@tangle-network/sandbox 0.1.2 → 0.2.1

package/dist/errors-CljiGR__.js

@@ -0,0 +1,262 @@
+//#region src/errors.ts
+/**
+* Sandbox SDK Errors
+*
+* Error classes for the Sandbox client SDK.
+*/
+/**
+* Base error class for all Sandbox SDK errors.
+*/
+var SandboxError = class extends Error {
+	/** HTTP status code if applicable */
+	status;
+	/** Error code for programmatic handling */
+	code;
+	/** Best-effort origin of the failing request */
+	origin;
+	/** Request path or endpoint when known */
+	endpoint;
+	/** Retry-after duration in ms when surfaced by the upstream */
+	retryAfterMs;
+	/** Sidecar version when the runtime emitted it */
+	sidecarVersion;
+	/** Sidecar image/tag/sha when the runtime emitted it */
+	containerImage;
+	constructor(message, code, status, metadata) {
+		super(message);
+		this.name = "SandboxError";
+		this.code = code;
+		this.status = status;
+		this.origin = metadata?.origin;
+		this.endpoint = metadata?.endpoint;
+		this.retryAfterMs = metadata?.retryAfterMs;
+		this.sidecarVersion = metadata?.sidecarVersion;
+		this.containerImage = metadata?.containerImage;
+	}
+};
+/**
+* Authentication failed or API key is invalid.
+*/
+var AuthError = class extends SandboxError {
+	constructor(message = "Authentication failed", metadata) {
+		super(message, "AUTH_ERROR", 401, metadata);
+		this.name = "AuthError";
+	}
+};
+/**
+* The requested resource was not found.
+*/
+var NotFoundError = class extends SandboxError {
+	/** The resource type that was not found */
+	resourceType;
+	/** The resource ID that was not found */
+	resourceId;
+	constructor(resourceType, resourceId, metadata) {
+		super(`${resourceType} not found: ${resourceId}`, "NOT_FOUND", 404, metadata);
+		this.name = "NotFoundError";
+		this.resourceType = resourceType;
+		this.resourceId = resourceId;
+	}
+};
+/**
+* Account quota or rate limit exceeded.
+*/
+var QuotaError = class extends SandboxError {
+	/** The type of quota that was exceeded */
+	quotaType;
+	/** Current usage */
+	current;
+	/** Maximum allowed */
+	limit;
+	/** Suggested retry-after duration in ms */
+	retryAfterMs;
+	constructor(quotaType, message, current, limit, metadata, status = 429) {
+		super(message ?? `Quota exceeded: ${quotaType}`, "QUOTA_EXCEEDED", status, metadata);
+		this.name = "QuotaError";
+		this.quotaType = quotaType;
+		this.current = current;
+		this.limit = limit;
+		this.retryAfterMs = metadata?.retryAfterMs;
+	}
+};
+/**
+* The requested capability is unavailable for the account, driver, or sandbox.
+*/
+var CapabilityError = class extends SandboxError {
+	/** Capability or feature that was rejected when known */
+	capability;
+	constructor(message, code = "CAPABILITY_UNSUPPORTED", status = 400, metadata, capability) {
+		super(message, code, status, metadata);
+		this.name = "CapabilityError";
+		this.capability = capability;
+	}
+};
+/**
+* A multi-resource operation failed for one or more branches.
+*/
+var PartialFailureError = class extends SandboxError {
+	/** Per-resource failures returned by the API when available */
+	failures;
+	constructor(message, code = "PARTIAL_FAILURE", status = 502, metadata, failures) {
+		super(message, code, status, metadata);
+		this.name = "PartialFailureError";
+		this.failures = failures;
+	}
+};
+/**
+* The request was invalid or malformed.
+*/
+var ValidationError = class extends SandboxError {
+	/** Field-level validation errors */
+	fields;
+	constructor(message, fields, metadata) {
+		super(message, "VALIDATION_ERROR", 400, metadata);
+		this.name = "ValidationError";
+		this.fields = fields;
+	}
+};
+/**
+* The sandbox is not in a valid state for the requested operation.
+*/
+var StateError = class extends SandboxError {
+	/** Current state of the sandbox */
+	currentState;
+	/** Required state for the operation */
+	requiredState;
+	constructor(message, currentState, requiredState, metadata) {
+		super(message, "INVALID_STATE", 409, metadata);
+		this.name = "StateError";
+		this.currentState = currentState;
+		this.requiredState = requiredState;
+	}
+};
+/**
+* The request timed out.
+*/
+var TimeoutError = class extends SandboxError {
+	/** Timeout duration in milliseconds */
+	timeoutMs;
+	constructor(timeoutMs, message, metadata) {
+		super(message ?? `Request timed out after ${timeoutMs}ms`, "TIMEOUT", 408, metadata);
+		this.name = "TimeoutError";
+		this.timeoutMs = timeoutMs;
+	}
+};
+/**
+* A network or connection error occurred.
+*/
+var NetworkError = class extends SandboxError {
+	/** The underlying error */
+	cause;
+	constructor(message, causeOrMetadata, metadata) {
+		const cause = causeOrMetadata instanceof Error ? causeOrMetadata : void 0;
+		const resolvedMetadata = causeOrMetadata instanceof Error ? metadata : causeOrMetadata ?? metadata;
+		super(message, "NETWORK_ERROR", void 0, resolvedMetadata);
+		this.name = "NetworkError";
+		this.cause = cause;
+	}
+};
+/**
+* The server returned an unexpected error.
