@voratiq/sandbox-runtime 0.7.0-voratiq1

package/dist/utils/telemetry.js

@@ -0,0 +1,249 @@
+import { createHash, randomUUID } from 'node:crypto';
+const DEFAULT_HEADER_WHITELIST = new Set([
+    'retry-after',
+    'x-request-id',
+    'x-trace-id',
+    'traceparent',
+    'tracestate',
+    'content-encoding',
+    'content-type',
+    'content-length',
+]);
+const SENSITIVE_FLAG_NAMES = new Set([
+    '--token',
+    '--secret',
+    '--password',
+    '--passwd',
+    '--api-key',
+    '--api_key',
+    '--apikey',
+    '--authorization',
+    '--auth',
+    '--bearer',
+]);
+const SENSITIVE_KEY_PATTERN = /token|secret|password|passwd|api[-_]?key|authorization|bearer/i;
+const SECRET_VALUE_PATTERN = /(bearer\s+[a-z0-9+/=_-]{8,}|sk-[a-z0-9]{16,}|[a-z0-9]{24,}|AIza[0-9a-z_-]{35})/i;
+const defaultSink = event => {
+    process.stderr.write(`${JSON.stringify(event)}\n`);
+};
+const context = {
+    enabled: false,
+    traceId: null,
+    command: null,
+    userContext: null,
+    sink: defaultSink,
+};
+export function initializeTelemetry(options) {
+    context.enabled = Boolean(options.debugEnabled);
+    if (!context.enabled) {
+        context.traceId = null;
+        context.command = null;
+        context.userContext = options.userContext ?? null;
+        context.sink = defaultSink;
+        return null;
+    }
+    const traceId = randomUUID();
+    context.traceId = traceId;
+    context.command = options.commandArgs
+        ? sanitizeCommandArgs(options.commandArgs)
+        : null;
+    context.userContext = options.userContext ?? null;
+    context.sink = context.sink || defaultSink;
+    process.env.DEBUG = process.env.DEBUG || 'true';
+    process.env.SRT_TRACE_ID = traceId;
+    const bannerMessage = `Debug telemetry active (trace_id=${traceId})`;
+    process.stderr.write(`${bannerMessage}\n`);
+    return traceId;
+}
+export function isTelemetryEnabled() {
+    return context.enabled;
+}
+export function getTelemetryTraceId() {
+    return context.traceId;
+}
+export function setTelemetrySink(sink) {
+    context.sink = sink ?? defaultSink;
+}
+export function emitTelemetryEvent(options) {
+    if (!context.enabled || !context.traceId) {
+        return null;
+    }
+    const attempt = options.attempt ?? 0;
+    const command = options.command ?? context.command ?? null;
+    const event = {
+        event: 'sandbox_request',
+        trace_id: context.traceId,
+        stage: options.stage,
+        attempt,
+        command,
+        status: options.status,
+        status_code: options.status_code === undefined ? null : options.status_code,
+        sandbox_verdict: normalizeSandboxVerdict(options.sandbox_verdict),
+        network: normalizeNetwork(options.network),
+        http_metadata: normalizeHttp(options.http_metadata),
+        latency_ms: options.latency_ms === undefined || options.latency_ms === null
+            ? null
+            : Math.round(options.latency_ms),
+        queue_latency_ms: options.queue_latency_ms === undefined ||
+            options.queue_latency_ms === null
+            ? null
+            : Math.round(options.queue_latency_ms),
+        user_context: options.user_context === undefined
+            ? context.userContext
+            : options.user_context,
+        egress_type: options.egress_type === undefined ? null : options.egress_type,
+        timestamp: new Date().toISOString(),
+    };
+    scrubSecretsInEvent(event);
+    context.sink(event);
+    return event;
+}
+export function sanitizeCommandArgs(args) {
+    const sanitizedArgs = [];
+    let redactNext = false;
+    for (const arg of args) {
+        if (redactNext) {
+            sanitizedArgs.push(redactValue(arg));
+            redactNext = false;
+            continue;
+        }
+        if (SENSITIVE_FLAG_NAMES.has(arg.toLowerCase())) {
+            sanitizedArgs.push(arg);
+            redactNext = true;
+            continue;
+        }
+        sanitizedArgs.push(sanitizeArg(arg));
+    }
+    return sanitizedArgs.join(' ');
+}
