@sysid/sandbox-runtime-improved 0.0.55-sysid.1 → 0.0.61-sysid.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (118) hide show
  1. package/README.md +43 -2
  2. package/dist/cli.js +8 -0
  3. package/dist/cli.js.map +1 -1
  4. package/dist/index.d.ts +6 -6
  5. package/dist/index.d.ts.map +1 -1
  6. package/dist/index.js +2 -2
  7. package/dist/index.js.map +1 -1
  8. package/dist/sandbox/credential-mask-files.d.ts +72 -0
  9. package/dist/sandbox/credential-mask-files.d.ts.map +1 -0
  10. package/dist/sandbox/credential-mask-files.js +146 -0
  11. package/dist/sandbox/credential-mask-files.js.map +1 -0
  12. package/dist/sandbox/credential-sentinel.d.ts +72 -0
  13. package/dist/sandbox/credential-sentinel.d.ts.map +1 -0
  14. package/dist/sandbox/credential-sentinel.js +130 -0
  15. package/dist/sandbox/credential-sentinel.js.map +1 -0
  16. package/dist/sandbox/domain-pattern.d.ts +36 -0
  17. package/dist/sandbox/domain-pattern.d.ts.map +1 -0
  18. package/dist/sandbox/domain-pattern.js +60 -0
  19. package/dist/sandbox/domain-pattern.js.map +1 -0
  20. package/dist/sandbox/http-proxy.d.ts +32 -1
  21. package/dist/sandbox/http-proxy.d.ts.map +1 -1
  22. package/dist/sandbox/http-proxy.js +10 -2
  23. package/dist/sandbox/http-proxy.js.map +1 -1
  24. package/dist/sandbox/linux-sandbox-utils.d.ts +17 -0
  25. package/dist/sandbox/linux-sandbox-utils.d.ts.map +1 -1
  26. package/dist/sandbox/linux-sandbox-utils.js +155 -47
  27. package/dist/sandbox/linux-sandbox-utils.js.map +1 -1
  28. package/dist/sandbox/listen-in-range.d.ts +12 -0
  29. package/dist/sandbox/listen-in-range.d.ts.map +1 -0
  30. package/dist/sandbox/listen-in-range.js +43 -0
  31. package/dist/sandbox/listen-in-range.js.map +1 -0
  32. package/dist/sandbox/macos-sandbox-utils.d.ts +13 -0
  33. package/dist/sandbox/macos-sandbox-utils.d.ts.map +1 -1
  34. package/dist/sandbox/macos-sandbox-utils.js +76 -14
  35. package/dist/sandbox/macos-sandbox-utils.js.map +1 -1
  36. package/dist/sandbox/mitm-ca.d.ts +18 -2
  37. package/dist/sandbox/mitm-ca.d.ts.map +1 -1
  38. package/dist/sandbox/mitm-ca.js +49 -9
  39. package/dist/sandbox/mitm-ca.js.map +1 -1
  40. package/dist/sandbox/mitm-leaf.d.ts.map +1 -1
  41. package/dist/sandbox/mitm-leaf.js +24 -6
  42. package/dist/sandbox/mitm-leaf.js.map +1 -1
  43. package/dist/sandbox/mux-proxy.d.ts +59 -0
  44. package/dist/sandbox/mux-proxy.d.ts.map +1 -0
  45. package/dist/sandbox/mux-proxy.js +159 -0
  46. package/dist/sandbox/mux-proxy.js.map +1 -0
  47. package/dist/sandbox/request-filter.d.ts +11 -1
  48. package/dist/sandbox/request-filter.d.ts.map +1 -1
  49. package/dist/sandbox/request-filter.js.map +1 -1
  50. package/dist/sandbox/sandbox-config.d.ts +383 -1
  51. package/dist/sandbox/sandbox-config.d.ts.map +1 -1
  52. package/dist/sandbox/sandbox-config.js +252 -1
  53. package/dist/sandbox/sandbox-config.js.map +1 -1
  54. package/dist/sandbox/sandbox-manager.d.ts +4 -0
  55. package/dist/sandbox/sandbox-manager.d.ts.map +1 -1
  56. package/dist/sandbox/sandbox-manager.js +618 -168
  57. package/dist/sandbox/sandbox-manager.js.map +1 -1
  58. package/dist/sandbox/sandbox-schemas.d.ts +27 -0
  59. package/dist/sandbox/sandbox-schemas.d.ts.map +1 -1
  60. package/dist/sandbox/sandbox-utils.d.ts +42 -6
  61. package/dist/sandbox/sandbox-utils.d.ts.map +1 -1
  62. package/dist/sandbox/sandbox-utils.js +115 -27
  63. package/dist/sandbox/sandbox-utils.js.map +1 -1
  64. package/dist/sandbox/socks-proxy.d.ts +11 -5
  65. package/dist/sandbox/socks-proxy.d.ts.map +1 -1