+*/
+var ServerError = class extends SandboxError {
+	constructor(message, status = 500, metadata) {
+		super(message, "SERVER_ERROR", status, metadata);
+		this.name = "ServerError";
+	}
+};
+function parseRetryAfterMs(rawValue, data) {
+	if (typeof data.retryAfterMs === "number" && Number.isFinite(data.retryAfterMs)) return Math.max(0, data.retryAfterMs);
+	if (!rawValue) return void 0;
+	const trimmed = rawValue.trim();
+	if (!trimmed) return void 0;
+	const seconds = Number(trimmed);
+	if (Number.isFinite(seconds)) return Math.max(0, seconds) * 1e3;
+	const targetTs = Date.parse(trimmed);
+	if (!Number.isNaN(targetTs)) return Math.max(0, targetTs - Date.now());
+}
+function inferOrigin(headers, context) {
+	const derivedPath = context?.path ?? headers?.get("x-tangle-request-path") ?? void 0;
+	if (!headers) return context?.path ? "sandbox-api" : void 0;
+	if (headers.has("x-sidecar-version") || headers.has("x-sidecar-image") || headers.has("x-sidecar-image-tag")) return "sidecar";
+	if (headers.has("x-orchestrator-version")) return "control-plane";
+	if (derivedPath?.startsWith("/v1/")) return "sandbox-api";
+	if (derivedPath) {
+		if (derivedPath.startsWith("/projects") || derivedPath.startsWith("/sidecars") || derivedPath.startsWith("/instances")) return "control-plane";
+		return "runtime";
+	}
+	return "unknown";
+}
+function isQuotaCode(code) {
+	return code === "QUOTA_EXCEEDED" || code?.endsWith("_QUOTA_EXCEEDED") === true;
+}
+function isCapabilityCode(code) {
+	return code === "CAPABILITY_NOT_ENABLED" || code === "CAPABILITY_UNSUPPORTED" || code === "UNSUPPORTED_CAPABILITY" || code === "FLEET_SHARED_WORKSPACE_UNSUPPORTED" || code === "SHARED_WORKSPACE_UNSUPPORTED";
+}
+function isPartialFailureCode(code) {
+	return code === "PARTIAL_FAILURE" || code === "FLEET_PARTIAL_FAILURE" || code === "FLEET_DISPATCH_PARTIAL_FAILURE" || code === "FLEET_DEPROVISION_FAILED";
+}
+function asString(value) {
+	return typeof value === "string" && value.trim().length > 0 ? value : void 0;
+}
+function isFailureDetail(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function readCapability(data, errorObj) {
+	const nested = typeof errorObj === "object" && errorObj !== null ? asString(errorObj.capability) : void 0;
+	return asString(data.capability) ?? nested;
+}
+function readFailures(data, errorObj) {
+	if (Array.isArray(data.failures)) return data.failures.filter(isFailureDetail);
+	if (Array.isArray(data.results)) {
+		const failures = data.results.filter((result) => typeof result === "object" && result !== null && result.ok === false);
+		if (failures.length > 0) return failures.filter(isFailureDetail);
+	}
+	if (typeof errorObj === "object" && errorObj !== null && Array.isArray(errorObj.failures)) return errorObj.failures.filter(isFailureDetail);
+}
+/**
+* Parse an error response from the API.
+* @param status - HTTP status code
+* @param body - Response body text
+* @param context - Optional request context for better error messages
+*/
+function parseErrorResponse(status, body, context, headers) {
+	let data;
+	try {
+		data = JSON.parse(body);
+	} catch {
+		data = { message: body };
+	}
+	const errorObj = data.error;
+	const nestedMessage = typeof errorObj === "object" && errorObj !== null ? errorObj.message : void 0;
+	const nestedCode = typeof errorObj === "object" && errorObj !== null ? errorObj.code : void 0;
+	const baseMessage = data.message || nestedMessage || (typeof errorObj === "string" ? errorObj : void 0) || body || "Unknown error";
+	const details = typeof data.details === "string" && data.details.trim().length > 0 ? data.details.trim() : void 0;
+	const shouldAppendDetails = !!details && details !== baseMessage && (baseMessage === "Unknown error" || /^failed\b/i.test(baseMessage) || /^provision failed\b/i.test(baseMessage) || /^deprovision failed\b/i.test(baseMessage));
+	const code = data.code || nestedCode;
+	const message = `${context ? `${context.method ?? "REQUEST"} ${context.path ?? ""}: ` : ""}${shouldAppendDetails ? `${baseMessage}: ${details}` : baseMessage}`;
+	const metadata = {
+		origin: inferOrigin(headers, context),
+		endpoint: context?.path ?? headers?.get("x-tangle-request-path") ?? void 0,
+		retryAfterMs: parseRetryAfterMs(headers?.get("retry-after") ?? void 0, data),
+		sidecarVersion: headers?.get("x-sidecar-version") ?? void 0,
+		containerImage: headers?.get("x-sidecar-image") ?? headers?.get("x-sidecar-image-tag") ?? void 0
+	};
+	if (isQuotaCode(code)) return new QuotaError(data.quotaType || "rate_limit", message, data.current, data.limit, metadata, status);
+	if (isCapabilityCode(code)) return new CapabilityError(message, code, status, metadata, readCapability(data, errorObj));
+	if (isPartialFailureCode(code)) return new PartialFailureError(message, code, status, metadata, readFailures(data, errorObj));
+	switch (status) {
+		case 400: return new ValidationError(message, data.fields, metadata);
+		case 401: return new AuthError(message, metadata);
+		case 404: return new NotFoundError(data.resourceType || "Resource", data.resourceId || "unknown", metadata);
+		case 408: return new TimeoutError(data.timeoutMs || 3e4, message, metadata);
+		case 409: return new StateError(message, data.currentState || "unknown", data.requiredState, metadata);
+		case 429: return new QuotaError(data.quotaType || "rate_limit", message, data.current, data.limit, metadata);
+		case 501: return new SandboxError(message, code || "NOT_IMPLEMENTED", status, metadata);
+		default:
+			if (status >= 500) return new ServerError(message, status, metadata);
+			return new SandboxError(message, code || "UNKNOWN_ERROR", status, metadata);
+	}
+}
+//#endregion
+export { PartialFailureError as a, ServerError as c, ValidationError as d, parseErrorResponse as f, NotFoundError as i, StateError as l, CapabilityError as n, QuotaError as o, NetworkError as r, SandboxError as s, AuthError as t, TimeoutError as u };

package/dist/{index-BuS8nl3b.d.ts → index-CCsA3S0D.d.ts}

@@ -4,6 +4,11 @@
  *
  * Shared type contracts for collaborative document identity and bootstrap.
  */
+/**
+ * Headers shape accepted by `fetch` requests. Mirrors the standard
+ * `HeadersInit` (which is not consistently exported by `@types/node`).
