@voratiq/sandbox-runtime 0.7.0-voratiq1

package/dist/sandbox/socks-proxy.js

@@ -0,0 +1,242 @@
+import { createServer, defaultConnectionHandler, } from '@pondwader/socks5-server';
+import { performance } from 'node:perf_hooks';
+import { logForDebugging } from '../utils/debug.js';
+import { emitTelemetryEvent, isTelemetryEnabled, } from '../utils/telemetry.js';
+const SOCKS_STATUS_CODES = {
+    REQUEST_GRANTED: 0,
+    GENERAL_FAILURE: 1,
+    CONNECTION_NOT_ALLOWED: 2,
+    NETWORK_UNREACHABLE: 3,
+    HOST_UNREACHABLE: 4,
+    CONNECTION_REFUSED: 5,
+    TTL_EXPIRED: 6,
+    COMMAND_NOT_SUPPORTED: 7,
+    ADDRESS_TYPE_NOT_SUPPORTED: 8,
+};
+function inferEgressType(port) {
+    if (port === 443) {
+        return 'https';
+    }
+    if (port === 80) {
+        return 'http';
+    }
+    return 'tcp';
+}
+function getOrInitMetadata(connection) {
+    if (!connection.metadata || typeof connection.metadata !== 'object') {
+        connection.metadata = {};
+    }
+    return connection.metadata;
+}
+function attachTelemetryContext(connection, context) {
+    const metadata = getOrInitMetadata(connection);
+    metadata.__telemetry = context;
+}
+function getTelemetryContext(connection) {
+    const metadata = connection.metadata;
+    if (!metadata || typeof metadata !== 'object') {
+        return undefined;
+    }
+    return metadata.__telemetry;
+}
+export function createSocksProxyServer(options) {
+    const socksServer = createServer();
+    socksServer.setRulesetValidator(async (conn) => {
+        try {
+            const telemetryActive = isTelemetryEnabled();
+            const host = conn.destAddress;
+            const port = conn.destPort;
+            const egressType = inferEgressType(port);
+            const startTime = telemetryActive ? performance.now() : 0;
+            if (telemetryActive) {
+                emitTelemetryEvent({
+                    stage: 'start',
+                    status: 'success',
+                    attempt: 0,
+                    sandbox_verdict: {
+                        decision: 'pending',
+                        reason: 'socks_request_received',
+                        policy_tag: 'network.allowlist',
+                    },
+                    network: {
+                        resolved_host: host,
+                        resolved_ip: null,
+                        tls_outcome: null,
+                        tls_error: null,
+                        dns_source: null,
+                    },
+                    egress_type: egressType,
+                });
+            }
+            let decision;
+            try {
+                decision = await options.filter(port, host);
+            }
+            catch (error) {
+                logForDebugging(`Error validating connection: ${error}`, {
+                    level: 'error',
+                });
+                decision = {
+                    allowed: false,
+                    verdict: {
+                        decision: 'deny',
+                        reason: 'filter_failure',
+                        policy_tag: 'network.allowlist',
+                    },
+                };
+            }
+            if (!decision.allowed) {
+                if (telemetryActive) {
+                    emitTelemetryEvent({
+                        stage: 'failure',
+                        status: 'failed',
+                        attempt: 0,
+                        status_code: SOCKS_STATUS_CODES.CONNECTION_NOT_ALLOWED,
+                        sandbox_verdict: decision.verdict,
+                        network: {
+                            resolved_host: host,
+                            resolved_ip: null,
+                            tls_outcome: null,
+                            tls_error: null,
+                            dns_source: null,
+                        },
+                        latency_ms: performance.now() - startTime,
+                        egress_type: egressType,
+                    });
+                }
+                return false;
+            }
+            const attemptTime = telemetryActive ? performance.now() : 0;
+            if (telemetryActive) {
+                emitTelemetryEvent({
+                    stage: 'attempt',
+                    status: 'success',
+                    attempt: 0,
+                    sandbox_verdict: decision.verdict,
+                    network: {
+                        resolved_host: host,
+                        resolved_ip: null,
+                        tls_outcome: null,
+                        tls_error: null,
+                        dns_source: null,
+                    },
+                    latency_ms: null,
+                    queue_latency_ms: attemptTime - startTime,