+export function sanitizeHeaders(headers, whitelist = DEFAULT_HEADER_WHITELIST) {
+    const sanitized = {};
+    for (const [key, value] of Object.entries(headers)) {
+        const lowercaseKey = key.toLowerCase();
+        if (value === undefined) {
+            sanitized[lowercaseKey] = null;
+            continue;
+        }
+        if (!whitelist.has(lowercaseKey)) {
+            sanitized[lowercaseKey] = '[REDACTED]';
+            continue;
+        }
+        const normalizedValue = Array.isArray(value)
+            ? value.join(',')
+            : String(value);
+        sanitized[lowercaseKey] = autoRedactValue(normalizedValue);
+    }
+    return sanitized;
+}
+export function redactValue(value) {
+    const hash = createHash('sha256').update(value).digest('hex');
+    return `sha256:${hash}`;
+}
+function sanitizeArg(arg) {
+    const trimmed = arg.trim();
+    if (!trimmed) {
+        return trimmed;
+    }
+    const equalIndex = trimmed.indexOf('=');
+    if (equalIndex > -1) {
+        const key = trimmed.slice(0, equalIndex);
+        const value = trimmed.slice(equalIndex + 1);
+        if (isSensitiveKey(key) || looksSensitiveValue(value)) {
+            return `${key}=${redactValue(value)}`;
+        }
+        return trimmed;
+    }
+    if (isSensitiveKey(trimmed) || looksSensitiveValue(trimmed)) {
+        return redactValue(trimmed);
+    }
+    return trimmed;
+}
+function isSensitiveKey(key) {
+    const normalized = key.replace(/^-+/, '');
+    return SENSITIVE_KEY_PATTERN.test(normalized);
+}
+function looksSensitiveValue(value) {
+    if (!value) {
+        return false;
+    }
+    if (SECRET_VALUE_PATTERN.test(value)) {
+        return true;
+    }
+    // Long base64/hex strings are suspicious
+    const compact = value.replace(/[^a-z0-9]/gi, '');
+    if (compact.length >= 24) {
+        if (/^[a-f0-9]+$/i.test(compact) || /^[a-z0-9+/=]+$/i.test(value)) {
+            return true;
+        }
+    }
+    return false;
+}
+function normalizeSandboxVerdict(verdict) {
+    if (!verdict) {
+        return {
+            decision: null,
+            reason: null,
+            policy_tag: null,
+        };
+    }
+    return {
+        decision: verdict.decision ?? null,
+        reason: verdict.reason ?? null,
+        policy_tag: verdict.policy_tag ?? null,
+    };
+}
+function normalizeNetwork(network) {
+    if (!network) {
+        return {
+            resolved_host: null,
+            resolved_ip: null,
+            tls_outcome: null,
+            tls_error: null,
+            dns_source: null,
+        };
+    }
+    return {
+        resolved_host: network.resolved_host ?? null,
+        resolved_ip: network.resolved_ip ?? null,
+        tls_outcome: network.tls_outcome ?? null,
+        tls_error: network.tls_error ?? null,
+        dns_source: network.dns_source ?? null,
+    };
+}
+function normalizeHttp(metadata) {
+    if (!metadata) {
+        return {
+            req_headers: null,
+            resp_headers: null,
+            payload_bytes: null,
+            payload_hash: null,
+            compression: null,
+        };
+    }
+    return {
+        req_headers: metadata.req_headers ?? null,
+        resp_headers: metadata.resp_headers ?? null,
+        payload_bytes: metadata.payload_bytes === undefined ? null : metadata.payload_bytes,
+        payload_hash: metadata.payload_hash ?? null,
+        compression: metadata.compression ?? null,
+    };
+}
+function autoRedactValue(value) {
+    if (looksSensitiveValue(value)) {
+        return redactValue(value);
+    }
+    return value;
+}
+function scrubSecretsInEvent(event) {
+    if (event.command &&
+        looksSensitiveValue(event.command) &&
+        !event.command.includes('sha256:')) {
+        event.command = redactValue(event.command);
+    }
+    if (event.user_context &&
+        looksSensitiveValue(event.user_context) &&
+        !event.user_context.includes('sha256:')) {
+        event.user_context = redactValue(event.user_context);
+    }
+}
+//# sourceMappingURL=telemetry.js.map