+ */
+type CollaborationRequestHeaders = Headers | Record<string, string> | Array<[string, string]>;
 interface CollaborationDocumentRef {
   workspaceId: string;
   relativePath: string;
@@ -80,7 +85,7 @@ interface CollaborationFileBridgeOptions {
 interface CollaborationClientConfig {
   baseUrl: string;
   timeoutMs?: number;
-  headers?: HeadersInit | (() => HeadersInit | Promise<HeadersInit>);
+  headers?: CollaborationRequestHeaders | (() => CollaborationRequestHeaders | Promise<CollaborationRequestHeaders>);
   fetch?: typeof globalThis.fetch;
 }
 //#endregion

package/dist/{index-t7xkzv0U.d.ts → index-DhNGZ0h4.d.ts}

@@ -1,4 +1,4 @@
-import { b as CreateSandboxOptions, n as SandboxInstance, t as HttpClient } from "./sandbox-BvZ0-Iv7.js";
+import { P as CreateSandboxOptions, n as SandboxInstance, t as HttpClient } from "./sandbox-aBpWqler.js";
 
 //#region src/tangle/abi.d.ts
 /**
@@ -127,8 +127,8 @@ declare const SandboxCreateParamTypes: readonly [{
   readonly name: "ssh_enabled";
   readonly type: "bool";
 }, {
-  readonly name: "ssh_public_key";
-  readonly type: "string";
+  readonly name: "ssh_public_keys";
+  readonly type: "string[]";
 }, {
   readonly name: "web_terminal_enabled";
   readonly type: "bool";

package/dist/{index-gA-oRjOi.d.ts → index-Dpj1oB5i.d.ts}

@@ -120,10 +120,41 @@ declare function issueBatchScopedToken(signingSecret: string, payload: Omit<Read
  */
 declare function issueCollaborationToken(signingSecret: string, payload: IssueCollaborationTokenOptions, ttlMinutes: number): string;
 /**
- * Decode a JWT without verification (to extract claims for lookup).
- * Returns null if the token is malformed.
+ * Decode a JWT **without verifying its signature**.
+ *
+ * The deliberately scary name is the API contract: an HMAC-signed token
+ * whose signature has not been verified is a self-asserted blob of JSON,
+ * not an authenticated claim. Treating its fields as authoritative
+ * (e.g. `if (unsafeDecodeToken(t).sub === userId) grantAccess()`) is a
+ * straightforward authorization bypass — an attacker can mint any
+ * payload they like.
+ *
+ * Use this only when the signature has already been validated upstream
+ * (e.g. by an API gateway that strips the token after verification),
+ * for client-side `exp` peeking to decide whether to refresh, or for
+ * routing/logging keyed off non-security-sensitive claims.
+ *
+ * For any access-control decision, use {@link verifyToken} instead.
+ *
+ * Returns `null` if the token is malformed.
+ */
+declare function unsafeDecodeToken(token: string): AnyTokenPayload | null;
+/**
+ * Verify a JWT's HMAC-SHA256 signature against `signingSecret` and
+ * check that it has not expired. Returns the decoded payload on
+ * success, or `null` on any failure (malformed token, bad signature,
+ * expired, or unexpected algorithm).
+ *
+ * Signature comparison is constant-time. Callers must use this — not
+ * {@link unsafeDecodeToken} — for any authorization decision.
+ *
+ * @param token - The JWT to verify
+ * @param signingSecret - The same secret used to issue the token
+ * @param options.clockSkewSeconds - Tolerance for `exp` checks; default `0`
  */
-declare function decodeToken(token: string): AnyTokenPayload | null;
+declare function verifyToken(token: string, signingSecret: string, options?: {
+  clockSkewSeconds?: number;
+}): AnyTokenPayload | null;
 /**
  * Get time until token expires (in seconds).
  * Returns negative if expired.
@@ -186,4 +217,4 @@ declare class ProductTokenIssuer {
   getTtlMinutes(tier?: "free" | "pro" | "enterprise"): number;
 }
 //#endregion
-export { SessionScopedTokenPayload as _, issueBatchScopedToken as a, issueReadToken as c, BatchScopedTokenPayload as d, CollaborationAccess as f, ReadTokenPayload as g, ProjectScopedTokenPayload as h, isTokenExpiringSoon as i, issueSessionScopedToken as l, IssueCollaborationTokenOptions as m, decodeToken as n, issueCollaborationToken as o, CollaborationTokenPayload as p, getTokenTTL as r, issueProjectScopedToken as s, ProductTokenIssuer as t, AnyTokenPayload as u, TokenScope as v };
+export { ReadTokenPayload as _, issueCollaborationToken as a, issueSessionScopedToken as c, AnyTokenPayload as d, BatchScopedTokenPayload as f, ProjectScopedTokenPayload as g, IssueCollaborationTokenOptions as h, issueBatchScopedToken as i, unsafeDecodeToken as l, CollaborationTokenPayload as m, getTokenTTL as n, issueProjectScopedToken as o, CollaborationAccess as p, isTokenExpiringSoon as r, issueReadToken as s, ProductTokenIssuer as t, verifyToken as u, SessionScopedTokenPayload as v, TokenScope as y };

package/dist/index.d.ts

@@ -1,8 +1,9 @@
-import { f as CollaborationAccess, m as IssueCollaborationTokenOptions, p as CollaborationTokenPayload, u as AnyTokenPayload } from "./index-gA-oRjOi.js";
-import { _ as CollaborationTransportConfig, a as CollaborationClient, c as CollaborationClientConfig, d as CollaborationDocumentRef, f as CollaborationFileBridgeOptions, g as CollaborationTokenRefreshResponse, h as CollaborationTokenRefreshRequest, i as parseCollaborationDocumentId, l as CollaborationDocumentAdapter, m as CollaborationPermissions, n as buildCollaborationDocumentId, o as CollaborationBootstrapRequest, p as CollaborationFileEvent, r as normalizeCollaborationPath, s as CollaborationBootstrapResponse, t as CollaborationFileBridge, u as CollaborationDocumentChange, v as SaveCollaborationSnapshotRequest, y as SaveCollaborationSnapshotResponse } from "./index-BuS8nl3b.js";
