@voratiq/sandbox-runtime 0.7.0-voratiq1

package/dist/sandbox/http-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-proxy.js","sourceRoot":"","sources":["../../src/sandbox/http-proxy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAA;AAClD,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,YAAY,CAAA;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAA;AAElC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAC9B,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,GAEhB,MAAM,uBAAuB,CAAA;AAe9B,MAAM,uBAAuB,GAC3B,4BAA4B;IAC5B,8BAA8B;IAC9B,yCAAyC;IACzC,MAAM;IACN,yCAAyC,CAAA;AAE3C,SAAS,eAAe,CAAC,IAAwB,EAAE,QAAiB;IAClE,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAA;IAChB,CAAC;IACD,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,MAAM,CAAA;IACf,CAAC;IACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QACjB,OAAO,OAAO,CAAA;IAChB,CAAC;IACD,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;QAChB,OAAO,MAAM,CAAA;IACf,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,oBAAoB,CAC3B,OAA+D;IAE/D,MAAM,KAAK,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAA;IACzC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;IACzB,CAAC;IACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAA;AACtB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAA+B;IACnE,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;IAE7B,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE;QACzC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;YACvB,eAAe,CAAC,wBAAwB,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;QAC5E,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,GAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC/C,MAAM,IAAI,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;YAEtE,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7C,eAAe,CAAC,4BAA4B,GAAG,CAAC,GAAG,EAAE,EAAE;oBACrD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;gBACF,MAAM,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAA;gBAC9C,OAAM;YACR,CAAC;YAED,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAA;YAC5C,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;YAClD,MAAM,SAAS,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;YAEzD,IAAI,eAAe,EAAE,CAAC;gBACpB,kBAAkB,CAAC;oBACjB,KAAK,EAAE,OAAO;oBACd,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,CAAC;oBACV,eAAe,EAAE;wBACf,QAAQ,EAAE,SAAS;wBACnB,MAAM,EAAE,0BAA0B;wBAClC,UAAU,EAAE,mBAAmB;qBAChC;oBACD,OAAO,EAAE;wBACP,aAAa,EAAE,QAAQ;wBACvB,WAAW,EAAE,IAAI;wBACjB,WAAW,EAAE,IAAI;wBACjB,SAAS,EAAE,IAAI;wBACf,UAAU,EAAE,IAAI;qBACjB;oBACD,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,QAA6B,CAAA;YACjC,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;YACzD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,eAAe,CAAC,uBAAuB,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;gBACnE,QAAQ,GAAG;oBACT,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE;wBACP,QAAQ,EAAE,MAAM;wBAChB,MAAM,EAAE,gBAAgB;wBACxB,UAAU,EAAE,mBAAmB;qBAChC;iBACF,CAAA;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtB,IAAI,eAAe,EAAE,CAAC;oBACpB,kBAAkB,CAAC;wBACjB,KAAK,EAAE,SAAS;wBAChB,MAAM,EAAE,QAAQ;wBAChB,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,GAAG;wBAChB,eAAe,EAAE,QAAQ,CAAC,OAAO;wBACjC,OAAO,EAAE;4BACP,aAAa,EAAE,QAAQ;4BACvB,WAAW,EAAE,IAAI;4BACjB,WAAW,EAAE,IAAI;4BACjB,SAAS,EAAE,IAAI;4BACf,UAAU,EAAE,IAAI;yBACjB;wBACD,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;wBACzC,WAAW,EAAE,UAAU;qBACxB,CAAC,CAAA;gBACJ,CAAC;gBAED,MAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;gBACnC,OAAM;YACR,CAAC;YAED,IAAI,eAAe,EAAE,CAAC;gBACpB,kBAAkB,CAAC;oBACjB,KAAK,EAAE,SAAS;oBAChB,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,CAAC;oBACV,eAAe,EAAE,QAAQ,CAAC,OAAO;oBACjC,OAAO,EAAE;wBACP,aAAa,EAAE,QAAQ;wBACvB,WAAW,EAAE,IAAI;wBACjB,WAAW,EAAE,IAAI;wBACjB,SAAS,EAAE,IAAI;wBACf,UAAU,EAAE,IAAI;qBACjB;oBACD,UAAU,EAAE,IAAI;oBAChB,gBAAgB,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;oBAC/C,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;YAC5D,IAAI,UAAU,GAAkB,IAAI,CAAA;YACpC,IAAI,iBAAiB,GAAG,KAAK,CAAA;YAC7B,IAAI,QAAQ,GAAkB,IAAI,CAAA;YAElC,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE;gBAChD,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAA;gBAC3D,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;gBACzB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;gBAEzB,IAAI,eAAe,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC1C,iBAAiB,GAAG,IAAI,CAAA;oBACxB,kBAAkB,CAAC;wBACjB,KAAK,EAAE,YAAY;wBACnB,MAAM,EAAE,SAAS;wBACjB,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,GAAG;wBAChB,eAAe,EAAE,QAAQ,CAAC,OAAO;wBACjC,OAAO,EAAE;4BACP,aAAa,EAAE,QAAQ;4BACvB,WAAW,EAAE,UAAU,IAAI,YAAY,CAAC,aAAa,IAAI,IAAI;4BAC7D,WAAW,EAAE,oBAAoB;4BACjC,SAAS,EAAE,QAAQ;4BACnB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;yBACzC;wBACD,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,YAAY;wBAC5C,WAAW,EAAE,UAAU;qBACxB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;gBAC3C,IAAI,GAAG,EAAE,CAAC;oBACR,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAA;oBACtB,OAAM;gBACR,CAAC;gBACD,UAAU,GAAG,OAAO,CAAA;YACtB,CAAC,CAAC,CAAA;YAEF,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;gBAC7B,eAAe,CAAC,0BAA0B,GAAG,CAAC,OAAO,EAAE,EAAE;oBACvD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