@wavexzore/sandbox 0.1.0

package/dist/sandbox/core/write/pipeline.js

@@ -0,0 +1,229 @@
+import path from 'path';
+import { hostLspManager } from '../lsp/manager.js';
+import { decodeUtf8, encodeUtf8, joinBom, splitBom } from './bom.js';
+import { loadWriteToolConfig } from './config.js';
+import { createWriteDiff } from './diff.js';
+import { collectWriteDiagnostics } from './diagnostics.js';
+import { runConfiguredFormatter } from './formatter.js';
+import { requestEditPermission, setToolMetadata } from './permissions.js';
+import { readRegistry } from './read-tracker.js';
+function shellQuote(value) {
+    return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+function assertMappedWrite(input) {
+    if (input.allowUnmapped)
+        return;
+    if (input.paths.isMapped(input.inputPath) &&
+        input.paths.isMapped(input.hostPath) &&
+        input.paths.isMapped(input.containerPath))
+        return;
+    throw new Error(`File writes are restricted to the mapped project worktree. ` +
+        `Received ${input.inputPath}, resolved container path ${input.containerPath}.`);
+}
+async function readExistingFile(input) {
+    if (input.oldContentBuffer)
+        return { exists: true, buffer: input.oldContentBuffer };
+    try {
+        return { exists: true, buffer: await input.sandbox.fs.downloadFile(input.containerPath) };
+    }
+    catch {
+        return { exists: false, buffer: Buffer.from('') };
+    }
+}
+async function assertMappedContainerPathResolvesInsideRoot(input) {
+    const script = `
+root=${shellQuote(input.paths.repoPath)}
+target=${shellQuote(input.containerPath)}
+
+resolve_existing() {
+  if command -v readlink >/dev/null 2>&1; then
+    readlink -f "$1" 2>/dev/null && return 0
+  fi
+  if command -v realpath >/dev/null 2>&1; then
+    realpath "$1" 2>/dev/null && return 0
+  fi
+  if [ -d "$1" ]; then
+    (cd "$1" 2>/dev/null && pwd -P) && return 0
+  fi
+  printf '%s\\n' "$1"
+}
+
+root_resolved="$(resolve_existing "$root")"
+probe="$target"
+while [ "$probe" != "/" ] && [ ! -e "$probe" ]; do
+  probe="$(dirname "$probe")"
+done
+
+probe_resolved="$(resolve_existing "$probe")"
+case "$probe_resolved" in
+  "$root_resolved"|"$root_resolved"/*) exit 0 ;;
+  *)
+    printf 'Resolved container path escapes mapped worktree: %s -> %s (root %s)\\n' "$target" "$probe_resolved" "$root_resolved" >&2
+    exit 76
+    ;;
+esac
+`;
+    const result = await input.sandbox.process.executeCommand(script, input.paths.repoPath);
+    if (result.exitCode !== 0) {
+        throw new Error(`File writes are restricted to the mapped project worktree. ` +
+            `${result.stderr || result.stdout || `Resolved container path ${input.containerPath} escapes ${input.paths.repoPath}`}`);
+    }
+}
+function metadataDiagnostics(diagnostics) {
+    return {
+        current: diagnostics.current,
+        other: diagnostics.other,
+        unavailable: diagnostics.unavailable,
+    };
+}
+export async function sandboxWriteFile(input) {
+    const config = loadWriteToolConfig(input.worktree);
+    const containerPath = input.paths.toContainer(input.filePath);
+    const hostPath = input.paths.toHost(containerPath);
+    const relativePath = input.paths.toRelative(hostPath);
+    assertMappedWrite({
+        paths: input.paths,
+        inputPath: input.filePath,
+        hostPath,
+        containerPath,
+        allowUnmapped: config.allowUnmappedWrites,
+    });
+    if (!config.allowUnmappedWrites) {
+        await assertMappedContainerPathResolvesInsideRoot({
+            sandbox: input.sandbox,
+            paths: input.paths,
+            containerPath,
+        });
+    }
+    const existing = await readExistingFile({
+        sandbox: input.sandbox,
+        containerPath,
+        oldContentBuffer: input.oldContentBuffer,
+    });
+    const exists = input.oldExists ?? existing.exists;
+    if (input.requireFreshRead &&
+        exists &&
+        config.requireReadBeforeOverwrite &&
+        !readRegistry.hasFresh(input.sessionID, hostPath, existing.buffer)) {
+        throw new Error(`Existing file must be read before write. Use read first: ${relativePath}`);
+    }
+    const oldText = decodeUtf8(existing.buffer);
+    const old = splitBom(oldText);
