npm - @within-7/minto - Versions diffs - 0.1.6 → 0.2.0 - Mend

@within-7/minto 0.1.6 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (487) hide show

package/cli.js +155 -37
package/dist/Tool.js +38 -0
package/dist/Tool.js.map +3 -3
package/dist/commands/agents/AgentsCommand.js +52 -26
package/dist/commands/agents/AgentsCommand.js.map +2 -2
package/dist/commands/agents/constants.js +1 -1
package/dist/commands/agents/constants.js.map +1 -1
package/dist/commands/agents/index.js +1 -1
package/dist/commands/bug.js +74 -7
package/dist/commands/bug.js.map +3 -3
package/dist/commands/clear.js +3 -0
package/dist/commands/clear.js.map +2 -2
package/dist/commands/compact.js +37 -0
package/dist/commands/compact.js.map +2 -2
package/dist/commands/context.js +84 -0
package/dist/commands/context.js.map +7 -0
package/dist/commands/ctx_viz.js +18 -10
package/dist/commands/ctx_viz.js.map +2 -2
package/dist/commands/doctor.js +158 -12
package/dist/commands/doctor.js.map +2 -2
package/dist/commands/export.js +156 -0
package/dist/commands/export.js.map +7 -0
package/dist/commands/mcp-interactive.js +21 -12
package/dist/commands/mcp-interactive.js.map +2 -2
package/dist/commands/model.js +6 -5
package/dist/commands/model.js.map +2 -2
package/dist/commands/permissions.js +86 -0
package/dist/commands/permissions.js.map +7 -0
package/dist/commands/quit.js +3 -1
package/dist/commands/quit.js.map +2 -2
package/dist/commands/sandbox.js +104 -0
package/dist/commands/sandbox.js.map +7 -0
package/dist/commands/status.js +58 -0
package/dist/commands/status.js.map +7 -0
package/dist/commands/tasks.js +108 -0
package/dist/commands/tasks.js.map +7 -0
package/dist/commands/todos.js +123 -0
package/dist/commands/todos.js.map +7 -0
package/dist/commands.js +20 -2
package/dist/commands.js.map +2 -2
package/dist/components/AgentThinkingBlock.js +10 -18
package/dist/components/AgentThinkingBlock.js.map +2 -2
package/dist/components/BackgroundTasksPanel.js +78 -29
package/dist/components/BackgroundTasksPanel.js.map +2 -2
package/dist/components/BashStreamingProgress.js +24 -0
package/dist/components/BashStreamingProgress.js.map +7 -0
package/dist/components/CollapsibleHint.js +14 -0
package/dist/components/CollapsibleHint.js.map +7 -0
package/dist/components/FileEditToolUpdatedMessage.js +1 -1
package/dist/components/FileEditToolUpdatedMessage.js.map +2 -2
package/dist/components/HotkeyHelpPanel.js +137 -0
package/dist/components/HotkeyHelpPanel.js.map +7 -0
package/dist/components/Logo.js +5 -5
package/dist/components/Logo.js.map +2 -2
package/dist/components/Message.js +23 -7
package/dist/components/Message.js.map +3 -3
package/dist/components/ModelConfig.js +16 -3
package/dist/components/ModelConfig.js.map +2 -2
package/dist/components/ModelListManager.js +3 -3
package/dist/components/ModelListManager.js.map +2 -2
package/dist/components/ModelSelector/ModelSelector.js +1 -1
package/dist/components/Onboarding.js +19 -14
package/dist/components/Onboarding.js.map +2 -2
package/dist/components/ProgressBar.js +74 -0
package/dist/components/ProgressBar.js.map +7 -0
package/dist/components/PromptInput.js +156 -46
package/dist/components/PromptInput.js.map +2 -2
package/dist/components/RequestStatusIndicator.js +194 -0
package/dist/components/RequestStatusIndicator.js.map +7 -0
