@sysid/sandbox-runtime-improved 0.0.61-sysid.1 → 0.0.64-sysid.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/README.md +76 -15
  2. package/dist/cli.js +12 -18
  3. package/dist/cli.js.map +1 -1
  4. package/dist/index.d.ts +4 -4
  5. package/dist/index.d.ts.map +1 -1
  6. package/dist/index.js +2 -2
  7. package/dist/index.js.map +1 -1
  8. package/dist/sandbox/credential-mask-files.d.ts +100 -15
  9. package/dist/sandbox/credential-mask-files.d.ts.map +1 -1
  10. package/dist/sandbox/credential-mask-files.js +172 -20
  11. package/dist/sandbox/credential-mask-files.js.map +1 -1
  12. package/dist/sandbox/http-proxy.d.ts +1 -1
  13. package/dist/sandbox/http-proxy.d.ts.map +1 -1
  14. package/dist/sandbox/http-proxy.js +20 -0
  15. package/dist/sandbox/http-proxy.js.map +1 -1
  16. package/dist/sandbox/linux-sandbox-utils.d.ts +5 -0
  17. package/dist/sandbox/linux-sandbox-utils.d.ts.map +1 -1
  18. package/dist/sandbox/linux-sandbox-utils.js +29 -19
  19. package/dist/sandbox/linux-sandbox-utils.js.map +1 -1
  20. package/dist/sandbox/linux-violation-monitor.d.ts +48 -0
  21. package/dist/sandbox/linux-violation-monitor.d.ts.map +1 -0
  22. package/dist/sandbox/linux-violation-monitor.js +156 -0
  23. package/dist/sandbox/linux-violation-monitor.js.map +1 -0
  24. package/dist/sandbox/macos-sandbox-utils.js +3 -3
  25. package/dist/sandbox/macos-sandbox-utils.js.map +1 -1
  26. package/dist/sandbox/mitm-ca.d.ts +52 -1
  27. package/dist/sandbox/mitm-ca.d.ts.map +1 -1
  28. package/dist/sandbox/mitm-ca.js +143 -11
  29. package/dist/sandbox/mitm-ca.js.map +1 -1
  30. package/dist/sandbox/mitm-leaf.d.ts +1 -1
  31. package/dist/sandbox/mitm-leaf.d.ts.map +1 -1
  32. package/dist/sandbox/mitm-leaf.js +21 -32
  33. package/dist/sandbox/mitm-leaf.js.map +1 -1
  34. package/dist/sandbox/sandbox-config.d.ts +231 -40
  35. package/dist/sandbox/sandbox-config.d.ts.map +1 -1
  36. package/dist/sandbox/sandbox-config.js +161 -32
  37. package/dist/sandbox/sandbox-config.js.map +1 -1
  38. package/dist/sandbox/sandbox-manager.d.ts +1 -1
  39. package/dist/sandbox/sandbox-manager.d.ts.map +1 -1
  40. package/dist/sandbox/sandbox-manager.js +331 -252
  41. package/dist/sandbox/sandbox-manager.js.map +1 -1
  42. package/dist/sandbox/sandbox-utils.d.ts +13 -0
  43. package/dist/sandbox/sandbox-utils.d.ts.map +1 -1
  44. package/dist/sandbox/sandbox-utils.js +32 -7
  45. package/dist/sandbox/sandbox-utils.js.map +1 -1
  46. package/dist/sandbox/windows-sandbox-utils.d.ts +353 -297
  47. package/dist/sandbox/windows-sandbox-utils.d.ts.map +1 -1
  48. package/dist/sandbox/windows-sandbox-utils.js +516 -396
  49. package/dist/sandbox/windows-sandbox-utils.js.map +1 -1
  50. package/dist/utils/shell-quote.d.ts +27 -0
  51. package/dist/utils/shell-quote.d.ts.map +1 -0
  52. package/dist/utils/shell-quote.js +47 -0
  53. package/dist/utils/shell-quote.js.map +1 -0
  54. package/package.json +1 -3
  55. package/vendor/seccomp/arm64/apply-seccomp +0 -0
  56. package/vendor/seccomp/x64/apply-seccomp +0 -0
package/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  Based on [Anthropic Sandbox Runtime](https://github.com/anthropic-experimental/sandbox-runtime).
7
7
 
8
- This fork will be rebased on [SRT](https://github.com/anthropic-experimental/sandbox-runtime) continuously (currently based on upstream **v0.0.61**).
8
+ This fork will be rebased on [SRT](https://github.com/anthropic-experimental/sandbox-runtime) continuously (currently based on upstream **v0.0.64**).
9
9
  As new features become available, equivalent local ones will be removed.
10
10
 
11
11
  > Objective: keep as close to original as possible, while allowing selected additional features.
@@ -129,6 +129,7 @@ The sandbox uses OS-level primitives to enforce restrictions that apply to the e
129
129
 
130
130
  - **macOS**: Uses `sandbox-exec` with dynamically generated [Seatbelt profiles](https://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf)
131
131
  - **Linux**: Uses [bubblewrap](https://github.com/containers/bubblewrap) for containerization with network namespace isolation
132
+ - **Windows**: Runs the sandboxed process under a dedicated `srt-sandbox` local user account, with a [Windows Filtering Platform](https://learn.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-start-page) egress fence keyed on that account's SID and per-session explicit ACEs on the working tree
132
133
 
133
134
  ![0d1c612947c798aef48e6ab4beb7e8544da9d41a-4096x2305](https://github.com/user-attachments/assets/76c838a9-19ef-4d0b-90bb-cbe1917b3551)
134
135
 
@@ -147,6 +148,8 @@ Both filesystem and network isolation are required for effective sandboxing. Wit
147
148
 
148
149
  - **macOS**: The Seatbelt profile allows communication only to a specific localhost port. The proxies listen on this port, creating a controlled channel for all network access
149
150
 
151
+ - **Windows**: A machine-wide WFP filter set blocks all outbound connections originating from the `srt-sandbox` account except loopback to the proxy port range. The proxies listen inside that range, creating a controlled channel for all network access
152
+
150
153
  Both HTTP/HTTPS (via HTTP proxy) and other TCP traffic (via SOCKS5 proxy) are mediated by these proxies, which enforce your domain allowlists and denylists.
151
154
 
152
155
  For more details on sandboxing in Claude Code, see:
@@ -174,7 +177,8 @@ src/
174
177
  ├── parent-proxy.ts # Upstream/parent proxy chaining
175
178
  ├── socks-proxy.ts # SOCKS5 proxy for network filtering
176
179
  ├── linux-sandbox-utils.ts # Linux bubblewrap sandboxing
177
- └── macos-sandbox-utils.ts # macOS sandbox-exec sandboxing
180
+ ├── macos-sandbox-utils.ts # macOS sandbox-exec sandboxing
181
+ └── windows-sandbox-utils.ts # Windows srt-win sandboxing
178
182
  ```
179
183
 
180
184
  ## Usage
@@ -325,6 +329,7 @@ Uses an **allow-only pattern** - all network access is denied by default.
325
329
  - `network.tlsTerminate.excludeDomains` - Domain patterns (same syntax as `allowedDomains`) that are **not** terminated. Matching CONNECTs are tunnelled opaquely instead: they are still subject to the domain allowlist, but the client inside the sandbox completes its own TLS handshake with the real upstream, and `filterRequest` / credential injection do not apply to their HTTPS traffic. Use this for the two cases TLS termination fundamentally breaks:
326
330
  - **mTLS upstreams** - only the in-sandbox client holds the client certificate, so the proxy cannot re-originate the connection on its behalf.
327
331
  - **Certificate-pinning clients** - clients that verify the upstream's identity themselves (custom CAs, SAN pinning) and reject the MITM certificate.
332
+ - `network.tlsTerminate.extraCaCertPaths` - Paths to PEM CA certificate files appended to that trust bundle, after the MITM CA and the host's regular roots. Excluded (non-terminated) hosts are verified by the client inside the sandbox, and the trust env vars SRT sets (`SSL_CERT_FILE`, `GIT_SSL_CAINFO`, ...) _replace_ each tool's own trust configuration, so a site-local root (e.g. an internal mTLS CA) must be in the bundle or those hosts can never be verified. Only the `CERTIFICATE` blocks of each file are copied into the bundle (anything else, e.g. a private key in a combined PEM, is never exposed to the sandbox); files that are missing, unreadable, or contain no PEM `CERTIFICATE` block are skipped, so it is safe to list paths that exist on only some hosts.
328
333
 
329
334
  ```json
330
335
  {
@@ -332,7 +337,8 @@ Uses an **allow-only pattern** - all network access is denied by default.
332
337
  "allowedDomains": ["*.example.com", "internal-mtls.example.net"],
333
338
  "deniedDomains": [],
334
339
  "tlsTerminate": {
335
- "excludeDomains": ["internal-mtls.example.net"]
340
+ "excludeDomains": ["internal-mtls.example.net"],
341
+ "extraCaCertPaths": ["/etc/internal-mtls-roots.pem"]
336
342
  }
337
343
  }
338
344
  }
@@ -473,7 +479,7 @@ Watchman accesses files outside the sandbox boundaries, which will trigger permi
473
479
 
