@sysid/sandbox-runtime-improved 0.0.42-sysid.1

package/dist/sandbox/sandbox-utils.js

@@ -0,0 +1,463 @@
+import { homedir } from 'os';
+import * as path from 'path';
+import * as fs from 'fs';
+import { getPlatform } from '../utils/platform.js';
+import { logForDebugging } from '../utils/debug.js';
+/**
+ * Dangerous files that should be protected from writes.
+ * These files can be used for code execution or data exfiltration.
+ */
+export const DANGEROUS_FILES = [
+    '.gitconfig',
+    '.gitmodules',
+    '.bashrc',
+    '.bash_profile',
+    '.zshrc',
+    '.zprofile',
+    '.profile',
+    '.ripgreprc',
+    '.mcp.json',
+];
+/**
+ * Dangerous directories that should be protected from writes.
+ * These directories contain sensitive configuration or executable files.
+ */
+export const DANGEROUS_DIRECTORIES = ['.git', '.vscode', '.idea'];
+/**
+ * Get the list of dangerous directories to deny writes to.
+ * Excludes .git since we need it writable for git operations -
+ * instead we block specific paths within .git (hooks and config).
+ */
+export function getDangerousDirectories() {
+    return [
+        ...DANGEROUS_DIRECTORIES.filter(d => d !== '.git'),
+        '.claude/commands',
+        '.claude/agents',
+    ];
+}
+/**
+ * Normalizes a path for case-insensitive comparison.
+ * This prevents bypassing security checks using mixed-case paths on case-insensitive
+ * filesystems (macOS/Windows) like `.cLauDe/Settings.locaL.json`.
+ *
+ * We always normalize to lowercase regardless of platform for consistent security.
+ * @param path The path to normalize
+ * @returns The lowercase path for safe comparison
+ */
+export function normalizeCaseForComparison(pathStr) {
+    return pathStr.toLowerCase();
+}
+/**
+ * Check if a path pattern contains glob characters
+ */
+export function containsGlobChars(pathPattern) {
+    return (pathPattern.includes('*') ||
+        pathPattern.includes('?') ||
+        pathPattern.includes('[') ||
+        pathPattern.includes(']'));
+}
+/**
+ * Remove trailing /** glob suffix from a path pattern
+ * Used to normalize path patterns since /** just means "directory and everything under it"
+ */
+export function removeTrailingGlobSuffix(pathPattern) {
+    const stripped = pathPattern.replace(/\/\*\*$/, '');
+    return stripped || '/';
+}
+/**
+ * Check if a symlink resolution crosses expected path boundaries.
+ *
+ * When resolving symlinks for sandbox path normalization, we need to ensure
+ * the resolved path doesn't unexpectedly broaden the scope. This function
+ * returns true if the resolved path is an ancestor of the original path
+ * or resolves to a system root, which would indicate the symlink points
+ * outside expected boundaries.
+ *
+ * @param originalPath - The original path before symlink resolution
+ * @param resolvedPath - The path after fs.realpathSync() resolution
+ * @returns true if the resolved path is outside expected boundaries
+ */
+export function isSymlinkOutsideBoundary(originalPath, resolvedPath) {
+    const normalizedOriginal = path.normalize(originalPath);
+    const normalizedResolved = path.normalize(resolvedPath);
+    // Same path after normalization - OK
+    if (normalizedResolved === normalizedOriginal) {
+        return false;
+    }
+    // Handle macOS /tmp -> /private/tmp canonical resolution
+    // This is a legitimate system symlink that should be allowed
+    // /tmp/claude -> /private/tmp/claude is OK
+    // /var/folders/... -> /private/var/folders/... is OK
+    if (normalizedOriginal.startsWith('/tmp/') &&
+        normalizedResolved === '/private' + normalizedOriginal) {
+        return false;
+    }
+    if (normalizedOriginal.startsWith('/var/') &&
+        normalizedResolved === '/private' + normalizedOriginal) {
+        return false;
+    }
+    // Also handle the reverse: /private/tmp/... resolving to itself
+    if (normalizedOriginal.startsWith('/private/tmp/') &&
+        normalizedResolved === normalizedOriginal) {
+        return false;
+    }
+    if (normalizedOriginal.startsWith('/private/var/') &&
+        normalizedResolved === normalizedOriginal) {
+        return false;
+    }
+    // If resolved path is "/" it's outside expected boundaries
+    if (normalizedResolved === '/') {
+        return true;
+    }
+    // If resolved path is very short (single component like /tmp, /usr, /var),
+    // it's likely outside expected boundaries
+    const resolvedParts = normalizedResolved.split('/').filter(Boolean);
+    if (resolvedParts.length <= 1) {
+        return true;
+    }
+    // If original path starts with resolved path, the resolved path is an ancestor
+    // e.g., /tmp/claude -> /tmp means the symlink points to a broader scope
+    if (normalizedOriginal.startsWith(normalizedResolved + '/')) {
+        return true;
+    }
+    // Also check the canonical form of the original path for macOS
+    // e.g., /tmp/claude should also be checked as /private/tmp/claude
+    let canonicalOriginal = normalizedOriginal;
+    if (normalizedOriginal.startsWith('/tmp/')) {
+        canonicalOriginal = '/private' + normalizedOriginal;
+    }