-import { $ as Process, $t as AgentProfileResourceRef, A as ExecResult, At as StorageConfig, B as GitStatus, Bt as UpdateUserOptions, C as DownloadOptions, Ct as SearchMatch, D as DriverType, Dt as SnapshotInfo, E as DriverInfo, Et as SecretsManager, F as GitAuth, Ft as TeeAttestationReport, G as McpServerConfig, Gt as AgentProfile, H as InstalledTool, Ht as UploadProgress, I as GitBranch, It as TeeAttestationResponse, J as NetworkManager, Jt as AgentProfileFileMount, K as MkdirOptions, Kt as AgentProfileCapabilities, L as GitCommit, Lt as TeePublicKey, M as FileSystem, Mt as TaskOptions, N as ForkOptions, Nt as TaskResult, O as EventStreamOptions, Ot as SnapshotOptions, P as ForkResult, Pt as TeeAttestationOptions, Q as PreviewLinkManager, Qt as AgentProfilePrompt, R as GitConfig, Rt as TeePublicKeyResponse, S as DirectoryPermission, St as SandboxUser, T as DriverConfig, Tt as SecretInfo, U as ListOptions, Ut as UsageInfo, V as GpuType, Vt as UploadOptions, W as ListSandboxOptions, Wt as WaitForOptions, X as PermissionsManager, Xt as AgentProfileModelHints, Y as PermissionLevel, Yt as AgentProfileMcpServer, Z as PreviewLinkInfo, Zt as AgentProfilePermissionValue, _ as CheckpointOptions, _t as SandboxEvent, a as BackendCapabilities, an as defineGitHubResource, at as ProcessStatus, b as CreateSandboxOptions, bt as SandboxResources, c as BackendManager, ct as ProvisionEvent, d as BatchEvent, dt as ProvisionStep, en as AgentProfileResources, et as ProcessInfo, f as BatchOptions, ft as RunCodeOptions, g as CheckpointInfo, gt as SandboxEnvironment, h as BatchTaskResult, ht as SandboxConnection, i as AddUserOptions, in as defineAgentProfile, it as ProcessSpawnOptions, j as FileInfo, jt as SubscriptionInfo, k as ExecOptions, kt as SnapshotResult, l as BackendStatus, lt as ProvisionResult, m as BatchTask, mt as SandboxClientConfig, n as SandboxInstance, nn as AgentProfileValidationResult, nt as ProcessManager, o as BackendConfig, on as defineInlineResource, ot as PromptOptions, p as BatchResult, pt as SSHCredentials, q as NetworkConfig, qt as AgentProfileConfidential, r as AccessPolicyRule, rn as AgentSubagentProfile, rt as ProcessSignal, s as BackendInfo, sn as mergeAgentProfiles, st as PromptResult, tn as AgentProfileValidationIssue, tt as ProcessLogEntry, u as BackendType, ut as ProvisionStatus, v as CheckpointResult, vt as SandboxInfo, w as DownloadProgress, wt as SearchOptions, x as DeleteOptions, xt as SandboxStatus, y as CodeResult, yt as SandboxPermissionsConfig, z as GitDiff, zt as ToolsConfig } from "./sandbox-BvZ0-Iv7.js";
-import { a as SandboxError, c as TimeoutError, d as InviteTeamMemberOptions, f as SandboxClient, h as TeamMember, i as QuotaError, l as ValidationError, m as TeamInvitation, n as NetworkError, o as ServerError, p as Team, r as NotFoundError, s as StateError, t as AuthError, u as CreateTeamOptions } from "./errors-AIT8qikt.js";
-import { s as TangleSandboxClientConfig, t as TangleSandboxClient } from "./index-t7xkzv0U.js";
+import { d as AnyTokenPayload, h as IssueCollaborationTokenOptions, m as CollaborationTokenPayload, p as CollaborationAccess } from "./index-Dpj1oB5i.js";
+import { _ as CollaborationTransportConfig, a as CollaborationClient, c as CollaborationClientConfig, d as CollaborationDocumentRef, f as CollaborationFileBridgeOptions, g as CollaborationTokenRefreshResponse, h as CollaborationTokenRefreshRequest, i as parseCollaborationDocumentId, l as CollaborationDocumentAdapter, m as CollaborationPermissions, n as buildCollaborationDocumentId, o as CollaborationBootstrapRequest, p as CollaborationFileEvent, r as normalizeCollaborationPath, s as CollaborationBootstrapResponse, t as CollaborationFileBridge, u as CollaborationDocumentChange, v as SaveCollaborationSnapshotRequest, y as SaveCollaborationSnapshotResponse } from "./index-CCsA3S0D.js";
+import { A as IntegrationAction, B as TriggerRun, C as CreateAutomationInput, D as EndpointInfo, E as DeliveryAttempt, F as IntegrationScope, G as ParsedSSEEvent, H as SandboxFleet, I as IntegrationVerificationKind, K as parseSSEStream, L as IntegrationsManager, M as IntegrationDeliveryStatus, N as IntegrationPrincipalType, O as EndpointWithSecret, P as IntegrationProvider, R as RecipeManifest, S as ConnectionInfo, T as CreateTriggerInput, U as SandboxFleetClient, V as TriggerWithSecret, W as ParseSSEStreamOptions, _ as SandboxClient, a as PartialFailureError, b as TeamMember, c as SandboxErrorJson, d as StateError, f as TimeoutError, g as InviteTeamMemberOptions, h as IntelligenceClient, i as NotFoundError, j as IntegrationActionKind, k as InstallRecipeInput, l as SandboxFailureDetail, m as CreateTeamOptions, n as CapabilityError, o as QuotaError, p as ValidationError, r as NetworkError, s as SandboxError, t as AuthError, u as ServerError, v as Team, w as CreateEndpointInput, x as AutomationInfo, y as TeamInvitation, z as TriggerInfo } from "./errors-BI75IXOM.js";