+    const desired = splitBom(input.content);
+    const keepBom = exists ? old.bom : desired.bom;
+    const contentWithBom = joinBom(desired.text, keepBom);
+    const diff = createWriteDiff({
+        oldPath: input.diffOldPath ? input.paths.toRelative(input.diffOldPath) : relativePath,
+        newPath: relativePath,
+        oldContent: old.text,
+        newContent: desired.text,
+    });
+    if (!input.skipPermission) {
+        await requestEditPermission({ ctx: input.ctx, relativePath, hostPath, containerPath, diff });
+    }
+    await input.sandbox.fs.uploadFile(encodeUtf8(contentWithBom), containerPath);
+    const formatted = await runConfiguredFormatter({
+        sandbox: input.sandbox,
+        paths: input.paths,
+        worktree: input.worktree,
+        hostPath,
+        containerPath,
+        formatters: config.formatters,
+    });
+    let finalBuffer = await input.sandbox.fs.downloadFile(containerPath);
+    let finalContent = decodeUtf8(finalBuffer);
+    if (keepBom && !splitBom(finalContent).bom) {
+        finalContent = joinBom(finalContent, true);
+        await input.sandbox.fs.uploadFile(encodeUtf8(finalContent), containerPath);
+        finalBuffer = encodeUtf8(finalContent);
+    }
+    const diagnostics = await collectWriteDiagnostics({
+        sessionID: input.sessionID,
+        worktree: input.worktree,
+        paths: input.paths,
+        hostPath,
+        expectedContent: finalContent,
+    });
+    readRegistry.mark(input.sessionID, hostPath, finalBuffer);
+    if (input.setMetadata !== false) {
+        setToolMetadata({
+            ctx: input.ctx,
+            title: relativePath,
+            metadata: {
+                operation: input.operation,
+                diagnostics: metadataDiagnostics(diagnostics),
+                filepath: hostPath,
+                containerPath,
+                exists,
+                diff,
+                formatted,
+            },
+        });
+    }
+    return {
+        hostPath,
+        containerPath,
+        relativePath,
+        exists,
+        diff,
+        finalContent,
+        formatted,
+        diagnostics,
+    };
+}
+export async function sandboxDeleteFile(input) {
+    const config = loadWriteToolConfig(input.worktree);
+    const containerPath = input.paths.toContainer(input.filePath);
+    const hostPath = input.paths.toHost(containerPath);
+    const relativePath = input.paths.toRelative(hostPath);
+    assertMappedWrite({
+        paths: input.paths,
+        inputPath: input.filePath,
+        hostPath,
+        containerPath,
+        allowUnmapped: config.allowUnmappedWrites,
+    });
+    if (!config.allowUnmappedWrites) {
+        await assertMappedContainerPathResolvesInsideRoot({
+            sandbox: input.sandbox,
+            paths: input.paths,
+            containerPath,
+        });
+    }
+    let oldBuffer = Buffer.from('');
+    let exists = false;
+    try {
+        oldBuffer = await input.sandbox.fs.downloadFile(containerPath);
+        exists = true;
+    }
+    catch {
+        exists = false;
+    }
+    const oldText = splitBom(decodeUtf8(oldBuffer)).text;
+    const diff = createWriteDiff({ oldPath: relativePath, oldContent: oldText, newContent: '' });
+    if (!input.skipPermission) {
+        await requestEditPermission({ ctx: input.ctx, relativePath, hostPath, containerPath, diff });
+    }
+    await input.sandbox.process.executeCommand(`rm -f ${shellQuote(containerPath)}`, path.posix.dirname(containerPath));
+    readRegistry.forget(input.sessionID, hostPath);
+    if (input.paths.isMapped(hostPath)) {
+        await hostLspManager
+            .closeFile({ sessionID: input.sessionID, worktree: input.worktree, filePath: hostPath })
+            .catch(() => undefined);
+    }
+    if (input.setMetadata !== false) {
+        setToolMetadata({
+            ctx: input.ctx,
+            title: relativePath,
+            metadata: {
+                operation: 'delete',
+                filepath: hostPath,
+                containerPath,
+                exists,
+                diff,
+                deleted: true,
+            },
+        });
+    }
+    return { hostPath, containerPath, relativePath, exists, diff };
+}