package/dist/components/Spinner.js +92 -27
package/dist/components/Spinner.js.map +2 -2
package/dist/components/SpinnerSymbol.js +21 -27
package/dist/components/SpinnerSymbol.js.map +2 -2
package/dist/components/StreamingBashOutput.js +9 -8
package/dist/components/StreamingBashOutput.js.map +2 -2
package/dist/components/SubagentBlock.js +1 -1
package/dist/components/SubagentBlock.js.map +1 -1
package/dist/components/SubagentProgress.js +10 -11
package/dist/components/SubagentProgress.js.map +2 -2
package/dist/components/TaskCard.js +16 -13
package/dist/components/TaskCard.js.map +2 -2
package/dist/components/TodoChangeBlock.js +1 -1
package/dist/components/TodoChangeBlock.js.map +2 -2
package/dist/components/TodoPanel.js +120 -29
package/dist/components/TodoPanel.js.map +3 -3
package/dist/components/TokenCounter.js +74 -0
package/dist/components/TokenCounter.js.map +7 -0
package/dist/components/TokenWarning.js +2 -1
package/dist/components/TokenWarning.js.map +2 -2
package/dist/components/TreeConnector.js +25 -0
package/dist/components/TreeConnector.js.map +7 -0
package/dist/components/TurnCompletionIndicator.js +18 -0
package/dist/components/TurnCompletionIndicator.js.map +7 -0
package/dist/components/messages/AssistantTextMessage.js +5 -2
package/dist/components/messages/AssistantTextMessage.js.map +2 -2
package/dist/components/messages/AssistantThinkingMessage.js +18 -3
package/dist/components/messages/AssistantThinkingMessage.js.map +2 -2
package/dist/components/messages/AssistantToolUseMessage.js +11 -8
package/dist/components/messages/AssistantToolUseMessage.js.map +2 -2
package/dist/components/messages/GroupRenderer.js +53 -0
package/dist/components/messages/GroupRenderer.js.map +7 -0
package/dist/components/messages/NestedTasksPreview.js +12 -0
package/dist/components/messages/NestedTasksPreview.js.map +7 -0
package/dist/components/messages/ParallelTasksGroupView.js +92 -0
package/dist/components/messages/ParallelTasksGroupView.js.map +7 -0
package/dist/components/messages/TaskInModuleView.js +198 -0
package/dist/components/messages/TaskInModuleView.js.map +7 -0
package/dist/components/messages/TaskOutputContent.js +53 -0
package/dist/components/messages/TaskOutputContent.js.map +7 -0
package/dist/components/messages/UserPromptMessage.js +1 -1
package/dist/components/messages/UserPromptMessage.js.map +2 -2
package/dist/components/messages/UserToolResultMessage/UserToolSuccessMessage.js +2 -3
package/dist/components/messages/UserToolResultMessage/UserToolSuccessMessage.js.map +2 -2
package/dist/components/permissions/FallbackPermissionRequest.js +4 -4
package/dist/components/permissions/FallbackPermissionRequest.js.map +2 -2
package/dist/components/permissions/FilesystemPermissionRequest/FilesystemPermissionRequest.js +4 -4
package/dist/components/permissions/FilesystemPermissionRequest/FilesystemPermissionRequest.js.map +2 -2
package/dist/constants/colors.js +48 -0
package/dist/constants/colors.js.map +2 -2
package/dist/constants/formatRules.js +102 -0
package/dist/constants/formatRules.js.map +7 -0
package/dist/constants/prompts.js +12 -34
package/dist/constants/prompts.js.map +2 -2
package/dist/constants/symbols.js +64 -6
package/dist/constants/symbols.js.map +2 -2
package/dist/constants/timing.js +5 -0
package/dist/constants/timing.js.map +2 -2