  66. package/dist/sandbox/socks-proxy.js +13 -81
  67. package/dist/sandbox/socks-proxy.js.map +1 -1
  68. package/dist/sandbox/tls-terminate-proxy.d.ts +2 -2
  69. package/dist/sandbox/tls-terminate-proxy.d.ts.map +1 -1
  70. package/dist/sandbox/tls-terminate-proxy.js +31 -5
  71. package/dist/sandbox/tls-terminate-proxy.js.map +1 -1
  72. package/dist/sandbox/windows-sandbox-utils.d.ts +347 -11
  73. package/dist/sandbox/windows-sandbox-utils.d.ts.map +1 -1
  74. package/dist/sandbox/windows-sandbox-utils.js +437 -45
  75. package/dist/sandbox/windows-sandbox-utils.js.map +1 -1
  76. package/package.json +7 -4
  77. package/vendor/seccomp/build.ts +8 -30
  78. package/vendor/srt-win/build.ts +21 -0
  79. package/dist/vendor/seccomp/Dockerfile.build +0 -6
  80. package/dist/vendor/seccomp/arm64/apply-seccomp +0 -0
  81. package/dist/vendor/seccomp/build.ts +0 -91
  82. package/dist/vendor/seccomp/x64/apply-seccomp +0 -0
  83. package/dist/vendor/seccomp-src/apply-seccomp.c +0 -280
  84. package/dist/vendor/seccomp-src/seccomp-unix-block.c +0 -148
  85. package/dist/vendor/srt-win/Cargo.lock +0 -361
  86. package/dist/vendor/srt-win/Cargo.toml +0 -46
  87. package/dist/vendor/srt-win/ci/cleanup.ps1 +0 -49
  88. package/dist/vendor/srt-win/ci/smoke-exec.ps1 +0 -446
  89. package/dist/vendor/srt-win/ci/smoke.ps1 +0 -307
  90. package/dist/vendor/srt-win/src/job.rs +0 -102
  91. package/dist/vendor/srt-win/src/launch.rs +0 -732
  92. package/dist/vendor/srt-win/src/lib.rs +0 -20
  93. package/dist/vendor/srt-win/src/main.rs +0 -669
  94. package/dist/vendor/srt-win/src/self_protect.rs +0 -169
  95. package/dist/vendor/srt-win/src/sid.rs +0 -296
  96. package/dist/vendor/srt-win/src/token.rs +0 -341
  97. package/dist/vendor/srt-win/src/util.rs +0 -42
  98. package/dist/vendor/srt-win/src/wfp.rs +0 -992
  99. package/dist/vendor/srt-win/src/winsta.rs +0 -209
  100. package/dist/vendor/srt-win/tests/sd_access_check_matrix.rs +0 -259
  101. package/vendor/seccomp-src/apply-seccomp.c +0 -280
  102. package/vendor/seccomp-src/seccomp-unix-block.c +0 -148
  103. package/vendor/srt-win/Cargo.lock +0 -361
  104. package/vendor/srt-win/Cargo.toml +0 -46
  105. package/vendor/srt-win/ci/cleanup.ps1 +0 -49
  106. package/vendor/srt-win/ci/smoke-exec.ps1 +0 -446
  107. package/vendor/srt-win/ci/smoke.ps1 +0 -307
  108. package/vendor/srt-win/src/job.rs +0 -102
  109. package/vendor/srt-win/src/launch.rs +0 -732
  110. package/vendor/srt-win/src/lib.rs +0 -20
  111. package/vendor/srt-win/src/main.rs +0 -669
  112. package/vendor/srt-win/src/self_protect.rs +0 -169
  113. package/vendor/srt-win/src/sid.rs +0 -296
  114. package/vendor/srt-win/src/token.rs +0 -341
  115. package/vendor/srt-win/src/util.rs +0 -42
  116. package/vendor/srt-win/src/wfp.rs +0 -992
  117. package/vendor/srt-win/src/winsta.rs +0 -209
  118. package/vendor/srt-win/tests/sd_access_check_matrix.rs +0 -259
@@ -36,6 +36,127 @@ declare const ParentProxyConfigSchema: z.ZodObject<{
36
36
  https?: string | undefined;
37
37
  noProxy?: string | undefined;
38
38
  }>;
39
+ /**
40
+ * Schema for the access mode of a declared credential source.
41
+ *
42
+ * - `deny` — the sandboxed process cannot read the file / does not see the
43
+ * environment variable.
44
+ * - `mask` — the sandboxed process sees a per-session sentinel value; the
45
+ * host proxy substitutes sentinel→real on egress to `injectHosts`.
46
+ * For files this is whole-file masking (Linux only; degrades to `deny`
47
+ * on macOS — see {@link CredentialFileConfigSchema}).
