npm - @voratiq/sandbox-runtime - Versions diffs - 0.0.29-voratiq0 - Mend

@voratiq/sandbox-runtime 0.0.29-voratiq0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/CHANGELOG.md +10 -0
package/LICENSE +201 -0
package/NOTICE +12 -0
package/README.md +17 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +158 -0
package/dist/cli.js.map +1 -0
package/dist/index.d.ts +12 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +9 -0
package/dist/index.js.map +1 -0
package/dist/sandbox/generate-seccomp-filter.d.ts +65 -0
package/dist/sandbox/generate-seccomp-filter.d.ts.map +1 -0
package/dist/sandbox/generate-seccomp-filter.js +185 -0
package/dist/sandbox/generate-seccomp-filter.js.map +1 -0
package/dist/sandbox/http-proxy.d.ts +14 -0
package/dist/sandbox/http-proxy.d.ts.map +1 -0
package/dist/sandbox/http-proxy.js +238 -0
package/dist/sandbox/http-proxy.js.map +1 -0
package/dist/sandbox/linux-sandbox-utils.d.ts +121 -0
package/dist/sandbox/linux-sandbox-utils.d.ts.map +1 -0
package/dist/sandbox/linux-sandbox-utils.js +723 -0
package/dist/sandbox/linux-sandbox-utils.js.map +1 -0
package/dist/sandbox/macos-sandbox-utils.d.ts +57 -0
package/dist/sandbox/macos-sandbox-utils.d.ts.map +1 -0
package/dist/sandbox/macos-sandbox-utils.js +611 -0
package/dist/sandbox/macos-sandbox-utils.js.map +1 -0
package/dist/sandbox/observability.d.ts +56 -0
package/dist/sandbox/observability.d.ts.map +1 -0
package/dist/sandbox/observability.js +140 -0
package/dist/sandbox/observability.js.map +1 -0
package/dist/sandbox/sandbox-config.d.ts +277 -0
package/dist/sandbox/sandbox-config.d.ts.map +1 -0
package/dist/sandbox/sandbox-config.js +166 -0
package/dist/sandbox/sandbox-config.js.map +1 -0
package/dist/sandbox/sandbox-manager.d.ts +50 -0
package/dist/sandbox/sandbox-manager.d.ts.map +1 -0
package/dist/sandbox/sandbox-manager.js +816 -0
package/dist/sandbox/sandbox-manager.js.map +1 -0
package/dist/sandbox/sandbox-schemas.d.ts +53 -0
package/dist/sandbox/sandbox-schemas.d.ts.map +1 -0
package/dist/sandbox/sandbox-schemas.js +3 -0
package/dist/sandbox/sandbox-schemas.js.map +1 -0
package/dist/sandbox/sandbox-utils.d.ts +83 -0
package/dist/sandbox/sandbox-utils.d.ts.map +1 -0
package/dist/sandbox/sandbox-utils.js +343 -0
package/dist/sandbox/sandbox-utils.js.map +1 -0
package/dist/sandbox/sandbox-violation-store.d.ts +19 -0
package/dist/sandbox/sandbox-violation-store.d.ts.map +1 -0
package/dist/sandbox/sandbox-violation-store.js +54 -0
package/dist/sandbox/sandbox-violation-store.js.map +1 -0
package/dist/sandbox/socks-proxy.d.ts +14 -0
package/dist/sandbox/socks-proxy.d.ts.map +1 -0
package/dist/sandbox/socks-proxy.js +109 -0
package/dist/sandbox/socks-proxy.js.map +1 -0
package/dist/utils/config-loader.d.ts +11 -0
package/dist/utils/config-loader.d.ts.map +1 -0
package/dist/utils/config-loader.js +60 -0
package/dist/utils/config-loader.js.map +1 -0
package/dist/utils/debug.d.ts +7 -0
package/dist/utils/debug.d.ts.map +1 -0
package/dist/utils/debug.js +25 -0
package/dist/utils/debug.js.map +1 -0
package/dist/utils/platform.d.ts +15 -0
package/dist/utils/platform.d.ts.map +1 -0
package/dist/utils/platform.js +49 -0
package/dist/utils/platform.js.map +1 -0
package/dist/utils/ripgrep.d.ts +20 -0
package/dist/utils/ripgrep.d.ts.map +1 -0
package/dist/utils/ripgrep.js +51 -0
package/dist/utils/ripgrep.js.map +1 -0
package/dist/vendor/seccomp/arm64/apply-seccomp +0 -0
package/dist/vendor/seccomp/arm64/unix-block.bpf +0 -0
package/dist/vendor/seccomp/x64/apply-seccomp +0 -0
package/dist/vendor/seccomp/x64/unix-block.bpf +0 -0
package/dist/vendor/seccomp-src/apply-seccomp.c +98 -0
package/dist/vendor/seccomp-src/seccomp-unix-block.c +97 -0
package/package.json +90 -0
package/vendor/seccomp/arm64/apply-seccomp +0 -0
package/vendor/seccomp/arm64/unix-block.bpf +0 -0
package/vendor/seccomp/x64/apply-seccomp +0 -0
package/vendor/seccomp/x64/unix-block.bpf +0 -0
package/vendor/seccomp-src/apply-seccomp.c +98 -0
package/vendor/seccomp-src/seccomp-unix-block.c +97 -0