+                    egress_type: egressType,
+                });
+            }
+            attachTelemetryContext(conn, {
+                host,
+                port,
+                attempt: 0,
+                verdict: decision.verdict,
+                startTime,
+                attemptTime,
+                egressType,
+            });
+            return true;
+        }
+        catch (error) {
+            logForDebugging(`Error validating connection: ${error}`, {
+                level: 'error',
+            });
+            return false;
+        }
+    });
+    socksServer.setConnectionHandler((connection, sendStatus) => {
+        const telemetryActive = isTelemetryEnabled();
+        const telemetryContext = telemetryActive
+            ? getTelemetryContext(connection)
+            : undefined;
+        let statusEmitted = false;
+        const wrappedSendStatus = (status) => {
+            if (telemetryActive && telemetryContext && !statusEmitted) {
+                statusEmitted = true;
+                const latency = performance.now() - telemetryContext.attemptTime;
+                const statusCode = SOCKS_STATUS_CODES[status] ?? SOCKS_STATUS_CODES.GENERAL_FAILURE;
+                const success = status === 'REQUEST_GRANTED';
+                emitTelemetryEvent({
+                    stage: success ? 'completion' : 'failure',
+                    status: success ? 'success' : 'failed',
+                    attempt: telemetryContext.attempt,
+                    status_code: statusCode,
+                    sandbox_verdict: telemetryContext.verdict,
+                    network: {
+                        resolved_host: telemetryContext.host,
+                        resolved_ip: null,
+                        tls_outcome: null,
+                        tls_error: success ? null : status,
+                        dns_source: null,
+                    },
+                    latency_ms: latency,
+                    egress_type: telemetryContext.egressType,
+                });
+            }
+            sendStatus(status);
+        };
+        const stream = defaultConnectionHandler(connection, wrappedSendStatus);
+        return stream;
+    });
+    return {
+        server: socksServer,
+        getPort() {
+            try {
+                const serverInternal = socksServer?.server;
+                if (serverInternal && typeof serverInternal?.address === 'function') {
+                    const address = serverInternal.address();
+                    if (address && typeof address === 'object' && 'port' in address) {
+                        return address.port;
+                    }
+                }
+            }
+            catch (error) {
+                logForDebugging(`Error getting port: ${error}`, { level: 'error' });
+            }
+            return undefined;
+        },
+        listen(port, hostname) {
+            return new Promise((resolve, reject) => {
+                const listeningCallback = () => {
+                    const actualPort = this.getPort();
+                    if (actualPort) {
+                        logForDebugging(`SOCKS proxy listening on ${hostname}:${actualPort}`);
+                        resolve(actualPort);
+                    }
+                    else {
+                        reject(new Error('Failed to get SOCKS proxy server port'));
+                    }
+                };
+                socksServer.listen(port, hostname, listeningCallback);
+            });
+        },
+        async close() {
+            return new Promise((resolve, reject) => {
+                socksServer.close(error => {
+                    if (error) {
+                        const errorMessage = error.message?.toLowerCase() || '';
+                        const isAlreadyClosed = errorMessage.includes('not running') ||
+                            errorMessage.includes('already closed') ||
+                            errorMessage.includes('not listening');
+                        if (!isAlreadyClosed) {
+                            reject(error);
+                            return;
+                        }
+                    }
+                    resolve();
+                });
+            });
+        },
+        unref() {
+            try {
+                const serverInternal = socksServer?.server;
+                if (serverInternal && typeof serverInternal?.unref === 'function') {
+                    serverInternal.unref();
+                }
+            }
+            catch (error) {
+                logForDebugging(`Error calling unref: ${error}`, { level: 'error' });
+            }
+        },
+    };
+}
+//# sourceMappingURL=socks-proxy.js.map

