+        this.endListeners.clear();
+    }
+    handleData = (chunk) => {
+        const bytes = typeof chunk === "string"
+            ? Buffer.from(chunk)
+            : Buffer.isBuffer(chunk)
+                ? chunk
+                : Buffer.from(chunk);
+        this.stdoutBuffer = Buffer.concat([this.stdoutBuffer, bytes]);
+        this.drainFrames();
+    };
+    handleEnd = () => {
+        for (const listener of this.endListeners) {
+            listener();
+        }
+    };
+    handleError = (error) => {
+        const normalized = error instanceof Error ? error : new Error(String(error));
+        for (const listener of this.errorListeners) {
+            listener(normalized);
+        }
+    };
+    drainFrames() {
+        for (;;) {
+            const decoded = tryDecodeLengthPrefixedPayload(this.stdoutBuffer);
+            if (!decoded) {
+                return;
+            }
+            this.stdoutBuffer = decoded.remaining;
+            let frame;
+            try {
+                frame = this.decodeFrame(decoded.payload);
+            }
+            catch (error) {
+                this.handleError(error);
+                continue;
+            }
+            for (const listener of this.frameListeners) {
+                listener(frame);
+            }
+        }
+    }
+}

package/dist/framing.d.ts

@@ -0,0 +1,7 @@
+export declare const LENGTH_PREFIX_BYTES = 4;
+export interface LengthPrefixedPayload {
+    payload: Buffer;
+    remaining: Buffer;
+}
+export declare function encodeLengthPrefixedPayload(payload: Uint8Array): Buffer;
+export declare function tryDecodeLengthPrefixedPayload(buffer: Uint8Array): LengthPrefixedPayload | null;

package/dist/framing.js

@@ -0,0 +1,22 @@
+export const LENGTH_PREFIX_BYTES = 4;
+export function encodeLengthPrefixedPayload(payload) {
+    const encoded = Buffer.allocUnsafe(LENGTH_PREFIX_BYTES + payload.length);
+    encoded.writeUInt32BE(payload.length, 0);
+    encoded.set(payload, LENGTH_PREFIX_BYTES);
+    return encoded;
+}
+export function tryDecodeLengthPrefixedPayload(buffer) {
+    const source = Buffer.isBuffer(buffer) ? buffer : Buffer.from(buffer);
+    if (source.length < LENGTH_PREFIX_BYTES) {
+        return null;
+    }
+    const declaredLength = source.readUInt32BE(0);
+    const frameEnd = LENGTH_PREFIX_BYTES + declaredLength;
+    if (source.length < frameEnd) {
+        return null;
+    }
+    return {
+        payload: source.subarray(LENGTH_PREFIX_BYTES, frameEnd),
+        remaining: source.subarray(frameEnd),
+    };
+}

package/dist/generated/AcpLimitsConfig.d.ts

@@ -0,0 +1,4 @@
+export type AcpLimitsConfig = {
+    maxReadLineBytes?: number;
+    stdoutBufferByteLimit?: number;
+};

package/dist/generated/AcpLimitsConfig.js

@@ -0,0 +1,2 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+export {};

package/dist/generated/CreateVmConfig.d.ts

@@ -0,0 +1,19 @@
+import type { JsRuntimeConfig } from "./JsRuntimeConfig.js";
+import type { NativeRootFilesystemConfig } from "./NativeRootFilesystemConfig.js";
+import type { PermissionsPolicy } from "./PermissionsPolicy.js";
+import type { RootFilesystemConfig } from "./RootFilesystemConfig.js";
+import type { VmDnsConfig } from "./VmDnsConfig.js";
+import type { VmLimitsConfig } from "./VmLimitsConfig.js";
+import type { VmListenPolicyConfig } from "./VmListenPolicyConfig.js";
+export type CreateVmConfig = {
+    cwd?: string;
+    env: Record<string, string>;
+    rootFilesystem: RootFilesystemConfig;
+    permissions?: PermissionsPolicy;
+    limits?: VmLimitsConfig;
+    dns?: VmDnsConfig;
+    nativeRoot?: NativeRootFilesystemConfig;
+    listen?: VmListenPolicyConfig;
+    loopbackExemptPorts: Array<number>;
+    jsRuntime?: JsRuntimeConfig;
+};

package/dist/generated/CreateVmConfig.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/FsPermissionRule.d.ts

@@ -0,0 +1,6 @@
+import type { PermissionMode } from "./PermissionMode.js";
+export type FsPermissionRule = {
+    mode: PermissionMode;
+    operations: Array<string>;
+    paths: Array<string>;
+};

package/dist/generated/FsPermissionRule.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/FsPermissionRuleSet.d.ts

@@ -0,0 +1,6 @@
+import type { FsPermissionRule } from "./FsPermissionRule.js";
+import type { PermissionMode } from "./PermissionMode.js";
+export type FsPermissionRuleSet = {
+    default?: PermissionMode;
+    rules: Array<FsPermissionRule>;
+};

package/dist/generated/FsPermissionRuleSet.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/FsPermissionScope.d.ts

@@ -0,0 +1,3 @@
+import type { FsPermissionRuleSet } from "./FsPermissionRuleSet.js";
+import type { PermissionMode } from "./PermissionMode.js";
+export type FsPermissionScope = PermissionMode | FsPermissionRuleSet;

package/dist/generated/FsPermissionScope.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/HttpLimitsConfig.d.ts