48
+ */
49
+ declare const credentialModeSchema: z.ZodEnum<["deny", "mask"]>;
50
+ /**
51
+ * Schema for a single credential file/directory entry.
52
+ *
53
+ * `mode: "mask"` is **whole-file** masking: the entire file content is
54
+ * replaced inside the sandbox with one sentinel string, and the proxy
55
+ * substitutes that sentinel back to the real bytes on egress. This works
56
+ * for files whose content *is* the credential (a token file, a single-line
57
+ * secret). It does **not** work for structured files a tool parses
58
+ * (`.netrc`, JSON/YAML configs) — the tool will fail to parse the sentinel.
59
+ * For those, prefer env-var masking where the tool supports it, or
60
+ * `mode: "deny"`. Format-aware extraction is a possible future extension.
61
+ *
62
+ * On macOS, SBPL cannot redirect reads, so `mode: "mask"` currently
63
+ * degrades to `mode: "deny"` (the file is unreadable inside the sandbox).
64
+ */
65
+ export declare const CredentialFileConfigSchema: z.ZodObject<{
66
+ path: z.ZodString;
67
+ mode: z.ZodEnum<["deny", "mask"]>;
68
+ injectHosts: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
69
+ }, "strip", z.ZodTypeAny, {
70
+ mode: "deny" | "mask";
71
+ path: string;
72
+ injectHosts?: string[] | undefined;
73
+ }, {
74
+ mode: "deny" | "mask";
75
+ path: string;
76
+ injectHosts?: string[] | undefined;
77
+ }>;
78
+ /**
79
+ * Schema for a single credential environment variable entry.
80
+ */
81
+ export declare const CredentialEnvVarConfigSchema: z.ZodObject<{
82
+ name: z.ZodString;
83
+ mode: z.ZodEnum<["deny", "mask"]>;
84
+ injectHosts: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
85
+ }, "strip", z.ZodTypeAny, {
86
+ mode: "deny" | "mask";
87
+ name: string;
88
+ injectHosts?: string[] | undefined;
89
+ }, {
90
+ mode: "deny" | "mask";
91
+ name: string;
92
+ injectHosts?: string[] | undefined;
93
+ }>;
94
+ /**
95
+ * Credentials configuration schema for validation.
96
+ *
97
+ * Declares credential sources (files and environment variables) with a
98
+ * per-source mode:
99
+ * - `deny` blocks the source inside the sandbox (file reads are denied via the
100
+ * filesystem read-deny mechanism, env vars are unset in the child).
101
+ *
102
+ * Additional modes (e.g. `mask`) will be added in future releases.
103
+ *
104
+ * Only the sources declared here are affected; the section applies no
105
+ * implicit restrictions beyond them.
106
+ */
107
+ export declare const CredentialsConfigSchema: z.ZodObject<{
108
+ files: z.ZodOptional<z.ZodArray<z.ZodObject<{
109
+ path: z.ZodString;
110
+ mode: z.ZodEnum<["deny", "mask"]>;
111
+ injectHosts: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
112
+ }, "strip", z.ZodTypeAny, {
113
+ mode: "deny" | "mask";
114
+ path: string;
115
+ injectHosts?: string[] | undefined;
116
+ }, {
117
+ mode: "deny" | "mask";
118
+ path: string;
119
+ injectHosts?: string[] | undefined;
120
+ }>, "many">>;
121
+ envVars: z.ZodOptional<z.ZodArray<z.ZodObject<{
122
+ name: z.ZodString;
123
+ mode: z.ZodEnum<["deny", "mask"]>;
124
+ injectHosts: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
125
+ }, "strip", z.ZodTypeAny, {
126
+ mode: "deny" | "mask";
127
+ name: string;
128
+ injectHosts?: string[] | undefined;
129
+ }, {
130
+ mode: "deny" | "mask";
131
+ name: string;
132
+ injectHosts?: string[] | undefined;
133
+ }>, "many">>;
134
+ allowPlaintextInject: z.ZodOptional<z.ZodBoolean>;
135
+ }, "strict", z.ZodTypeAny, {
136
+ files?: {
137
+ mode: "deny" | "mask";
138
+ path: string;
139
+ injectHosts?: string[] | undefined;
140
+ }[] | undefined;
141
+ envVars?: {
142
+ mode: "deny" | "mask";
143
+ name: string;
144
+ injectHosts?: string[] | undefined;
145
+ }[] | undefined;
146
+ allowPlaintextInject?: boolean | undefined;
147
+ }, {
148
+ files?: {
149
+ mode: "deny" | "mask";
150
+ path: string;
151
+ injectHosts?: string[] | undefined;
152
+ }[] | undefined;
153
+ envVars?: {
154
+ mode: "deny" | "mask";
155
+ name: string;
156
+ injectHosts?: string[] | undefined;
157
+ }[] | undefined;
158
+ allowPlaintextInject?: boolean | undefined;
159
+ }>;
39
160
  /**
40
161
  * Network configuration schema for validation
41
162
  */
@@ -63,18 +184,23 @@ export declare const NetworkConfigSchema: z.ZodObject<{