package/dist/sandbox/socks-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"socks-proxy.js","sourceRoot":"","sources":["../../src/sandbox/socks-proxy.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,wBAAwB,GAEzB,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GAEnB,MAAM,uBAAuB,CAAA;AAE9B,MAAM,kBAAkB,GAAG;IACzB,eAAe,EAAE,CAAC;IAClB,eAAe,EAAE,CAAC;IAClB,sBAAsB,EAAE,CAAC;IACzB,mBAAmB,EAAE,CAAC;IACtB,gBAAgB,EAAE,CAAC;IACnB,kBAAkB,EAAE,CAAC;IACrB,WAAW,EAAE,CAAC;IACd,qBAAqB,EAAE,CAAC;IACxB,0BAA0B,EAAE,CAAC;CACrB,CAAA;AA2CV,SAAS,eAAe,CAAC,IAAY;IACnC,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QACjB,OAAO,OAAO,CAAA;IAChB,CAAC;IACD,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;QAChB,OAAO,MAAM,CAAA;IACf,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,iBAAiB,CACxB,UAAmC;IAEnC,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpE,UAAU,CAAC,QAAQ,GAAG,EAAE,CAAA;IAC1B,CAAC;IACD,OAAO,UAAU,CAAC,QAA6B,CAAA;AACjD,CAAC;AAED,SAAS,sBAAsB,CAC7B,UAAmC,EACnC,OAA8B;IAE9B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAA;IAC9C,QAAQ,CAAC,WAAW,GAAG,OAAO,CAAA;AAChC,CAAC;AAED,SAAS,mBAAmB,CAC1B,UAAmC;IAEnC,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAA;IACpC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9C,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,OAAQ,QAA8B,CAAC,WAAW,CAAA;AACpD,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,OAAgC;IAEhC,MAAM,WAAW,GAAG,YAAY,EAAE,CAAA;IAElC,WAAW,CAAC,mBAAmB,CAAC,KAAK,EAAE,IAA6B,EAAE,EAAE;QACtE,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAA;YAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAA;YAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAA;YAC1B,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,CAAA;YACxC,MAAM,SAAS,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;YAEzD,IAAI,eAAe,EAAE,CAAC;gBACpB,kBAAkB,CAAC;oBACjB,KAAK,EAAE,OAAO;oBACd,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,CAAC;oBACV,eAAe,EAAE;wBACf,QAAQ,EAAE,SAAS;wBACnB,MAAM,EAAE,wBAAwB;wBAChC,UAAU,EAAE,mBAAmB;qBAChC;oBACD,OAAO,EAAE;wBACP,aAAa,EAAE,IAAI;wBACnB,WAAW,EAAE,IAAI;wBACjB,WAAW,EAAE,IAAI;wBACjB,SAAS,EAAE,IAAI;wBACf,UAAU,EAAE,IAAI;qBACjB;oBACD,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,QAA6B,CAAA;YACjC,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;YAC7C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,eAAe,CAAC,gCAAgC,KAAK,EAAE,EAAE;oBACvD,KAAK,EAAE,OAAO;iBACf,CAAC,CAAA;gBACF,QAAQ,GAAG;oBACT,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE;wBACP,QAAQ,EAAE,MAAM;wBAChB,MAAM,EAAE,gBAAgB;wBACxB,UAAU,EAAE,mBAAmB;qBAChC;iBACF,CAAA;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtB,IAAI,eAAe,EAAE,CAAC;oBACpB,kBAAkB,CAAC;wBACjB,KAAK,EAAE,SAAS;wBAChB,MAAM,EAAE,QAAQ;wBAChB,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,kBAAkB,CAAC,sBAAsB;wBACtD,eAAe,EAAE,QAAQ,CAAC,OAAO;wBACjC,OAAO,EAAE;4BACP,aAAa,EAAE,IAAI;4BACnB,WAAW,EAAE,IAAI;4BACjB,WAAW,EAAE,IAAI;4BACjB,SAAS,EAAE,IAAI;4BACf,UAAU,EAAE,IAAI;yBACjB;wBACD,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;wBACzC,WAAW,EAAE,UAAU;qBACxB,CAAC,CAAA;gBACJ,CAAC;gBACD,OAAO,KAAK,CAAA;YACd,CAAC;YAED,MAAM,WAAW,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;YAE3D,IAAI,eAAe,EAAE,CAAC;gBACpB,kBAAkB,CAAC;oBACjB,KAAK,EAAE,SAAS;oBAChB,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,CAAC;oBACV,eAAe,EAAE,QAAQ,CAAC,OAAO;oBACjC,OAAO,EAAE;wBACP,aAAa,EAAE,IAAI;wBACnB,WAAW,EAAE,IAAI;wBACjB,WAAW,EAAE,IAAI;wBACjB,SAAS,EAAE,IAAI;wBACf,UAAU,EAAE,IAAI;qBACjB;oBACD,UAAU,EAAE,IAAI;oBAChB,gBAAgB