;gBACF,IAAI,eAAe,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC1C,iBAAiB,GAAG,IAAI,CAAA;oBACxB,kBAAkB,CAAC;wBACjB,KAAK,EAAE,SAAS;wBAChB,MAAM,EAAE,QAAQ;wBAChB,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,GAAG;wBAChB,eAAe,EAAE,QAAQ,CAAC,OAAO;wBACjC,OAAO,EAAE;4BACP,aAAa,EAAE,QAAQ;4BACvB,WAAW,EAAE,UAAU;4BACvB,WAAW,EAAE,cAAc;4BAC3B,SAAS,EAAE,GAAG,CAAC,OAAO;4BACtB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;yBACzC;wBACD,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,YAAY;wBAC5C,WAAW,EAAE,UAAU;qBACxB,CAAC,CAAA;gBACJ,CAAC;gBACD,MAAM,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAA;YAChD,CAAC,CAAC,CAAA;YAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;gBACvB,eAAe,CAAC,wBAAwB,GAAG,CAAC,OAAO,EAAE,EAAE;oBACrD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;gBACF,YAAY,CAAC,OAAO,EAAE,CAAA;gBACtB,IAAI,eAAe,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC1C,iBAAiB,GAAG,IAAI,CAAA;oBACxB,kBAAkB,CAAC;wBACjB,KAAK,EAAE,SAAS;wBAChB,MAAM,EAAE,QAAQ;wBAChB,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,IAAI;wBACjB,eAAe,EAAE,QAAQ,CAAC,OAAO;wBACjC,OAAO,EAAE;4BACP,aAAa,EAAE,QAAQ;4BACvB,WAAW,EAAE,UAAU;4BACvB,WAAW,EAAE,qBAAqB;4BAClC,SAAS,EAAE,GAAG,CAAC,OAAO;4BACtB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;yBACzC;wBACD,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,YAAY;wBAC5C,WAAW,EAAE,UAAU;qBACxB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,CAAA;YAC1C,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAe,CAAC,2BAA2B,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;YACrE,MAAM,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;QAC1D,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACtC,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAA;QAC5C,MAAM,SAAS,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;QAEzD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,CAAC,CAAA;YAC7B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAA;YAC7B,MAAM,IAAI,GACR,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,KAAK,EAAE;gBACzB,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;gBACxB,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ;oBACzB,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,EAAE,CAAA;YAEV,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAA;YAEtD,IAAI,eAAe,EAAE,CAAC;gBACpB,kBAAkB,CAAC;oBACjB,KAAK,EAAE,OAAO;oBACd,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,CAAC;oBACV,eAAe,EAAE;wBACf,QAAQ,EAAE,SAAS;wBACnB,MAAM,EAAE,uBAAuB;wBAC/B,UAAU,EAAE,mBAAmB;qBAChC;oBACD,OAAO,EAAE;wBACP,aAAa,EAAE,QAAQ;wBACvB,WAAW,EAAE,IAAI;wBACjB,WAAW,EAAE,IAAI;wBACjB,SAAS,EAAE,IAAI;wBACf,UAAU,EAAE,IAAI;qBACjB;oBACD,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,QAA6B,CAAA;YACjC,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;YAC7D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,eAAe,CAAC,uBAAuB,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;gBACnE,QAAQ,GAAG;oBACT,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE;wBACP,QAAQ,EAAE,MAAM;wBAChB,MAAM,EAAE,gBAAgB;wBACxB,UAAU,EAAE,mBAAmB;qBAChC;iBACF,CAAA;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtB,IAAI,eAAe,EAAE,CAAC;oBACpB,kBAAkB,CAAC;wBACjB,KAAK,EAAE,SAAS;wBAChB,MAAM,EAAE,QAAQ;wBAChB,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,GAAG;wBAChB,eAAe,EAAE,QAAQ,CAAC,OAAO;wBACjC,OAAO,EAAE;4BACP,aAAa,EAAE,QAAQ;4BACvB,WAAW,EAAE,IAAI;4BACjB,WAAW,EAAE,IAAI;4BACjB,SAAS,EAAE,IAAI;4BACf,UAAU,EAAE,IAAI;yBACjB;wBACD,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;wBACzC,WAAW,EAAE,UAAU;qBACxB,CAAC,CAAA;gBACJ,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;oBACjB,cAAc,EAAE,YAAY;oBAC5B,eAAe,EAAE,sBAAsB;iBACxC,CAAC,CAAA;gBACF,GAAG,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAA;gBAClD,OAAM;YACR,CAAC;YAED,IAAI,eAAe,EAAE,CAAC;gBACpB,kBAAkB,CAAC;oBACjB,KAAK,EAAE,SAAS;oBAChB,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,CAAC;oBACV,eAAe,EAAE,QAAQ,CAAC,OAAO;oBACjC,OAAO,EAAE;wBACP,aAAa,EAAE,QAAQ;wBACvB,WAAW,EAAE,IAAI;wBACjB,WAAW,EAAE,IAAI;wBACjB,SAAS,EAAE,IAAI;wBACf,UAAU,EAAE,IAAI;qBACjB;oBACD,UAAU,EAAE,IAAI;oBAChB,gBAAgB,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;oBAC/C,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;YAC5D,IAAI,UAAU,GAAkB,IAAI,CAAA;YACpC,IAAI,UAAU,GACZ,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAA;YACxD,IAAI,QAAQ,GAAkB,IAAI,CAAA;YAClC,IAAI,kBAAkB,GAAG,KAAK,CAAA;YAE9B,MAAM,cAAc,GAAG,eAAe;gBACpC,CAAC,CAAC,eAAe,CACb,GAAG,CAAC,OAGH,CACF;gBACH,CAAC,CAAC,EAAE,CAAA;YAEN,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,WAAW,CAAA;YAExE,MAAM,QAAQ,GAAG,SAAS,CACxB;gBACE,QAAQ;gBACR,IAAI;gBACJ,IAAI,EAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM;gBAC/B,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,OAAO,EAAE;oBACP,GAAG,GAAG,CAAC,OAAO;oBACd,IAAI,EAAE,GAAG,CAAC,IAAI;iBACf;aACF,EACD,QAAQ,CAAC,EAAE;gBACT,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAA;gBAE3D,MAAM,eAAe,GAAG,eAAe;oBACrC,CAAC,CAAC,eAAe,CACb,QAAQ,CAAC,OAGR,CACF;oBACH,CAAC,CAAC,IAAI,CAAA;gBAER,IAAI,aAAa,GAAG,CAAC,CAAA;gBACrB,MAAM,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;gBAE1D,IAAI,eAAe,IAAI,IAAI,EAAE,CAAC;oBAC5B,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE;wBAC1B,aAAa,IAAI,KAAK,CAAC,MAAM,CAAA;wBAC7B