474
480
  - **macOS**: Uses `sandbox-exec` with custom profiles (no additional dependencies)
475
481
  - **Linux**: Uses `bubblewrap` (bwrap) for containerization
476
- - **Windows**: Alpha — see [Windows (alpha)](#windows-alpha) below for the threat model and known limitations
482
+ - **Windows**: Alpha — uses a bundled `srt-win.exe` helper (no additional dependencies). See [Windows (alpha)](#windows-alpha) below for setup, security model, and known limitations
477
483
 
478
484
  ### Platform-Specific Dependencies
479
485
 
@@ -516,28 +522,82 @@ The package includes pre-generated seccomp BPF filters for x86-64 and arm archit
516
522
  - Install via Homebrew: `brew install ripgrep`
517
523
  - Or download from: https://github.com/BurntSushi/ripgrep/releases
518
524
 
525
+ **Windows requires:**
526
+
527
+ - No additional dependencies. The `srt-win.exe` helper (x64 and arm64) is bundled with the npm package. A one-time elevated `windows-install` step is required — see below.
528
+
519
529
  ## Windows (alpha)
520
530
 
521
- Windows support is **alpha and the design is in flux**. The current implementation provides network egress filtering (via the Windows Filtering Platform) and file read/write denial (via ACL stamping), but it is **not a security boundary against a deliberately adversarial sandboxed process** — see [Threat model](#threat-model) below. The mechanism will be substantially revised (the sandboxed process will run under a separate sandbox user account) in a future version.
531
+ Windows support is **alpha**. The sandboxed process runs under a dedicated `srt-sandbox` local user account, isolated from the calling user by native Windows security primitives a Windows Filtering Platform (WFP) egress fence keyed on the sandbox account's SID, and per-session explicit ACEs that grant or deny that SID access to configured filesystem paths.
522
532
 
523
533
  ### Setup
524
534
 
525
- Run `npx @sysid/sandbox-runtime-improved windows-install` once per machine (requires admin; creates the `sandbox-runtime-net` local group and installs the WFP egress filters). **Log out and log back in** for group membership to take effect on your token. After that, `SandboxManager.initialize()` and the `srti` CLI work as on other platforms.
535
+ Run once per machine (self-elevates; one UAC prompt):
536
+
537
+ ```powershell
538
+ npx @sysid/sandbox-runtime-improved windows-install
539
+ ```
540
+
541
+ This provisions the `srt-sandbox` local user account (with a random password stored DPAPI-encrypted under `%LOCALAPPDATA%\sandbox-runtime\state.db`), the `sandbox-runtime-users` local group, and installs a machine-wide WFP filter set keyed on the `srt-sandbox` SID. It is **idempotent** — re-running it rotates the sandbox account's password and reconciles the filter set.
542
+
543
+ **No logout is required.** The WFP filters key on the dedicated sandbox account's SID, so your own network, services, and every other principal on the machine are unaffected.
544
+
545
+ After install, `SandboxManager.initialize()` and the `srti` CLI work as on other platforms. `initialize()` verifies the sandbox account and WFP fence are live, and fails with an actionable error if not.
546
+
547
+ Programmatic install/uninstall are exported as `installWindowsSandbox()` / `uninstallWindowsSandbox()`.
548
+
549
+ ### Security model
550
+
551
+ The sandboxed command runs **as the `srt-sandbox` account**, not as the calling user. The bundled `srt-win.exe` helper does a two-hop launch: the broker calls `CreateProcessWithLogonW` to start a runner as `srt-sandbox`, and the runner spawns the target under a restricted token inside a job object. The child inherits the sandbox account's isolated profile (`%USERPROFILE%`, `%TEMP%`, `HKCU`) and a fresh environment overlaid with only the broker's `PATH` and the generated proxy variables.
552
+
553
+ Running under a distinct user SID structurally closes the surrogate-spawn class of escape (Task Scheduler, `PROC_THREAD_ATTRIBUTE_PARENT_PROCESS` onto a broker-owned process, BITS, out-of-process COM with `RunAs="Interactive User"`): any process the child manages to spawn out-of-band still carries the `srt-sandbox` SID, so it remains subject to the WFP egress fence and has no rights on the calling user's files.
554
+
555
+ **Network isolation** is a two-filter WFP set at `FWPM_LAYER_ALE_AUTH_CONNECT_V4/V6`: a PERMIT for loopback destinations inside the configured proxy port range (default `60080–60089`), and a BLOCK for any connect whose token carries the `srt-sandbox` SID. The sandboxed process reaches the internet only via the JS HTTP/SOCKS5 proxies listening in that range; a process that strips its proxy environment and connects directly is blocked at the kernel.
526
556
 
527
- ### Threat model
557
+ **Filesystem isolation** is enforced by NTFS discretionary ACLs. The `srt-sandbox` account has no inherent rights on the calling user's files, so at `initialize()` the sandbox writes **additive, inheriting explicit ACEs for the `srt-sandbox` SID only** — it never rewrites or replaces a path's existing security descriptor:
528
558
 
529
- **Important:** the Windows sandbox runs the child as the **same user** as the host, with a restricted token (the discriminator group is flipped to deny-only). This protects against **accidental** access by well-behaved tools, and against **deliberate in-token** access by the sandboxed process itself code running under the restricted token cannot open denied files or make direct outbound connections.
559
+ - `filesystem.allowWrite` an inheriting `MODIFY` ALLOW ACE (`READ|WRITE|EXECUTE|DELETE`, with `FILE_DELETE_CHILD` withheld). The sandboxed process can create, modify, and delete files inside the working tree; withholding `FILE_DELETE_CHILD` from the grant is defense-in-depth for the deny stamps below, not a guard on the tree root.
560
+ - `filesystem.allowRead` → an inheriting `READ|EXECUTE` ALLOW ACE
561
+ - `filesystem.denyRead` / `filesystem.denyWrite` → an inheriting DENY ACE on the target, plus an inheriting `FILE_DELETE_CHILD` DENY on its parent — together with the withheld `FILE_DELETE_CHILD` on the working-tree grant, this stops the sandboxed process from renaming or deleting a denied path via its parent directory
530
562
 
531
- It does **not** protect against a sandboxed process that deliberately escapes via system-service brokering. Task Scheduler, `PROC_THREAD_ATTRIBUTE_PARENT_PROCESS` (re-parenting onto an unrestricted process such as `explorer.exe`), BITS, and certain COM out-of-process servers will spawn a process under the user's full, unrestricted interactive token. That process can then read or write any "denied" file and make unrestricted network connections. There is no same-user fix for this class of escape; the structural answer is running the sandboxed process under a **separate sandbox user account**, which is the planned next revision.
563
+ `reset()` removes every ACE this session added (refcounted across concurrent hosts via `state.db`; a crash-recovery pass on the next `initialize()` cleans up after an unclean exit). Directory targets are supported (the ACEs inherit to the whole subtree). Glob patterns are expanded to concrete paths at `initialize()` time a matching path that appears later is not covered.
532
564
 