package/dist/utils/telemetry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../../src/utils/telemetry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AA+CpD,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC;IACvC,aAAa;IACb,cAAc;IACd,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,kBAAkB;IAClB,cAAc;IACd,gBAAgB;CACjB,CAAC,CAAA;AAEF,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,SAAS;IACT,UAAU;IACV,YAAY;IACZ,UAAU;IACV,WAAW;IACX,WAAW;IACX,UAAU;IACV,iBAAiB;IACjB,QAAQ;IACR,UAAU;CACX,CAAC,CAAA;AAEF,MAAM,qBAAqB,GACzB,gEAAgE,CAAA;AAClE,MAAM,oBAAoB,GACxB,iFAAiF,CAAA;AAUnF,MAAM,WAAW,GAAkB,KAAK,CAAC,EAAE;IACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;AACpD,CAAC,CAAA;AAED,MAAM,OAAO,GAAqB;IAChC,OAAO,EAAE,KAAK;IACd,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,IAAI;IACb,WAAW,EAAE,IAAI;IACjB,IAAI,EAAE,WAAW;CAClB,CAAA;AAQD,MAAM,UAAU,mBAAmB,CACjC,OAAmC;IAEnC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;IAE/C,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,OAAO,CAAC,OAAO,GAAG,IAAI,CAAA;QACtB,OAAO,CAAC,OAAO,GAAG,IAAI,CAAA;QACtB,OAAO,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAA;QACjD,OAAO,CAAC,IAAI,GAAG,WAAW,CAAA;QAC1B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAA;IAC5B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAA;IACzB,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,WAAW;QACnC,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC;QAC1C,CAAC,CAAC,IAAI,CAAA;IACR,OAAO,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAA;IACjD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,WAAW,CAAA;IAE1C,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,MAAM,CAAA;IAC/C,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,OAAO,CAAA;IAElC,MAAM,aAAa,GAAG,oCAAoC,OAAO,GAAG,CAAA;IACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,aAAa,IAAI,CAAC,CAAA;IAE1C,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,OAAO,CAAC,OAAO,CAAA;AACxB,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,OAAO,CAAC,OAAO,CAAA;AACxB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAA0B;IACzD,OAAO,CAAC,IAAI,GAAG,IAAI,IAAI,WAAW,CAAA;AACpC,CAAC;AAiBD,MAAM,UAAU,kBAAkB,CAChC,OAAkC;IAElC,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACzC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,CAAA;IACpC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,IAAI,IAAI,CAAA;IAE1D,MAAM,KAAK,GAAmB;QAC5B,KAAK,EAAE,iBAAiB;QACxB,QAAQ,EAAE,OAAO,CAAC,OAAO;QACzB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,OAAO;QACP,OAAO;QACP,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,WAAW,EAAE,OAAO,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW;QAC3E,eAAe,EAAE,uBAAuB,CAAC,OAAO,CAAC,eAAe,CAAC;QACjE,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC;QAC1C,aAAa,EAAE,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC;QACnD,UAAU,EACR,OAAO,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,KAAK,IAAI;YAC7D,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;QACpC,gBAAgB,EACd,OAAO,CAAC,gBAAgB,KAAK,SAAS;YACtC,OAAO,CAAC,gBAAgB,KAAK,IAAI;YAC/B,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC;QAC1C,YAAY,EACV,OAAO,CAAC,YAAY,KAAK,SAAS;YAChC,CAAC,CAAC,OAAO,CAAC,WAAW;YACrB,CAAC,CAAC,OAAO,CAAC,YAAY;QAC1B,WAAW,EAAE,OAAO,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW;QAC3E,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAA;IAED,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAC1B,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAEnB,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAc;IAChD,MAAM,aAAa,GAAa,EAAE,CAAA;IAClC,IAAI,UAAU,GAAG,KAAK,CAAA;IAEtB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,UAAU,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;YACpC,UAAU,GAAG,KAAK,CAAA;YAClB,SAAQ;QACV,CAAC;QAED,IAAI,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAChD,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACvB,UAAU,GAAG,IAAI,CAAA;YACjB,SAAQ;QACV,CAAC;QAED,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;IACtC,CAAC;IAED,OAAO,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAChC,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,OAA+D,EAC/D,YAAyB,wBAAwB;IAEjD,MAAM,SAAS,GAAkC,EAAE,CAAA;IAEnD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAA;QACtC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,SAAS,CAAC,YAAY,CAAC,GAAG,IAAI,CAAA;YAC9B,SAAQ;QACV,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,SAAS,CAAC,YAAY,CAAC,GAAG,YAAY,CAAA;YACtC,SAAQ;QACV,CAAC;QAED,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YAC1C,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;YACjB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QACjB,SAAS,CAAC,YAAY,CAAC,GAAG,eAAe,CAAC,eAAe,CAAC,CAAA;IAC5D,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC7D,OAAO,UAAU,IAAI,EAAE,CAAA;AACzB,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAA;IAC1B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACvC,IAAI,UAAU,GAAG,CAAC,CAAC,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;QACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAA;QAC3C,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,mBAAmB,CAAC,KAAK,CAAC,EAAE,CAAC;YACtD,OAAO,GAAG,GAAG,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAA;QACvC,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAI,cAAc,CAAC,OAAO,CAAC,IAAI,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,OAAO,WAAW,CAAC,OAAO,CAAC,CAAA;IAC7B,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IACzC,OAAO,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;AAC/C,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,yCAAyC;IACzC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAA;IAChD,IAAI,OAAO,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACzB,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClE,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,uBAAuB,CAC9B,OAA4D;IAE5D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,UAAU,EAAE,IAAI;SACjB,CAAA;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;QAClC,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,IAAI;QAC9B,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;KACvC,CAAA;AACH,CAAC;AAED,SAAS,gBAAgB,CACvB,OAA4D;IAE5D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,IAAI;YACjB,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,IAAI;SACjB,CAAA;IACH,CAAC;IAED,OAAO;QACL,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;QAC5C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;QACxC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;QACxC,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;QACpC,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;KACvC,CAAA;AACH,CAAC;AAED,SAAS,aAAa,CACpB,QAA2D;IAE3D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,YAAY,EAAE,IAAI;YAClB,aAAa,EAAE,IAAI;YACnB,YAAY,EAAE,IAAI;YAClB,WAAW,EAAE,IAAI;SAClB,CAAA;IACH,CAAC;IAED,OAAO;QACL,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,IAAI;QACzC,YAAY,EAAE,QAAQ,CAAC,YAAY,IAAI,IAAI;QAC3C,aAAa,EACX,QAAQ,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa;QACtE,YAAY,EAAE,QAAQ,CAAC,YAAY,IAAI,IAAI;QAC3C,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,IAAI;KAC1C,CAAA;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,IAAI,mBAAmB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,WAAW,CAAC,KAAK,CAAC,CAAA;IAC3B,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAqB;IAChD,IACE,KAAK,CAAC,OAAO;QACb,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC;QAClC,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAClC,CAAC;QACD,KAAK,CAAC,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IAC5C,CAAC;IAED,IACE,KAAK,CAAC,YAAY;QAClB,mBAAmB,CAAC,KAAK,CAAC,YAAY,CAAC;QACvC,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EACvC,CAAC;QACD,KAAK,CAAC,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;IACtD,CAAC;AACH,CAAC"}

package/dist/vendor/seccomp-src/apply-seccomp.c

@@ -0,0 +1,98 @@
+/*
+ * apply-seccomp.c - Apply seccomp BPF filter and exec command
+ *
+ * Usage: apply-seccomp <filter.bpf> <command> [args...]
+ *
+ * This program reads a pre-compiled BPF filter from a file, applies it
+ * using prctl(PR_SET_SECCOMP), and then execs the specified command.