63
184
  tlsTerminate: z.ZodOptional<z.ZodEffects<z.ZodObject<{
64
185
  caCertPath: z.ZodOptional<z.ZodString>;
65
186
  caKeyPath: z.ZodOptional<z.ZodString>;
187
+ excludeDomains: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
66
188
  }, "strip", z.ZodTypeAny, {
67
189
  caCertPath?: string | undefined;
68
190
  caKeyPath?: string | undefined;
191
+ excludeDomains?: string[] | undefined;
69
192
  }, {
70
193
  caCertPath?: string | undefined;
71
194
  caKeyPath?: string | undefined;
195
+ excludeDomains?: string[] | undefined;
72
196
  }>, {
73
197
  caCertPath?: string | undefined;
74
198
  caKeyPath?: string | undefined;
199
+ excludeDomains?: string[] | undefined;
75
200
  }, {
76
201
  caCertPath?: string | undefined;
77
202
  caKeyPath?: string | undefined;
203
+ excludeDomains?: string[] | undefined;
78
204
  }>>;
79
205
  parentProxy: z.ZodOptional<z.ZodObject<{
80
206
  http: z.ZodOptional<z.ZodString>;
@@ -107,6 +233,7 @@ export declare const NetworkConfigSchema: z.ZodObject<{
107
233
  tlsTerminate?: {
108
234
  caCertPath?: string | undefined;
109
235
  caKeyPath?: string | undefined;
236
+ excludeDomains?: string[] | undefined;
110
237
  } | undefined;
111
238
  parentProxy?: {
112
239
  http?: string | undefined;
@@ -131,6 +258,7 @@ export declare const NetworkConfigSchema: z.ZodObject<{
131
258
  tlsTerminate?: {
132
259
  caCertPath?: string | undefined;
133
260
  caKeyPath?: string | undefined;
261
+ excludeDomains?: string[] | undefined;
134
262
  } | undefined;
135
263
  parentProxy?: {
136
264
  http?: string | undefined;
@@ -142,6 +270,7 @@ export declare const NetworkConfigSchema: z.ZodObject<{
142
270
  * Filesystem configuration schema for validation
143
271
  */
144
272
  export declare const FilesystemConfigSchema: z.ZodObject<{
273
+ disabled: z.ZodOptional<z.ZodBoolean>;
145
274
  denyRead: z.ZodArray<z.ZodString, "many">;
146
275
  allowRead: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
147
276
  allowWrite: z.ZodArray<z.ZodString, "many">;
@@ -151,12 +280,14 @@ export declare const FilesystemConfigSchema: z.ZodObject<{
151
280
  denyRead: string[];
152
281
  allowWrite: string[];
153
282
  denyWrite: string[];
283
+ disabled?: boolean | undefined;
154
284
  allowRead?: string[] | undefined;
155
285
  allowGitConfig?: boolean | undefined;
156
286
  }, {
157
287
  denyRead: string[];
158
288
  allowWrite: string[];
159
289
  denyWrite: string[];
290
+ disabled?: boolean | undefined;
160
291
  allowRead?: string[] | undefined;
161
292
  allowGitConfig?: boolean | undefined;
162
293
  }>;
@@ -190,9 +321,11 @@ export declare const WindowsConfigSchema: z.ZodObject<{
190
321
  groupName: z.ZodDefault<z.ZodString>;
191
322
  groupSid: z.ZodOptional<z.ZodString>;
192
323
  wfpSublayerGuid: z.ZodOptional<z.ZodString>;
324
+ asSandboxUser: z.ZodDefault<z.ZodBoolean>;
193
325
  proxyPortRange: z.ZodOptional<z.ZodEffects<z.ZodTuple<[z.ZodNumber, z.ZodNumber], null>, [number, number], [number, number]>>;
194
326
  }, "strip", z.ZodTypeAny, {
195
327
  groupName: string;
328
+ asSandboxUser: boolean;
196
329
  groupSid?: string | undefined;
197
330
  wfpSublayerGuid?: string | undefined;
198
331
  proxyPortRange?: [number, number] | undefined;
@@ -200,6 +333,7 @@ export declare const WindowsConfigSchema: z.ZodObject<{
200
333
  groupName?: string | undefined;
201
334
  groupSid?: string | undefined;
202
335
  wfpSublayerGuid?: string | undefined;
336
+ asSandboxUser?: boolean | undefined;
203
337
  proxyPortRange?: [number, number] | undefined;
204
338
  }>;
205
339
  /**
@@ -218,7 +352,7 @@ export declare const SeccompConfigSchema: z.ZodObject<{
218
352
  /**
219
353
  * Main configuration schema for Sandbox Runtime validation
220
354
  */
221
- export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
355
+ export declare const SandboxRuntimeConfigSchema: z.ZodEffects<z.ZodObject<{
222
356
  network: z.ZodObject<{
223
357
  allowedDomains: z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">;
224
358
  deniedDomains: z.ZodArray<z.ZodUnion<[z.ZodLiteral<"*">, z.ZodEffects<z.ZodString, string, string>]>, "many">;
@@ -243,18 +377,23 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
243
377
  tlsTerminate: z.ZodOptional<z.ZodEffects<z.ZodObject<{