533
- Until that revision lands, treat the Windows sandbox as **best-effort defense against accidental access and well-behaved tooling**, not as containment for an adversarial process.
565
+ ### TLS termination on Windows
566
+
567
+ `network.tlsTerminate` requires the MITM CA to be present in the **sandbox user's** `CurrentUser\Root` certificate store (schannel — the TLS backend used by `System32\curl.exe`, PowerShell `Invoke-WebRequest`, .NET, and default-backend `git` — trusts only the OS store, not environment variables). This is an install-time step, separate from `windows-install`:
568
+
569
+ ```typescript
570
+ import { windowsTrustCa } from '@sysid/sandbox-runtime-improved'
571
+ windowsTrustCa('/path/to/mitm-ca.crt') // or: srt-win user trust-ca <path>
572
+ ```
573
+
574
+ `initialize()` compares the session CA's thumbprint against the installed one and fails with an actionable message on mismatch, so a stale install-time CA cannot silently break TLS inside the sandbox.
575
+
576
+ OpenSSL-backed clients (msys2 `curl`, `git -c http.sslBackend=openssl`, Node, Python, cargo) are covered by the env-var trust layer: the same trust bundle used on macOS/Linux is passed into the sandbox via `NODE_EXTRA_CA_CERTS`, `SSL_CERT_FILE`, `CURL_CA_BUNDLE`, `GIT_SSL_CAINFO`, `CARGO_HTTP_CAINFO`, etc., and the bundle path is added to the session's `allowRead` grant so the sandbox account can open it.
577
+
578
+ ### Windows-specific configuration
579
+
580
+ The cross-platform `filesystem` and `network` blocks apply as described above. Windows-only settings live under `windows`:
581
+
582
+ - `windows.proxyPortRange` — `[low, high]` inclusive port range the JS proxies bind inside. **Must match** the range passed to `windows-install --proxy-port-range` (default `[60080, 60089]`) — the WFP loopback PERMIT only covers that range.
583
+ - `windows.sublayerGuid` — WFP sublayer GUID under which the filters were installed. Omit to use the compile-time default; set only when enterprise tooling installed the filters under a custom sublayer.
584
+ - `windows.srtWin.path` — path to the `srt-win` binary. Omit to resolve the packaged `vendor/srt-win/<arch>/srt-win.exe`. Set when embedding `srt-win`'s CLI into a multicall binary; spawns then pass `--srt-win` as `argv[1]` so the embedder's dispatcher can route to `srt_win::run_from_args`.
534
585
 
535
586
  ### Known limitations
536
587
 
537
- - **Not a security boundary against a deliberate child** see [Threat model](#threat-model) above.
538
- - `filesystem.allowWrite` (write allow-list) and `filesystem.allowRead` (re-allow within denyRead) are **not supported** on Windows `initialize()` rejects a config that sets either. Only `denyRead` / `denyWrite` are applied.
539
- - `network.tlsTerminate` is not yet supported on Windows.
540
- - Directory targets in `filesystem.denyRead` / `filesystem.denyWrite` are not yet supported (individual files only).
588
+ - **Certificate revocation under schannel.** CryptoAPI's CRL/OCSP fetch goes out via WinHTTP under the caller's token, ignoring the proxy environment, so it is blocked by the WFP egress fence. Tools that use schannel with revocation checking on by default fail with `CRYPT_E_REVOCATION_OFFLINE` (`0x80092013`) unless revocation is disabled per tool: `curl --ssl-no-revoke`, `git -c http.schannelCheckRevoke=false`, `CARGO_HTTP_CHECK_REVOKE=false`. `Invoke-WebRequest`, .NET `HttpClient`, and `gh` do not check revocation by default and are unaffected. A CRL distribution point served from the loopback proxy is planned to remove this workaround.
589
+ - **Per-user tool installs are not reachable.** The sandboxed process runs as `srt-sandbox`, not as you, so tools installed under your profile (nvm/fnm-managed Node, per-user `winget`/Scoop packages, `pip install --user`, `%LOCALAPPDATA%\Programs\…`) resolve on the inherited `PATH` but cannot be opened by the sandbox account. Prefer machine-wide installs (`Program Files`, `choco`/`winget --scope machine`), or add the specific profile paths to `filesystem.allowRead`.
590
+ - **Per-exec `filesystem.allowRead` / `filesystem.allowWrite` overrides are not supported.** Session-level `allowRead`/`allowWrite` (in the config passed to `initialize()`) work as described above; passing them per-command in `wrapWithSandbox`'s `customConfig` throws — grants are applied session-wide via `srt-win acl grant` at `initialize()`, and `srt-win exec` only exposes per-exec denies.
591
+ - **`proxyAuthToken` is visible in the runner's command line.** The proxy environment (including `HTTP_PROXY=http://srt:<token>@127.0.0.1:…`) is passed to the two-hop runner as `--env` arguments on `srt-win exec`'s argv, so the token is readable by any local principal that can open the runner process for `PROCESS_QUERY_LIMITED_INFORMATION`. The token exists so the sandboxed process can authenticate to the loopback proxy, so it is not a secret from the sandbox itself; on a single-user development machine this is generally acceptable, but on a shared host treat the proxy allowlist as reachable by other same-session principals.
592
+ - **DNS resolution via the system resolver is not fenced.** `getaddrinfo()` is serviced by the `Dnscache` service running as `NETWORK SERVICE`, so name resolution succeeds even though the subsequent `connect()` from the sandboxed process is blocked. Tools that do their own UDP/53 (`nslookup`, `dig`) are fenced. This mirrors the macOS behaviour.
593
+
594
+ ### Uninstall
595
+
596
+ ```powershell
597
+ npx @sysid/sandbox-runtime-improved windows-uninstall
598
+ ```
599
+
600
+ Removes the WFP filter set, the `srt-sandbox` account and its profile, the `sandbox-runtime-users` group, and clears the credential/setup marker from `state.db` (one UAC prompt). `%LOCALAPPDATA%\sandbox-runtime\state.db` itself is left in place (it is ACL-stamped broker-only); delete the directory manually for a full sweep.
541
601
 
542
602
  ## Development
543
603
 
@@ -581,7 +641,7 @@ The sandbox runs HTTP and SOCKS5 proxy servers on the host machine that filter a
581
641
 
582
642
  - **macOS**: The Seatbelt profile allows communication only to specific localhost ports where the proxies listen. All other network access is blocked.
583
643
 
584
- **Parent/upstream proxy chaining:** When running behind a corporate proxy, configure `network.parentProxy` (or set `HTTP_PROXY`/`HTTPS_PROXY`/`NO_PROXY` environment variables) to chain the sandbox's proxies through an upstream proxy. Both HTTP and SOCKS5 traffic will tunnel through the parent proxy via CONNECT. Destinations matching `noProxy` patterns bypass the parent and connect directly.
644
+ - **Windows**: A WFP `ALE_AUTH_CONNECT` filter blocks every outbound connect from the `srt-sandbox` account except loopback to the configured proxy port range. The proxies bind inside that range. Environment variables (`HTTP_PROXY`, `HTTPS_PROXY`, `ALL_PROXY`, …) point tools at the proxies, but the WFP filter is the boundary a process that ignores or unsets them is still fenced.
585
645
 
586
646
  ### Filesystem Isolation
587
647
 
@@ -589,6 +649,7 @@ Filesystem restrictions are enforced at the OS level:
589
649
 
590
650
  - **macOS**: Uses `sandbox-exec` with dynamically generated Seatbelt profiles that specify allowed read/write paths
591
651
  - **Linux**: Uses `bubblewrap` with bind mounts, marking directories as read-only or read-write based on configuration
652
+ - **Windows**: Writes additive `(OI)(CI)` explicit ACEs for the `srt-sandbox` SID onto the configured paths (ALLOW on `allowRead`/`allowWrite`, DENY on `denyRead`/`denyWrite`), then removes them at `reset()`
592
653
 