package/dist/sandbox/core/write/read-tracker.d.ts

@@ -0,0 +1,13 @@
+export type TrackedRead = {
+    hash: string;
+    at: number;
+};
+declare class ReadRegistry {
+    private readonly reads;
+    mark(sessionID: string, filePath: string, content: Buffer | string): void;
+    hasFresh(sessionID: string, filePath: string, currentContent: Buffer | string): boolean;
+    forget(sessionID: string, filePath: string): void;
+    clearSession(sessionID: string): void;
+}
+export declare const readRegistry: ReadRegistry;
+export {};

package/dist/sandbox/core/write/read-tracker.js

@@ -0,0 +1,30 @@
+import { createHash } from 'crypto';
+import path from 'path';
+function hashContent(content) {
+    return createHash('sha256').update(content).digest('hex');
+}
+function normalizeHostPath(filePath) {
+    return path.resolve(filePath);
+}
+class ReadRegistry {
+    reads = new Map();
+    mark(sessionID, filePath, content) {
+        const normalized = normalizeHostPath(filePath);
+        const session = this.reads.get(sessionID) ?? new Map();
+        session.set(normalized, { hash: hashContent(content), at: Date.now() });
+        this.reads.set(sessionID, session);
+    }
+    hasFresh(sessionID, filePath, currentContent) {
+        const tracked = this.reads.get(sessionID)?.get(normalizeHostPath(filePath));
+        if (!tracked)
+            return false;
+        return tracked.hash === hashContent(currentContent);
+    }
+    forget(sessionID, filePath) {
+        this.reads.get(sessionID)?.delete(normalizeHostPath(filePath));
+    }
+    clearSession(sessionID) {
+        this.reads.delete(sessionID);
+    }
+}
+export const readRegistry = new ReadRegistry();

package/dist/sandbox/git/host-git-manager.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Copyright Daytona Platforms Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export declare class HostGitManager {
+    private operationQueue;
+    /** Cached OID of an empty commit used to reserve branch refs (branches must point at commits, not blobs). */
+    private emptyCommitOidCache;
+    /**
+     * Checks if a git repository exists in the current directory
+     * @returns true if a git repo exists, false otherwise
+     */
+    hasRepo(cwd?: string): boolean;
+    /**
+     * Allocates the next available opencode/N branch number by scanning local refs and
+     * reserving the chosen number by creating the ref immediately.
+     *
+     * This avoids relying on OpenCode's project ID and works even in repos with no commits.
+     */
+    allocateAndReserveBranchNumber(cwd: string, prefix?: string): number;
+    private refExists;
+    /**
+     * Returns a commit OID that branch refs can point at. Uses HEAD if the repo has commits,
+     * otherwise creates and caches an empty commit (empty tree + commit). Branch refs must
+     * point at commits, not blobs.
+     */
+    private getOrCreateEmptyCommitOid;
+    /**
+     * Pushes local changes to the sandbox remote.
+     * @param remoteName Numbered remote (e.g. sandbox-2) matching opencode/N.
+     * @param sshUrl The SSH URL of the sandbox remote.
+     * @param branch The branch to push to.
+     * @param cwd Worktree path to run git in.
+     * @returns true if push was successful, false if no repo exists
+     */
+    pushLocalToSandboxRemote(remoteName: string, sshUrl: string, branch: string, cwd: string): Promise<boolean>;
+    private setRemote;
+    pull(remoteName: string, sshUrl: string, branch: string, cwd: string, localBranch?: string): Promise<void>;
+    push(remoteName: string, sshUrl: string, branch: string, cwd: string): Promise<void>;
+}