,EAAE,WAAW,GAAG,SAAS;oBACzC,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAA;YACJ,CAAC;YAED,sBAAsB,CAAC,IAAI,EAAE;gBAC3B,IAAI;gBACJ,IAAI;gBACJ,OAAO,EAAE,CAAC;gBACV,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,SAAS;gBACT,WAAW;gBACX,UAAU;aACX,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,eAAe,CAAC,gCAAgC,KAAK,EAAE,EAAE;gBACvD,KAAK,EAAE,OAAO;aACf,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,WAAW,CAAC,oBAAoB,CAC9B,CAAC,UAAmC,EAAE,UAAU,EAAE,EAAE;QAClD,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAA;QAC5C,MAAM,gBAAgB,GAAG,eAAe;YACtC,CAAC,CAAC,mBAAmB,CAAC,UAAU,CAAC;YACjC,CAAC,CAAC,SAAS,CAAA;QACb,IAAI,aAAa,GAAG,KAAK,CAAA;QAEzB,MAAM,iBAAiB,GAAG,CAAC,MAAsB,EAAE,EAAE;YACnD,IAAI,eAAe,IAAI,gBAAgB,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC1D,aAAa,GAAG,IAAI,CAAA;gBACpB,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC,WAAW,CAAA;gBAChE,MAAM,UAAU,GACd,kBAAkB,CAAC,MAAM,CAAC,IAAI,kBAAkB,CAAC,eAAe,CAAA;gBAClE,MAAM,OAAO,GAAG,MAAM,KAAK,iBAAiB,CAAA;gBAE5C,kBAAkB,CAAC;oBACjB,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;oBACzC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;oBACtC,OAAO,EAAE,gBAAgB,CAAC,OAAO;oBACjC,WAAW,EAAE,UAAU;oBACvB,eAAe,EAAE,gBAAgB,CAAC,OAAO;oBACzC,OAAO,EAAE;wBACP,aAAa,EAAE,gBAAgB,CAAC,IAAI;wBACpC,WAAW,EAAE,IAAI;wBACjB,WAAW,EAAE,IAAI;wBACjB,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;wBAClC,UAAU,EAAE,IAAI;qBACjB;oBACD,UAAU,EAAE,OAAO;oBACnB,WAAW,EAAE,gBAAgB,CAAC,UAAU;iBACzC,CAAC,CAAA;YACJ,CAAC;YAED,UAAU,CAAC,MAAM,CAAC,CAAA;QACpB,CAAC,CAAA;QAED,MAAM,MAAM,GAAG,wBAAwB,CACrC,UAA6B,EAC7B,iBAAiB,CAClB,CAAA;QAED,OAAO,MAAM,CAAA;IACf,CAAC,CACF,CAAA;IAED,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,OAAO;YACL,IAAI,CAAC;gBACH,MAAM,cAAc,GAClB,WACD,EAAE,MAAM,CAAA;gBACT,IAAI,cAAc,IAAI,OAAO,cAAc,EAAE,OAAO,KAAK,UAAU,EAAE,CAAC;oBACpE,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,CAAA;oBACxC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;wBAChE,OAAO,OAAO,CAAC,IAAI,CAAA;oBACrB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,eAAe,CAAC,uBAAuB,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;YACrE,CAAC;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;QACD,MAAM,CAAC,IAAY,EAAE,QAAgB;YACnC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,MAAM,iBAAiB,GAAG,GAAS,EAAE;oBACnC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;oBACjC,IAAI,UAAU,EAAE,CAAC;wBACf,eAAe,CACb,4BAA4B,QAAQ,IAAI,UAAU,EAAE,CACrD,CAAA;wBACD,OAAO,CAAC,UAAU,CAAC,CAAA;oBACrB,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAA;oBAC5D,CAAC;gBACH,CAAC,CAAA;gBACD,WAAW,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAA;YACvD,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,KAAK,CAAC,KAAK;YACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;oBACxB,IAAI,KAAK,EAAE,CAAC;wBACV,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;wBACvD,MAAM,eAAe,GACnB,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC;4BACpC,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC;4BACvC,YAAY,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;wBAExC,IAAI,CAAC,eAAe,EAAE,CAAC;4BACrB,MAAM,CAAC,KAAK,CAAC,CAAA;4BACb,OAAM;wBACR,CAAC;oBACH,CAAC;oBACD,OAAO,EAAE,CAAA;gBACX,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,KAAK;YACH,IAAI,CAAC;gBACH,MAAM,cAAc,GAClB,WACD,EAAE,MAAM,CAAA;gBACT,IAAI,cAAc,IAAI,OAAO,cAAc,EAAE,KAAK,KAAK,UAAU,EAAE,CAAC;oBAClE,cAAc,CAAC,KAAK,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,eAAe,CAAC,wBAAwB,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC"}