@@ -0,0 +1,3 @@
+export type HttpLimitsConfig = {
+    maxFetchResponseBytes?: number;
+};

package/dist/generated/HttpLimitsConfig.js

@@ -0,0 +1,2 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+export {};

package/dist/generated/JsModuleResolution.d.ts

@@ -0,0 +1 @@
+export type JsModuleResolution = "node" | "relative" | "none";

package/dist/generated/JsModuleResolution.js

@@ -0,0 +1,2 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+export {};

package/dist/generated/JsRuntimeConfig.d.ts

@@ -0,0 +1,26 @@
+import type { JsModuleResolution } from "./JsModuleResolution.js";
+import type { JsRuntimePlatform } from "./JsRuntimePlatform.js";
+/**
+ * Guest JavaScript host-environment configuration.
+ *
+ * Selects which globals/builtins/module-resolution surface guest JS sees,
+ * modeled on esbuild's `platform`. Omitting this preserves full Node.js
+ * emulation (`platform = node`).
+ */
+export type JsRuntimeConfig = {
+    /**
+     * Which host environment to emulate for guest JS. Default `node`.
+     */
+    platform: JsRuntimePlatform;
+    /**
+     * How bare import specifiers resolve. Independent of `platform`.
+     * Default `node`.
+     */
+    moduleResolution: JsModuleResolution;
+    /**
+     * Node builtin-module allow-list. Only valid when `platform = node`.
+     * `None` => engine default allow-list. `Some([])` => deny all builtins.
+     * `Some([..])` => exactly those.
+     */
+    allowedBuiltins?: Array<string>;
+};

package/dist/generated/JsRuntimeConfig.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/JsRuntimeLimitsConfig.d.ts

@@ -0,0 +1,8 @@
+export type JsRuntimeLimitsConfig = {
+    v8HeapLimitMb?: number;
+    syncRpcWaitTimeoutMs?: number;
+    capturedOutputLimitBytes?: number;
+    stdinBufferLimitBytes?: number;
+    eventPayloadLimitBytes?: number;
+    v8IpcMaxFrameBytes?: number;
+};

package/dist/generated/JsRuntimeLimitsConfig.js

@@ -0,0 +1,2 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+export {};

package/dist/generated/JsRuntimePlatform.d.ts

@@ -0,0 +1 @@
+export type JsRuntimePlatform = "node" | "browser" | "neutral" | "bare";

package/dist/generated/JsRuntimePlatform.js

@@ -0,0 +1,2 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+export {};

package/dist/generated/MountPluginDescriptor.d.ts

@@ -0,0 +1,4 @@
+export type MountPluginDescriptor = {
+    id: string;
+    config: import("../descriptors.js").MountConfigJsonValue;
+};

package/dist/generated/MountPluginDescriptor.js

@@ -0,0 +1,2 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+export {};

package/dist/generated/NativeRootFilesystemConfig.d.ts

@@ -0,0 +1,5 @@
+import type { MountPluginDescriptor } from "./MountPluginDescriptor.js";
+export type NativeRootFilesystemConfig = {
+    plugin: MountPluginDescriptor;
+    readOnly: boolean;
+};

package/dist/generated/NativeRootFilesystemConfig.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/PatternPermissionRule.d.ts

@@ -0,0 +1,6 @@
+import type { PermissionMode } from "./PermissionMode.js";
+export type PatternPermissionRule = {
+    mode: PermissionMode;
+    operations: Array<string>;
+    patterns: Array<string>;
+};

package/dist/generated/PatternPermissionRule.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/PatternPermissionRuleSet.d.ts

@@ -0,0 +1,6 @@
+import type { PatternPermissionRule } from "./PatternPermissionRule.js";
+import type { PermissionMode } from "./PermissionMode.js";
+export type PatternPermissionRuleSet = {
+    default?: PermissionMode;
+    rules: Array<PatternPermissionRule>;
+};

package/dist/generated/PatternPermissionRuleSet.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/PatternPermissionScope.d.ts

@@ -0,0 +1,3 @@
+import type { PatternPermissionRuleSet } from "./PatternPermissionRuleSet.js";
+import type { PermissionMode } from "./PermissionMode.js";
+export type PatternPermissionScope = PermissionMode | PatternPermissionRuleSet;

package/dist/generated/PatternPermissionScope.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/PermissionMode.d.ts

@@ -0,0 +1 @@
+export type PermissionMode = "allow" | "ask" | "deny";

package/dist/generated/PermissionMode.js

@@ -0,0 +1,2 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+export {};

package/dist/generated/PermissionsPolicy.d.ts

@@ -0,0 +1,10 @@
+import type { FsPermissionScope } from "./FsPermissionScope.js";
+import type { PatternPermissionScope } from "./PatternPermissionScope.js";
+export type PermissionsPolicy = {
+    fs?: FsPermissionScope;
+    network?: PatternPermissionScope;
+    childProcess?: PatternPermissionScope;
+    process?: PatternPermissionScope;
+    env?: PatternPermissionScope;
+    tool?: PatternPermissionScope;
+};

package/dist/generated/PermissionsPolicy.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/PluginLimitsConfig.d.ts

@@ -0,0 +1,4 @@
+export type PluginLimitsConfig = {
+    maxPersistedManifestBytes?: number;
+    maxPersistedManifestFileBytes?: number;
+};

package/dist/generated/PluginLimitsConfig.js

@@ -0,0 +1,2 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+export {};

package/dist/generated/PythonLimitsConfig.d.ts

@@ -0,0 +1,6 @@
+export type PythonLimitsConfig = {
+    outputBufferMaxBytes?: number;
+    executionTimeoutMs?: number;
+    maxOldSpaceMb?: number;
+    vfsRpcTimeoutMs?: number;
+};