+    else if (normalizedOriginal.startsWith('/var/')) {
+        canonicalOriginal = '/private' + normalizedOriginal;
+    }
+    if (canonicalOriginal !== normalizedOriginal &&
+        canonicalOriginal.startsWith(normalizedResolved + '/')) {
+        return true;
+    }
+    // STRICT CHECK: Only allow resolutions that stay within the expected path tree
+    // The resolved path must either:
+    // 1. Start with the original path (deeper/same) - already covered by returning false below
+    // 2. Start with the canonical original (deeper/same under canonical form)
+    // 3. BE the canonical form of the original (e.g., /tmp/x -> /private/tmp/x)
+    // Any other resolution (e.g., /tmp/claude -> /Users/dworken) is outside expected bounds
+    const resolvedStartsWithOriginal = normalizedResolved.startsWith(normalizedOriginal + '/');
+    const resolvedStartsWithCanonical = canonicalOriginal !== normalizedOriginal &&
+        normalizedResolved.startsWith(canonicalOriginal + '/');
+    const resolvedIsCanonical = canonicalOriginal !== normalizedOriginal &&
+        normalizedResolved === canonicalOriginal;
+    const resolvedIsSame = normalizedResolved === normalizedOriginal;
+    // If resolved path is not within expected tree, it's outside boundary
+    if (!resolvedIsSame &&
+        !resolvedIsCanonical &&
+        !resolvedStartsWithOriginal &&
+        !resolvedStartsWithCanonical) {
+        return true;
+    }
+    // Allow resolution to same directory level or deeper within expected tree
+    return false;
+}
+/**
+ * Normalize a path for use in sandbox configurations
+ * Handles:
+ * - Tilde (~) expansion for home directory
+ * - Relative paths (./foo, ../foo, etc.) converted to absolute
+ * - Absolute paths remain unchanged
+ * - Symlinks are resolved to their real paths for non-glob patterns
+ * - Glob patterns preserve wildcards after path normalization
+ *
+ * Returns the absolute path with symlinks resolved (or normalized glob pattern)
+ */
+export function normalizePathForSandbox(pathPattern) {
+    const cwd = process.cwd();
+    let normalizedPath = pathPattern;
+    // Expand ~ to home directory
+    if (pathPattern === '~') {
+        normalizedPath = homedir();
+    }
+    else if (pathPattern.startsWith('~/')) {
+        normalizedPath = homedir() + pathPattern.slice(1);
+    }
+    else if (pathPattern.startsWith('./') || pathPattern.startsWith('../')) {
+        // Convert relative to absolute based on current working directory
+        normalizedPath = path.resolve(cwd, pathPattern);
+    }
+    else if (!path.isAbsolute(pathPattern)) {
+        // Handle other relative paths (e.g., ".", "..", "foo/bar")
+        normalizedPath = path.resolve(cwd, pathPattern);
+    }
+    // For glob patterns, resolve symlinks for the directory portion only
+    if (containsGlobChars(normalizedPath)) {
+        // Extract the static directory prefix before glob characters
+        const staticPrefix = normalizedPath.split(/[*?[\]]/)[0];
+        if (staticPrefix && staticPrefix !== '/') {
+            // Get the directory containing the glob pattern
+            // If staticPrefix ends with /, remove it to get the directory
+            const baseDir = staticPrefix.endsWith('/')
+                ? staticPrefix.slice(0, -1)
+                : path.dirname(staticPrefix);
+            // Try to resolve symlinks for the base directory
+            try {
+                const resolvedBaseDir = fs.realpathSync(baseDir);
+                // Validate that resolution stays within expected boundaries
+                if (!isSymlinkOutsideBoundary(baseDir, resolvedBaseDir)) {
+                    // Reconstruct the pattern with the resolved directory
+                    const patternSuffix = normalizedPath.slice(baseDir.length);
+                    return resolvedBaseDir + patternSuffix;
+                }
+                // If resolution would broaden scope, keep original pattern
+            }
+            catch {
+                // If directory doesn't exist or can't be resolved, keep the original pattern
+            }
+        }
+        return normalizedPath;
+    }
+    // Resolve symlinks to real paths to avoid bwrap issues
+    // Validate that the resolution stays within expected boundaries
+    try {
+        const resolvedPath = fs.realpathSync(normalizedPath);
+        // Only use resolved path if it doesn't cross boundary (e.g., symlink to parent dir)
+        if (isSymlinkOutsideBoundary(normalizedPath, resolvedPath)) {
+            // Symlink points outside expected boundaries - keep original path
+        }
+        else {
+            normalizedPath = resolvedPath;
+        }
+    }
+    catch {
+        // If path doesn't exist or can't be resolved, keep the normalized path
+    }
+    return normalizedPath;
+}
+/**
+ * Get recommended system paths that should be writable for commands to work properly
+ *
+ * WARNING: These default paths are intentionally broad for compatibility but may
+ * allow access to files from other processes. In highly security-sensitive
+ * environments, you should configure more restrictive write paths.