593
654
  **Default filesystem permissions:**
594
655
 
package/dist/cli.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- import shellquote from 'shell-quote';
2
+ import { quote } from './utils/shell-quote.js';
3
3
  import { Command } from 'commander';
4
4
  import { SandboxManager } from './index.js';
5
5
  import { spawn } from 'child_process';
@@ -46,12 +46,11 @@ async function main() {
46
46
  // available programmatically as installWindowsSandbox().
47
47
  program
48
48
  .command('windows-install')
49
- .description('Windows: create the discriminator group + install WFP filters ' +
50
- '(one UAC prompt). Then log out and back in.')
51
- .option('--name <group>', 'discriminator group name')
52
- .option('--group-sid <sid>', 'discriminator group SID (overrides --name)')
49
+ .description('Windows: provision the `srt-sandbox` user account + install WFP ' +
50
+ 'filters (one UAC prompt). No logout needed.')
53
51
  .option('--sublayer-guid <guid>', 'WFP sublayer GUID')
54
52
  .option('--proxy-port-range <lo-hi>', 'loopback PERMIT port range (e.g. 60080-60089)')
53
+ .option('--sandbox-user <name>', 'name for the sandbox user account (default: srt-sandbox)')
55
54
  .option('--force', 'replace an existing install with different config')
56
55
  .action(async (o) => {
57
56
  const { installWindowsSandbox } = await import('./sandbox/windows-sandbox-utils.js');
@@ -60,10 +59,9 @@ async function main() {
60
59
  : undefined;
61
60
  try {
62
61
  const r = installWindowsSandbox({
63
- groupName: o.name,
64
- groupSid: o.groupSid,
65
62
  sublayerGuid: o.sublayerGuid,
66
63
  proxyPortRange: range,
64
+ sandboxUser: o.sandboxUser,
67
65
  force: Boolean(o.force),
68
66
  });
69
67
  if (r.cancelled) {
@@ -71,19 +69,16 @@ async function main() {
71
69
  process.exit(2);
72
70
  }
73
71
  console.log(`Installed.\n` +
74
- ` group: ${r.group.state}` +
75
- (r.group.sid ? ` (${r.group.sid})` : '') +
72
+ ` sandbox user: ${r.user.provisioned ? 'provisioned' : 'MISSING'}` +
73
+ (r.user.sid ? ` (${r.user.sid})` : '') +
76
74
  `\n` +
77
75
  ` WFP: ${r.wfp.state}, ${r.wfp.filters} filters` +
78
76
  (r.wfp.portRange
79
77
  ? `, port range ${r.wfp.portRange[0]}-${r.wfp.portRange[1]}`
80
78
  : '') +
81
79
  `\n\n` +
82
- (r.group.state === 'ready'
83
- ? `Group is already in your token no logout needed.`
84
- : `→ LOG OUT and back in so the group SID enters your token.\n` +
85
- ` Network stays up meanwhile (WFP filter-0 PERMITs ` +
86
- `non-members).`));
80
+ `No logout needed — the WFP filter keys on the dedicated ` +
81
+ `\`srt-sandbox\` user's SID, so your network is unaffected.`);
87
82
  }
88
83
  catch (e) {
89
84
  console.error(`Error: ${e.message}`);
@@ -92,8 +87,7 @@ async function main() {
92
87
  });
93
88
  program
94
89
  .command('windows-uninstall')
95
- .description('Windows: remove WFP filters (one UAC prompt). Group is kept — ' +
96
- 'use `srt-win.exe group delete` for full teardown.')
90
+ .description('Windows: remove WFP filters + the `srt-sandbox` account (one UAC prompt).')
97
91
  .option('--sublayer-guid <guid>', 'WFP sublayer GUID')
98
92
  .action(async (o) => {
99
93
  const { uninstallWindowsSandbox } = await import('./sandbox/windows-sandbox-utils.js');
@@ -103,7 +97,7 @@ async function main() {
103
97
  console.error('Uninstall cancelled at the UAC prompt.');
104
98
  process.exit(2);
105
99
  }
106
- console.log('WFP filters removed. Group membership kept.');
100
+ console.log('WFP filters and `srt-sandbox` account removed.');
107
101
  }
108
102
  catch (e) {
109
103
  console.error(`Error: ${e.message}`);
@@ -191,7 +185,7 @@ async function main() {
191
185
  // executed via `bash -c <command>`, so each arg must be
192
186
  // shell-quoted to survive that re-parse — a plain join(' ')
193
187
  // splits arguments containing whitespace (#157).
194
- command = shellquote.quote(commandArgs);
188
+ command = quote(commandArgs);
195
189
  logForDebugging(`Original command: ${command}`);
196
190
  }
197
191
  else {
package/dist/cli.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,UAAU,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAE3C,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAC3E,OAAO,KAAK,QAAQ,MAAM,UAAU,CAAA;AACpC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AACxB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AAEtC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAA;AAE9C;;GAEG;AACH,SAAS,oBAAoB;IAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,oBAAoB,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB;IACvB,OAAO;QACL,OAAO,EAAE;YACP,cAAc,EAAE,EAAE;YAClB,aAAa,EAAE,EAAE;SAClB;QACD,UAAU,EAAE;YACV,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,EAAE;YACb,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;SACd;KACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAA;IAE7B,OAAO;SACJ,IAAI,CAAC,MAAM,CAAC;SACZ,WAAW,CACV,oEAAoE,CACrE;SACA,OAAO,CAAC,OAAO,CAAC,CAAA;IAEnB,iEAAiE;IACjE,yDAAyD;IACzD,yDAAyD;IACzD,OAAO;SACJ,OAAO,CAAC,iBAAiB,CAAC;SAC1B,WAAW,CACV,gEAAgE;QAC9D,6CAA6C,CAChD;SACA,MAAM,CAAC,gBAAgB,EAAE,0BAA0B,CAAC;SACpD,MAAM,CAAC,mBAAmB,EAAE,4CAA4C,CAAC;SACzE,MAAM,CAAC,wBAAwB,EAAE,mBAAmB,CAAC;SACrD,MAAM,CACL,4BAA4B,EAC5B,+CAA+C,CAChD;SACA,MAAM,CAAC,SAAS,EAAE,mDAAmD,CAAC;SACtE,MAAM,CAAC,KAAK,EAAE,CAA+C,EAAE,EAAE;QAChE,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAC5C,oCAAoC,CACrC,CAAA;QACD,MAAM,KAAK,GACT,OAAO,CAAC,CAAC,cAAc,KAAK,QAAQ;YAClC,CAAC,CAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAsB;YAC/D,CAAC,CAAC,SAAS,CAAA;QACf,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,qBAAqB,CAAC;gBAC9B,SAAS,EAAE,CAAC,CAAC,IAA0B;gBACvC,QAAQ,EAAE,CAAC,CAAC,QAA8B;gBAC1C,YAAY,EAAE,CAAC,CAAC,YAAkC;gBAClD,cAAc,EAAE,KAAK;gBACrB,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;aACxB,CAAC,CAAA;YACF,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;gBAChB,OAAO,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAA;gBACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC;YACD,OAAO,CAAC,GAAG,CACT,cAAc;gBACZ,YAAY,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE;gBAC3B,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACxC,IAAI;gBACJ,YAAY,CAAC,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,UAAU;gBACnD,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS;oBACd,CAAC,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;oBAC5D,CAAC,CAAC,EAAE,CAAC;gBACP,MAAM;gBACN,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,KAAK,OAAO;oBACxB,CAAC,CAAC,oDAAoD;oBACtD,CAAC,CAAC,6DAA6D;wBAC7D,qDAAqD;wBACrD,eAAe,CAAC,CACvB,CAAA;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,UAAW,CAAW,CAAC,OAAO,EAAE,CAAC,CAAA;YAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC,CAAC,CAAA;IAEJ,OAAO;SACJ,OAAO,CAAC,mBAAmB,CAAC;SAC5B,WAAW,CACV,gEAAgE;QAC9D,mDAAmD,CACtD;SACA,MAAM,CAAC,wBAAwB,EAAE,mBAAmB,CAAC;SACrD,MAAM,CAAC,KAAK,EAAE,CAAqC,EAAE,EAAE;QACtD,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAC9C,oCAAoC,CACrC,CAAA;QACD,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,uBAAuB,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC,CAAA;YACnE,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;gBAChB,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAA;gBACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAA;QAC5D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,UAAW,CAAW,CAAC,OAAO,EAAE,CAAC,CAAA;YAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC,CAAC,CAAA;IAEJ,2CAA2C;IAC3C,OAAO;SACJ,QAAQ,CAAC,cAAc,EAAE,+BAA+B,CAAC;SACzD,MAAM,CAAC,aAAa,EAAE,sBAAsB,CAAC;SAC7C,MAAM,CACL,uBAAuB,EACvB,qDAAqD,CACtD;SACA,MAAM,CACL,cAAc,EACd,+DAA+D,CAChE;SACA,MAAM,CACL,mBAAmB,EACnB,gEAAgE,EAChE,QAAQ,CACT;SACA,kBAAkB,EAAE;SACpB,MAAM,CACL,KAAK,EACH,WAAqB,EACrB,OAKC,EACD,EAAE;QACF,IAAI,CAAC;YACH,6DAA6D;YAC7D,+DAA+D;YAC/D,oEAAoE;YACpE,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