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;oBACpB,CAAC,CAAC,CAAA;gBACJ,CAAC;gBAED,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACtB,IAAI,eAAe,IAAI,CAAC,kBAAkB,EAAE,CAAC;wBAC3C,kBAAkB,GAAG,IAAI,CAAA;wBACzB,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,YAAY,CAAA;wBAChD,MAAM,WAAW,GACf,IAAI,IAAI,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;wBAEvD,kBAAkB,CAAC;4BACjB,KAAK,EAAE,YAAY;4BACnB,MAAM,EACJ,QAAQ,CAAC,UAAU;gCACnB,QAAQ,CAAC,UAAU,IAAI,GAAG;gCAC1B,QAAQ,CAAC,UAAU,GAAG,GAAG;gCACvB,CAAC,CAAC,SAAS;gCACX,CAAC,CAAC,QAAQ;4BACd,OAAO,EAAE,CAAC;4BACV,WAAW,EAAE,QAAQ,CAAC,UAAU,IAAI,IAAI;4BACxC,eAAe,EAAE,QAAQ,CAAC,OAAO;4BACjC,OAAO,EAAE;gCACP,aAAa,EAAE,QAAQ;gCACvB,WAAW,EACT,UAAU;oCACV,CAAC,QAAQ,CAAC,MAAM;wCACd,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC;wCACzC,CAAC,CAAC,IAAI,CAAC;gCACX,WAAW,EAAE,UAAU;gCACvB,SAAS,EAAE,QAAQ;gCACnB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;6BACzC;4BACD,aAAa,EAAE;gCACb,WAAW,EAAE,cAAc;gCAC3B,YAAY,EAAE,eAAe;gCAC7B,aAAa,EAAE,aAAa;gCAC5B,YAAY,EAAE,WAAW;gCACzB,WAAW,EAAE,eAAe;oCAC1B,CAAC,CAAC,oBAAoB,CAClB,QAAQ,CAAC,OAGR,CACF;oCACH,CAAC,CAAC,IAAI;6BACT;4BACD,UAAU,EAAE,OAAO;4BACnB,WAAW,EAAE,UAAU;yBACxB,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC,CAAC,CAAA;gBAEF,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;oBACzB,eAAe,CAAC,yBAAyB,GAAG,CAAC,OAAO,EAAE,EAAE;wBACtD,KAAK,EAAE,OAAO;qBACf,CAAC,CAAA;oBACF,IAAI,eAAe,IAAI,CAAC,kBAAkB,EAAE,CAAC;wBAC3C,kBAAkB,GAAG,IAAI,CAAA;wBACzB,kBAAkB,CAAC;4BACjB,KAAK,EAAE,SAAS;4BAChB,MAAM,EAAE,QAAQ;4BAChB,OAAO,EAAE,CAAC;4BACV,WAAW,EAAE,IAAI;4BACjB,eAAe,EAAE,QAAQ,CAAC,OAAO;4BACjC,OAAO,EAAE;gCACP,aAAa,EAAE,QAAQ;gCACvB,WAAW,EAAE,UAAU;gCACvB,WAAW,EAAE,UAAU;gCACvB,SAAS,EAAE,GAAG,CAAC,OAAO;gCACtB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;6BACzC;4BACD,aAAa,EAAE;gCACb,WAAW,EAAE,cAAc;gCAC3B,YAAY,EAAE,eAAe;gCAC7B,aAAa,EAAE,IAAI;gCACnB,YAAY,EAAE,IAAI;gCAClB,WAAW,EAAE,IAAI;6BAClB;4BACD,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,YAAY;4BAC5C,WAAW,EAAE,UAAU;yBACxB,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC,CAAC,CAAA;gBAEF,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACpB,CAAC,CACF,CAAA;YAED,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,MAAc,EAAE,EAAE;gBACvC,IAAI,CAAC,eAAe,EAAE,CAAC;oBACrB,OAAM;gBACR,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;oBACrC,IAAI,GAAG,EAAE,CAAC;wBACR,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAA;wBACtB,OAAM;oBACR,CAAC;oBACD,UAAU,GAAG,OAAO,CAAA;gBACtB,CAAC,CAAC,CAAA;gBAEF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;oBACzB,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAA;gBACxB,CAAC,CAAC,CAAA;gBAEF,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,CAAC;oBAAC,MAAoB,CAAC,IAAI,CAAC,eAAe,EAAE,GAAG,EAAE;wBAChD,UAAU,GAAG,mBAAmB,CAAA;oBAClC,CAAC,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;gBACzB,eAAe,CAAC,yBAAyB,GAAG,CAAC,OAAO,EAAE,EAAE;oBACtD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;gBAEF,IAAI,eAAe,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBAC3C,kBAAkB,GAAG,IAAI,CAAA;oBACzB,kBAAkB,CAAC;wBACjB,KAAK,EAAE,SAAS;wBAChB,MAAM,EAAE,QAAQ;wBAChB,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,IAAI;wBACjB,eAAe,EAAE,QAAQ,CAAC,OAAO;wBACjC,OAAO,EAAE;4BACP,aAAa,EAAE,QAAQ;4BACvB,WAAW,EAAE,UAAU;4BACvB,WAAW,EACT,GAAG,CAAC,QAAQ,KAAK,QAAQ;gCACvB,CAAC,CAAC,iBAAiB;gCACnB,CAAC,CAAC,kBAAkB;4BACxB,SAAS,EAAE,GAAG,CAAC,OAAO;4BACtB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;yBACzC;wBACD,aAAa,EAAE;4BACb,WAAW,EAAE,cAAc;4BAC3B,YAAY,EAAE,IAAI;4BAClB,aAAa,EAAE,IAAI;4BACnB,YAAY,EAAE,IAAI;4BAClB,WAAW,EAAE,IAAI;yBAClB;wBACD,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,YAAY;wBAC5C,WAAW,EAAE,UAAU;qBACxB,CAAC,CAAA;gBACJ,CAAC;gBAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAA;oBACpD,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;gBACxB,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAe,CAAC,gCAAgC,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;YAC1E,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAA;YACpD,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;QAClC,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/sandbox/linux-sandbox-utils.d.ts

@@ -0,0 +1,111 @@
+import type { ChildProcess } from 'node:child_process';
+import type { FsReadRestrictionConfig, FsWriteRestrictionConfig } from './sandbox-schemas.js';
+export interface LinuxNetworkBridgeContext {
+    httpSocketPath: string;
+    socksSocketPath: string;
+    httpBridgeProcess: ChildProcess;
+    socksBridgeProcess: ChildProcess;
+    httpProxyPort: number;
+    socksProxyPort: number;
+}
+export interface LinuxSandboxParams {
+    command: string;
+    hasNetworkRestrictions: boolean;
+    hasFilesystemRestrictions: boolean;
+    httpSocketPath?: string;
+    socksSocketPath?: string;
+    httpProxyPort?: number;
+    socksProxyPort?: number;
+    readConfig?: FsReadRestrictionConfig;
+    writeConfig?: FsWriteRestrictionConfig;
+    enableWeakerNestedSandbox?: boolean;
+    allowAllUnixSockets?: boolean;
+    binShell?: string;
+    ripgrepConfig?: {
+        command: string;
+        args?: string[];
+    };
+}
+/**
+ * Check if Linux sandbox dependencies are available (synchronous)
+ * Returns true if bwrap and socat are installed.