244
378
  caCertPath: z.ZodOptional<z.ZodString>;
245
379
  caKeyPath: z.ZodOptional<z.ZodString>;
380
+ excludeDomains: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
246
381
  }, "strip", z.ZodTypeAny, {
247
382
  caCertPath?: string | undefined;
248
383
  caKeyPath?: string | undefined;
384
+ excludeDomains?: string[] | undefined;
249
385
  }, {
250
386
  caCertPath?: string | undefined;
251
387
  caKeyPath?: string | undefined;
388
+ excludeDomains?: string[] | undefined;
252
389
  }>, {
253
390
  caCertPath?: string | undefined;
254
391
  caKeyPath?: string | undefined;
392
+ excludeDomains?: string[] | undefined;
255
393
  }, {
256
394
  caCertPath?: string | undefined;
257
395
  caKeyPath?: string | undefined;
396
+ excludeDomains?: string[] | undefined;
258
397
  }>>;
259
398
  parentProxy: z.ZodOptional<z.ZodObject<{
260
399
  http: z.ZodOptional<z.ZodString>;
@@ -287,6 +426,7 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
287
426
  tlsTerminate?: {
288
427
  caCertPath?: string | undefined;
289
428
  caKeyPath?: string | undefined;
429
+ excludeDomains?: string[] | undefined;
290
430
  } | undefined;
291
431
  parentProxy?: {
292
432
  http?: string | undefined;
@@ -311,6 +451,7 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
311
451
  tlsTerminate?: {
312
452
  caCertPath?: string | undefined;
313
453
  caKeyPath?: string | undefined;
454
+ excludeDomains?: string[] | undefined;
314
455
  } | undefined;
315
456
  parentProxy?: {
316
457
  http?: string | undefined;
@@ -319,6 +460,7 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
319
460
  } | undefined;
320
461
  }>;
321
462
  filesystem: z.ZodObject<{
463
+ disabled: z.ZodOptional<z.ZodBoolean>;
322
464
  denyRead: z.ZodArray<z.ZodString, "many">;
323
465
  allowRead: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
324
466
  allowWrite: z.ZodArray<z.ZodString, "many">;
@@ -328,15 +470,70 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
328
470
  denyRead: string[];
329
471
  allowWrite: string[];
330
472
  denyWrite: string[];
473
+ disabled?: boolean | undefined;
331
474
  allowRead?: string[] | undefined;
332
475
  allowGitConfig?: boolean | undefined;
333
476
  }, {
334
477
  denyRead: string[];
335
478
  allowWrite: string[];
336
479
  denyWrite: string[];
480
+ disabled?: boolean | undefined;
337
481
  allowRead?: string[] | undefined;
338
482
  allowGitConfig?: boolean | undefined;
339
483
  }>;
484
+ credentials: z.ZodOptional<z.ZodObject<{
485
+ files: z.ZodOptional<z.ZodArray<z.ZodObject<{
486
+ path: z.ZodString;
487
+ mode: z.ZodEnum<["deny", "mask"]>;
488
+ injectHosts: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
489
+ }, "strip", z.ZodTypeAny, {
490
+ mode: "deny" | "mask";
491
+ path: string;
492
+ injectHosts?: string[] | undefined;
493
+ }, {
494
+ mode: "deny" | "mask";
495
+ path: string;
496
+ injectHosts?: string[] | undefined;
497
+ }>, "many">>;
498
+ envVars: z.ZodOptional<z.ZodArray<z.ZodObject<{
499
+ name: z.ZodString;
500
+ mode: z.ZodEnum<["deny", "mask"]>;
501
+ injectHosts: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
502
+ }, "strip", z.ZodTypeAny, {
503
+ mode: "deny" | "mask";
504
+ name: string;
505
+ injectHosts?: string[] | undefined;
506
+ }, {
507
+ mode: "deny" | "mask";
508
+ name: string;
509
+ injectHosts?: string[] | undefined;
510
+ }>, "many">>;
511
+ allowPlaintextInject: z.ZodOptional<z.ZodBoolean>;
512
+ }, "strict", z.ZodTypeAny, {
513
+ files?: {
514
+ mode: "deny" | "mask";
515
+ path: string;
516
+ injectHosts?: string[] | undefined;
517
+ }[] | undefined;
518
+ envVars?: {
519
+ mode: "deny" | "mask";
520
+ name: string;
521
+ injectHosts?: string[] | undefined;
522
+ }[] | undefined;
523
+ allowPlaintextInject?: boolean | undefined;
524
+ }, {
525
+ files?: {
526
+ mode: "deny" | "mask";
527
+ path: string;
528
+ injectHosts?: string[] | undefined;
529
+ }[] | undefined;
530
+ envVars?: {
531
+ mode: "deny" | "mask";
532
+ name: string;
533
+ injectHosts?: string[] | undefined;
534
+ }[] | undefined;
535
+ allowPlaintextInject?: boolean | undefined;
536
+ }>>;
340
537
  ignoreViolations: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
341
538
  enableWeakerNestedSandbox: z.ZodOptional<z.ZodBoolean>;