+import { $ as FleetExecDispatchOptions, $n as SnapshotInfo, $t as RunCodeOptions, A as CreateIntelligenceReportOptions, An as SandboxFleetWorkspaceReconcileResult, Ar as AgentProfileValidationResult, At as PreviewLinkManager, B as DownloadProgress, Bn as SandboxTraceExport, Br as SandboxMcpServerEntry, Bt as PromptResult, C as BatchResult, Cn as SandboxFleetToken, Cr as AgentProfileMcpServer, Ct as MintScopedTokenOptions, D as CheckpointOptions, Dn as SandboxFleetTraceOptions, Dr as AgentProfileResourceRef, Dt as PermissionLevel, E as CheckpointInfo, En as SandboxFleetTraceExport, Er as AgentProfilePrompt, Et as NetworkManager, F as DeleteOptions, Fn as SandboxPermissionsConfig, Fr as mergeAgentProfiles, Ft as ProcessSignal, G as ExecOptions, Gn as SearchMatch, Gt as PublicTemplateInfo, H as DriverInfo, Hn as SandboxUser, Ht as ProvisionResult, I as DirectoryPermission, In as SandboxResources, Ir as BuildSandboxMcpConfigOptions, It as ProcessSpawnOptions, J as FileSystem, Jn as SecretsManager, Jt as PublishPublicTemplateVersionOptions, K as ExecResult, Kn as SearchOptions, Kt as PublicTemplateVersionInfo, L as DispatchPromptOptions, Ln as SandboxStatus, Lr as SANDBOX_MCP_SERVER_NAME, Lt as ProcessStatus, Mn as SandboxFleetWorkspaceSnapshotResult, Mr as defineAgentProfile, Mt as ProcessInfo, N as CreateSandboxFleetWithCoordinatorOptions, Nn as SandboxInfo, Nr as defineGitHubResource, Nt as ProcessLogEntry, O as CheckpointResult, On as SandboxFleetUsage, Or as AgentProfileResources, Ot as PermissionsManager, P as CreateSandboxOptions, Pn as SandboxIntelligenceEnvelope, Pr as defineInlineResource, Pt as ProcessManager, Q as FleetDispatchStreamOptions, Qn as SessionStatus, Qt as ReconcileSandboxFleetsResult, R as DispatchedSession, Rn as SandboxTraceBundle, Rr as SandboxMcpConfig, S as BatchOptions, Sn as SandboxFleetPolicy, Sr as AgentProfileFileMount, St as McpServerConfig, T as BatchTaskResult, Tn as SandboxFleetTraceEvent, Tr as AgentProfilePermissionValue, Tt as NetworkConfig, U as DriverType, Un as ScopedToken, Ut as ProvisionStatus, V as DriverConfig, Vn as SandboxTraceOptions, Vr as buildSandboxMcpConfig, Vt as ProvisionEvent, W as EventStreamOptions, Wn as ScopedTokenScope, Wt as ProvisionStep, X as FleetDispatchResultBuffer, Xn as SessionInfo, Xt as ReapExpiredSandboxFleetsResult, Y as FleetDispatchCancelResult, Yn as SessionEventStreamOptions, Yt as ReapExpiredSandboxFleetsOptions, Z as FleetDispatchResultBufferOptions, Zn as SessionListOptions, Zt as ReconcileSandboxFleetsOptions, _ as BackendInfo, _n as SandboxFleetMachineRecord, _r as UsageInfo, _t as IntelligenceReportSubjectType, a as TraceExportSink, an as SandboxEvent, ar as TaskOptions, at as ForkResult, b as BackendType, bn as SandboxFleetManifestMachine, br as AgentProfileCapabilities, bt as ListSandboxFleetOptions, c as otelTraceIdForTangleTrace, cn as SandboxFleetCostEstimate, cr as TeeAttestationReport, ct as GitCommit, d as AcceleratorKind, dn as SandboxFleetDriverCapability, dr as TeePublicKeyResponse, dt as GitStatus, en as SSHCommandDescriptor, er as SnapshotOptions, f as AccessPolicyRule, fn as SandboxFleetDriverTimings, fr as TokenRefreshHandler, ft as GpuType, g as BackendConfig, gn as SandboxFleetMachineMeteredUsage, gr as UploadProgress, gt as IntelligenceReportCompareTo, h as BackendCapabilities, hn as SandboxFleetMachine, hr as UploadOptions, ht as IntelligenceReportBudget, i as TraceExportResult, in as SandboxEnvironment, ir as SubscriptionInfo, it as ForkOptions, j as CreateSandboxFleetOptions, jn as SandboxFleetWorkspaceRestoreResult, jr as AgentSubagentProfile, jt as Process, k as CodeResult, kn as SandboxFleetWorkspace, kr as AgentProfileValidationIssue, kt as PreviewLinkInfo, l as toOtelJson, ln as SandboxFleetDispatchFailureClass, lr as TeeAttestationResponse, lt as GitConfig, m as AttachSandboxFleetMachineOptions, mn as SandboxFleetIntelligenceEnvelope, mr as UpdateUserOptions, mt as IntelligenceReport, n as SandboxInstance, nn as SandboxClientConfig, nt as FleetPromptDispatchOptions, o as buildTraceExportPayload, on as SandboxFleetArtifact, or as TaskResult, ot as GitAuth, p as AddUserOptions, pn as SandboxFleetInfo, pr as ToolsConfig, pt as InstalledTool, q as FileInfo, qn as SecretInfo, qt as PublishPublicTemplateOptions, r as TraceExportFormat, rn as SandboxConnection, rr as StorageConfig, s as exportTraceBundle, sn as SandboxFleetArtifactSpec, sr as TeeAttestationOptions, st as GitBranch, tn as SSHCredentials, tr as SnapshotResult, tt as FleetMachineId, u as SandboxSession, un as SandboxFleetDispatchResponse, ur as TeePublicKey, ut as GitDiff, v as BackendManager, vn as SandboxFleetMachineSpec, vr as WaitForOptions, vt as IntelligenceReportWindow, w as BatchTask, wn as SandboxFleetTraceBundle, wr as AgentProfileModelHints, wt as MkdirOptions, x as BatchEvent, xn as SandboxFleetOperationsSummary, xr as AgentProfileConfidential, xt as ListSandboxOptions, y as BackendStatus, yn as SandboxFleetManifest, yr as AgentProfile, yt as ListOptions, z as DownloadOptions, zn as SandboxTraceEvent, zr as SandboxMcpEndpoint, zt as PromptOptions } from "./sandbox-aBpWqler.js";
+import { IntegrationActor, IntegrationManifest, IntegrationRequirement } from "./platform-integrations.js";
+import { s as TangleSandboxClientConfig, t as TangleSandboxClient } from "./index-DhNGZ0h4.js";
 
 //#region src/attestation-heartbeat.d.ts
 interface TeeAttestationHeartbeatSample {
@@ -444,65 +445,111 @@ declare class ImageBuilder {
  */
 declare function generateDockerfile(spec: ImageSpec): string;
 //#endregion
-//#region src/lib/sse-parser.d.ts
-/**
- * SSE Stream Parser
- *
- * EventSource stream parsing for SDK consumers. Implements the
- * subset of the SSE spec (§9.2.6) that the platform actually emits —
- * LF and CRLF terminators, `event:` / `data:` / `id:` fields, and
- * multi-line `data:` dispatch. Used by `SandboxClient.streamBatch`
- * and by the web dashboard's batch page; exported so downstream
- * surfaces don't maintain their own copies.