package/dist/sandbox/git/host-git-manager.js

@@ -0,0 +1,278 @@
+/**
+ * Copyright Daytona Platforms Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { logger } from '../core/logger.js';
+import { execSync, spawnSync } from 'child_process';
+function execCommand(cmd, options = {}) {
+    try {
+        const stdout = execSync(cmd, {
+            stdio: ['ignore', 'pipe', 'pipe'],
+            encoding: 'utf8',
+            ...options,
+        });
+        return { ok: true, stdout: stdout ?? '', stderr: '', status: 0 };
+    }
+    catch (err) {
+        const stdout = err?.stdout?.toString?.() ?? '';
+        const stderr = err?.stderr?.toString?.() ?? err?.message ?? String(err);
+        const status = typeof err?.status === 'number' ? err.status : null;
+        return { ok: false, stdout, stderr, status };
+    }
+}
+export class HostGitManager {
+    // No constructor needed; use global logger
+    operationQueue = Promise.resolve();
+    /** Cached OID of an empty commit used to reserve branch refs (branches must point at commits, not blobs). */
+    emptyCommitOidCache = new Map();
+    /**
+     * Checks if a git repository exists in the current directory
+     * @returns true if a git repo exists, false otherwise
+     */
+    hasRepo(cwd) {
+        return execCommand('git rev-parse --is-inside-work-tree', cwd ? { cwd } : {}).ok;
+    }
+    /**
+     * Allocates the next available opencode/N branch number by scanning local refs and
+     * reserving the chosen number by creating the ref immediately.
+     *
+     * This avoids relying on OpenCode's project ID and works even in repos with no commits.
+     */
+    allocateAndReserveBranchNumber(cwd, prefix = 'opencode') {
+        const start = Date.now();
+        if (!this.hasRepo(cwd)) {
+            throw new Error('No local git repository found.');
+        }
+        const base = `refs/heads/${prefix}/`;
+        const listRes = execCommand(`git for-each-ref --format='%(refname:strip=3)' ${base}`, { cwd });
+        if (!listRes.ok)
+            throw new Error(listRes.stderr);
+        const list = listRes.stdout.trim();
+        const nums = list.length === 0
+            ? []
+            : list
+                .split('\n')
+                .map((s) => s.trim())
+                .filter(Boolean)
+                .map((s) => Number.parseInt(s, 10))
+                .filter((n) => Number.isFinite(n) && n > 0);
+        let n = (nums.length ? Math.max(...nums) : 0) + 1;
+        const maxAttempts = 50; // Circuit-breaker
+        let attempts = 0;
+        while (n < 1_000_000 && attempts < maxAttempts) {
+            attempts++;
+            const ref = `${base}${n}`;
+            if (this.refExists(cwd, ref)) {
+                n++;
+                continue;
+            }
+            const oid = this.getOrCreateEmptyCommitOid(cwd);
+            const result = execCommand(`git update-ref "${ref}" "${oid}"`, { cwd });
+            if (result.ok) {
+                logger.info(`[branch-alloc] reserved ${prefix}/${n} in ${Date.now() - start}ms`);
+                return n;
+            }
+            else {
+                // If we raced or hit an edge case, try the next number.
+                n++;
+            }
+        }
+        const oid = this.getOrCreateEmptyCommitOid(cwd);
+        const last = execCommand(`git update-ref "${base}${n}" "${oid}"`, { cwd });
+        throw new Error(`Failed to allocate branch number after ${attempts} attempts. Last error: ${last.stderr}`);
+    }
+    refExists(cwd, ref) {
+        return execCommand(`git show-ref --verify --quiet "${ref}"`, { cwd }).ok;
+    }
+    /**
+     * Returns a commit OID that branch refs can point at. Uses HEAD if the repo has commits,
+     * otherwise creates and caches an empty commit (empty tree + commit). Branch refs must
+     * point at commits, not blobs.
+     */
+    getOrCreateEmptyCommitOid(cwd) {
+        const cached = this.emptyCommitOidCache.get(cwd);
+        if (cached)
+            return cached;
+        const headRes = execCommand('git rev-parse HEAD', { cwd });
+        const head = headRes.ok ? headRes.stdout.trim() : '';
+        if (head) {
+            this.emptyCommitOidCache.set(cwd, head);