package/dist/sandbox/sandbox-manager.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import type { SandboxRuntimeConfig } from './sandbox-config.js';
+import type { SandboxAskCallback, FsReadRestrictionConfig, FsWriteRestrictionConfig, NetworkRestrictionConfig } from './sandbox-schemas.js';
+import { SandboxViolationStore } from './sandbox-violation-store.js';
+import type { ChildProcess, SpawnOptions } from 'node:child_process';
+import { type SandboxEvents } from './observability.js';
+export interface SandboxSpawnOptions extends SpawnOptions {
+    correlationId?: string;
+    events?: SandboxEvents;
+    binShell?: string;
+    customConfig?: Partial<SandboxRuntimeConfig>;
+    abortSignal?: AbortSignal;
+}
+/**
+ * Interface for the sandbox manager API
+ */
+export interface ISandboxManager {
+    initialize(runtimeConfig: SandboxRuntimeConfig, sandboxAskCallback?: SandboxAskCallback, enableLogMonitor?: boolean): Promise<void>;
+    isSupportedPlatform(): boolean;
+    isSandboxingEnabled(): boolean;
+    checkDependencies(ripgrepConfig?: {
+        command: string;
+        args?: string[];
+    }): boolean;
+    getFsReadConfig(): FsReadRestrictionConfig;
+    getFsWriteConfig(): FsWriteRestrictionConfig;
+    getNetworkRestrictionConfig(): NetworkRestrictionConfig;
+    getAllowUnixSockets(): string[] | undefined;
+    getAllowLocalBinding(): boolean | undefined;
+    getIgnoreViolations(): Record<string, string[]> | undefined;
+    getEnableWeakerNestedSandbox(): boolean | undefined;
+    getProxyPort(): number | undefined;
+    getSocksProxyPort(): number | undefined;
+    getLinuxHttpSocketPath(): string | undefined;
+    getLinuxSocksSocketPath(): string | undefined;
+    waitForNetworkInitialization(): Promise<boolean>;
+    wrapWithSandbox(command: string, binShell?: string, customConfig?: Partial<SandboxRuntimeConfig>, abortSignal?: AbortSignal): Promise<string>;
+    spawn(command: string, options?: SandboxSpawnOptions): Promise<ChildProcess>;
+    getSandboxViolationStore(): SandboxViolationStore;
+    annotateStderrWithSandboxFailures(command: string, stderr: string): string;
+    getLinuxGlobPatternWarnings(): string[];
+    getConfig(): SandboxRuntimeConfig | undefined;
+    updateConfig(newConfig: SandboxRuntimeConfig): void;
+    reset(): Promise<void>;
+}
+/**
+ * Global sandbox manager that handles both network and filesystem restrictions
+ * for this session. This runs outside of the sandbox, on the host machine.
+ */
+export declare const SandboxManager: ISandboxManager;
+//# sourceMappingURL=sandbox-manager.d.ts.map

package/dist/sandbox/sandbox-manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sandbox-manager.d.ts","sourceRoot":"","sources":["../../src/sandbox/sandbox-manager.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC/D,OAAO,KAAK,EACV,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,EACzB,MAAM,sBAAsB,CAAA;AAiB7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AAEpE,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAEpE,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,oBAAoB,CAAA;AA8wB3B,MAAM,WAAW,mBAAoB,SAAQ,YAAY;IACvD,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,MAAM,CAAC,EAAE,aAAa,CAAA;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAA;IAC5C,WAAW,CAAC,EAAE,WAAW,CAAA;CAC1B;AAoLD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CACR,aAAa,EAAE,oBAAoB,EACnC,kBAAkB,CAAC,EAAE,kBAAkB,EACvC,gBAAgB,CAAC,EAAE,OAAO,GACzB,OAAO,CAAC,IAAI,CAAC,CAAA;IAChB,mBAAmB,IAAI,OAAO,CAAA;IAC9B,mBAAmB,IAAI,OAAO,CAAA;IAC9B,iBAAiB,CAAC,aAAa,CAAC,EAAE;QAChC,OAAO,EAAE,MAAM,CAAA;QACf,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;KAChB,GAAG,OAAO,CAAA;IACX,eAAe,IAAI,uBAAuB,CAAA;IAC1C,gBAAgB,IAAI,wBAAwB,CAAA;IAC5C,2BAA2B,IAAI,wBAAwB,CAAA;IACvD,mBAAmB,IAAI,MAAM,EAAE,GAAG,SAAS,CAAA;IAC3C,oBAAoB,IAAI,OAAO,GAAG,SAAS,CAAA;IAC3C,mBAAmB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,SAAS,CAAA;IAC3D,4BAA4B,IAAI,OAAO,GAAG,SAAS,CAAA;IACnD,YAAY,IAAI,MAAM,GAAG,SAAS,CAAA;IAClC,iBAAiB,IAAI,MAAM,GAAG,SAAS,CAAA;IACvC,sBAAsB,IAAI,MAAM,GAAG,SAAS,CAAA;IAC5C,uBAAuB,IAAI,MAAM,GAAG,SAAS,CAAA;IAC7C,4BAA4B,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IAChD,eAAe,CACb,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,EACjB,YAAY,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,MAAM,CAAC,CAAA;IAClB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;IAC5E,wBAAwB,IAAI,qBAAqB,CAAA;IACjD,iCAAiC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAAA;IAC1E,2BAA2B,IAAI,MAAM,EAAE,CAAA;IACvC,SAAS,IAAI,oBAAoB,GAAG,SAAS,CAAA;IAC7C,YAAY,CAAC,SAAS,EAAE,oBAAoB,GAAG,IAAI,CAAA;IACnD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACvB;AAMD;;;GAGG;AACH,eAAO,MAAM,cAAc,EAAE,eAyBnB,CAAA"}