+ * Unless allowAllUnixSockets is enabled, also requires seccomp dependencies:
+ * - On x64/arm64: Pre-generated BPF filters and apply-seccomp binaries available
+ * - On other architectures: Not currently supported (no apply-seccomp binary available)
+ */
+export declare function hasLinuxSandboxDependenciesSync(allowAllUnixSockets?: boolean): boolean;
+/**
+ * Initialize the Linux network bridge for sandbox networking
+ *
+ * ARCHITECTURE NOTE:
+ * Linux network sandboxing uses bwrap --unshare-net which creates a completely isolated
+ * network namespace with NO network access. To enable network access, we:
+ *
+ * 1. Host side: Run socat bridges that listen on Unix sockets and forward to host proxy servers
+ *    - HTTP bridge: Unix socket -> host HTTP proxy (for HTTP/HTTPS traffic)
+ *    - SOCKS bridge: Unix socket -> host SOCKS5 proxy (for SSH/git traffic)
+ *
+ * 2. Sandbox side: Bind the Unix sockets into the isolated namespace and run socat listeners
+ *    - HTTP listener on port 3128 -> HTTP Unix socket -> host HTTP proxy
+ *    - SOCKS listener on port 1080 -> SOCKS Unix socket -> host SOCKS5 proxy
+ *
+ * 3. Configure environment:
+ *    - HTTP_PROXY=http://localhost:3128 for HTTP/HTTPS tools
+ *    - GIT_SSH_COMMAND with socat for SSH through SOCKS5
+ *
+ * LIMITATION: Unlike macOS sandbox which can enforce domain-based allowlists at the kernel level,
+ * Linux's --unshare-net provides only all-or-nothing network isolation. Domain filtering happens
+ * at the host proxy level, not the sandbox boundary. This means network restrictions on Linux
+ * depend on the proxy's filtering capabilities.
+ *
+ * DEPENDENCIES: Requires bwrap (bubblewrap) and socat
+ */
+export declare function initializeLinuxNetworkBridge(httpProxyPort: number, socksProxyPort: number): Promise<LinuxNetworkBridgeContext>;
+/**
+ * Wrap a command with sandbox restrictions on Linux
+ *
+ * UNIX SOCKET BLOCKING (APPLY-SECCOMP):
+ * This implementation uses a custom apply-seccomp binary to block Unix domain socket
+ * creation for user commands while allowing network infrastructure:
+ *
+ * Stage 1: Outer bwrap - Network and filesystem isolation (NO seccomp)
+ *   - Bubblewrap starts with isolated network namespace (--unshare-net)
+ *   - Bubblewrap applies PID namespace isolation (--unshare-pid and --proc)
+ *   - Filesystem restrictions are applied (read-only mounts, bind mounts, etc.)
+ *   - Socat processes start and connect to Unix socket bridges (can use socket(AF_UNIX, ...))
+ *
+ * Stage 2: apply-seccomp - Seccomp filter application (ONLY seccomp)
+ *   - apply-seccomp binary applies seccomp filter via prctl(PR_SET_SECCOMP)
+ *   - Sets PR_SET_NO_NEW_PRIVS to allow seccomp without root
+ *   - Execs user command with seccomp active (cannot create new Unix sockets)
+ *
+ * This solves the conflict between:
+ * - Security: Blocking arbitrary Unix socket creation in user commands
+ * - Functionality: Network sandboxing requires socat to call socket(AF_UNIX, ...) for bridge connections
+ *
+ * The seccomp-bpf filter blocks socket(AF_UNIX, ...) syscalls, preventing:
+ * - Creating new Unix domain socket file descriptors
+ *
+ * Security limitations:
+ * - Does NOT block operations (bind, connect, sendto, etc.) on inherited Unix socket FDs
+ * - Does NOT prevent passing Unix socket FDs via SCM_RIGHTS
+ * - For most sandboxing use cases, blocking socket creation is sufficient
+ *
+ * The filter allows:
+ * - All TCP/UDP sockets (AF_INET, AF_INET6) for normal network operations
+ * - All other syscalls
+ *
+ * PLATFORM NOTE:
+ * The allowUnixSockets configuration is not path-based on Linux (unlike macOS)
+ * because seccomp-bpf cannot inspect user-space memory to read socket paths.
+ *
+ * Requirements for seccomp filtering:
+ * - Pre-built apply-seccomp binaries are included for x64 and ARM64
+ * - Pre-generated BPF filters are included for x64 and ARM64
+ * - Other architectures are not currently supported (no apply-seccomp binary available)
+ * - To use sandboxing without Unix socket blocking on unsupported architectures,
+ *   set allowAllUnixSockets: true in your configuration
+ * Dependencies are checked by hasLinuxSandboxDependenciesSync() before enabling the sandbox.