- *
- * Guarantees:
- *   - Correctly buffers frames that straddle chunk boundaries.
- *   - Accepts LF- and CRLF-terminated streams interchangeably.
- *   - Joins multi-line `data:` per the spec (dispatch joins with
- *     "\n" before JSON parse).
- *   - Defaults event type to `"message"` when a frame carries
- *     `data:` but no `event:` field (SSE spec §9.2.6 step 3).
- *   - Surfaces optional `id:` so callers can implement reconnection.
- *   - Flushes a dangling event when the stream closes without a
- *     terminating blank line (well-behaved servers emit `\n\n`, but
- *     some close early).
- *   - Throws `AbortError` when the caller-supplied signal fires, so
- *     consumers can distinguish "ran to completion" from "cancelled"
- *     without peeking at signal state.
- *   - Silently drops frames with malformed JSON — the stream remains
- *     usable and only the individual frame is lost.
- *
- * What it does NOT do:
- *   - CR-only (legacy Mac) line terminators. No known emitter uses
- *     them; supporting them would risk splitting payloads that
- *     legitimately contain CR.
- *   - Retry/reconnect (caller's responsibility).
- *   - Event-type filtering (caller's responsibility).
- */
-interface ParsedSSEEvent {
-  /** Event type from the `event:` field, e.g. `task.completed`. */
-  type: string;
-  /** Parsed JSON payload from joined `data:` lines. */
-  data: Record<string, unknown>;
-  /** Optional `id:` field if the server emitted one. */
-  id?: string;
+//#region src/manage-sandboxes.d.ts
+declare const MANAGE_SANDBOXES_TOOL_NAME = "manageSandboxes";
+type ManageSandboxesInput = {
+  action: "capabilities";
+} | {
+  action: "create";
+  options: CreateSandboxFleetOptions;
+} | {
+  action: "createWithCoordinator";
+  options: CreateSandboxFleetWithCoordinatorOptions;
+} | {
+  action: "list";
+  fleetId: string;
+} | {
+  action: "delete";
+  fleetId: string;
+} | {
+  action: "attachMachine";
+  fleetId: string;
+  machine: AttachSandboxFleetMachineOptions;
+} | {
+  action: "detachMachine";
+  fleetId: string;
+  machineId: FleetMachineId;
+} | {
+  action: "manifest";
+  fleetId: string;
+} | {
+  action: "usage";
+  fleetId: string;
+} | {
+  action: "trace";
+  fleetId: string;
+} | {
+  action: "intelligence";
+  fleetId: string;
+} | {
+  action: "cost";
+  fleetId: string;
+} | {
+  action: "createWorkspaceSnapshot";
+  fleetId: string;
+} | {
+  action: "restoreWorkspaceSnapshot";
+  fleetId: string;
+  snapshotId: string;
+} | {
+  action: "reconcileWorkspace";
+  fleetId: string;
+};
+interface ManageSandboxesTool {
+  name: typeof MANAGE_SANDBOXES_TOOL_NAME;
+  description: string;
+  parameters: Record<string, unknown>;
+  execute(input: ManageSandboxesInput | Record<string, unknown>): Promise<unknown>;
 }
-interface ParseSSEStreamOptions {
+interface ManageSandboxesToolOptions {
   /**
-   * Signal to abort the stream. When aborted, the generator throws
-   * `AbortError` — this is a deliberate departure from silent-return
-   * semantics so the consumer's for-await loop propagates the abort
-   * to its own catch block instead of looking like a clean finish.
+   * Host-owned caps applied to every create action. The model must not be
+   * allowed to choose its own spend, driver, accelerator, or scale policy.
    */
-  signal?: AbortSignal;
+  policy?: SandboxFleetPolicy;
 }
-/**
- * Parse a streaming SSE response body into an async iterable of
- * structured events.
- *
- * @throws `TypeError` when the response has no body.
- * @throws `DOMException` with `name === "AbortError"` on cancellation.