+ */
+export function getDefaultWritePaths() {
+    const homeDir = homedir();
+    const recommendedPaths = [
+        '/dev/stdout',
+        '/dev/stderr',
+        '/dev/null',
+        '/dev/tty',
+        '/dev/dtracehelper',
+        '/dev/autofs_nowait',
+        '/tmp/claude',
+        '/private/tmp/claude',
+        path.join(homeDir, '.npm/_logs'),
+        path.join(homeDir, '.claude/debug'),
+    ];
+    return recommendedPaths;
+}
+/**
+ * Ensure the sandbox TMPDIR exists so tools like mktemp work inside the sandbox.
+ * When TMPDIR is set to a non-existent path, mktemp silently returns an empty
+ * string; any subsequent use of that empty string as a redirect target (e.g.
+ * `cat $tmp`) reads from stdin and hangs the shell session indefinitely.
+ */
+export function ensureSandboxTmpdir() {
+    const tmpdir = process.env.CLAUDE_TMPDIR || '/tmp/claude';
+    try {
+        fs.mkdirSync(tmpdir, { recursive: true });
+    }
+    catch (err) {
+        logForDebugging(`Warning: could not create sandbox TMPDIR ${tmpdir}: ${err}`);
+    }
+}
+/**
+ * Generate proxy environment variables for sandboxed processes
+ */
+export function generateProxyEnvVars(httpProxyPort, socksProxyPort) {
+    // Respect CLAUDE_TMPDIR if set, otherwise default to /tmp/claude
+    const tmpdir = process.env.CLAUDE_TMPDIR || '/tmp/claude';
+    const envVars = [`SANDBOX_RUNTIME=1`, `TMPDIR=${tmpdir}`];
+    // If no proxy ports provided, return minimal env vars
+    if (!httpProxyPort && !socksProxyPort) {
+        return envVars;
+    }
+    // Make Node's built-in fetch() (undici) honour HTTP_PROXY / HTTPS_PROXY.
+    // By default, undici uses a plain Agent that makes direct TCP connections and
+    // ignores proxy env vars — unlike curl and other CLI tools. The --use-env-proxy
+    // flag (Node 22+) tells the internal undici instance to read these variables.
+    // We prepend to any existing NODE_OPTIONS so we don't clobber user flags.
+    const nodeMajor = parseInt(process.versions.node.split('.')[0], 10);
+    if (nodeMajor >= 22) {
+        const existingNodeOptions = process.env.NODE_OPTIONS ?? '';
+        const nodeOptions = existingNodeOptions
+            ? `${existingNodeOptions} --use-env-proxy`
+            : '--use-env-proxy';
+        envVars.push(`NODE_OPTIONS=${nodeOptions}`);
+    }
+    // Always set NO_PROXY to exclude localhost and private networks from proxying
+    const noProxyAddresses = [
+        'localhost',
+        '127.0.0.1',
+        '::1',
+        '*.local',
+        '.local',
+        '169.254.0.0/16', // Link-local
+        '10.0.0.0/8', // Private network
+        '172.16.0.0/12', // Private network
+        '192.168.0.0/16', // Private network
+    ].join(',');
+    envVars.push(`NO_PROXY=${noProxyAddresses}`);
+    envVars.push(`no_proxy=${noProxyAddresses}`);
+    if (httpProxyPort) {
+        envVars.push(`HTTP_PROXY=http://localhost:${httpProxyPort}`);
+        envVars.push(`HTTPS_PROXY=http://localhost:${httpProxyPort}`);
+        // Lowercase versions for compatibility with some tools
+        envVars.push(`http_proxy=http://localhost:${httpProxyPort}`);
+        envVars.push(`https_proxy=http://localhost:${httpProxyPort}`);
+    }
+    if (socksProxyPort) {
+        // Use socks5h:// for proper DNS resolution through proxy
+        envVars.push(`ALL_PROXY=socks5h://localhost:${socksProxyPort}`);
+        envVars.push(`all_proxy=socks5h://localhost:${socksProxyPort}`);
+        // Configure Git to use SSH through the proxy so DNS resolution happens outside the sandbox
+        const platform = getPlatform();
+        if (platform === 'macos') {
+            // macOS: use BSD nc SOCKS5 proxy support (-X 5 -x)
+            envVars.push(`GIT_SSH_COMMAND=ssh -o ProxyCommand='nc -X 5 -x localhost:${socksProxyPort} %h %p'`);
+        }
+        else if (platform === 'linux' && httpProxyPort) {
+            // Linux: use socat HTTP CONNECT via the HTTP proxy bridge.
+            // socat is already a required Linux sandbox dependency, and PROXY: is
+            // portable across all socat versions (unlike SOCKS5-CONNECT which needs >= 1.8.0).