package/dist/core/config/defaults.js +84 -0
package/dist/core/config/defaults.js.map +7 -0
package/dist/core/config/index.js +111 -0
package/dist/core/config/index.js.map +7 -0
package/dist/core/config/loader.js +221 -0
package/dist/core/config/loader.js.map +7 -0
package/dist/core/config/migrations.js +128 -0
package/dist/core/config/migrations.js.map +7 -0
package/dist/core/config/schema.js +178 -0
package/dist/core/config/schema.js.map +7 -0
package/dist/core/costTracker.js +138 -0
package/dist/core/costTracker.js.map +7 -0
package/dist/core/index.js +5 -0
package/dist/core/index.js.map +7 -0
package/dist/core/permissions/auditLog.js +204 -0
package/dist/core/permissions/auditLog.js.map +7 -0
package/dist/core/permissions/engine/index.js +3 -0
package/dist/core/permissions/engine/index.js.map +7 -0
package/dist/core/permissions/engine/permissionEngine.js +106 -0
package/dist/core/permissions/engine/permissionEngine.js.map +7 -0
package/dist/core/permissions/engine/types.js +1 -0
package/dist/core/permissions/engine/types.js.map +7 -0
package/dist/core/permissions/index.js +84 -0
package/dist/core/permissions/index.js.map +7 -0
package/dist/core/permissions/ruleEngine.js +259 -0
package/dist/core/permissions/ruleEngine.js.map +7 -0
package/dist/core/permissions/rules/allowedToolsRule.js +62 -0
package/dist/core/permissions/rules/allowedToolsRule.js.map +7 -0
package/dist/core/permissions/rules/autoEscalationRule.js +291 -0
package/dist/core/permissions/rules/autoEscalationRule.js.map +7 -0
package/dist/core/permissions/rules/index.js +46 -0
package/dist/core/permissions/rules/index.js.map +7 -0
package/dist/core/permissions/rules/planModeRule.js +55 -0
package/dist/core/permissions/rules/planModeRule.js.map +7 -0
package/dist/core/permissions/rules/projectBoundaryRule.js +168 -0
package/dist/core/permissions/rules/projectBoundaryRule.js.map +7 -0
package/dist/core/permissions/rules/safeModeRule.js +65 -0
package/dist/core/permissions/rules/safeModeRule.js.map +7 -0
package/dist/core/permissions/rules/sensitivePathsRule.js +340 -0
package/dist/core/permissions/rules/sensitivePathsRule.js.map +7 -0
package/dist/core/permissions/types.js +127 -0
package/dist/core/permissions/types.js.map +7 -0
package/dist/core/tools/executor.js +143 -0
package/dist/core/tools/executor.js.map +7 -0
package/dist/core/tools/index.js +15 -0
package/dist/core/tools/index.js.map +7 -0
package/dist/core/tools/registry.js +183 -0
package/dist/core/tools/registry.js.map +7 -0
package/dist/core/tools/types.js +1 -0
package/dist/core/tools/types.js.map +7 -0
package/dist/cost-tracker.js +23 -15
package/dist/cost-tracker.js.map +2 -2
package/dist/entrypoints/cli.js +43 -43
package/dist/entrypoints/cli.js.map +2 -2
package/dist/entrypoints/mcp.js +12 -4
package/dist/entrypoints/mcp.js.map +2 -2
package/dist/history.js +14 -3
package/dist/history.js.map +2 -2
package/dist/hooks/useAgentTranscripts.js +116 -0
package/dist/hooks/useAgentTranscripts.js.map +7 -0
package/dist/hooks/useAnimationSync.js +53 -0
package/dist/hooks/useAnimationSync.js.map +7 -0
package/dist/hooks/useArrowKeyHistory.js +4 -2
package/dist/hooks/useArrowKeyHistory.js.map +2 -2
package/dist/hooks/useCanUseTool.js +3 -1
package/dist/hooks/useCanUseTool.js.map +2 -2
package/dist/hooks/useCancelRequest.js +4 -1