+ *
+ * The BPF filter must be in the format expected by SECCOMP_MODE_FILTER:
+ * - struct sock_fprog { unsigned short len; struct sock_filter *filter; }
+ * - Each filter instruction is 8 bytes (BPF instruction format)
+ *
+ * Compile: gcc -static -O2 -o apply-seccomp apply-seccomp.c
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/prctl.h>
+#include <linux/seccomp.h>
+#include <linux/filter.h>
+#include <errno.h>
+
+#ifndef PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS 38
+#endif
+
+#ifndef SECCOMP_MODE_FILTER
+#define SECCOMP_MODE_FILTER 2
+#endif
+
+#define MAX_FILTER_SIZE 4096  // Maximum BPF filter size in bytes
+
+int main(int argc, char *argv[], char *envp[]) {
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <filter.bpf> <command> [args...]\n", argv[0]);
+        return 1;
+    }
+
+    const char *filter_path = argv[1];
+    char **command_argv = &argv[2];
+
+    // Open and read BPF filter file
+    int fd = open(filter_path, O_RDONLY);
+    if (fd < 0) {
+        perror("Failed to open BPF filter file");
+        return 1;
+    }
+
+    // Read filter into memory
+    unsigned char filter_bytes[MAX_FILTER_SIZE];
+    ssize_t filter_size = read(fd, filter_bytes, MAX_FILTER_SIZE);
+    close(fd);
+
+    if (filter_size < 0) {
+        perror("Failed to read BPF filter");
+        return 1;
+    }
+    if (filter_size == 0) {
+        fprintf(stderr, "BPF filter file is empty\n");
+        return 1;
+    }
+    if (filter_size % 8 != 0) {
+        fprintf(stderr, "Invalid BPF filter size: %zd (must be multiple of 8)\n", filter_size);
+        return 1;
+    }
+
+    // Convert bytes to sock_filter instructions
+    unsigned short filter_len = filter_size / 8;
+    struct sock_filter *filter = (struct sock_filter *)filter_bytes;
+
+    // Set up sock_fprog structure
+    struct sock_fprog prog = {
+        .len = filter_len,
+        .filter = filter,
+    };
+
+    // Set NO_NEW_PRIVS to allow seccomp without CAP_SYS_ADMIN
+    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) {
+        perror("prctl(PR_SET_NO_NEW_PRIVS) failed");
+        return 1;
+    }
+
+    // Apply seccomp filter
+    if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) != 0) {
+        perror("prctl(PR_SET_SECCOMP) failed");
+        return 1;
+    }
+
+    // Exec the command with seccomp filter active
+    execvp(command_argv[0], command_argv);
+
+    // If we get here, exec failed
+    perror("execvp failed");
+    return 1;
+}

package/dist/vendor/seccomp-src/seccomp-unix-block.c

@@ -0,0 +1,97 @@
+/*
+ * Seccomp BPF filter generator to block Unix domain socket creation
+ *
+ * This program generates a seccomp-bpf filter that blocks the socket() syscall
+ * when called with AF_UNIX as the domain argument. This prevents creation of
+ * Unix domain sockets while allowing all other socket types (AF_INET, AF_INET6, etc.)
+ * and all other syscalls.
+ *
+ * The filter is exported in a format compatible with bubblewrap's --seccomp flag.
+ *
+ * SECURITY LIMITATION - 32-bit x86 (ia32):
+ * TODO: This filter does NOT block socketcall() syscall, which is a security issue
+ * on 32-bit x86 systems. On ia32, the socket() syscall doesn't exist - instead,
+ * all socket operations are multiplexed through socketcall():
+ *   - socketcall(SYS_SOCKET, [AF_UNIX, ...]) - can bypass this filter
+ *   - socketcall(SYS_SOCKETPAIR, [AF_UNIX, ...]) - can bypass this filter
+ *
+ * To fix this, we need to add conditional rules that:
+ * 1. Check if socketcall() exists on the current architecture (32-bit x86 only)
+ * 2. Block socketcall(SYS_SOCKET, ...) when first arg of sub-call is AF_UNIX
+ * 3. Block socketcall(SYS_SOCKETPAIR, ...) when first arg of sub-call is AF_UNIX
+ *
+ * This requires inspecting the arguments passed to socketcall, which is more
+ * complex BPF logic. For now, 32-bit x86 is not supported.