+            return head;
+        }
+        // Create an empty tree (idempotent) then a commit pointing at it.
+        // Branch refs must point at commits, so we can't reserve with a blob.
+        const treeResult = spawnSync('git', ['hash-object', '-t', 'tree', '-w', '--stdin'], {
+            // Empty stdin => empty tree
+            input: '',
+            cwd,
+            encoding: 'utf8',
+        });
+        const treeOid = treeResult.stdout?.trim();
+        if (treeResult.status !== 0 || !treeOid) {
+            const errorMsg = treeResult.stderr?.toString() || treeResult.error?.message || String(treeResult.error || 'unknown');
+            throw new Error(`Failed to create empty tree: ${errorMsg}`);
+        }
+        // Provide a default identity for reservation commits when repo has no user.name/user.email (e.g. CI).
+        const reservationCommitName = 'OpenCode Plugin';
+        const reservationCommitEmail = 'opencode@sandbox.local';
+        const reservationCommitMessage = 'OpenCode reservation';
+        const commitEnv = {
+            ...process.env,
+            GIT_AUTHOR_NAME: reservationCommitName,
+            GIT_AUTHOR_EMAIL: reservationCommitEmail,
+            GIT_COMMITTER_NAME: reservationCommitName,
+            GIT_COMMITTER_EMAIL: reservationCommitEmail,
+        };
+        // Create the commit
+        const commitRes = execCommand(`git commit-tree ${treeOid} -m "${reservationCommitMessage}"`, {
+            cwd,
+            env: commitEnv,
+        });
+        if (!commitRes.ok)
+            throw new Error(`Failed to create empty commit: ${commitRes.stderr}`);
+        const commitOid = commitRes.stdout.trim();
+        this.emptyCommitOidCache.set(cwd, commitOid);
+        return commitOid;
+    }
+    /**
+     * Pushes local changes to the sandbox remote.
+     * @param remoteName Numbered remote (e.g. sandbox-2) matching opencode/N.
+     * @param sshUrl The SSH URL of the sandbox remote.
+     * @param branch The branch to push to.
+     * @param cwd Worktree path to run git in.
+     * @returns true if push was successful, false if no repo exists
+     */
+    async pushLocalToSandboxRemote(remoteName, sshUrl, branch, cwd) {
+        if (!this.hasRepo(cwd)) {
+            logger.warn('No local git repository found. Skipping push to sandbox.');
+            return false;
+        }
+        try {
+            logger.info(`Pushing to ${remoteName} (${sshUrl}) on branch ${branch}`);
+            const operation = this.operationQueue.then(async () => {
+                const statusRes = execCommand('git status --porcelain', { cwd });
+                if (!statusRes.ok) {
+                    throw new Error(statusRes.stderr);
+                }
+                if (statusRes.stdout.trim().length > 0) {
+                    logger.warn('Local repository has uncommitted changes; pushing HEAD only (no auto-commit).');
+                }
+                this.setRemote(remoteName, sshUrl, cwd);
+                let attempts = 0;
+                while (attempts < 3) {
+                    try {
+                        const pushRes = execCommand(`git push ${remoteName} HEAD:${branch}`, { cwd });
+                        if (!pushRes.ok)
+                            throw new Error(pushRes.stderr);
+                        logger.info(`✓ Pushed local changes to ${remoteName}`);
+                        return;
+                    }
+                    catch (e) {
+                        attempts++;
+                        if (attempts >= 3) {
+                            logger.error(`Error pushing to ${remoteName} after 3 attempts: ${e}`);
+                        }
+                        else {
+                            logger.warn(`Push attempt ${attempts} failed, retrying...`);
+                        }
+                    }
+                }
+            });
+            this.operationQueue = operation;
+            await operation;
+            return true;
+        }
+        catch (e) {
+            logger.error(`Error pushing to sandbox: ${e}`);
+            return false;
+        }
+    }
+    setRemote(remoteName, sshUrl, cwd) {
+        try {