342
539
  enableWeakerNetworkIsolation: z.ZodOptional<z.ZodBoolean>;
@@ -373,9 +570,11 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
373
570
  groupName: z.ZodDefault<z.ZodString>;
374
571
  groupSid: z.ZodOptional<z.ZodString>;
375
572
  wfpSublayerGuid: z.ZodOptional<z.ZodString>;
573
+ asSandboxUser: z.ZodDefault<z.ZodBoolean>;
376
574
  proxyPortRange: z.ZodOptional<z.ZodEffects<z.ZodTuple<[z.ZodNumber, z.ZodNumber], null>, [number, number], [number, number]>>;
377
575
  }, "strip", z.ZodTypeAny, {
378
576
  groupName: string;
577
+ asSandboxUser: boolean;
379
578
  groupSid?: string | undefined;
380
579
  wfpSublayerGuid?: string | undefined;
381
580
  proxyPortRange?: [number, number] | undefined;
@@ -383,6 +582,7 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
383
582
  groupName?: string | undefined;
384
583
  groupSid?: string | undefined;
385
584
  wfpSublayerGuid?: string | undefined;
585
+ asSandboxUser?: boolean | undefined;
386
586
  proxyPortRange?: [number, number] | undefined;
387
587
  }>>;
388
588
  }, "strip", z.ZodTypeAny, {
@@ -404,6 +604,7 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
404
604
  tlsTerminate?: {
405
605
  caCertPath?: string | undefined;
406
606
  caKeyPath?: string | undefined;
607
+ excludeDomains?: string[] | undefined;
407
608
  } | undefined;
408
609
  parentProxy?: {
409
610
  http?: string | undefined;
@@ -415,9 +616,23 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
415
616
  denyRead: string[];
416
617
  allowWrite: string[];
417
618
  denyWrite: string[];
619
+ disabled?: boolean | undefined;
418
620
  allowRead?: string[] | undefined;
419
621
  allowGitConfig?: boolean | undefined;
420
622
  };
623
+ credentials?: {
624
+ files?: {
625
+ mode: "deny" | "mask";
626
+ path: string;
627
+ injectHosts?: string[] | undefined;
628
+ }[] | undefined;
629
+ envVars?: {
630
+ mode: "deny" | "mask";
631
+ name: string;
632
+ injectHosts?: string[] | undefined;
633
+ }[] | undefined;
634
+ allowPlaintextInject?: boolean | undefined;
635
+ } | undefined;
421
636
  ignoreViolations?: Record<string, string[]> | undefined;
422
637
  enableWeakerNestedSandbox?: boolean | undefined;
423
638
  enableWeakerNetworkIsolation?: boolean | undefined;
@@ -438,6 +653,7 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
438
653
  socatPath?: string | undefined;
439
654
  windows?: {
440
655
  groupName: string;
656
+ asSandboxUser: boolean;
441
657
  groupSid?: string | undefined;
442
658
  wfpSublayerGuid?: string | undefined;
443
659
  proxyPortRange?: [number, number] | undefined;
@@ -461,6 +677,7 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
461
677
  tlsTerminate?: {
462
678
  caCertPath?: string | undefined;
463
679
  caKeyPath?: string | undefined;
680
+ excludeDomains?: string[] | undefined;
464
681
  } | undefined;
465
682
  parentProxy?: {
466
683
  http?: string | undefined;
@@ -472,9 +689,169 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
472
689
  denyRead: string[];
473
690
  allowWrite: string[];
474
691
  denyWrite: string[];
692
+ disabled?: boolean | undefined;
475
693
  allowRead?: string[] | undefined;
476
694
  allowGitConfig?: boolean | undefined;
477
695
  };
696
+ credentials?: {
697
+ files?: {
698
+ mode: "deny" | "mask";
699
+ path: string;
700
+ injectHosts?: string[] | undefined;
701
+ }[] | undefined;
702
+ envVars?: {
703
+ mode: "deny" | "mask";
704
+ name: string;
705
+ injectHosts?: string[] | undefined;
706
+ }[] | undefined;
707
+ allowPlaintextInject?: boolean | undefined;
708
+ } | undefined;
709
+ ignoreViolations?: Record<string, string[]> | undefined;
710
+ enableWeakerNestedSandbox?: boolean | undefined;
711
+ enableWeakerNetworkIsolation?: boolean | undefined;
712
+ allowAppleEvents?: boolean | undefined;
713
+ ripgrep?: {
714
+ command: string;
715
+ args?: string[] | undefined;
716
+ argv0?: string | undefined;
717
+ } | undefined;
718
+ mandatoryDenySearchDepth?: number | undefined;
719
+ allowPty?: boolean | undefined;
720
+ allowBrowserProcess?: boolean | undefined;
721
+ seccomp?: {
722
+ argv0?: string | undefined;
723
+ applyPath?: string | undefined;
724
+ } | undefined;
725
+ bwrapPath?: string | undefined;
726
+ socatPath?: string | undefined;