package/dist/utils/debug.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Simple debug logging for standalone sandbox
+ */
+export declare function logForDebugging(message: string, options?: {
+    level?: 'info' | 'error' | 'warn';
+}): void;
+//# sourceMappingURL=debug.d.ts.map

package/dist/utils/debug.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"debug.d.ts","sourceRoot":"","sources":["../../src/utils/debug.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,CAAA;CAAE,GAC9C,IAAI,CAmBN"}

package/dist/utils/debug.js

@@ -0,0 +1,22 @@
+/**
+ * Simple debug logging for standalone sandbox
+ */
+export function logForDebugging(message, options) {
+    // Only log if DEBUG environment variable is set
+    if (!process.env.DEBUG) {
+        return;
+    }
+    const level = options?.level || 'info';
+    const prefix = '[SandboxDebug]';
+    switch (level) {
+        case 'error':
+            console.error(`${prefix} ${message}`);
+            break;
+        case 'warn':
+            console.warn(`${prefix} ${message}`);
+            break;
+        default:
+            console.log(`${prefix} ${message}`);
+    }
+}
+//# sourceMappingURL=debug.js.map

package/dist/utils/debug.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"debug.js","sourceRoot":"","sources":["../../src/utils/debug.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAe,EACf,OAA+C;IAE/C,gDAAgD;IAChD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACvB,OAAM;IACR,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,MAAM,CAAA;IACtC,MAAM,MAAM,GAAG,gBAAgB,CAAA;IAE/B,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,OAAO;YACV,OAAO,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAA;YACrC,MAAK;QACP,KAAK,MAAM;YACT,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAA;YACpC,MAAK;QACP;YACE,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAA;IACvC,CAAC;AACH,CAAC"}

package/dist/utils/platform.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Platform detection utilities
+ */
+export type Platform = 'macos' | 'linux' | 'windows' | 'unknown';
+export declare function getPlatform(): Platform;
+//# sourceMappingURL=platform.d.ts.map

package/dist/utils/platform.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../../src/utils/platform.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,CAAA;AAEhE,wBAAgB,WAAW,IAAI,QAAQ,CAWtC"}

package/dist/utils/platform.js

@@ -0,0 +1,16 @@
+/**
+ * Platform detection utilities
+ */
+export function getPlatform() {
+    switch (process.platform) {
+        case 'darwin':
+            return 'macos';
+        case 'linux':
+            return 'linux';
+        case 'win32':
+            return 'windows';
+        default:
+            return 'unknown';
+    }
+}
+//# sourceMappingURL=platform.js.map

package/dist/utils/platform.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform.js","sourceRoot":"","sources":["../../src/utils/platform.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,UAAU,WAAW;IACzB,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzB,KAAK,QAAQ;YACX,OAAO,OAAO,CAAA;QAChB,KAAK,OAAO;YACV,OAAO,OAAO,CAAA;QAChB,KAAK,OAAO;YACV,OAAO,SAAS,CAAA;QAClB;YACE,OAAO,SAAS,CAAA;IACpB,CAAC;AACH,CAAC"}

package/dist/utils/ripgrep.d.ts

@@ -0,0 +1,20 @@
+export interface RipgrepConfig {
+    command: string;
+    args?: string[];
+}
+/**
+ * Check if ripgrep (rg) is available synchronously
+ * Returns true if rg is installed, false otherwise
+ */
+export declare function hasRipgrepSync(): boolean;
+/**
+ * Execute ripgrep with the given arguments
+ * @param args Command-line arguments to pass to rg
+ * @param target Target directory or file to search
+ * @param abortSignal AbortSignal to cancel the operation
+ * @param config Ripgrep configuration (command and optional args)
+ * @returns Array of matching lines (one per line of output)
+ * @throws Error if ripgrep exits with non-zero status (except exit code 1 which means no matches)
+ */
+export declare function ripGrep(args: string[], target: string, abortSignal: AbortSignal, config?: RipgrepConfig): Promise<string[]>;
+//# sourceMappingURL=ripgrep.d.ts.map