+            // remove existing remote if it exists
+            execCommand(`git remote remove ${remoteName}`, { cwd });
+            execCommand(`git remote add ${remoteName} ${sshUrl}`, { cwd });
+        }
+        catch (e) {
+            logger.warn(`Could not set sandbox remote: ${e}`);
+        }
+    }
+    async pull(remoteName, sshUrl, branch, cwd, localBranch) {
+        const operation = this.operationQueue.then(async () => {
+            this.setRemote(remoteName, sshUrl, cwd);
+            let attempts = 0;
+            let lastError = undefined;
+            // The first pull attempt sometimes fails. I'm not sure what the cause is.
+            while (attempts < 3) {
+                try {
+                    if (localBranch) {
+                        // Fetch into FETCH_HEAD only (never into refs/heads) so we don't hit
+                        // "refusing to fetch into branch checked out" when this branch is checked out.
+                        const fetchRes = execCommand(`git fetch ${remoteName} ${branch}`, { cwd });
+                        if (!fetchRes.ok)
+                            throw new Error(fetchRes.stderr);
+                        const updateRefRes = execCommand(`git update-ref refs/heads/${localBranch} FETCH_HEAD`, { cwd });
+                        if (!updateRefRes.ok)
+                            throw new Error(updateRefRes.stderr);
+                        // Only reset working directory if we're currently on this branch
+                        const currentBranchRes = execCommand(`git rev-parse --abbrev-ref HEAD`, { cwd });
+                        const currentBranch = currentBranchRes.ok ? currentBranchRes.stdout.trim() : '';
+                        if (currentBranch === localBranch) {
+                            const resetRes = execCommand(`git reset --hard refs/heads/${localBranch}`, { cwd });
+                            if (!resetRes.ok)
+                                throw new Error(resetRes.stderr);
+                        }
+                        logger.info(`✓ Force pulled latest changes from sandbox into ${localBranch}`);
+                    }
+                    else {
+                        const pullRes = execCommand(`git pull ${remoteName} ${branch}`, { cwd });
+                        if (!pullRes.ok)
+                            throw new Error(pullRes.stderr);
+                        logger.info('✓ Pulled latest changes from sandbox');
+                    }
+                    return;
+                }
+                catch (e) {
+                    lastError = e;
+                    attempts++;
+                    if (attempts >= 3) {
+                        logger.error(`Error pulling from sandbox after 3 attempts: ${e}`);
+                    }
+                    else {
+                        logger.warn(`Pull attempt ${attempts} failed, retrying...`);
+                    }
+                }
+            }
+            // If we got here, all attempts failed.
+            throw lastError ?? new Error('Pull failed after 3 attempts');
+        });
+        this.operationQueue = operation;
+        await operation;
+    }
+    async push(remoteName, sshUrl, branch, cwd) {
+        const operation = this.operationQueue.then(async () => {
+            this.setRemote(remoteName, sshUrl, cwd);
+            let attempts = 0;
+            while (attempts < 3) {
+                try {
+                    const pushRes = execCommand(`git push ${remoteName} HEAD:${branch}`, { cwd });
+                    if (!pushRes.ok)
+                        throw new Error(pushRes.stderr);
+                    logger.info('✓ Pushed changes to sandbox');
+                    return;
+                }
+                catch (e) {
+                    attempts++;
+                    if (attempts >= 3) {
+                        logger.error(`Error pushing to sandbox after 3 attempts: ${e}`);
+                    }
+                    else {
+                        logger.warn(`Push attempt ${attempts} failed, retrying...`);
+                    }
+                }
+            }
+        });
+        this.operationQueue = operation;
+        await operation;
+    }
+}