,MAAM,CAAA;YAChC,CAAC;YAED,wBAAwB;YACxB,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,IAAI,oBAAoB,EAAE,CAAA;YAC7D,IAAI,aAAa,GAAG,UAAU,CAAC,UAAU,CAAC,CAAA;YAE1C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,iEAAiE;gBACjE,4DAA4D;gBAC5D,yDAAyD;gBACzD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;oBACrB,OAAO,CAAC,KAAK,CACX,uCAAuC,UAAU,sCAAsC;wBACrF,0CAA0C,CAC7C,CAAA;oBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBACjB,CAAC;gBACD,eAAe,CACb,sBAAsB,UAAU,wBAAwB,CACzD,CAAA;gBACD,aAAa,GAAG,gBAAgB,EAAE,CAAA;YACpC,CAAC;YAED,iCAAiC;YACjC,eAAe,CAAC,yBAAyB,CAAC,CAAA;YAC1C,MAAM,cAAc,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;YAE9C,4DAA4D;YAC5D,IAAI,aAAa,GAA8B,IAAI,CAAA;YACnD,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,aAAa,GAAG,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE;wBAC5C,EAAE,EAAE,OAAO,CAAC,SAAS;qBACtB,CAAC,CAAA;oBACF,aAAa,GAAG,QAAQ,CAAC,eAAe,CAAC;wBACvC,KAAK,EAAE,aAAa;wBACpB,SAAS,EAAE,QAAQ;qBACpB,CAAC,CAAA;oBAEF,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE;wBAC9B,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAA;wBAC5C,IAAI,SAAS,EAAE,CAAC;4BACd,eAAe,CACb,mCAAmC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAC/D,CAAA;4BACD,cAAc,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;wBACxC,CAAC;6BAAM,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;4BACvB,gDAAgD;4BAChD,eAAe,CACb,2CAA2C,IAAI,EAAE,CAClD,CAAA;wBACH,CAAC;oBACH,CAAC,CAAC,CAAA;oBAEF,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;wBAC9B,eAAe,CAAC,qBAAqB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;oBACrD,CAAC,CAAC,CAAA;oBAEF,eAAe,CACb,sCAAsC,OAAO,CAAC,SAAS,EAAE,CAC1D,CAAA;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,eAAe,CACb,6BAA6B,OAAO,CAAC,SAAS,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACtG,CAAA;gBACH,CAAC;YACH,CAAC;YAED,iCAAiC;YACjC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;gBACtB,aAAa,EAAE,KAAK,EAAE,CAAA;YACxB,CAAC,CAAC,CAAA;YAEF,yCAAyC;YACzC,IAAI,OAAe,CAAA;YACnB,IAAI,OAAO,CAAC,CAAC,EAAE,CAAC;gBACd,oDAAoD;gBACpD,OAAO,GAAG,OAAO,CAAC,CAAC,CAAA;gBACnB,eAAe,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAA;YACzD,CAAC;iBAAM,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,2DAA2D;gBAC3D,wDAAwD;gBACxD,4DAA4D;gBAC5D,iDAAiD;gBACjD,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;gBACvC,eAAe,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAA;YACjD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CACX,6EAA6E,CAC9E,CAAA;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC;YAED,eAAe,CACb,IAAI,CAAC,SAAS,CACZ,cAAc,CAAC,2BAA2B,EAAE,EAC5C,IAAI,EACJ,CAAC,CACF,CACF,CAAA;YAED,yDAAyD;YACzD,yDAAyD;YACzD,uDAAuD;YACvD,uDAAuD;YACvD,0CAA0C;YAC1C,IAAI,KAAK,CAAA;YACT,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBACjC,+DAA+D;gBAC/D,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GACjB,MAAM,cAAc,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAA;gBACnD,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;oBACpC,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,SAAS;oBAChB,GAAG;iBACJ,CAAC,CAAA;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,gBAAgB,GACpB,MAAM,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;gBAC/C,KAAK,GAAG,KAAK,CAAC,gBAAgB,EAAE;oBAC9B,KAAK,EAAE,IAAI;oBACX,KAAK,EAAE,SAAS;iBACjB,CAAC,CAAA;YACJ,CAAC;YAED,sBAAsB;YACtB,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;gBAChC,uDAAuD;gBACvD,kEAAkE;gBAClE,8CAA8C;gBAC9C,cAAc,CAAC,mBAAmB,EAAE,CAAA;gBAEpC,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;wBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;oBACjB,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAA;wBACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;oBACjB,CAAC;gBACH,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAA;YACzB,CAAC,CAAC,CAAA;YAEF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE;gBACxB,OAAO,CAAC,KAAK,CAAC,8BAA8B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;gBAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC,CAAC,CAAA;YAEF,8BAA8B;YAC9B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACxB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACtB,CAAC,CAAC,CAAA;YAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACzB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACvB,CAAC,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACnE,CAAA;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC,CACF,CAAA;IAEH,OAAO,CAAC,KAAK,EAAE,CAAA;AACjB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAA"}
1
+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,KAAK,EAAE,MAAM,wBAAwB,CAAA;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAE3C,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AAC3E,OAAO,KAAK,QAAQ,MAAM,UAAU,CAAA;AACpC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AACxB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AAEtC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAA;AAE9C;;GAEG;AACH,SAAS,oBAAoB;IAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,oBAAoB,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB;IACvB,OAAO;QACL,OAAO,EAAE;YACP,cAAc,EAAE,EAAE;YAClB,aAAa,EAAE,EAAE;SAClB;QACD,UAAU,EAAE;YACV,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,EAAE;YACb,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;SACd;KACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAA;IAE7B,OAAO;SACJ,IAAI,CAAC,MAAM,CAAC;SACZ,WAAW,CACV,oEAAoE,CACrE;SACA,OAAO,CAAC,OAAO,CAAC,CAAA;IAEnB,iEAAiE;IACjE,yDAAyD;IACzD,yDAAyD;IACzD,OAAO;SACJ,OAAO,CAAC,iBAAiB,CAAC;SAC1B,WAAW,CACV,kEAAkE;QAChE,6CAA6C,CAChD;SACA,MAAM,CAAC,wBAAwB,EAAE,mBAAmB,CAAC;SACrD,MAAM,CACL,4BAA4B,EAC5B,+CAA+C,CAChD;SACA,MAAM,CACL,uBAAuB,EACvB,0DAA0D,CAC3D;SACA,MAAM,CAAC,SAAS,EAAE,mDAAmD,CAAC;SACtE,MAAM,CAAC,KAAK,EAAE,CAA+C,EAAE,EAAE;QAChE,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAC5C,oCAAoC,CACrC,CAAA;QACD,MAAM,KAAK,GACT,OAAO,CAAC,CAAC,cAAc,KAAK,QAAQ;YAClC,CAAC,CAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAsB;YAC/D,CAAC,CAAC,SAAS,CAAA;QACf,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,qBAAqB,CAAC;gBAC9B,YAAY,EAAE,CAAC,CAAC,YAAkC;gBAClD,cAAc,EAAE,KAAK;gBACrB,WAAW,EAAE,CAAC,CAAC,WAAiC;gBAChD,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;aACxB,CAAC,CAAA;YACF,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;gBAChB,OAAO,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAA;gBACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC;YACD,OAAO,CAAC,GAAG,CACT,cAAc;gBACZ,mBAAmB,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,EAAE;gBACnE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,IAAI;gBACJ,YAAY,CAAC,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,UAAU;gBACnD,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS;oBACd,CAAC,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;oBAC5D,CAAC,CAAC,EAAE,CAAC;gBACP,MAAM;gBACN,0DAA0D;gBAC1D,4DAA4D,CAC/D,CAAA;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,UAAW,CAAW,CAAC,OAAO,EAAE,CAAC,CAAA;YAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC,CAAC,CAAA;IAEJ,OAAO;SACJ,OAAO,CAAC,mBAAmB,CAAC;SAC5B,WAAW,CACV,2EAA2E,CAC5E;SACA,MAAM,CAAC,wBAAwB,EAAE,mBAAmB,CAAC;SACrD,MAAM,CAAC,KAAK,EAAE,CAAqC,EAAE,EAAE;QACtD,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAC9C,oCAAoC,CACrC,CAAA;QACD,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,uBAAuB,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC,CAAA;YACnE,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;gBAChB,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAA;gBACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAA;QAC/D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,UAAW,CAAW,CAAC,OAAO,EAAE,CAAC,CAAA;YAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC,CAAC,CAAA;IAEJ,2CAA2C;IAC3C,OAAO;SACJ,QAAQ,CAAC,cAAc,EAAE,+BAA+B,CAAC;SACzD,MAAM,CAAC,aAAa,EAAE,sBAAsB,CAAC;SAC7C,MAAM,CACL,uBAAuB,EACvB,qDAAqD,CACtD