package/dist/hooks/useCancelRequest.js.map +2 -2
package/dist/hooks/useExitOnCtrlCD.js +9 -5
package/dist/hooks/useExitOnCtrlCD.js.map +2 -2
package/dist/hooks/useHookStatus.js +40 -0
package/dist/hooks/useHookStatus.js.map +7 -0
package/dist/hooks/useLogMessages.js +17 -1
package/dist/hooks/useLogMessages.js.map +2 -2
package/dist/hooks/useMessageGroups.js +43 -0
package/dist/hooks/useMessageGroups.js.map +7 -0
package/dist/hooks/useTerminalSize.js +62 -6
package/dist/hooks/useTerminalSize.js.map +2 -2
package/dist/hooks/useUnifiedCompletion.js +69 -0
package/dist/hooks/useUnifiedCompletion.js.map +2 -2
package/dist/i18n/index.js +109 -0
package/dist/i18n/index.js.map +7 -0
package/dist/i18n/locales/en.js +347 -0
package/dist/i18n/locales/en.js.map +7 -0
package/dist/i18n/locales/index.js +7 -0
package/dist/i18n/locales/index.js.map +7 -0
package/dist/i18n/locales/zh-CN.js +347 -0
package/dist/i18n/locales/zh-CN.js.map +7 -0
package/dist/i18n/types.js +8 -0
package/dist/i18n/types.js.map +7 -0
package/dist/query.js +175 -17
package/dist/query.js.map +3 -3
package/dist/screens/REPL.js +501 -192
package/dist/screens/REPL.js.map +3 -3
package/dist/services/adapters/chatCompletions.js +3 -1
package/dist/services/adapters/chatCompletions.js.map +2 -2
package/dist/services/adapters/messageNormalizer.js +354 -0
package/dist/services/adapters/messageNormalizer.js.map +7 -0
package/dist/services/adapters/responsesAPI.js +6 -3
package/dist/services/adapters/responsesAPI.js.map +2 -2
package/dist/services/checkpointManager.js +386 -0
package/dist/services/checkpointManager.js.map +7 -0
package/dist/services/claude.js +138 -11
package/dist/services/claude.js.map +3 -3
package/dist/services/compressionService.js +50 -1
package/dist/services/compressionService.js.map +2 -2
package/dist/services/contextMonitor.js +162 -0
package/dist/services/contextMonitor.js.map +7 -0
package/dist/services/customCommands.js +60 -41
package/dist/services/customCommands.js.map +2 -2
package/dist/services/hookExecutor.js +173 -1
package/dist/services/hookExecutor.js.map +2 -2
package/dist/services/intelligentCompactor.js +281 -0
package/dist/services/intelligentCompactor.js.map +7 -0
package/dist/services/lspConfig.js +109 -0
package/dist/services/lspConfig.js.map +7 -0
package/dist/services/mcpClient.js +273 -34
package/dist/services/mcpClient.js.map +2 -2
package/dist/services/modelOrchestrator.js +310 -0
package/dist/services/modelOrchestrator.js.map +7 -0
package/dist/services/openai.js +8 -1
package/dist/services/openai.js.map +2 -2
package/dist/services/outputStyles.js +138 -0
package/dist/services/outputStyles.js.map +7 -0
package/dist/services/plugins/index.js +5 -0
package/dist/services/plugins/index.js.map +7 -0
package/dist/services/plugins/lspServers.js +188 -0
package/dist/services/plugins/lspServers.js.map +7 -0
package/dist/services/plugins/pluginRuntime.js +229 -0
package/dist/services/plugins/pluginRuntime.js.map +7 -0
package/dist/services/plugins/pluginValidation.js +219 -0
package/dist/services/plugins/pluginValidation.js.map +7 -0
package/dist/services/plugins/skillMarketplace.js +556 -0
package/dist/services/plugins/skillMarketplace.js.map +7 -0
package/dist/services/responseStateManager.js +37 -3
package/dist/services/responseStateManager.js.map +2 -2