+ */
+export declare function wrapCommandWithSandboxLinux(params: LinuxSandboxParams): Promise<string>;
+//# sourceMappingURL=linux-sandbox-utils.d.ts.map

package/dist/sandbox/linux-sandbox-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"linux-sandbox-utils.d.ts","sourceRoot":"","sources":["../../src/sandbox/linux-sandbox-utils.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAQtD,OAAO,KAAK,EACV,uBAAuB,EACvB,wBAAwB,EACzB,MAAM,sBAAsB,CAAA;AAQ7B,MAAM,WAAW,yBAAyB;IACxC,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,MAAM,CAAA;IACvB,iBAAiB,EAAE,YAAY,CAAA;IAC/B,kBAAkB,EAAE,YAAY,CAAA;IAChC,aAAa,EAAE,MAAM,CAAA;IACrB,cAAc,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAA;IACf,sBAAsB,EAAE,OAAO,CAAA;IAC/B,yBAAyB,EAAE,OAAO,CAAA;IAClC,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,UAAU,CAAC,EAAE,uBAAuB,CAAA;IACpC,WAAW,CAAC,EAAE,wBAAwB,CAAA;IACtC,yBAAyB,CAAC,EAAE,OAAO,CAAA;IACnC,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,aAAa,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAA;CACrD;AA2BD;;;;;;GAMG;AACH,wBAAgB,+BAA+B,CAC7C,mBAAmB,UAAQ,GAC1B,OAAO,CA0CT;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAsB,4BAA4B,CAChD,aAAa,EAAE,MAAM,EACrB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,yBAAyB,CAAC,CAqGpC;AAqLD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,wBAAsB,2BAA2B,CAC/C,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,MAAM,CAAC,CAiNjB"}

package/dist/sandbox/linux-sandbox-utils.js

@@ -0,0 +1,518 @@
+import shellquote from 'shell-quote';
+import { logForDebugging } from '../utils/debug.js';
+import { randomBytes } from 'node:crypto';
+import * as fs from 'fs';
+import { spawn, spawnSync } from 'node:child_process';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { generateProxyEnvVars, normalizePathForSandbox, getMandatoryDenyWithinAllow, } from './sandbox-utils.js';
+import { generateSeccompFilter, cleanupSeccompFilter, getPreGeneratedBpfPath, getApplySeccompBinaryPath, } from './generate-seccomp-filter.js';
+// Track generated seccomp filters for cleanup on process exit
+const generatedSeccompFilters = new Set();
+let exitHandlerRegistered = false;
+/**
+ * Register cleanup handler for generated seccomp filters
+ */
+function registerSeccompCleanupHandler() {
+    if (exitHandlerRegistered) {
+        return;
+    }
+    process.on('exit', () => {
+        for (const filterPath of generatedSeccompFilters) {
+            try {
+                cleanupSeccompFilter(filterPath);
+            }
+            catch {
+                // Ignore cleanup errors during exit
+            }
+        }
+    });
+    exitHandlerRegistered = true;
+}
+/**
+ * Check if Linux sandbox dependencies are available (synchronous)
+ * Returns true if bwrap and socat are installed.
+ * Unless allowAllUnixSockets is enabled, also requires seccomp dependencies:
+ * - On x64/arm64: Pre-generated BPF filters and apply-seccomp binaries available
+ * - On other architectures: Not currently supported (no apply-seccomp binary available)
+ */
+export function hasLinuxSandboxDependenciesSync(allowAllUnixSockets = false) {
+    try {
+        const bwrapResult = spawnSync('which', ['bwrap'], {
+            stdio: 'ignore',
+            timeout: 1000,
+        });
+        const socatResult = spawnSync('which', ['socat'], {
+            stdio: 'ignore',
+            timeout: 1000,
+        });
+        const hasBasicDeps = bwrapResult.status === 0 && socatResult.status === 0;
+        // Also require seccomp dependencies unless allowAllUnixSockets is enabled
+        if (!allowAllUnixSockets) {
+            // Check if we have a pre-generated BPF filter for this architecture
+            const hasPreGeneratedBpf = getPreGeneratedBpfPath() !== null;
+            // Check if we have the apply-seccomp binary for this architecture
+            const hasApplySeccompBinary = getApplySeccompBinaryPath() !== null;
+            if (hasPreGeneratedBpf && hasApplySeccompBinary) {
+                // Pre-generated BPF and apply-seccomp binary available (x64/arm64)
+                return hasBasicDeps;
+            }
+            else {
+                // Architecture not supported - no pre-built apply-seccomp binary available
+                // Note: We cannot fall back to runtime BPF compilation because we need
+                // the apply-seccomp binary to actually apply the filter
+                logForDebugging(`[Sandbox Linux] Architecture ${process.arch} is not supported for seccomp filtering. ` +
+                    `Only x64 and arm64 are currently supported. To disable Unix socket blocking, ` +
+                    `set allowAllUnixSockets: true in your configuration.`, { level: 'warn' });
+                return false;
+            }
+        }
+        return hasBasicDeps;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Initialize the Linux network bridge for sandbox networking
+ *
+ * ARCHITECTURE NOTE:
+ * Linux network sandboxing uses bwrap --unshare-net which creates a completely isolated
+ * network namespace with NO network access. To enable network access, we:
+ *
+ * 1. Host side: Run socat bridges that listen on Unix sockets and forward to host proxy servers
+ *    - HTTP bridge: Unix socket -> host HTTP proxy (for HTTP/HTTPS traffic)
+ *    - SOCKS bridge: Unix socket -> host SOCKS5 proxy (for SSH/git traffic)
+ *
+ * 2. Sandbox side: Bind the Unix sockets into the isolated namespace and run socat listeners
+ *    - HTTP listener on port 3128 -> HTTP Unix socket -> host HTTP proxy
+ *    - SOCKS listener on port 1080 -> SOCKS Unix socket -> host SOCKS5 proxy
+ *
+ * 3. Configure environment:
+ *    - HTTP_PROXY=http://localhost:3128 for HTTP/HTTPS tools
+ *    - GIT_SSH_COMMAND with socat for SSH through SOCKS5
+ *
+ * LIMITATION: Unlike macOS sandbox which can enforce domain-based allowlists at the kernel level,
+ * Linux's --unshare-net provides only all-or-nothing network isolation. Domain filtering happens
+ * at the host proxy level, not the sandbox boundary. This means network restrictions on Linux
+ * depend on the proxy's filtering capabilities.