+            envVars.push(`GIT_SSH_COMMAND=ssh -o ProxyCommand='socat - PROXY:localhost:%h:%p,proxyport=${httpProxyPort}'`);
+        }
+        // FTP proxy support (use socks5h for DNS resolution through proxy)
+        envVars.push(`FTP_PROXY=socks5h://localhost:${socksProxyPort}`);
+        envVars.push(`ftp_proxy=socks5h://localhost:${socksProxyPort}`);
+        // rsync proxy support
+        envVars.push(`RSYNC_PROXY=localhost:${socksProxyPort}`);
+        // Database tools NOTE: Most database clients don't have built-in proxy support
+        // You typically need to use SSH tunneling or a SOCKS wrapper like tsocks/proxychains
+        // Docker CLI uses HTTP for the API
+        // This makes Docker use the HTTP proxy for registry operations
+        envVars.push(`DOCKER_HTTP_PROXY=http://localhost:${httpProxyPort || socksProxyPort}`);
+        envVars.push(`DOCKER_HTTPS_PROXY=http://localhost:${httpProxyPort || socksProxyPort}`);
+        // Kubernetes kubectl - uses standard HTTPS_PROXY
+        // kubectl respects HTTPS_PROXY which we already set above
+        // AWS CLI - uses standard HTTPS_PROXY (v2 supports it well)
+        // AWS CLI v2 respects HTTPS_PROXY which we already set above
+        // Google Cloud SDK - has specific proxy settings
+        // Use HTTPS proxy to match other HTTP-based tools
+        if (httpProxyPort) {
+            envVars.push(`CLOUDSDK_PROXY_TYPE=https`);
+            envVars.push(`CLOUDSDK_PROXY_ADDRESS=localhost`);
+            envVars.push(`CLOUDSDK_PROXY_PORT=${httpProxyPort}`);
+        }
+        // Azure CLI - uses HTTPS_PROXY
+        // Azure CLI respects HTTPS_PROXY which we already set above
+        // Terraform - uses standard HTTP/HTTPS proxy vars
+        // Terraform respects HTTP_PROXY/HTTPS_PROXY which we already set above
+        // gRPC-based tools - use standard proxy vars
+        envVars.push(`GRPC_PROXY=socks5h://localhost:${socksProxyPort}`);
+        envVars.push(`grpc_proxy=socks5h://localhost:${socksProxyPort}`);
+    }
+    // WARNING: Do not set HTTP_PROXY/HTTPS_PROXY to SOCKS URLs when only SOCKS proxy is available
+    // Most HTTP clients do not support SOCKS URLs in these variables and will fail, and we want
+    // to avoid overriding the client otherwise respecting the ALL_PROXY env var which points to SOCKS.
+    return envVars;
+}
+/**
+ * Encode a command for sandbox monitoring
+ * Truncates to 100 chars and base64 encodes to avoid parsing issues
+ */
+export function encodeSandboxedCommand(command) {
+    const truncatedCommand = command.slice(0, 100);
+    return Buffer.from(truncatedCommand).toString('base64');
+}
+/**
+ * Decode a base64-encoded command from sandbox monitoring
+ */
+export function decodeSandboxedCommand(encodedCommand) {
+    return Buffer.from(encodedCommand, 'base64').toString('utf8');
+}
+/**
+ * Convert a glob pattern to a regular expression
+ *
+ * This implements gitignore-style pattern matching to match the behavior of the
+ * `ignore` library used by the permission system.
+ *
+ * Supported patterns:
+ * - * matches any characters except / (e.g., *.ts matches foo.ts but not foo/bar.ts)
+ * - ** matches any characters including / (e.g., src/**\/*.ts matches all .ts files in src/)
+ * - ? matches any single character except / (e.g., file?.txt matches file1.txt)
+ * - [abc] matches any character in the set (e.g., file[0-9].txt matches file3.txt)
+ *
+ * Exported for testing and shared between macOS sandbox profiles and Linux glob expansion.
+ */
+export function globToRegex(globPattern) {
+    return ('^' +
+        globPattern
+            // Escape regex special characters (except glob chars * ? [ ])
+            .replace(/[.^$+{}()|\\]/g, '\\$&')
+            // Escape unclosed brackets (no matching ])
+            .replace(/\[([^\]]*?)$/g, '\\[$1')
+            // Convert glob patterns to regex (order matters - ** before *)
+            .replace(/\*\*\//g, '__GLOBSTAR_SLASH__') // Placeholder for **/
+            .replace(/\*\*/g, '__GLOBSTAR__') // Placeholder for **
+            .replace(/\*/g, '[^/]*') // * matches anything except /
+            .replace(/\?/g, '[^/]') // ? matches single character except /
+            // Restore placeholders
+            .replace(/__GLOBSTAR_SLASH__/g, '(.*/)?') // **/ matches zero or more dirs
+            .replace(/__GLOBSTAR__/g, '.*') + // ** matches anything including /
+        '$');
+}
+/**
+ * Expand a glob pattern into concrete file paths.
+ *
+ * Used on Linux where bubblewrap doesn't support glob patterns natively.
+ * Resolves the static directory prefix, lists files recursively, and filters
+ * using globToRegex().