;SACA,MAAM,CACL,cAAc,EACd,+DAA+D,CAChE;SACA,MAAM,CACL,mBAAmB,EACnB,gEAAgE,EAChE,QAAQ,CACT;SACA,kBAAkB,EAAE;SACpB,MAAM,CACL,KAAK,EACH,WAAqB,EACrB,OAKC,EACD,EAAE;QACF,IAAI,CAAC;YACH,6DAA6D;YAC7D,+DAA+D;YAC/D,oEAAoE;YACpE,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,MAAM,CAAA;YAChC,CAAC;YAED,wBAAwB;YACxB,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,IAAI,oBAAoB,EAAE,CAAA;YAC7D,IAAI,aAAa,GAAG,UAAU,CAAC,UAAU,CAAC,CAAA;YAE1C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,iEAAiE;gBACjE,4DAA4D;gBAC5D,yDAAyD;gBACzD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;oBACrB,OAAO,CAAC,KAAK,CACX,uCAAuC,UAAU,sCAAsC;wBACrF,0CAA0C,CAC7C,CAAA;oBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBACjB,CAAC;gBACD,eAAe,CACb,sBAAsB,UAAU,wBAAwB,CACzD,CAAA;gBACD,aAAa,GAAG,gBAAgB,EAAE,CAAA;YACpC,CAAC;YAED,iCAAiC;YACjC,eAAe,CAAC,yBAAyB,CAAC,CAAA;YAC1C,MAAM,cAAc,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;YAE9C,4DAA4D;YAC5D,IAAI,aAAa,GAA8B,IAAI,CAAA;YACnD,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,aAAa,GAAG,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE;wBAC5C,EAAE,EAAE,OAAO,CAAC,SAAS;qBACtB,CAAC,CAAA;oBACF,aAAa,GAAG,QAAQ,CAAC,eAAe,CAAC;wBACvC,KAAK,EAAE,aAAa;wBACpB,SAAS,EAAE,QAAQ;qBACpB,CAAC,CAAA;oBAEF,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE;wBAC9B,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAA;wBAC5C,IAAI,SAAS,EAAE,CAAC;4BACd,eAAe,CACb,mCAAmC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAC/D,CAAA;4BACD,cAAc,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;wBACxC,CAAC;6BAAM,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;4BACvB,gDAAgD;4BAChD,eAAe,CACb,2CAA2C,IAAI,EAAE,CAClD,CAAA;wBACH,CAAC;oBACH,CAAC,CAAC,CAAA;oBAEF,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;wBAC9B,eAAe,CAAC,qBAAqB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;oBACrD,CAAC,CAAC,CAAA;oBAEF,eAAe,CACb,sCAAsC,OAAO,CAAC,SAAS,EAAE,CAC1D,CAAA;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,eAAe,CACb,6BAA6B,OAAO,CAAC,SAAS,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACtG,CAAA;gBACH,CAAC;YACH,CAAC;YAED,iCAAiC;YACjC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;gBACtB,aAAa,EAAE,KAAK,EAAE,CAAA;YACxB,CAAC,CAAC,CAAA;YAEF,yCAAyC;YACzC,IAAI,OAAe,CAAA;YACnB,IAAI,OAAO,CAAC,CAAC,EAAE,CAAC;gBACd,oDAAoD;gBACpD,OAAO,GAAG,OAAO,CAAC,CAAC,CAAA;gBACnB,eAAe,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAA;YACzD,CAAC;iBAAM,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,2DAA2D;gBAC3D,wDAAwD;gBACxD,4DAA4D;gBAC5D,iDAAiD;gBACjD,OAAO,GAAG,KAAK,CAAC,WAAW,CAAC,CAAA;gBAC5B,eAAe,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAA;YACjD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CACX,6EAA6E,CAC9E,CAAA;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC;YAED,eAAe,CACb,IAAI,CAAC,SAAS,CACZ,cAAc,CAAC,2BAA2B,EAAE,EAC5C,IAAI,EACJ,CAAC,CACF,CACF,CAAA;YAED,yDAAyD;YACzD,yDAAyD;YACzD,uDAAuD;YACvD,uDAAuD;YACvD,0CAA0C;YAC1C,IAAI,KAAK,CAAA;YACT,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBACjC,+DAA+D;gBAC/D,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GACjB,MAAM,cAAc,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAA;gBACnD,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;oBACpC,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,SAAS;oBAChB,GAAG;iBACJ,CAAC,CAAA;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,gBAAgB,GACpB,MAAM,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;gBAC/C,KAAK,GAAG,KAAK,CAAC,gBAAgB,EAAE;oBAC9B,KAAK,EAAE,IAAI;oBACX,KAAK,EAAE,SAAS;iBACjB,CAAC,CAAA;YACJ,CAAC;YAED,sBAAsB;YACtB,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;gBAChC,uDAAuD;gBACvD,kEAAkE;gBAClE,8CAA8C;gBAC9C,cAAc,CAAC,mBAAmB,EAAE,CAAA;gBAEpC,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;wBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;oBACjB,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAA;wBACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;oBACjB,CAAC;gBACH,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAA;YACzB,CAAC,CAAC,CAAA;YAEF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE;gBACxB,OAAO,CAAC,KAAK,CAAC,8BAA8B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;gBAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACjB,CAAC,CAAC,CAAA;YAEF,8BAA8B;YAC9B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACxB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACtB,CAAC,CAAC,CAAA;YAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACzB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACvB,CAAC,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACnE,CAAA;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC,CACF,CAAA;IAEH,OAAO,CAAC,KAAK,EAAE,CAAA;AACjB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAA"}
package/dist/index.d.ts CHANGED
@@ -6,10 +6,10 @@ export type { SandboxAskCallback, FsReadRestrictionConfig, FsWriteRestrictionCon
6
6
  export type { FilterRequestCallback, RequestDecision, MutateForwardedHeaders, } from './sandbox/request-filter.js';
7
7
  export type { SandboxViolationEvent } from './sandbox/macos-sandbox-utils.js';
8
8
  export { type SandboxDependencyCheck } from './sandbox/linux-sandbox-utils.js';
9
- export { getSrtWinPath, getWindowsGroupStatus, getWindowsWfpStatus, getWindowsSandboxUserStatus, getWindowsSandboxCaCert, windowsTrustCa, installWindowsSandbox, uninstallWindowsSandbox, createWindowsGroup, deleteWindowsGroup, createWindowsWfp, windowsInstallInstructions, stampWindowsAcl, restoreWindowsAcl, expandWindowsFsDenyPaths, WINDOWS_ACL_PATH_OK, WINDOWS_ACL_PARENT_OK, DEFAULT_WINDOWS_GROUP_NAME, DEFAULT_WINDOWS_PROXY_PORT_RANGE, } from './sandbox/windows-sandbox-utils.js';
10
- export type { WindowsGroupRef, WindowsInstallOptions, WindowsInstallResult, WindowsGroupStatus, WindowsGroupStatusResult, WindowsWfpStatus, WindowsAclStampOptions, WindowsAclRestoreOptions, WindowsAclRestoreResult, WindowsAclPathOutcome, WindowsAclParentOutcome, WindowsWfpStatusResult, WindowsSandboxUserStatus, } from './sandbox/windows-sandbox-utils.js';
11
- export type { WindowsConfig } from './sandbox/sandbox-config.js';
12
- export { WindowsConfigSchema } from './sandbox/sandbox-config.js';
9
+ export { getSrtWinPath, resolveSrtWin, getWindowsWfpStatus, verifyWindowsWfpEgress, getWindowsSandboxUserStatus, getWindowsSandboxCaCert, windowsTrustCa, installWindowsSandbox, uninstallWindowsSandbox, windowsInstallInstructions, stampWindowsAcl, restoreWindowsAcl, grantWindowsAcl, revokeWindowsAcl, expandWindowsFsPaths, buildGitConfigEnv, DEFAULT_WINDOWS_PROXY_PORT_RANGE, SRT_WIN_DISPATCH_ARG1, } from './sandbox/windows-sandbox-utils.js';
10
+ export type { WindowsInstallOptions, WindowsInstallResult, WindowsWfpStatus, WindowsAclStampOptions, WindowsAclGrantOptions, WindowsAclAceOutcome, WindowsWfpStatusResult, WindowsWfpVerifyResult, WindowsSandboxUserStatus, SrtWinSpawn, } from './sandbox/windows-sandbox-utils.js';
11
+ export type { WindowsConfig, SrtWinConfig } from './sandbox/sandbox-config.js';
12
+ export { WindowsConfigSchema, SrtWinConfigSchema, } from './sandbox/sandbox-config.js';
13
13
  export { getDefaultWritePaths } from './sandbox/sandbox-utils.js';
14
14
  export { getWslVersion } from './utils/platform.js';
15
15
  export type { Platform } from './utils/platform.js';