+ *
+ * DEPENDENCIES: Requires bwrap (bubblewrap) and socat
+ */
+export async function initializeLinuxNetworkBridge(httpProxyPort, socksProxyPort) {
+    const socketId = randomBytes(8).toString('hex');
+    const httpSocketPath = join(tmpdir(), `claude-http-${socketId}.sock`);
+    const socksSocketPath = join(tmpdir(), `claude-socks-${socketId}.sock`);
+    // Start HTTP bridge
+    const httpSocatArgs = [
+        `UNIX-LISTEN:${httpSocketPath},fork,reuseaddr`,
+        `TCP:localhost:${httpProxyPort},keepalive,keepidle=10,keepintvl=5,keepcnt=3`,
+    ];
+    logForDebugging(`Starting HTTP bridge: socat ${httpSocatArgs.join(' ')}`);
+    const httpBridgeProcess = spawn('socat', httpSocatArgs, {
+        stdio: 'ignore',
+    });
+    if (!httpBridgeProcess.pid) {
+        throw new Error('Failed to start HTTP bridge process');
+    }
+    // Start SOCKS bridge
+    const socksSocatArgs = [
+        `UNIX-LISTEN:${socksSocketPath},fork,reuseaddr`,
+        `TCP:localhost:${socksProxyPort},keepalive,keepidle=10,keepintvl=5,keepcnt=3`,
+    ];
+    logForDebugging(`Starting SOCKS bridge: socat ${socksSocatArgs.join(' ')}`);
+    const socksBridgeProcess = spawn('socat', socksSocatArgs, {
+        stdio: 'ignore',
+    });
+    if (!socksBridgeProcess.pid) {
+        // Clean up HTTP bridge
+        if (httpBridgeProcess.pid) {
+            try {
+                process.kill(httpBridgeProcess.pid, 'SIGTERM');
+            }
+            catch {
+                // Ignore errors
+            }
+        }
+        throw new Error('Failed to start SOCKS bridge process');
+    }
+    // Wait for both sockets to be ready
+    const maxAttempts = 5;
+    for (let i = 0; i < maxAttempts; i++) {
+        if (!httpBridgeProcess.pid ||
+            httpBridgeProcess.killed ||
+            !socksBridgeProcess.pid ||
+            socksBridgeProcess.killed) {
+            throw new Error('Linux bridge process died unexpectedly');
+        }
+        try {
+            // fs already imported
+            if (fs.existsSync(httpSocketPath) && fs.existsSync(socksSocketPath)) {
+                logForDebugging(`Linux bridges ready after ${i + 1} attempts`);
+                break;
+            }
+        }
+        catch (err) {
+            logForDebugging(`Error checking sockets (attempt ${i + 1}): ${err}`, {
+                level: 'error',
+            });
+        }
+        if (i === maxAttempts - 1) {
+            // Clean up both processes
+            if (httpBridgeProcess.pid) {
+                try {
+                    process.kill(httpBridgeProcess.pid, 'SIGTERM');
+                }
+                catch {
+                    // Ignore errors
+                }
+            }
+            if (socksBridgeProcess.pid) {
+                try {
+                    process.kill(socksBridgeProcess.pid, 'SIGTERM');
+                }
+                catch {
+                    // Ignore errors
+                }
+            }
+            throw new Error(`Failed to create bridge sockets after ${maxAttempts} attempts`);
+        }
+        await new Promise(resolve => setTimeout(resolve, i * 100));
+    }
+    return {
+        httpSocketPath,
+        socksSocketPath,
+        httpBridgeProcess,
+        socksBridgeProcess,
+        httpProxyPort,
+        socksProxyPort,
+    };
+}
+/**
+ * Build the command that runs inside the sandbox.
+ * Sets up HTTP proxy on port 3128 and SOCKS proxy on port 1080
+ */
+function buildSandboxCommand(httpSocketPath, socksSocketPath, userCommand, seccompFilterPath, shell) {
+    // Default to bash for backward compatibility
+    const shellPath = shell || 'bash';
+    const socatCommands = [
+        `socat TCP-LISTEN:3128,fork,reuseaddr UNIX-CONNECT:${httpSocketPath} >/dev/null 2>&1 &`,
+        `socat TCP-LISTEN:1080,fork,reuseaddr UNIX-CONNECT:${socksSocketPath} >/dev/null 2>&1 &`,
+        'trap "kill %1 %2 2>/dev/null; exit" EXIT',
+    ];
+    // If seccomp filter is provided, use apply-seccomp to apply it
+    if (seccompFilterPath) {
+        // apply-seccomp approach:
+        // 1. Outer bwrap/bash: starts socat processes (can use Unix sockets)
+        // 2. apply-seccomp: applies seccomp filter and execs user command
+        // 3. User command runs with seccomp active (Unix sockets blocked)
+        //
+        // apply-seccomp is a simple C program that:
+        // - Sets PR_SET_NO_NEW_PRIVS
+        // - Applies the seccomp BPF filter via prctl(PR_SET_SECCOMP)
+        // - Execs the user command
+        //
+        // This is simpler and more portable than nested bwrap, with no FD redirects needed.
+        const applySeccompBinary = getApplySeccompBinaryPath();
+        if (!applySeccompBinary) {
+            throw new Error('apply-seccomp binary not found. This should have been caught earlier. ' +
+                'Ensure vendor/seccomp/{x64,arm64}/apply-seccomp binaries are included in the package.');
+        }
+        const applySeccompCmd = shellquote.quote([
+            applySeccompBinary,
+            seccompFilterPath,
+            shellPath,
+            '-c',
+            userCommand,
+        ]);
+        const innerScript = [...socatCommands, applySeccompCmd].join('\n');
+        return `${shellPath} -c ${shellquote.quote([innerScript])}`;
+    }
+    else {
+        // No seccomp filter - run user command directly
+        const innerScript = [
+            ...socatCommands,
+            `eval ${shellquote.quote([userCommand])}`,
+        ].join('\n');
+        return `${shellPath} -c ${shellquote.quote([innerScript])}`;
+    }
+}
+/**
+ * Generate filesystem bind mount arguments for bwrap
+ */
+async function generateFilesystemArgs(readConfig, writeConfig, ripgrepConfig = { command: 'rg' }) {
+    const args = [];
+    // fs already imported
+    // Determine initial root mount based on write restrictions
+    if (writeConfig) {
+        // Write restrictions: Start with read-only root, then allow writes to specific paths
+        args.push('--ro-bind', '/', '/');