+ *
+ * @param globPath - A path pattern containing glob characters (e.g., ~/test/*.env)
+ * @returns Array of absolute paths matching the glob pattern
+ */
+export function expandGlobPattern(globPath) {
+    const normalizedPattern = normalizePathForSandbox(globPath);
+    // Extract the static directory prefix before any glob characters
+    const staticPrefix = normalizedPattern.split(/[*?[\]]/)[0];
+    if (!staticPrefix || staticPrefix === '/') {
+        logForDebugging(`[Sandbox] Glob pattern too broad, skipping: ${globPath}`);
+        return [];
+    }
+    // Get the base directory from the static prefix
+    const baseDir = staticPrefix.endsWith('/')
+        ? staticPrefix.slice(0, -1)
+        : path.dirname(staticPrefix);
+    if (!fs.existsSync(baseDir)) {
+        logForDebugging(`[Sandbox] Base directory for glob does not exist: ${baseDir}`);
+        return [];
+    }
+    // Build regex from the normalized glob pattern
+    const regex = new RegExp(globToRegex(normalizedPattern));
+    // List all entries recursively under the base directory
+    const results = [];
+    try {
+        const entries = fs.readdirSync(baseDir, {
+            recursive: true,
+            withFileTypes: true,
+        });
+        for (const entry of entries) {
+            // Build the full path for this entry
+            // entry.parentPath is the directory containing this entry (available in Node 20+/Bun)
+            // For compatibility, fall back to entry.path if parentPath is not available
+            const parentDir = entry.parentPath ??
+                entry.path ??
+                baseDir;
+            const fullPath = path.join(parentDir, entry.name);
+            if (regex.test(fullPath)) {
+                results.push(fullPath);
+            }
+        }
+    }
+    catch (err) {
+        logForDebugging(`[Sandbox] Error expanding glob pattern ${globPath}: ${err}`);
+    }
+    return results;
+}
+//# sourceMappingURL=sandbox-utils.js.map

package/dist/sandbox/sandbox-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-utils.js","sourceRoot":"","sources":["../../src/sandbox/sandbox-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAA;AAC5B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,YAAY;IACZ,aAAa;IACb,SAAS;IACT,eAAe;IACf,QAAQ;IACR,WAAW;IACX,UAAU;IACV,YAAY;IACZ,WAAW;CACH,CAAA;AAEV;;;GAGG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAU,CAAA;AAE1E;;;;GAIG;AACH,MAAM,UAAU,uBAAuB;IACrC,OAAO;QACL,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC;QAClD,kBAAkB;QAClB,gBAAgB;KACjB,CAAA;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAe;IACxD,OAAO,OAAO,CAAC,WAAW,EAAE,CAAA;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAmB;IACnD,OAAO,CACL,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QACzB,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QACzB,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QACzB,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,WAAmB;IAC1D,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;IACnD,OAAO,QAAQ,IAAI,GAAG,CAAA;AACxB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,wBAAwB,CACtC,YAAoB,EACpB,YAAoB;IAEpB,MAAM,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;IACvD,MAAM,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;IAEvD,qCAAqC;IACrC,IAAI,kBAAkB,KAAK,kBAAkB,EAAE,CAAC;QAC9C,OAAO,KAAK,CAAA;IACd,CAAC;IAED,yDAAyD;IACzD,6DAA6D;IAC7D,2CAA2C;IAC3C,qDAAqD;IACrD,IACE,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC;QACtC,kBAAkB,KAAK,UAAU,GAAG,kBAAkB,EACtD,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IACE,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC;QACtC,kBAAkB,KAAK,UAAU,GAAG,kBAAkB,EACtD,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IACD,gEAAgE;IAChE,IACE,kBAAkB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC9C,kBAAkB,KAAK,kBAAkB,EACzC,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IACE,kBAAkB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC9C,kBAAkB,KAAK,kBAAkB,EACzC,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,2DAA2D;IAC3D,IAAI,kBAAkB,KAAK,GAAG,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,2EAA2E;IAC3E,0CAA0C;IAC1C,MAAM,aAAa,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IACnE,IAAI,aAAa,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,+EAA+E;IAC/E,wEAAwE;IACxE,IAAI,kBAAkB,CAAC,UAAU,CAAC,kBAAkB,GAAG,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,+DAA+D;IAC/D,kEAAkE;IAClE,IAAI,iBAAiB,GAAG,kBAAkB,CAAA;IAC1C,IAAI,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3C,iBAAiB,GAAG,UAAU,GAAG,kBAAkB,CAAA;IACrD,CAAC;SAAM,IAAI,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClD,iBAAiB,GAAG,UAAU,GAAG,kBAAkB,CAAA;IACrD,CAAC;IAED,IACE,iBAAiB,KAAK,kBAAkB;QACxC,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,GAAG,GAAG,CAAC,EACtD,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,+EAA+E;IAC/E,iCAAiC;IACjC,2FAA2F;IAC3F,0EAA0E;IAC1E,4EAA4E;IAC5E,wFAAwF;IAExF,MAAM,0BAA0B,GAAG,kBAAkB,CAAC,UAAU,CAC9D,kBAAkB,GAAG,GAAG,CACzB,CAAA;IACD,MAAM,2BAA2B,GAC/B,iBAAiB,KAAK,kBAAkB;QACxC,kBAAkB,CAAC,UAAU,CAAC,iBAAiB,GAAG,GAAG,CAAC,CAAA;IACxD,MAAM,mBAAmB,GACvB,iBAAiB,KAAK,kBAAkB;QACxC,kBAAkB,KAAK,iBAAiB,CAAA;IAC1C,MAAM,cAAc,GAAG,kBAAkB,KAAK,kBAAkB,CAAA;IAEhE,sEAAsE;IACtE,IACE,CAAC,cAAc;QACf,CAAC,mBAAmB;QACpB,CAAC,0BAA0B;QAC3B,CAAC,2BAA2B,EAC5B,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,0EAA0E;IAC1E,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,uBAAuB,CAAC,WAAmB;IACzD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAA;IACzB,IAAI,cAAc,GAAG,WAAW,CAAA;IAEhC,6BAA6B;IAC7B,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;QACxB,cAAc,GAAG,OAAO,EAAE,CAAA;IAC5B,CAAC;SAAM,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,cAAc,GAAG,OAAO,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACzE,kEAAkE;QAClE,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IACjD,CAAC;SAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACzC,2DAA2D;QAC3D,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IACjD,CAAC;IAED,qEAAqE;IACrE,IAAI,iBAAiB,CAAC,cAAc,CAAC,EAAE,CAAC;QACtC,6DAA6D;QAC7D,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;QACvD,IAAI,YAAY,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;YACzC,gDAAgD;YAChD,8DAA8D;YAC9D,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACxC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC3B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;YAE9B,iDAAiD;YACjD,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;gBAChD,4DAA4D;gBAC5D,IAAI,CAAC,wBAAwB,CAAC,OAAO,EAAE,eAAe,CAAC,EAAE,CAAC;oBACxD,sDAAsD;oBACtD,MAAM,aAAa,GAAG,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;oBAC1D,OAAO,eAAe,GAAG,aAAa,CAAA;gBACxC,CAAC;gBACD,2DAA2D;YAC7D,CAAC;YAAC,MAAM,CAAC;gBACP,6EAA6E;YAC/E,CAAC;QACH,CAAC;QACD,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,uDAAuD;IACvD,gEAAgE;IAChE,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,cAAc,CAAC,CAAA;QAEpD,oFAAoF;QACpF,IAAI,wBAAwB,CAAC,cAAc,EAAE,YAAY,CAAC,EAAE,CAAC;YAC3D,kEAAkE;QACpE,CAAC;aAAM,CAAC;YACN,cAAc,GAAG,YAAY,CAAA;QAC/B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;IACzE,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,OAAO,GAAG,OAAO,EAAE,CAAA;IACzB,MAAM,gBAAgB,GAAG;QACvB,aAAa;QACb,aAAa;QACb,WAAW;QACX,UAAU;QACV,mBAAmB;QACnB,oBAAoB;QACpB,aAAa;QACb,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC;KACpC,CAAA;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,aAAa,CAAA;IACzD,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAe,CACb,4CAA4C,MAAM,KAAK,GAAG,EAAE,CAC7D,CAAA;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,aAAsB,EACtB,cAAuB;IAEvB,iEAAiE;IACjE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,aAAa,CAAA;IACzD,MAAM,OAAO,GAAa,CAAC,mBAAmB,EAAE,UAAU,MAAM,EAAE,CAAC,CAAA;IAEnE,sDAAsD;IACtD,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,EAAE,CAAC;QACtC,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,yEAAyE;IACzE,8EAA8E;IAC9E,gFAAgF;IAChF,8EAA8E;IAC9E,0EAA0E;IAC1E,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACnE,IAAI,SAAS,IAAI,EAAE,EAAE,CAAC;QACpB,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAA;QAC1D,MAAM,WAAW,GAAG,mBAAmB;YACrC,CAAC,CAAC,GAAG,mBAAmB,kBAAkB;YAC1C,CAAC,CAAC,iBAAiB,CAAA;QACrB,OAAO,CAAC,IAAI,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;IAC7C,CAAC;IAED,8EAA8E;IAC9E,MAAM,gBAAgB,GAAG;QACvB,WAAW;QACX,WAAW;QACX,KAAK;QACL,SAAS;QACT,QAAQ;QACR,gBAAgB,EAAE,aAAa;QAC/B,YAAY,EAAE,kBAAkB;QAChC,eAAe,EAAE,kBAAkB;QACnC,gBAAgB,EAAE,kBAAkB;KACrC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACX,OAAO,CAAC,IAAI,CAAC,YAAY,gBAAgB,EAAE,CAAC,CAAA;IAC5C,OAAO,CAAC,IAAI,CAAC,YAAY,gBAAgB,EAAE,CAAC,CAAA;IAE5C,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,+BAA+B,aAAa,EAAE,CAAC,CAAA;QAC5D,OAAO,CAAC,IAAI,CAAC,gCAAgC,aAAa,EAAE,CAAC,CAAA;QAC7D,uDAAuD;QACvD,OAAO,CAAC,IAAI,CAAC,+BAA+B,aAAa,EAAE,CAAC,CAAA;QAC5D,OAAO,CAAC,IAAI,CAAC,gCAAgC,aAAa,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,yDAAyD;QACzD,OAAO,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAA;QAC/D,OAAO,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAA;QAE/D,2FAA2F;QAC3F,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAA;QAC9B,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACzB,mDAAmD;YACnD,OAAO,CAAC,IAAI,CACV,6DAA6D,cAAc,SAAS,CACrF,CAAA;QACH,CAAC;aAAM,IAAI,QAAQ,KAAK,OAAO,IAAI,aAAa,EAAE,CAAC;YACjD,2DAA