727
+ windows?: {
728
+ groupName?: string | undefined;
729
+ groupSid?: string | undefined;
730
+ wfpSublayerGuid?: string | undefined;
731
+ asSandboxUser?: boolean | undefined;
732
+ proxyPortRange?: [number, number] | undefined;
733
+ } | undefined;
734
+ }>, {
735
+ network: {
736
+ allowedDomains: string[];
737
+ deniedDomains: string[];
738
+ strictAllowlist?: boolean | undefined;
739
+ allowUnixSockets?: string[] | undefined;
740
+ allowAllUnixSockets?: boolean | undefined;
741
+ allowLocalBinding?: boolean | undefined;
742
+ allowMachLookup?: string[] | undefined;
743
+ httpProxyPort?: number | undefined;
744
+ socksProxyPort?: number | undefined;
745
+ mitmProxy?: {
746
+ socketPath: string;
747
+ domains: string[];
748
+ } | undefined;
749
+ filterRequest?: FilterRequestCallback | undefined;
750
+ tlsTerminate?: {
751
+ caCertPath?: string | undefined;
752
+ caKeyPath?: string | undefined;
753
+ excludeDomains?: string[] | undefined;
754
+ } | undefined;
755
+ parentProxy?: {
756
+ http?: string | undefined;
757
+ https?: string | undefined;
758
+ noProxy?: string | undefined;
759
+ } | undefined;
760
+ };
761
+ filesystem: {
762
+ denyRead: string[];
763
+ allowWrite: string[];
764
+ denyWrite: string[];
765
+ disabled?: boolean | undefined;
766
+ allowRead?: string[] | undefined;
767
+ allowGitConfig?: boolean | undefined;
768
+ };
769
+ credentials?: {
770
+ files?: {
771
+ mode: "deny" | "mask";
772
+ path: string;
773
+ injectHosts?: string[] | undefined;
774
+ }[] | undefined;
775
+ envVars?: {
776
+ mode: "deny" | "mask";
777
+ name: string;
778
+ injectHosts?: string[] | undefined;
779
+ }[] | undefined;
780
+ allowPlaintextInject?: boolean | undefined;
781
+ } | undefined;
782
+ ignoreViolations?: Record<string, string[]> | undefined;
783
+ enableWeakerNestedSandbox?: boolean | undefined;
784
+ enableWeakerNetworkIsolation?: boolean | undefined;
785
+ allowAppleEvents?: boolean | undefined;
786
+ ripgrep?: {
787
+ command: string;
788
+ args?: string[] | undefined;
789
+ argv0?: string | undefined;
790
+ } | undefined;
791
+ mandatoryDenySearchDepth?: number | undefined;
792
+ allowPty?: boolean | undefined;
793
+ allowBrowserProcess?: boolean | undefined;
794
+ seccomp?: {
795
+ argv0?: string | undefined;
796
+ applyPath?: string | undefined;
797
+ } | undefined;
798
+ bwrapPath?: string | undefined;
799
+ socatPath?: string | undefined;
800
+ windows?: {
801
+ groupName: string;
802
+ asSandboxUser: boolean;
803
+ groupSid?: string | undefined;
804
+ wfpSublayerGuid?: string | undefined;
805
+ proxyPortRange?: [number, number] | undefined;
806
+ } | undefined;
807
+ }, {
808
+ network: {
809
+ allowedDomains: string[];
810
+ deniedDomains: string[];
811
+ strictAllowlist?: boolean | undefined;
812
+ allowUnixSockets?: string[] | undefined;
813
+ allowAllUnixSockets?: boolean | undefined;
814
+ allowLocalBinding?: boolean | undefined;
815
+ allowMachLookup?: string[] | undefined;
816
+ httpProxyPort?: number | undefined;
817
+ socksProxyPort?: number | undefined;
818
+ mitmProxy?: {
819
+ socketPath: string;
820
+ domains: string[];
821
+ } | undefined;
822
+ filterRequest?: FilterRequestCallback | undefined;
823
+ tlsTerminate?: {
824
+ caCertPath?: string | undefined;
825
+ caKeyPath?: string | undefined;
826
+ excludeDomains?: string[] | undefined;
827
+ } | undefined;
828
+ parentProxy?: {
829
+ http?: string | undefined;
830
+ https?: string | undefined;
831
+ noProxy?: string | undefined;
832
+ } | undefined;
833
+ };
834
+ filesystem: {
835
+ denyRead: string[];
836
+ allowWrite: string[];
837
+ denyWrite: string[];
838
+ disabled?: boolean | undefined;
839
+ allowRead?: string[] | undefined;
840
+ allowGitConfig?: boolean | undefined;
841
+ };
842
+ credentials?: {
843
+ files?: {
844
+ mode: "deny" | "mask";
845
+ path: string;
846
+ injectHosts?: string[] | undefined;
847
+ }[] | undefined;
848
+ envVars?: {
849
+ mode: "deny" | "mask";
850
+ name: string;
851
+ injectHosts?: string[] | undefined;
852
+ }[] | undefined;
853
+ allowPlaintextInject?: boolean | undefined;
854
+ } | undefined;
478
855
  ignoreViolations?: Record<string, string[]> | undefined;
479
856
  enableWeakerNestedSandbox?: boolean | undefined;
480
857