+        // Collect normalized allowed write paths for later checking
+        const allowedWritePaths = [];
+        // Allow writes to specific paths
+        for (const pathPattern of writeConfig.allowOnly || []) {
+            const normalizedPath = normalizePathForSandbox(pathPattern);
+            logForDebugging(`[Sandbox Linux] Processing write path: ${pathPattern} -> ${normalizedPath}`);
+            // Skip /dev/* paths since --dev /dev already handles them
+            if (normalizedPath.startsWith('/dev/')) {
+                logForDebugging(`[Sandbox Linux] Skipping /dev path: ${normalizedPath}`);
+                continue;
+            }
+            if (!fs.existsSync(normalizedPath)) {
+                logForDebugging(`[Sandbox Linux] Skipping non-existent write path: ${normalizedPath}`);
+                continue;
+            }
+            args.push('--bind', normalizedPath, normalizedPath);
+            allowedWritePaths.push(normalizedPath);
+        }
+        // Deny writes within allowed paths (user-specified + mandatory denies)
+        const denyPaths = [
+            ...(writeConfig.denyWithinAllow || []),
+            ...(await getMandatoryDenyWithinAllow(ripgrepConfig)),
+        ];
+        for (const pathPattern of denyPaths) {
+            const normalizedPath = normalizePathForSandbox(pathPattern);
+            // Skip /dev/* paths since --dev /dev already handles them
+            if (normalizedPath.startsWith('/dev/')) {
+                continue;
+            }
+            // Skip non-existent paths
+            if (!fs.existsSync(normalizedPath)) {
+                logForDebugging(`[Sandbox Linux] Skipping non-existent deny path: ${normalizedPath}`);
+                continue;
+            }
+            // Only add deny binding if this path is within an allowed write path
+            // Otherwise it's already read-only from the initial --ro-bind / /
+            const isWithinAllowedPath = allowedWritePaths.some(allowedPath => normalizedPath.startsWith(allowedPath + '/') ||
+                normalizedPath === allowedPath);
+            if (isWithinAllowedPath) {
+                args.push('--ro-bind', normalizedPath, normalizedPath);
+            }
+            else {
+                logForDebugging(`[Sandbox Linux] Skipping deny path not within allowed paths: ${normalizedPath}`);
+            }
+        }
+    }
+    else {
+        // No write restrictions: Allow all writes
+        args.push('--bind', '/', '/');
+    }
+    // Handle read restrictions by mounting tmpfs over denied paths
+    const readDenyPaths = [...(readConfig?.denyOnly || [])];
+    // Always hide /etc/ssh/ssh_config.d to avoid permission issues with OrbStack
+    // SSH is very strict about config file permissions and ownership, and they can
+    // appear wrong inside the sandbox causing "Bad owner or permissions" errors
+    if (fs.existsSync('/etc/ssh/ssh_config.d')) {
+        readDenyPaths.push('/etc/ssh/ssh_config.d');
+    }
+    for (const pathPattern of readDenyPaths) {
+        const normalizedPath = normalizePathForSandbox(pathPattern);
+        if (!fs.existsSync(normalizedPath)) {
+            logForDebugging(`[Sandbox Linux] Skipping non-existent read deny path: ${normalizedPath}`);
+            continue;
+        }
+        const readDenyStat = fs.statSync(normalizedPath);
+        if (readDenyStat.isDirectory()) {
+            args.push('--tmpfs', normalizedPath);
+        }
+        else {
+            // For files, bind /dev/null instead of tmpfs
+            args.push('--ro-bind', '/dev/null', normalizedPath);
+        }
+    }
+    return args;
+}
+/**
+ * Wrap a command with sandbox restrictions on Linux
+ *
+ * UNIX SOCKET BLOCKING (APPLY-SECCOMP):
+ * This implementation uses a custom apply-seccomp binary to block Unix domain socket
+ * creation for user commands while allowing network infrastructure:
+ *
+ * Stage 1: Outer bwrap - Network and filesystem isolation (NO seccomp)
+ *   - Bubblewrap starts with isolated network namespace (--unshare-net)
+ *   - Bubblewrap applies PID namespace isolation (--unshare-pid and --proc)
+ *   - Filesystem restrictions are applied (read-only mounts, bind mounts, etc.)
+ *   - Socat processes start and connect to Unix socket bridges (can use socket(AF_UNIX, ...))
+ *
+ * Stage 2: apply-seccomp - Seccomp filter application (ONLY seccomp)
+ *   - apply-seccomp binary applies seccomp filter via prctl(PR_SET_SECCOMP)
+ *   - Sets PR_SET_NO_NEW_PRIVS to allow seccomp without root
+ *   - Execs user command with seccomp active (cannot create new Unix sockets)
+ *
+ * This solves the conflict between:
+ * - Security: Blocking arbitrary Unix socket creation in user commands
+ * - Functionality: Network sandboxing requires socat to call socket(AF_UNIX, ...) for bridge connections
+ *
+ * The seccomp-bpf filter blocks socket(AF_UNIX, ...) syscalls, preventing:
+ * - Creating new Unix domain socket file descriptors
+ *
+ * Security limitations:
+ * - Does NOT block operations (bind, connect, sendto, etc.) on inherited Unix socket FDs
+ * - Does NOT prevent passing Unix socket FDs via SCM_RIGHTS
+ * - For most sandboxing use cases, blocking socket creation is sufficient
+ *
+ * The filter allows:
+ * - All TCP/UDP sockets (AF_INET, AF_INET6) for normal network operations
+ * - All other syscalls
+ *
+ * PLATFORM NOTE:
+ * The allowUnixSockets configuration is not path-based on Linux (unlike macOS)
+ * because seccomp-bpf cannot inspect user-space memory to read socket paths.
+ *
+ * Requirements for seccomp filtering:
+ * - Pre-built apply-seccomp binaries are included for x64 and ARM64
+ * - Pre-generated BPF filters are included for x64 and ARM64
+ * - Other architectures are not currently supported (no apply-seccomp binary available)
+ * - To use sandboxing without Unix socket blocking on unsupported architectures,
+ *   set allowAllUnixSockets: true in your configuration
+ * Dependencies are checked by hasLinuxSandboxDependenciesSync() before enabling the sandbox.