- */
-declare function parseSSEStream(body: ReadableStream<Uint8Array> | null | undefined, options?: ParseSSEStreamOptions): AsyncGenerator<ParsedSSEEvent>;
+declare function createManageSandboxesTool(client: SandboxClient, options?: ManageSandboxesToolOptions): ManageSandboxesTool;
+declare const MANAGE_SANDBOXES_PARAMETERS: {
+  readonly type: "object";
+  readonly additionalProperties: false;
+  readonly required: readonly ["action"];
+  readonly properties: {
+    readonly action: {
+      readonly type: "string";
+      readonly enum: readonly ["capabilities", "create", "createWithCoordinator", "list", "delete", "attachMachine", "detachMachine", "manifest", "usage", "trace", "intelligence", "cost", "createWorkspaceSnapshot", "restoreWorkspaceSnapshot", "reconcileWorkspace"];
+    };
+    readonly fleetId: {
+      type: string;
+      pattern: string;
+    };
+    readonly machineId: {
+      type: string;
+      pattern: string;
+    };
+    readonly snapshotId: {
+      readonly type: "string";
+      readonly minLength: 1;
+    };
+    readonly options: {
+      readonly type: "object";
+    };
+    readonly machine: {
+      readonly type: "object";
+      readonly required: readonly ["machineId", "sandboxId"];
+      readonly additionalProperties: true;
+      readonly properties: {
+        readonly machineId: {
+          type: string;
+          pattern: string;
+        };
+        readonly sandboxId: {
+          readonly type: "string";
+          readonly minLength: 1;
+          readonly maxLength: 128;
+        };
+      };
+    };
+  };
+};
 //#endregion
-export { type AccessPolicyRule, type AddUserOptions, type AgentProfile, type AgentProfileCapabilities, type AgentProfileFileMount, type AgentProfileMcpServer, type AgentProfileModelHints, type AgentProfilePermissionValue, type AgentProfilePrompt, type AgentProfileResourceRef, type AgentProfileResources, type AgentProfileValidationIssue, type AgentProfileValidationResult, type AgentSubagentProfile, type AnyTokenPayload, AuthError, type BackendCapabilities, type BackendConfig, type BackendInfo, type BackendManager, type BackendStatus, type BackendType, type BatchEvent, type BatchOptions, type BatchResult, type BatchTask, type BatchTaskResult, type BuildProgressEvent, type CheckpointInfo, type CheckpointOptions, type CheckpointResult, type CodeResult, type CollaborationAccess, type CollaborationBootstrapRequest, type CollaborationBootstrapResponse, CollaborationClient, type CollaborationClientConfig, type CollaborationDocumentAdapter, type CollaborationDocumentChange, type CollaborationDocumentRef, CollaborationFileBridge, type CollaborationFileBridgeOptions, type CollaborationFileEvent, type CollaborationPermissions, type CollaborationTokenPayload, type CollaborationTokenRefreshRequest, type CollaborationTokenRefreshResponse, type CollaborationTransportConfig, type ConfidentialSandboxResult, type ConfidentialTeeType, type CreateConfidentialSandboxOptions, type CreateSandboxOptions, type CreateTeamOptions, type DeleteOptions, type DirectoryPermission, type DownloadOptions, type DownloadProgress, type DriverConfig, type DriverInfo, type DriverType, type EventStreamOptions, type ExecOptions, type ExecResult, type FileInfo, type FileSystem, type ForkOptions, type ForkResult, type GitAuth, type GitBranch, type GitCommit, type GitConfig, type GitDiff, type GitStatus, type GpuType, Image, type ImageBuildOptions, type ImageBuildResult, ImageBuilder, type ImageSpec, type InstalledTool, type InviteTeamMemberOptions, type IssueCollaborationTokenOptions, type ListOptions, type ListSandboxOptions, type McpServerConfig, type MkdirOptions, type NetworkConfig, NetworkError, type NetworkManager, NotFoundError, type ParseSSEStreamOptions, type ParsedSSEEvent, type PermissionLevel, type PermissionsManager, type PreviewLinkInfo, type PreviewLinkManager, type Process, type ProcessInfo, type ProcessLogEntry, type ProcessManager, type ProcessSignal, type ProcessSpawnOptions, type ProcessStatus, type PromptOptions, type PromptResult, type ProvisionEvent, type ProvisionResult, type ProvisionStatus, type ProvisionStep, QuotaError, type RunCodeOptions, type SSHCredentials, SandboxClient as Sandbox, SandboxClient, type SandboxClientConfig, type SandboxConnection, type SandboxEnvironment, SandboxError, type SandboxEvent, type SandboxInfo, SandboxInstance, type SandboxPermissionsConfig, type SandboxResources, type SandboxStatus, type SandboxUser, type SaveCollaborationSnapshotRequest, type SaveCollaborationSnapshotResponse, type SearchMatch, type SearchOptions, type SecretInfo, type SecretsManager, ServerError, type SnapshotInfo, type SnapshotOptions, type SnapshotResult, StateError, type StorageConfig, type SubscriptionInfo, TangleSandboxClient, type TangleSandboxClientConfig, type TaskOptions, type TaskResult, type Team, type TeamInvitation, type TeamMember, type TeeAttestationHeartbeat, type TeeAttestationHeartbeatOptions, type TeeAttestationHeartbeatSample, type TeeAttestationOptions, type TeeAttestationReport, type TeeAttestationResponse, type TeePublicKey, type TeePublicKeyResponse, TimeoutError, type ToolsConfig, type UpdateUserOptions, type UploadOptions, type UploadProgress, type UsageInfo, ValidationError, type WaitForOptions, buildCollaborationDocumentId, createConfidentialSandbox, defineAgentProfile, defineGitHubResource, defineInlineResource, generateAttestationNonce, generateDockerfile, mergeAgentProfiles, normalizeCollaborationPath, parseCollaborationDocumentId, parseSSEStream, startTeeAttestationHeartbeat };