package/dist/utils/ripgrep.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ripgrep.d.ts","sourceRoot":"","sources":["../../src/utils/ripgrep.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;CAChB;AAED;;;GAGG;AACH,wBAAgB,cAAc,IAAI,OAAO,CAWxC;AAED;;;;;;;;GAQG;AACH,wBAAsB,OAAO,CAC3B,IAAI,EAAE,MAAM,EAAE,EACd,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW,EACxB,MAAM,GAAE,aAAiC,GACxC,OAAO,CAAC,MAAM,EAAE,CAAC,CAkCnB"}

package/dist/utils/ripgrep.js

@@ -0,0 +1,51 @@
+import { spawnSync } from 'child_process';
+import { execFile } from 'child_process';
+/**
+ * Check if ripgrep (rg) is available synchronously
+ * Returns true if rg is installed, false otherwise
+ */
+export function hasRipgrepSync() {
+    try {
+        const result = spawnSync('which', ['rg'], {
+            stdio: 'ignore',
+            timeout: 1000,
+        });
+        return result.status === 0;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Execute ripgrep with the given arguments
+ * @param args Command-line arguments to pass to rg
+ * @param target Target directory or file to search
+ * @param abortSignal AbortSignal to cancel the operation
+ * @param config Ripgrep configuration (command and optional args)
+ * @returns Array of matching lines (one per line of output)
+ * @throws Error if ripgrep exits with non-zero status (except exit code 1 which means no matches)
+ */
+export async function ripGrep(args, target, abortSignal, config = { command: 'rg' }) {
+    const { command, args: commandArgs = [] } = config;
+    return new Promise((resolve, reject) => {
+        execFile(command, [...commandArgs, ...args, target], {
+            maxBuffer: 20000000, // 20MB
+            signal: abortSignal,
+            timeout: 10000, // 10 second timeout
+        }, (error, stdout, stderr) => {
+            // Success case - exit code 0
+            if (!error) {
+                resolve(stdout.trim().split('\n').filter(Boolean));
+                return;
+            }
+            // Exit code 1 means "no matches found" - this is normal, return empty array
+            if (error.code === 1) {
+                resolve([]);
+                return;
+            }
+            // All other errors should fail
+            reject(new Error(`ripgrep failed with exit code ${error.code}: ${stderr || error.message}`));
+        });
+    });
+}
+//# sourceMappingURL=ripgrep.js.map

package/dist/utils/ripgrep.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ripgrep.js","sourceRoot":"","sources":["../../src/utils/ripgrep.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAQxC;;;GAGG;AACH,MAAM,UAAU,cAAc;IAC5B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,EAAE;YACxC,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,IAAI;SACd,CAAC,CAAA;QAEF,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAA;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,IAAc,EACd,MAAc,EACd,WAAwB,EACxB,SAAwB,EAAE,OAAO,EAAE,IAAI,EAAE;IAEzC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,GAAG,EAAE,EAAE,GAAG,MAAM,CAAA;IAElD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,QAAQ,CACN,OAAO,EACP,CAAC,GAAG,WAAW,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,EACjC;YACE,SAAS,EAAE,QAAU,EAAE,OAAO;YAC9B,MAAM,EAAE,WAAW;YACnB,OAAO,EAAE,KAAM,EAAE,oBAAoB;SACtC,EACD,CAAC,KAA+B,EAAE,MAAc,EAAE,MAAc,EAAE,EAAE;YAClE,6BAA6B;YAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;gBAClD,OAAM;YACR,CAAC;YAED,4EAA4E;YAC5E,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,EAAE,CAAC,CAAA;gBACX,OAAM;YACR,CAAC;YAED,+BAA+B;YAC/B,MAAM,CACJ,IAAI,KAAK,CACP,iCAAiC,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,OAAO,EAAE,CAC1E,CACF,CAAA;QACH,CAAC,CACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/utils/telemetry.d.ts