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sCAAsC,CAAA;AAG5E,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,sBAAsB,EACtB,cAAc,EACd,sBAAsB,GACvB,MAAM,6BAA6B,CAAA;AAEpC,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,4BAA4B,EAC5B,mBAAmB,GACpB,MAAM,6BAA6B,CAAA;AAGpC,YAAY,EACV,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,2BAA2B,EAC3B,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,8BAA8B,CAAA;AAGrC,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,sBAAsB,GACvB,MAAM,6BAA6B,CAAA;AAGpC,YAAY,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAA;AAC7E,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,kCAAkC,CAAA;AAG9E,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,EACvB,cAAc,EACd,qBAAqB,EACrB,uBAAuB,EACvB,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,0BAA0B,EAC1B,eAAe,EACf,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,qBAAqB,EACrB,0BAA0B,EAC1B,gCAAgC,GACjC,MAAM,oCAAoC,CAAA;AAC3C,YAAY,EACV,eAAe,EACf,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,gBAAgB,EAChB,sBAAsB,EACtB,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,EACrB,uBAAuB,EACvB,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,oCAAoC,CAAA;AAC3C,YAAY,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAA;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAGjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAA;AAGjE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sCAAsC,CAAA;AAG5E,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,sBAAsB,EACtB,cAAc,EACd,sBAAsB,GACvB,MAAM,6BAA6B,CAAA;AAEpC,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,4BAA4B,EAC5B,mBAAmB,GACpB,MAAM,6BAA6B,CAAA;AAGpC,YAAY,EACV,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,2BAA2B,EAC3B,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,8BAA8B,CAAA;AAGrC,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,sBAAsB,GACvB,MAAM,6BAA6B,CAAA;AAGpC,YAAY,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAA;AAC7E,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,kCAAkC,CAAA;AAG9E,OAAO,EACL,aAAa,EACb,aAAa,EACb,mBAAmB,EACnB,sBAAsB,EACtB,2BAA2B,EAC3B,uBAAuB,EACvB,cAAc,EACd,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,gCAAgC,EAChC,qBAAqB,GACtB,MAAM,oCAAoC,CAAA;AAC3C,YAAY,EACV,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,wBAAwB,EACxB,WAAW,GACZ,MAAM,oCAAoC,CAAA;AAC3C,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAA;AAC9E,OAAO,EACL,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAA;AAGjE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAA"}
package/dist/index.js CHANGED
@@ -3,8 +3,8 @@ export { SandboxManager } from './sandbox/sandbox-manager.js';
3
3
  export { SandboxViolationStore } from './sandbox/sandbox-violation-store.js';
4
4
  export { SandboxRuntimeConfigSchema, NetworkConfigSchema, FilesystemConfigSchema, CredentialsConfigSchema, IgnoreViolationsConfigSchema, RipgrepConfigSchema, } from './sandbox/sandbox-config.js';
5
5
  // Windows install/status API
6
- export { getSrtWinPath, getWindowsGroupStatus, getWindowsWfpStatus, getWindowsSandboxUserStatus, getWindowsSandboxCaCert, windowsTrustCa, installWindowsSandbox, uninstallWindowsSandbox, createWindowsGroup, deleteWindowsGroup, createWindowsWfp, windowsInstallInstructions, stampWindowsAcl, restoreWindowsAcl, expandWindowsFsDenyPaths, WINDOWS_ACL_PATH_OK, WINDOWS_ACL_PARENT_OK, DEFAULT_WINDOWS_GROUP_NAME, DEFAULT_WINDOWS_PROXY_PORT_RANGE, } from './sandbox/windows-sandbox-utils.js';
7
- export { WindowsConfigSchema } from './sandbox/sandbox-config.js';
6
+ export { getSrtWinPath, resolveSrtWin, getWindowsWfpStatus, verifyWindowsWfpEgress, getWindowsSandboxUserStatus, getWindowsSandboxCaCert, windowsTrustCa, installWindowsSandbox, uninstallWindowsSandbox, windowsInstallInstructions, stampWindowsAcl, restoreWindowsAcl, grantWindowsAcl, revokeWindowsAcl, expandWindowsFsPaths, buildGitConfigEnv, DEFAULT_WINDOWS_PROXY_PORT_RANGE, SRT_WIN_DISPATCH_ARG1, } from './sandbox/windows-sandbox-utils.js';
7
+ export { WindowsConfigSchema, SrtWinConfigSchema, } from './sandbox/sandbox-config.js';
8
8
  // Utility functions
9
9
  export { getDefaultWritePaths } from './sandbox/sandbox-utils.js';
10
10
  // Platform utilities
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kBAAkB;AAClB,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sCAAsC,CAAA;AAc5E,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,4BAA4B,EAC5B,mBAAmB,GACpB,MAAM,6BAA6B,CAAA;AAuBpC,6BAA6B;AAC7B,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,EACvB,cAAc,EACd,qBAAqB,EACrB,uBAAuB,EACvB,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,0BAA0B,EAC1B,eAAe,EACf,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,qBAAqB,EACrB,0BAA0B,EAC1B,gCAAgC,GACjC,MAAM,oCAAoC,CAAA;AAiB3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,oBAAoB;AACpB,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAA;AAEjE,qBAAqB;AACrB,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kBAAkB;AAClB,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sCAAsC,CAAA;AAc5E,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,4BAA4B,EAC5B,mBAAmB,GACpB,MAAM,6BAA6B,CAAA;AAuBpC,6BAA6B;AAC7B,OAAO,EACL,aAAa,EACb,aAAa,EACb,mBAAmB,EACnB,sBAAsB,EACtB,2BAA2B,EAC3B,uBAAuB,EACvB,cAAc,EACd,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,gCAAgC,EAChC,qBAAqB,GACtB,MAAM,oCAAoC,CAAA;AAc3C,OAAO,EACL,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AAEpC,oBAAoB;AACpB,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAA;AAEjE,qBAAqB;AACrB,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA"}
@@ -1,26 +1,83 @@
1
1
  /**
2
- * Whole-file credential masking (Linux).
2
+ * Credential file masking (Linux).
3
3
  *
4
4
  * For a `credentials.files` entry with `mode: "mask"`, srt reads the real
5
- * file content on the host, registers a sentinel for it in the
6
- * {@link SentinelRegistry}, and writes the sentinel to a fake file in a
7
- * manager-owned temp directory. The Linux sandbox then `--ro-bind`s the
8
- * fake over the real path, so the sandboxed process reads the sentinel.
9
- * The proxy substitution from env-var masking already scans every header
10
- * for any registered sentinel, so a tool that does
5
+ * file content on the host, registers one or more sentinels in the
6
+ * {@link SentinelRegistry}, and writes a fake file (sentinel-substituted)
7
+ * to a manager-owned temp directory. The Linux sandbox then `--ro-bind`s
8
+ * the fake over the real path, so the sandboxed process reads the
9
+ * sentinel(s). The proxy substitution from env-var masking already scans
10
+ * every header for any registered sentinel, so a tool that does
11
11
  * `Authorization: Bearer $(cat <maskedFile>)` reaches the upstream with
12
12
  * the real bytes — no proxy changes required.
13
13
  *
14
+ * Without `extract`, masking is **whole-file**: one sentinel replaces the
15
+ * entire content. With `extract`, masking is **structured**: a regex picks
16
+ * out the credential value(s) and only those spans are replaced, so a tool
17
+ * that parses the file (JSON/YAML/.netrc) still sees valid syntax. See
18
+ * {@link extractAndSubstitute} and {@link CredentialFileConfigSchema}.
19
+ *
14
20
  * On macOS, SBPL cannot redirect reads, so masked files degrade to
15
21
  * `mode: "deny"` (see macos-sandbox-utils.ts).
16
- *
17
- * LIMITATION: this is whole-file masking. It works when the file content
18
- * *is* the credential (a token file). It does not work for structured
19
- * files a tool parses (JSON/YAML/.netrc) — the tool will fail to parse
20
- * the sentinel. See {@link CredentialFileConfigSchema}.
21
22
  */
22
23
  import type { CredentialFileConfig } from './sandbox-config.js';
23
24
  import type { SentinelRegistry } from './credential-sentinel.js';
25
+ /**
26
+ * Result of {@link extractAndSubstitute}: the file content with each
27
+ * matched capture-group-1 span replaced by `sentinelFor(capture, i)`,
28
+ * plus the distinct captured values in first-seen (index) order.
29
+ */
30
+ export interface ExtractResult {
31
+ fakeContent: string;
32
+ captures: string[];
33
+ }
34
+ /** Options for {@link extractAndSubstitute}. */
35
+ export interface ExtractOptions {
36
+ /**
37
+ * If true, verbatim occurrences of each captured value *outside* the
38
+ * regex-matched spans are also replaced with that capture's sentinel —
39
+ * for a secret repeated where the regex does not reach (e.g. pasted