  enableWeakerNetworkIsolation?: boolean | undefined;
@@ -497,6 +874,7 @@ export declare const SandboxRuntimeConfigSchema: z.ZodObject<{
497
874
  groupName?: string | undefined;
498
875
  groupSid?: string | undefined;
499
876
  wfpSublayerGuid?: string | undefined;
877
+ asSandboxUser?: boolean | undefined;
500
878
  proxyPortRange?: [number, number] | undefined;
501
879
  } | undefined;
502
880
  }>;
@@ -504,6 +882,10 @@ export type MitmProxyConfig = z.infer<typeof MitmProxyConfigSchema>;
504
882
  export type ParentProxyConfig = z.infer<typeof ParentProxyConfigSchema>;
505
883
  export type NetworkConfig = z.infer<typeof NetworkConfigSchema>;
506
884
  export type FilesystemConfig = z.infer<typeof FilesystemConfigSchema>;
885
+ export type CredentialMode = z.infer<typeof credentialModeSchema>;
886
+ export type CredentialFileConfig = z.infer<typeof CredentialFileConfigSchema>;
887
+ export type CredentialEnvVarConfig = z.infer<typeof CredentialEnvVarConfigSchema>;
888
+ export type CredentialsConfig = z.infer<typeof CredentialsConfigSchema>;
507
889
  export type IgnoreViolationsConfig = z.infer<typeof IgnoreViolationsConfigSchema>;
508
890
  export type RipgrepConfig = z.infer<typeof RipgrepConfigSchema>;
509
891
  export type SeccompConfig = z.infer<typeof SeccompConfigSchema>;
@@ -1 +1 @@
1
- {"version":3,"file":"sandbox-config.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAGhE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAgEvB;;;GAGG;AACH,QAAA,MAAM,qBAAqB;;;;;;;;;EAQzB,CAAA;AAEF;;;;GAIG;AACH,QAAA,MAAM,uBAAuB;;;;;;;;;;;;EAoB3B,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoH9B,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;EAqBjC,CAAA;AAEF;;;GAGG;AACH,eAAO,MAAM,4BAA4B,2DAItC,CAAA;AAEH;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;EAY9B,CAAA;AAEF;;;;GAIG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;EAsC9B,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;EAa9B,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6ErC,CAAA;AAGF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAA;AACnE,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAA;AACvE,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAC/D,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAA;AACrE,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAA;AACD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAC/D,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAC/D,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAC/D,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAA"}
1
+ {"version":3,"file":"sandbox-config.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAGhE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAiEvB;;;GAGG;AACH,QAAA,MAAM,qBAAqB;;;;;;;;;EAQzB,CAAA;AAEF;;;;GAIG;AACH,QAAA,MAAM,uBAAuB;;;;;;;;;;;;EAoB3B,CAAA;AAEF;;;;;;;;;GASG;AACH,QAAA,MAAM,oBAAoB,6BAA2B,CAAA;AAcrD;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;EAerC,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;EAcvC,CAAA;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsBzB,CAAA;AAEX;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqI9B,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;EAgCjC,CAAA;AAEF;;;GAGG;AACH,eAAO,MAAM,4BAA4B,2DAItC,CAAA;AAEH;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;EAY9B,CAAA;AAEF;;;;GAIG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;EAgD9B,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;EAa9B,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2NnC,CAAA;AAGJ,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAA;AACnE,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAA;AACvE,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAC/D,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAA;AACrE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AACjE,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAA;AAC7E,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAA;AACD,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAA;AACvE,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAA;AACD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAC/D,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAC/D,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAC/D,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAA"}