+ *
+ * Compilation:
+ *   gcc -o seccomp-unix-block seccomp-unix-block.c -lseccomp
+ *
+ * Usage:
+ *   ./seccomp-unix-block <output-file>
+ *
+ * Dependencies:
+ *   - libseccomp (libseccomp-dev package on Debian/Ubuntu)
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <seccomp.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+int main(int argc, char *argv[]) {
+    scmp_filter_ctx ctx;
+    int rc;
+
+    if (argc != 2) {
+        fprintf(stderr, "Usage: %s <output-file>\n", argv[0]);
+        return 1;
+    }
+
+    const char *output_file = argv[1];
+
+    /* Create seccomp context with default action ALLOW */
+    ctx = seccomp_init(SCMP_ACT_ALLOW);
+    if (ctx == NULL) {
+        fprintf(stderr, "Error: Failed to initialize seccomp context\n");
+        return 1;
+    }
+
+    /* Add rule to block socket(AF_UNIX, ...) */
+    /* socket() syscall signature: int socket(int domain, int type, int protocol) */
+    /* arg0 = domain (AF_UNIX = 1) */
+    rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(socket), 1,
+                          SCMP_A0(SCMP_CMP_EQ, AF_UNIX));
+    if (rc < 0) {
+        fprintf(stderr, "Error: Failed to add seccomp rule: %s\n", strerror(-rc));
+        seccomp_release(ctx);
+        return 1;
+    }
+
+    /* Export the filter to a file */
+    int fd = open(output_file, O_CREAT | O_WRONLY | O_TRUNC, 0600);
+    if (fd < 0) {
+        fprintf(stderr, "Error: Failed to open output file: %s\n", strerror(errno));
+        seccomp_release(ctx);
+        return 1;
+    }
+
+    rc = seccomp_export_bpf(ctx, fd);
+    if (rc < 0) {
+        fprintf(stderr, "Error: Failed to export seccomp filter: %s\n", strerror(-rc));
+        close(fd);
+        seccomp_release(ctx);
+        return 1;
+    }
+
+    /* Clean up */
+    close(fd);
+    seccomp_release(ctx);
+
+    return 0;
+}

package/package.json

@@ -0,0 +1,80 @@
+{
+  "name": "@voratiq/sandbox-runtime",
+  "version": "0.7.0-voratiq1",
+  "description": "(Voratiq-maintained fork of the) Anthropic Sandbox Runtime (ASRT) - A general-purpose tool for wrapping security boundaries around arbitrary processes",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "srt": "dist/cli.js"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "postbuild": "[ -d vendor ] && cp -r vendor dist/ || true",
+    "build:seccomp": "scripts/build-seccomp-binaries.sh",
+    "clean": "rm -rf dist",
+    "test": "bun test",
+    "test:unit": "bun test test/config-validation.test.ts test/sandbox/seccomp-filter.test.ts",
+    "test:integration": "bun test test/sandbox/integration.test.ts",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint 'src/**/*.ts' --fix --cache --cache-location=node_modules/.cache/.eslintcache",
+    "lint:check": "eslint 'src/**/*.ts' --cache --cache-location=node_modules/.cache/.eslintcache",
+    "format": "prettier --write 'src/**/*.ts' --cache --log-level warn",
+    "prepublishOnly": "npm run clean && npm run build"
+  },
+  "dependencies": {
+    "@pondwader/socks5-server": "^1.0.10",
+    "@types/lodash-es": "^4.17.12",
+    "commander": "^12.1.0",
+    "lodash-es": "^4.17.21",
+    "shell-quote": "^1.8.3",
+    "zod": "^3.24.1"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.14.0",
+    "@types/node": "^18",
+    "@types/shell-quote": "^1.7.5",
+    "eslint": "^9.14.0",
+    "eslint-config-prettier": "^8.10.0",
+    "eslint-import-resolver-typescript": "^3.6.3",
+    "eslint-plugin-import": "^2.31.0",
+    "eslint-plugin-n": "^17.16.2",
+    "eslint-plugin-prettier": "^5.1.3",