+ */
+export async function wrapCommandWithSandboxLinux(params) {
+    const { command, hasNetworkRestrictions, hasFilesystemRestrictions, httpSocketPath, socksSocketPath, httpProxyPort, socksProxyPort, readConfig, writeConfig, enableWeakerNestedSandbox, allowAllUnixSockets, binShell, ripgrepConfig = { command: 'rg' }, } = params;
+    // Check if we need any sandboxing
+    if (!hasNetworkRestrictions && !hasFilesystemRestrictions) {
+        return command;
+    }
+    const bwrapArgs = [];
+    let seccompFilterPath = undefined;
+    try {
+        // ========== SECCOMP FILTER (Unix Socket Blocking) ==========
+        // Use bwrap's --seccomp flag to apply BPF filter that blocks Unix socket creation
+        //
+        // NOTE: Seccomp filtering is only enabled when allowAllUnixSockets is false
+        // (when true, Unix sockets are allowed)
+        if (!allowAllUnixSockets) {
+            seccompFilterPath = generateSeccompFilter() ?? undefined;
+            if (!seccompFilterPath) {
+                // Fail loudly - seccomp filtering is required for security
+                throw new Error('Failed to generate seccomp filter for Unix socket blocking. ' +
+                    'This may occur on unsupported architectures (only x64 and arm64 are currently supported). ' +
+                    'To disable Unix socket blocking, set allowAllUnixSockets: true in your configuration.');
+            }
+            // Track filter for cleanup and register exit handler
+            // Only track runtime-generated filters (not pre-generated ones from vendor/)
+            if (!seccompFilterPath.includes('/vendor/seccomp/')) {
+                generatedSeccompFilters.add(seccompFilterPath);
+                registerSeccompCleanupHandler();
+            }
+            logForDebugging('[Sandbox Linux] Generated seccomp BPF filter for Unix socket blocking');
+        }
+        else if (allowAllUnixSockets) {
+            logForDebugging('[Sandbox Linux] Skipping seccomp filter - allowAllUnixSockets is enabled');
+        }
+        // ========== NETWORK RESTRICTIONS ==========
+        if (hasNetworkRestrictions) {
+            // Only sandbox if we have network config and Linux bridges
+            if (!httpSocketPath || !socksSocketPath) {
+                throw new Error('Linux network sandboxing was requested but bridge socket paths are not available');
+            }
+            bwrapArgs.push('--unshare-net');
+            // Bind both sockets into the sandbox
+            bwrapArgs.push('--bind', httpSocketPath, httpSocketPath);
+            bwrapArgs.push('--bind', socksSocketPath, socksSocketPath);
+            // Add proxy environment variables
+            // HTTP_PROXY points to the socat listener inside the sandbox (port 3128)
+            // which forwards to the Unix socket that bridges to the host's proxy server
+            const proxyEnv = generateProxyEnvVars(3128, // Internal HTTP listener port
+            1080);
+            bwrapArgs.push(...proxyEnv.flatMap((env) => {
+                const firstEq = env.indexOf('=');
+                const key = env.slice(0, firstEq);
+                const value = env.slice(firstEq + 1);
+                return ['--setenv', key, value];
+            }));
+            // Add host proxy port environment variables for debugging/transparency
+            // These show which host ports the Unix socket bridges connect to
+            if (httpProxyPort !== undefined) {
+                bwrapArgs.push('--setenv', 'CLAUDE_CODE_HOST_HTTP_PROXY_PORT', String(httpProxyPort));
+            }
+            if (socksProxyPort !== undefined) {
+                bwrapArgs.push('--setenv', 'CLAUDE_CODE_HOST_SOCKS_PROXY_PORT', String(socksProxyPort));
+            }
+        }
+        // ========== FILESYSTEM RESTRICTIONS ==========
+        const fsArgs = await generateFilesystemArgs(readConfig, writeConfig, ripgrepConfig);
+        bwrapArgs.push(...fsArgs);
+        // Always bind /dev
+        bwrapArgs.push('--dev', '/dev');
+        // ========== PID NAMESPACE ISOLATION ==========
+        // IMPORTANT: These must come AFTER filesystem binds for nested bwrap to work
+        // By default, always unshare PID namespace and mount fresh /proc.
+        // If we don't have --unshare-pid, it is possible to escape the sandbox.
+        // If we don't have --proc, it is possible to read host /proc and leak information about code running
+        // outside the sandbox. But, --proc is not available when running in unprivileged docker containers
+        // so we support running without it if explicitly requested.
+        bwrapArgs.push('--unshare-pid');
+        if (!enableWeakerNestedSandbox) {
+            // Mount fresh /proc if PID namespace is isolated (secure mode)
+            bwrapArgs.push('--proc', '/proc');
+        }
+        // ========== COMMAND ==========
+        // Use the user's shell (zsh, bash, etc.) to ensure aliases/snapshots work
+        // Resolve the full path to the shell binary since bwrap doesn't use $PATH
+        const shellName = binShell || 'bash';
+        const shellPathResult = spawnSync('which', [shellName], {
+            encoding: 'utf8',
+        });
+        if (shellPathResult.status !== 0) {
+            throw new Error(`Shell '${shellName}' not found in PATH`);
+        }
+        const shell = shellPathResult.stdout.trim();
+        bwrapArgs.push('--', shell, '-c');
+        // If we have network restrictions, use the network bridge setup with apply-seccomp for seccomp
+        // Otherwise, just run the command directly with apply-seccomp if needed
+        if (hasNetworkRestrictions && httpSocketPath && socksSocketPath) {
+            // Pass seccomp filter to buildSandboxCommand for apply-seccomp application
+            // This allows socat to start before seccomp is applied
+            const sandboxCommand = buildSandboxCommand(httpSocketPath, socksSocketPath, command, seccompFilterPath, shell);
+            bwrapArgs.push(sandboxCommand);
+        }
+        else if (seccompFilterPath) {
+            // No network restrictions but we have seccomp - use apply-seccomp directly
+            // apply-seccomp is a simple C program that applies the seccomp filter and execs the command
+            const applySeccompBinary = getApplySeccompBinaryPath();
+            if (!applySeccompBinary) {
+                throw new Error('apply-seccomp binary not found. This should have been caught earlier. ' +
+                    'Ensure vendor/seccomp/{x64,arm64}/apply-seccomp binaries are included in the package.');
+            }
+            const applySeccompCmd = shellquote.quote([
+                applySeccompBinary,
+                seccompFilterPath,
+                shell,
+                '-c',
+                command,
+            ]);
+            bwrapArgs.push(applySeccompCmd);
+        }
+        else {
+            bwrapArgs.push(command);
+        }
+        // Build the outer bwrap command
+        const wrappedCommand = shellquote.quote(['bwrap', ...bwrapArgs]);
+        const restrictions = [];
+        if (hasNetworkRestrictions)
+            restrictions.push('network');
+        if (hasFilesystemRestrictions)
+            restrictions.push('filesystem');
+        if (seccompFilterPath)
+            restrictions.push('seccomp(unix-block)');
+        logForDebugging(`[Sandbox Linux] Wrapped command with bwrap (${restrictions.join(', ')} restrictions)`);
+        return wrappedCommand;
+    }
+    catch (error) {
+        // Clean up seccomp filter on error
+        if (seccompFilterPath && !seccompFilterPath.includes('/vendor/seccomp/')) {
+            generatedSeccompFilters.delete(seccompFilterPath);
+            try {
+                cleanupSeccompFilter(seccompFilterPath);
+            }
+            catch (cleanupError) {
+                logForDebugging(`[Sandbox Linux] Failed to clean up seccomp filter on error: ${cleanupError}`, { level: 'error' });
+            }
+        }
+        // Re-throw the original error
+        throw error;
+    }
+}
+//# sourceMappingURL=linux-sandbox-utils.js.map