package/dist/sandbox/git/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Copyright Daytona Platforms Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export { SessionGitManager } from './session-git-manager.js';

package/dist/sandbox/git/index.js

@@ -0,0 +1,5 @@
+/**
+ * Copyright Daytona Platforms Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export { SessionGitManager } from './session-git-manager.js';

package/dist/sandbox/git/sandbox-git-manager.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Copyright Daytona Platforms Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { Sandbox } from '../core/types.js';
+export declare class LocalSandboxGitManager {
+    private readonly sandbox;
+    private readonly repoPath;
+    constructor(sandbox: Sandbox, repoPath: string);
+    ensureDirectory(): Promise<void>;
+    ensureRepo(): Promise<void>;
+    autoCommit(): Promise<boolean>;
+    resetToRemote(branch: string): Promise<void>;
+}

package/dist/sandbox/git/sandbox-git-manager.js

@@ -0,0 +1,54 @@
+/**
+ * Copyright Daytona Platforms Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { logger } from '../core/logger.js';
+export class LocalSandboxGitManager {
+    sandbox;
+    repoPath;
+    constructor(sandbox, repoPath) {
+        this.sandbox = sandbox;
+        this.repoPath = repoPath;
+    }
+    async ensureDirectory() {
+        await this.sandbox.fs.createFolder(this.repoPath, '755');
+    }
+    async ensureRepo() {
+        await this.ensureDirectory();
+        const isGit = await this.sandbox.process.executeCommand('git rev-parse --is-inside-work-tree', this.repoPath);
+        if (!isGit || isGit.result.trim() !== 'true') {
+            await this.sandbox.process.executeCommand('git init', this.repoPath);
+            await this.sandbox.process.executeCommand('git config user.email "sandbox@opencode.local"', this.repoPath);
+            await this.sandbox.process.executeCommand('git config user.name "OpenCode Sandbox"', this.repoPath);
+            logger.info(`Initialized git repo in sandbox at ${this.repoPath}`);
+        }
+    }
+    async autoCommit() {
+        try {
+            const statusResult = await this.sandbox.process.executeCommand('git status --porcelain', this.repoPath);
+            if (!statusResult.result.trim()) {
+                logger.info(`No changes to commit in sandbox at ${this.repoPath}`);
+                return false;
+            }
+            await this.sandbox.process.executeCommand('git add .', this.repoPath);
+            await this.sandbox.process.executeCommand('git commit -am "Auto-commit from OpenCode sandbox"', this.repoPath);
+            logger.info(`Auto-committed changes in sandbox at ${this.repoPath}`);
+            return true;
+        }
+        catch (err) {
+            logger.error(`Failed to auto-commit in sandbox at ${this.repoPath}: ${err}`);
+            return false;
+        }
+    }
+    async resetToRemote(branch) {
+        try {
+            await this.sandbox.process.executeCommand(`git checkout -B ${branch}`, this.repoPath);
+            await this.sandbox.process.executeCommand('git reset --hard', this.repoPath);
+            await this.sandbox.process.executeCommand('git clean -fd', this.repoPath);
+            logger.info('Reset sandbox worktree.');
+        }
+        catch (err) {
+            logger.error(`Failed to reset sandbox worktree: ${err}`);
+        }
+    }
+}