2D;YAC3D,sEAAsE;YACtE,mFAAmF;YACnF,OAAO,CAAC,IAAI,CACV,gFAAgF,aAAa,GAAG,CACjG,CAAA;QACH,CAAC;QAED,mEAAmE;QACnE,OAAO,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAA;QAC/D,OAAO,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAA;QAE/D,sBAAsB;QACtB,OAAO,CAAC,IAAI,CAAC,yBAAyB,cAAc,EAAE,CAAC,CAAA;QAEvD,+EAA+E;QAC/E,qFAAqF;QAErF,mCAAmC;QACnC,+DAA+D;QAC/D,OAAO,CAAC,IAAI,CACV,sCAAsC,aAAa,IAAI,cAAc,EAAE,CACxE,CAAA;QACD,OAAO,CAAC,IAAI,CACV,uCAAuC,aAAa,IAAI,cAAc,EAAE,CACzE,CAAA;QAED,iDAAiD;QACjD,0DAA0D;QAE1D,4DAA4D;QAC5D,6DAA6D;QAE7D,iDAAiD;QACjD,kDAAkD;QAClD,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAA;YACzC,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAA;YAChD,OAAO,CAAC,IAAI,CAAC,uBAAuB,aAAa,EAAE,CAAC,CAAA;QACtD,CAAC;QAED,+BAA+B;QAC/B,4DAA4D;QAE5D,kDAAkD;QAClD,uEAAuE;QAEvE,6CAA6C;QAC7C,OAAO,CAAC,IAAI,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAA;QAChE,OAAO,CAAC,IAAI,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAA;IAClE,CAAC;IAED,8FAA8F;IAC9F,4FAA4F;IAC5F,mGAAmG;IAEnG,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,cAAsB;IAC3D,OAAO,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AAC/D,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,WAAW,CAAC,WAAmB;IAC7C,OAAO,CACL,GAAG;QACH,WAAW;YACT,8DAA8D;aAC7D,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAC;YAClC,2CAA2C;aAC1C,OAAO,CAAC,eAAe,EAAE,OAAO,CAAC;YAClC,+DAA+D;aAC9D,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC,sBAAsB;aAC/D,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,qBAAqB;aACtD,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,8BAA8B;aACtD,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,sCAAsC;YAC9D,uBAAuB;aACtB,OAAO,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,gCAAgC;aACzE,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,kCAAkC;QACtE,GAAG,CACJ,CAAA;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,MAAM,iBAAiB,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAA;IAE3D,iEAAiE;IACjE,MAAM,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;IAC1D,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;QAC1C,eAAe,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAA;QAC1E,OAAO,EAAE,CAAA;IACX,CAAC;IAED,gDAAgD;IAChD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC;QACxC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;IAE9B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,eAAe,CACb,qDAAqD,OAAO,EAAE,CAC/D,CAAA;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,+CAA+C;IAC/C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC,CAAA;IAExD,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAA;IAC5B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE;YACtC,SAAS,EAAE,IAAI;YACf,aAAa,EAAE,IAAI;SACpB,CAAC,CAAA;QAEF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,qCAAqC;YACrC,sFAAsF;YACtF,4EAA4E;YAC5E,MAAM,SAAS,GACZ,KAAiC,CAAC,UAAU;gBAC5C,KAA2B,CAAC,IAAI;gBACjC,OAAO,CAAA;YACT,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjD,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAe,CACb,0CAA0C,QAAQ,KAAK,GAAG,EAAE,CAC7D,CAAA;IACH,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC"}

package/dist/sandbox/sandbox-violation-store.d.ts

@@ -0,0 +1,19 @@
+import { type SandboxViolationEvent } from './macos-sandbox-utils.js';
+/**
+ * In-memory tail for sandbox violations
+ */
+export declare class SandboxViolationStore {
+    private violations;
+    private totalCount;
+    private readonly maxSize;
+    private listeners;
+    addViolation(violation: SandboxViolationEvent): void;
+    getViolations(limit?: number): SandboxViolationEvent[];
+    getCount(): number;
+    getTotalCount(): number;
+    getViolationsForCommand(command: string): SandboxViolationEvent[];
+    clear(): void;
+    subscribe(listener: (violations: SandboxViolationEvent[]) => void): () => void;
+    private notifyListeners;
+}
+//# sourceMappingURL=sandbox-violation-store.d.ts.map

package/dist/sandbox/sandbox-violation-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-violation-store.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-violation-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,qBAAqB,EAAE,MAAM,0BAA0B,CAAA;AAGrE;;GAEG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,UAAU,CAA8B;IAChD,OAAO,CAAC,UAAU,CAAI;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAM;IAC9B,OAAO,CAAC,SAAS,CACN;IAEX,YAAY,CAAC,SAAS,EAAE,qBAAqB,GAAG,IAAI;IASpD,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,qBAAqB,EAAE;IAOtD,QAAQ,IAAI,MAAM;IAIlB,aAAa,IAAI,MAAM;IAIvB,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,qBAAqB,EAAE;IAKjE,KAAK,IAAI,IAAI;IAMb,SAAS,CACP,QAAQ,EAAE,CAAC,UAAU,EAAE,qBAAqB,EAAE,KAAK,IAAI,GACtD,MAAM,IAAI;IAQb,OAAO,CAAC,eAAe;CAKxB"}