+export { type AcceleratorKind, type AccessPolicyRule, type AddUserOptions, type AgentProfile, type AgentProfileCapabilities, type AgentProfileFileMount, type AgentProfileMcpServer, type AgentProfileModelHints, type AgentProfilePermissionValue, type AgentProfilePrompt, type AgentProfileResourceRef, type AgentProfileResources, type AgentProfileValidationIssue, type AgentProfileValidationResult, type AgentSubagentProfile, type AnyTokenPayload, type AttachSandboxFleetMachineOptions, AuthError, type AutomationInfo, type BackendCapabilities, type BackendConfig, type BackendInfo, type BackendManager, type BackendStatus, type BackendType, type BatchEvent, type BatchOptions, type BatchResult, type BatchTask, type BatchTaskResult, type BuildProgressEvent, type BuildSandboxMcpConfigOptions, CapabilityError, type CheckpointInfo, type CheckpointOptions, type CheckpointResult, type CodeResult, type CollaborationAccess, type CollaborationBootstrapRequest, type CollaborationBootstrapResponse, CollaborationClient, type CollaborationClientConfig, type CollaborationDocumentAdapter, type CollaborationDocumentChange, type CollaborationDocumentRef, CollaborationFileBridge, type CollaborationFileBridgeOptions, type CollaborationFileEvent, type CollaborationPermissions, type CollaborationTokenPayload, type CollaborationTokenRefreshRequest, type CollaborationTokenRefreshResponse, type CollaborationTransportConfig, type ConfidentialSandboxResult, type ConfidentialTeeType, type ConnectionInfo, type CreateAutomationInput, type CreateConfidentialSandboxOptions, type CreateEndpointInput, type CreateIntelligenceReportOptions, type CreateSandboxFleetOptions, type CreateSandboxFleetWithCoordinatorOptions, type CreateSandboxOptions, type CreateTeamOptions, type CreateTriggerInput, type DeleteOptions, type DeliveryAttempt, type DirectoryPermission, type DispatchPromptOptions, type DispatchedSession, type DownloadOptions, type DownloadProgress, type DriverConfig, type DriverInfo, type DriverType, type EndpointInfo, type EndpointWithSecret, type EventStreamOptions, type ExecOptions, type ExecResult, type FileInfo, type FileSystem, type FleetDispatchCancelResult, type FleetDispatchResultBuffer, type FleetDispatchResultBufferOptions, type FleetDispatchStreamOptions, type FleetExecDispatchOptions, type FleetMachineId, type FleetPromptDispatchOptions, type ForkOptions, type ForkResult, type GitAuth, type GitBranch, type GitCommit, type GitConfig, type GitDiff, type GitStatus, type GpuType, Image, type ImageBuildOptions, type ImageBuildResult, ImageBuilder, type ImageSpec, type InstallRecipeInput, type InstalledTool, type IntegrationAction, type IntegrationActionKind, type IntegrationActor, type IntegrationDeliveryStatus, type IntegrationManifest, type IntegrationPrincipalType, type IntegrationProvider, type IntegrationRequirement, type IntegrationScope, type IntegrationVerificationKind, IntegrationsManager, type RecipeManifest as IntegrationsRecipeManifest, IntelligenceClient, type IntelligenceReport, type IntelligenceReportBudget, type IntelligenceReportCompareTo, type IntelligenceReportSubjectType, type IntelligenceReportWindow, type InviteTeamMemberOptions, type IssueCollaborationTokenOptions, type ListOptions, type ListSandboxFleetOptions, type ListSandboxOptions, MANAGE_SANDBOXES_PARAMETERS, MANAGE_SANDBOXES_TOOL_NAME, type ManageSandboxesInput, type ManageSandboxesTool, type ManageSandboxesToolOptions, type McpServerConfig, type MintScopedTokenOptions, type MkdirOptions, type NetworkConfig, NetworkError, type NetworkManager, NotFoundError, type ParseSSEStreamOptions, type ParsedSSEEvent, PartialFailureError, type PermissionLevel, type PermissionsManager, type PreviewLinkInfo, type PreviewLinkManager, type Process, type ProcessInfo, type ProcessLogEntry, type ProcessManager, type ProcessSignal, type ProcessSpawnOptions, type ProcessStatus, type PromptOptions, type PromptResult, type ProvisionEvent, type ProvisionResult, type ProvisionStatus, type ProvisionStep, type PublicTemplateInfo, type PublicTemplateVersionInfo, type PublishPublicTemplateOptions, type PublishPublicTemplateVersionOptions, QuotaError, type ReapExpiredSandboxFleetsOptions, type ReapExpiredSandboxFleetsResult, type ReconcileSandboxFleetsOptions, type ReconcileSandboxFleetsResult, type RunCodeOptions, SANDBOX_MCP_SERVER_NAME, type SSHCommandDescriptor, type SSHCredentials, SandboxClient as Sandbox, SandboxClient, type SandboxClientConfig, type SandboxConnection, type SandboxEnvironment, SandboxError, type SandboxErrorJson, type SandboxEvent, type SandboxFailureDetail, SandboxFleet, type SandboxFleetArtifact, type SandboxFleetArtifactSpec, SandboxFleetClient, type SandboxFleetCostEstimate, type SandboxFleetDispatchFailureClass, type SandboxFleetDispatchResponse, type SandboxFleetDriverCapability, type SandboxFleetDriverTimings, type SandboxFleetInfo, type SandboxFleetIntelligenceEnvelope, type SandboxFleetMachine, type SandboxFleetMachineMeteredUsage, type SandboxFleetMachineRecord, type SandboxFleetMachineSpec, type SandboxFleetManifest, type SandboxFleetManifestMachine, type SandboxFleetOperationsSummary, type SandboxFleetPolicy, type SandboxFleetToken, type SandboxFleetTraceBundle, type SandboxFleetTraceEvent, type SandboxFleetTraceExport, type SandboxFleetTraceOptions, type SandboxFleetUsage, type SandboxFleetWorkspace, type SandboxFleetWorkspaceReconcileResult, type SandboxFleetWorkspaceRestoreResult, type SandboxFleetWorkspaceSnapshotResult, type SandboxInfo, SandboxInstance, type SandboxIntelligenceEnvelope, type SandboxMcpConfig, type SandboxMcpEndpoint, type SandboxMcpServerEntry, type SandboxPermissionsConfig, type SandboxResources, SandboxSession, type SandboxStatus, type SandboxTraceBundle, type SandboxTraceEvent, type SandboxTraceExport, type SandboxTraceOptions, type SandboxUser, type SaveCollaborationSnapshotRequest, type SaveCollaborationSnapshotResponse, type ScopedToken, type ScopedTokenScope, type SearchMatch, type SearchOptions, type SecretInfo, type SecretsManager, ServerError, type SessionEventStreamOptions, type SessionInfo, type SessionListOptions, type SessionStatus, type SnapshotInfo, type SnapshotOptions, type SnapshotResult, StateError, type StorageConfig, type SubscriptionInfo, TangleSandboxClient, type TangleSandboxClientConfig, type TaskOptions, type TaskResult, type Team, type TeamInvitation, type TeamMember, type TeeAttestationHeartbeat, type TeeAttestationHeartbeatOptions, type TeeAttestationHeartbeatSample, type TeeAttestationOptions, type TeeAttestationReport, type TeeAttestationResponse, type TeePublicKey, type TeePublicKeyResponse, TimeoutError, type TokenRefreshHandler, type ToolsConfig, type TraceExportFormat, type TraceExportResult, type TraceExportSink, type TriggerInfo, type TriggerRun, type TriggerWithSecret, type UpdateUserOptions, type UploadOptions, type UploadProgress, type UsageInfo, ValidationError, type WaitForOptions, buildCollaborationDocumentId, buildSandboxMcpConfig, buildTraceExportPayload, createConfidentialSandbox, createManageSandboxesTool, defineAgentProfile, defineGitHubResource, defineInlineResource, exportTraceBundle, generateAttestationNonce, generateDockerfile, mergeAgentProfiles, normalizeCollaborationPath, otelTraceIdForTangleTrace, parseCollaborationDocumentId, parseSSEStream, startTeeAttestationHeartbeat, toOtelJson };