+    "globals": "^15.12.0",
+    "prettier": "3.3.3",
+    "typescript": "^5.6.3",
+    "typescript-eslint": "^8.13.0"
+  },
+  "files": [
+    "dist",
+    "vendor",
+    "CHANGELOG.md",
+    "README.md",
+    "LICENSE",
+    "NOTICE"
+  ],
+  "keywords": [
+    "sandbox",
+    "seatbelt",
+    "sandbox-exec",
+    "anthropic",
+    "claude",
+    "security",
+    "bubblewrap",
+    "network-filtering",
+    "filesystem-restrictions"
+  ],
+  "author": "Voratiq",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/voratiq/sandbox-runtime.git"
+  },
+  "bugs": {
+    "url": "https://github.com/voratiq/sandbox-runtime/issues"
+  },
+  "homepage": "https://github.com/voratiq/sandbox-runtime#readme"
+}

package/vendor/seccomp-src/apply-seccomp.c

@@ -0,0 +1,98 @@
+/*
+ * apply-seccomp.c - Apply seccomp BPF filter and exec command
+ *
+ * Usage: apply-seccomp <filter.bpf> <command> [args...]
+ *
+ * This program reads a pre-compiled BPF filter from a file, applies it
+ * using prctl(PR_SET_SECCOMP), and then execs the specified command.
+ *
+ * The BPF filter must be in the format expected by SECCOMP_MODE_FILTER:
+ * - struct sock_fprog { unsigned short len; struct sock_filter *filter; }
+ * - Each filter instruction is 8 bytes (BPF instruction format)
+ *
+ * Compile: gcc -static -O2 -o apply-seccomp apply-seccomp.c
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/prctl.h>
+#include <linux/seccomp.h>
+#include <linux/filter.h>
+#include <errno.h>
+
+#ifndef PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS 38
+#endif
+
+#ifndef SECCOMP_MODE_FILTER
+#define SECCOMP_MODE_FILTER 2
+#endif
+
+#define MAX_FILTER_SIZE 4096  // Maximum BPF filter size in bytes
+
+int main(int argc, char *argv[], char *envp[]) {
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <filter.bpf> <command> [args...]\n", argv[0]);
+        return 1;
+    }
+
+    const char *filter_path = argv[1];
+    char **command_argv = &argv[2];
+
+    // Open and read BPF filter file
+    int fd = open(filter_path, O_RDONLY);
+    if (fd < 0) {
+        perror("Failed to open BPF filter file");
+        return 1;
+    }
+
+    // Read filter into memory
+    unsigned char filter_bytes[MAX_FILTER_SIZE];
+    ssize_t filter_size = read(fd, filter_bytes, MAX_FILTER_SIZE);
+    close(fd);
+
+    if (filter_size < 0) {
+        perror("Failed to read BPF filter");
+        return 1;
+    }
+    if (filter_size == 0) {
+        fprintf(stderr, "BPF filter file is empty\n");
+        return 1;
+    }
+    if (filter_size % 8 != 0) {
+        fprintf(stderr, "Invalid BPF filter size: %zd (must be multiple of 8)\n", filter_size);
+        return 1;
+    }
+
+    // Convert bytes to sock_filter instructions
+    unsigned short filter_len = filter_size / 8;
+    struct sock_filter *filter = (struct sock_filter *)filter_bytes;
+
+    // Set up sock_fprog structure
+    struct sock_fprog prog = {
+        .len = filter_len,
+        .filter = filter,
+    };
+
+    // Set NO_NEW_PRIVS to allow seccomp without CAP_SYS_ADMIN
+    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) {
+        perror("prctl(PR_SET_NO_NEW_PRIVS) failed");
+        return 1;
+    }
+
+    // Apply seccomp filter
+    if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) != 0) {
+        perror("prctl(PR_SET_SECCOMP) failed");
+        return 1;
+    }
+
+    // Exec the command with seccomp filter active
+    execvp(command_argv[0], command_argv);
+
+    // If we get here, exec failed
+    perror("execvp failed");
+    return 1;
+}