40
+ * into a comment). The scan matches raw substrings: a short or common
41
+ * captured value may corrupt unrelated content that happens to contain
42
+ * it, so this option is intended for long, high-entropy secrets.
43
+ */
44
+ maskDuplicates?: boolean;
45
+ }
46
+ /**
47
+ * Apply `pattern` globally to `content` and return `content` with each
48
+ * matched capture-group-1 span replaced by `sentinelFor(capture, i)`,
49
+ * where `i` is the zero-based index of the distinct captured value in
50
+ * first-seen order.
51
+ *
52
+ * Offset-based: the regex `d` flag exposes capture-group offsets, so the
53
+ * output is built by slicing between spans and splicing the sentinel in
54
+ * at the exact `[start, end)` of group 1. By default only the
55
+ * regex-matched span is replaced — a captured value that coincidentally
56
+ * appears elsewhere in the file (outside any match) is left intact. No
57
+ * placeholder pass, no substring-ordering concern.
58
+ *
59
+ * With `maskDuplicates` (see {@link ExtractOptions}), an indexOf scan
60
+ * additionally collects every verbatim occurrence of each captured value
61
+ * elsewhere in the file. All spans are computed against the ORIGINAL
62
+ * content — never the partially substituted output — so an inserted
63
+ * sentinel can never be re-matched and corrupted, even when a captured
64
+ * value is a substring of the sentinel literal. Regex-match spans win
65
+ * over verbatim ones, and verbatim scans run longest-capture-first so a
66
+ * shorter capture that is a substring of a longer one cannot claim part
67
+ * of the longer secret's occurrence.
68
+ *
69
+ * Returns `null` when the pattern matches nothing — the caller routes
70
+ * that per the entry's `onExtractNoMatch` option (warn / deny / error;
71
+ * see {@link buildMaskedFileBinds}).
72
+ *
73
+ * Throws when a match has no group-1 capture. The schema already rejects
74
+ * patterns with zero groups, so this only fires when group 1 is optional
75
+ * and absent for some match (e.g. `"token: (\\S+)?"`); accepting that
76
+ * would silently mask nothing for that occurrence.
77
+ *
78
+ * Pure on `content`/`pattern`; the callback may close over a registry.
79
+ */
80
+ export declare function extractAndSubstitute(content: string, pattern: string, sentinelFor: (capture: string, index: number) => string, options?: ExtractOptions): ExtractResult | null;
24
81
  /** One masked file's bind mapping for the platform builder. */
25
82
  export interface MaskedFileBind {
26
83
  /** Resolved (tilde-expanded, realpath'd) host path of the real file. */
@@ -54,10 +111,38 @@ export declare class MaskedFileStore {
54
111
  /** Temp dir path, or undefined if no fake has been written yet. */
55
112
  get dirPath(): string | undefined;
56
113
  }
114
+ /** Result of {@link buildMaskedFileBinds}. */
115
+ export interface MaskedFileBuildResult {
116
+ binds: MaskedFileBind[];
117
+ /**
118
+ * Resolved paths of `mode: "mask"` entries that degraded to deny at
119
+ * runtime — populated when `extract` matches nothing and the entry's
120
+ * `onExtractNoMatch` is `"deny"`. Callers union these into the
121
+ * read-deny set so the credential file is unreadable rather than
122
+ * exposed.
123
+ */
124
+ degradeToDenyPaths: string[];
125
+ }
57
126
  /**
58
127
  * For each `mode: "mask"` file entry: resolve the path, read the real
59
- * content, register `(file:<path>, content, injectHosts)` in `registry`,
60
- * write the sentinel to a fake file via `store`, and return the bind list.
128
+ * content, build the fake content (whole-file or structured per `extract`),
129
+ * register sentinels in `registry`, write the fake via `store`, and return
130
+ * the bind list plus any entries that degraded to deny.
131
+ *
132
+ * Whole-file mode (no `extract`): one sentinel keyed `file:<path>` whose
133
+ * real value is the entire file content; the fake file *is* the sentinel.
134
+ *
135
+ * Structured mode (`extract` set): one sentinel per distinct captured
136
+ * value, keyed `file:<path>#<i>`; the fake file is the real content with
137
+ * each captured span replaced by its sentinel. If the regex matches
138
+ * nothing, the entry's `onExtractNoMatch` decides:
139
+ * - `"warn"` (default): skip the entry with a loud stderr warning —
140
+ * fail-open, the file stays readable via the root mount;
141
+ * - `"deny"`: push the path to `degradeToDenyPaths` — fail-closed, the
142
+ * file becomes unreadable inside the sandbox;
143
+ * - `"error"`: throw, so nothing runs until the regex is fixed.
144
+ * With `maskDuplicates`, verbatim occurrences of each captured value
145
+ * outside the matched spans are also replaced (see {@link ExtractOptions}).
61
146
  *
62
147
  * Entries whose path does not exist, is unreadable, or resolves to a
63
148
  * directory are skipped with a debug log — same posture as a masked env
@@ -67,6 +152,6 @@ export declare class MaskedFileStore {
67
152
  * The directory check is the authoritative one (the schema only catches a
68
153
  * trailing slash); whole-file masking has no meaning for a directory.
69
154
  */
70
- export declare function buildMaskedFileBinds(files: readonly CredentialFileConfig[], allowedDomains: readonly string[], registry: SentinelRegistry, store: MaskedFileStore): MaskedFileBind[];
155
+ export declare function buildMaskedFileBinds(files: readonly CredentialFileConfig[], allowedDomains: readonly string[], registry: SentinelRegistry, store: MaskedFileStore): MaskedFileBuildResult;
71
156
  export declare const MASKED_FILE_STORE_PREFIX = "srt-credmask-";
72
157
  //# sourceMappingURL=credential-mask-files.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"credential-mask-files.d.ts","sourceRoot":"","sources":["../../src/sandbox/credential-mask-files.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAOH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC/D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAShE,+DAA+D;AAC/D,MAAM,WAAW,cAAc;IAC7B,wEAAwE;IACxE,QAAQ,EAAE,MAAM,CAAA;IAChB,qDAAqD;IACrD,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,GAAG,CAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA4B;IAElD;;;;;OAKG;IACH,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM;IAoB5C,iEAAiE;IACjE,OAAO,IAAI,IAAI;IAcf,mEAAmE;IACnE,IAAI,OAAO,IAAI,MAAM,GAAG,SAAS,CAEhC;CACF;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,SAAS,oBAAoB,EAAE,EACtC,cAAc,EAAE,SAAS,MAAM,EAAE,EACjC,QAAQ,EAAE,gBAAgB,EAC1B,KAAK,EAAE,eAAe,GACrB,cAAc,EAAE,CA8ClB;AAED,eAAO,MAAM,wBAAwB,kBAAkB,CAAA"}
1
+ {"version":3,"file":"credential-mask-files.d.ts","sourceRoot":"","sources":["../../src/sandbox/credential-mask-files.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAOH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC/D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAShE;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAWD,gDAAgD;AAChD,MAAM,WAAW,cAAc;IAC7B;;;;;;;OAOG;IACH,cAAc,CAAC,EAAE,OAAO,CAAA;CACzB;AASD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,MAAM,EACvD,OAAO,GAAE,cAAmB,GAC3B,aAAa,GAAG,IAAI,CAkEtB;AAED,+DAA+D;AAC/D,MAAM,WAAW,cAAc;IAC7B,wEAAwE;IACxE,QAAQ,EAAE,MAAM,CAAA;IAChB,qDAAqD;IACrD,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,GAAG,CAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA4B;IAElD;;;;;OAKG;IACH,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM;IAoB5C,iEAAiE;IACjE,OAAO,IAAI,IAAI;IAcf,mEAAmE;IACnE,IAAI,OAAO,IAAI,MAAM,GAAG,SAAS,CAEhC;CACF;AAED,8CAA8C;AAC9C,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,cAAc,EAAE,CAAA;IACvB;;;;;;OAMG;IACH,kBAAkB,EAAE,MAAM,EAAE,CAAA;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,SAAS,oBAAoB,EAAE,EACtC,cAAc,EAAE,SAAS,MAAM,EAAE,EACjC,QAAQ,EAAE,gBAAgB,EAC1B,KAAK,EAAE,eAAe,GACrB,qBAAqB,CAiGvB;AAED,eAAO,MAAM,wBAAwB,kBAAkB,CAAA"}