package/dist/sandbox/sandbox-violation-store.js

@@ -0,0 +1,54 @@
+import { encodeSandboxedCommand } from './sandbox-utils.js';
+/**
+ * In-memory tail for sandbox violations
+ */
+export class SandboxViolationStore {
+    constructor() {
+        this.violations = [];
+        this.totalCount = 0;
+        this.maxSize = 100;
+        this.listeners = new Set();
+    }
+    addViolation(violation) {
+        this.violations.push(violation);
+        this.totalCount++;
+        if (this.violations.length > this.maxSize) {
+            this.violations = this.violations.slice(-this.maxSize);
+        }
+        this.notifyListeners();
+    }
+    getViolations(limit) {
+        if (limit === undefined) {
+            return [...this.violations];
+        }
+        return this.violations.slice(-limit);
+    }
+    getCount() {
+        return this.violations.length;
+    }
+    getTotalCount() {
+        return this.totalCount;
+    }
+    getViolationsForCommand(command) {
+        const commandBase64 = encodeSandboxedCommand(command);
+        return this.violations.filter(v => v.encodedCommand === commandBase64);
+    }
+    clear() {
+        this.violations = [];
+        // Don't reset totalCount when clearing
+        this.notifyListeners();
+    }
+    subscribe(listener) {
+        this.listeners.add(listener);
+        listener(this.getViolations());
+        return () => {
+            this.listeners.delete(listener);
+        };
+    }
+    notifyListeners() {
+        // Always notify with all violations so listeners can track the full count
+        const violations = this.getViolations();
+        this.listeners.forEach(listener => listener(violations));
+    }
+}
+//# sourceMappingURL=sandbox-violation-store.js.map

package/dist/sandbox/sandbox-violation-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-violation-store.js","sourceRoot":"","sources":["../../src/sandbox/sandbox-violation-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAE3D;;GAEG;AACH,MAAM,OAAO,qBAAqB;IAAlC;QACU,eAAU,GAA4B,EAAE,CAAA;QACxC,eAAU,GAAG,CAAC,CAAA;QACL,YAAO,GAAG,GAAG,CAAA;QACtB,cAAS,GACf,IAAI,GAAG,EAAE,CAAA;IAoDb,CAAC;IAlDC,YAAY,CAAC,SAAgC;QAC3C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QAC/B,IAAI,CAAC,UAAU,EAAE,CAAA;QACjB,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC1C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACxD,CAAC;QACD,IAAI,CAAC,eAAe,EAAE,CAAA;IACxB,CAAC;IAED,aAAa,CAAC,KAAc;QAC1B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAA;QAC7B,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAA;IACtC,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAA;IAC/B,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAA;IACxB,CAAC;IAED,uBAAuB,CAAC,OAAe;QACrC,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAA;QACrD,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,aAAa,CAAC,CAAA;IACxE,CAAC;IAED,KAAK;QACH,IAAI,CAAC,UAAU,GAAG,EAAE,CAAA;QACpB,uCAAuC;QACvC,IAAI,CAAC,eAAe,EAAE,CAAA;IACxB,CAAC;IAED,SAAS,CACP,QAAuD;QAEvD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC5B,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAA;QAC9B,OAAO,GAAG,EAAE;YACV,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;QACjC,CAAC,CAAA;IACH,CAAC;IAEO,eAAe;QACrB,0EAA0E;QAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAA;QACvC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAA;IAC1D,CAAC;CACF"}

package/dist/sandbox/socks-proxy.d.ts

@@ -0,0 +1,13 @@
+import type { Socks5Server } from '@pondwader/socks5-server';
+export interface SocksProxyServerOptions {
+    filter(port: number, host: string): Promise<boolean> | boolean;
+}
+export interface SocksProxyWrapper {
+    server: Socks5Server;
+    getPort(): number | undefined;
+    listen(port: number, hostname: string): Promise<number>;
+    close(): Promise<void>;
+    unref(): void;
+}
+export declare function createSocksProxyServer(options: SocksProxyServerOptions): SocksProxyWrapper;
+//# sourceMappingURL=socks-proxy.d.ts.map

package/dist/sandbox/socks-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"socks-proxy.d.ts","sourceRoot":"","sources":["../../src/sandbox/socks-proxy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAI5D,MAAM,WAAW,uBAAuB;IACtC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;CAC/D;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,YAAY,CAAA;IACpB,OAAO,IAAI,MAAM,GAAG,SAAS,CAAA;IAC7B,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACvD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IACtB,KAAK,IAAI,IAAI,CAAA;CACd;AAED,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,uBAAuB,GAC/B,iBAAiB,CAqGnB"}