@@ -0,0 +1,67 @@
+export type TelemetryStage = 'start' | 'attempt' | 'completion' | 'failure';
+export type TelemetryStatus = 'success' | 'failed' | 'cancelled';
+export interface TelemetrySandboxVerdict {
+    decision: string | null;
+    reason: string | null;
+    policy_tag: string | null;
+}
+export interface TelemetryNetworkDetails {
+    resolved_host: string | null;
+    resolved_ip: string | null;
+    tls_outcome: string | null;
+    tls_error: string | null;
+    dns_source: string | null;
+}
+export interface TelemetryHttpMetadata {
+    req_headers: Record<string, string | null> | null;
+    resp_headers: Record<string, string | null> | null;
+    payload_bytes: number | null;
+    payload_hash: string | null;
+    compression: string | null;
+}
+export interface TelemetryEvent {
+    event: 'sandbox_request';
+    trace_id: string;
+    stage: TelemetryStage;
+    attempt: number;
+    command: string | null;
+    status: TelemetryStatus;
+    status_code: number | null;
+    sandbox_verdict: TelemetrySandboxVerdict | null;
+    network: TelemetryNetworkDetails | null;
+    http_metadata: TelemetryHttpMetadata | null;
+    latency_ms: number | null;
+    queue_latency_ms: number | null;
+    user_context: string | null;
+    egress_type: string | null;
+    timestamp: string;
+}
+export type TelemetrySink = (event: TelemetryEvent) => void;
+export interface InitializeTelemetryOptions {
+    debugEnabled: boolean;
+    commandArgs?: string[];
+    userContext?: string | null;
+}
+export declare function initializeTelemetry(options: InitializeTelemetryOptions): string | null;
+export declare function isTelemetryEnabled(): boolean;
+export declare function getTelemetryTraceId(): string | null;
+export declare function setTelemetrySink(sink: TelemetrySink | null): void;
+export interface EmitTelemetryEventOptions {
+    stage: TelemetryStage;
+    status: TelemetryStatus;
+    attempt?: number;
+    status_code?: number | null;
+    sandbox_verdict?: Partial<TelemetrySandboxVerdict> | null;
+    network?: Partial<TelemetryNetworkDetails> | null;
+    http_metadata?: Partial<TelemetryHttpMetadata> | null;
+    latency_ms?: number | null;
+    queue_latency_ms?: number | null;
+    user_context?: string | null;
+    egress_type?: string | null;
+    command?: string | null;
+}
+export declare function emitTelemetryEvent(options: EmitTelemetryEventOptions): TelemetryEvent | null;
+export declare function sanitizeCommandArgs(args: string[]): string;
+export declare function sanitizeHeaders(headers: Record<string, number | string | string[] | undefined>, whitelist?: Set<string>): Record<string, string | null>;
+export declare function redactValue(value: string): string;
+//# sourceMappingURL=telemetry.d.ts.map

package/dist/utils/telemetry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../../src/utils/telemetry.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,SAAS,GAAG,YAAY,GAAG,SAAS,CAAA;AAC3E,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,QAAQ,GAAG,WAAW,CAAA;AAEhE,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAC1B;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,GAAG,IAAI,CAAA;IACjD,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,GAAG,IAAI,CAAA;IAClD,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,iBAAiB,CAAA;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,cAAc,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,MAAM,EAAE,eAAe,CAAA;IACvB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,eAAe,EAAE,uBAAuB,GAAG,IAAI,CAAA;IAC/C,OAAO,EAAE,uBAAuB,GAAG,IAAI,CAAA;IACvC,aAAa,EAAE,qBAAqB,GAAG,IAAI,CAAA;IAC3C,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,CAAA;AAmD3D,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,OAAO,CAAA;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5B;AAED,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,0BAA0B,GAClC,MAAM,GAAG,IAAI,CA0Bf;AAED,wBAAgB,kBAAkB,IAAI,OAAO,CAE5C;AAED,wBAAgB,mBAAmB,IAAI,MAAM,GAAG,IAAI,CAEnD;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,aAAa,GAAG,IAAI,GAAG,IAAI,CAEjE;AAED,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,cAAc,CAAA;IACrB,MAAM,EAAE,eAAe,CAAA;IACvB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,eAAe,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAA;IACzD,OAAO,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAA;IACjD,aAAa,CAAC,EAAE,OAAO,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAA;IACrD,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAChC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACxB;AAED,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,yBAAyB,GACjC,cAAc,GAAG,IAAI,CAwCvB;AAED,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAqB1D;AAED,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,EAC/D,SAAS,GAAE,GAAG,CAAC,MAAM,CAA4B,GAChD,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAsB/B;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAGjD"}