package/dist/services/sandbox/filesystemBoundary.js +300 -0
package/dist/services/sandbox/filesystemBoundary.js.map +7 -0
package/dist/services/sandbox/index.js +14 -0
package/dist/services/sandbox/index.js.map +7 -0
package/dist/services/sandbox/networkProxy.js +293 -0
package/dist/services/sandbox/networkProxy.js.map +7 -0
package/dist/services/sandbox/sandboxController.js +574 -0
package/dist/services/sandbox/sandboxController.js.map +7 -0
package/dist/services/sandbox/types.js +50 -0
package/dist/services/sandbox/types.js.map +7 -0
package/dist/services/sessionMemory.js +266 -0
package/dist/services/sessionMemory.js.map +7 -0
package/dist/services/taskRouter.js +324 -0
package/dist/services/taskRouter.js.map +7 -0
package/dist/tools/ArchitectTool/ArchitectTool.js +10 -3
package/dist/tools/ArchitectTool/ArchitectTool.js.map +2 -2
package/dist/tools/AskExpertModelTool/AskExpertModelTool.js +3 -0
package/dist/tools/AskExpertModelTool/AskExpertModelTool.js.map +2 -2
package/dist/tools/AskUserQuestionTool/AskUserQuestionTool.js +8 -1
package/dist/tools/AskUserQuestionTool/AskUserQuestionTool.js.map +2 -2
package/dist/tools/BaseTool.js +72 -0
package/dist/tools/BaseTool.js.map +7 -0
package/dist/tools/BashOutputTool/BashOutputToolResultMessage.js +3 -0
package/dist/tools/BashOutputTool/BashOutputToolResultMessage.js.map +2 -2
package/dist/tools/BashTool/BashTool.js +60 -3
package/dist/tools/BashTool/BashTool.js.map +2 -2
package/dist/tools/BashTool/BashToolResultMessage.js +3 -0
package/dist/tools/BashTool/BashToolResultMessage.js.map +2 -2
package/dist/tools/BashTool/OutputLine.js +54 -0
package/dist/tools/BashTool/OutputLine.js.map +2 -2
package/dist/tools/BashTool/prompt.js +192 -3
package/dist/tools/BashTool/prompt.js.map +2 -2
package/dist/tools/FileEditTool/FileEditTool.js +29 -4
package/dist/tools/FileEditTool/FileEditTool.js.map +2 -2
package/dist/tools/FileReadTool/FileReadTool.js +23 -4
package/dist/tools/FileReadTool/FileReadTool.js.map +2 -2
package/dist/tools/FileWriteTool/FileWriteTool.js +5 -5
package/dist/tools/FileWriteTool/FileWriteTool.js.map +2 -2
package/dist/tools/GlobTool/GlobTool.js +14 -3
package/dist/tools/GlobTool/GlobTool.js.map +2 -2
package/dist/tools/GrepTool/GrepTool.js +41 -7
package/dist/tools/GrepTool/GrepTool.js.map +2 -2
package/dist/tools/KillShellTool/KillShellToolResultMessage.js +3 -0
package/dist/tools/KillShellTool/KillShellToolResultMessage.js.map +2 -2
package/dist/tools/ListMcpResourcesTool/ListMcpResourcesTool.js +109 -0
package/dist/tools/ListMcpResourcesTool/ListMcpResourcesTool.js.map +7 -0
package/dist/tools/ListMcpResourcesTool/prompt.js +19 -0
package/dist/tools/ListMcpResourcesTool/prompt.js.map +7 -0
package/dist/tools/LspTool/LspTool.js +664 -0
package/dist/tools/LspTool/LspTool.js.map +7 -0
package/dist/tools/LspTool/prompt.js +27 -0
package/dist/tools/LspTool/prompt.js.map +7 -0
package/dist/tools/MCPTool/MCPTool.js +11 -4
package/dist/tools/MCPTool/MCPTool.js.map +2 -2
package/dist/tools/MemoryReadTool/MemoryReadTool.js +19 -6
package/dist/tools/MemoryReadTool/MemoryReadTool.js.map +2 -2
package/dist/tools/MemoryWriteTool/MemoryWriteTool.js +6 -6
package/dist/tools/MemoryWriteTool/MemoryWriteTool.js.map +2 -2
package/dist/tools/MultiEditTool/MultiEditTool.js +19 -2
package/dist/tools/MultiEditTool/MultiEditTool.js.map +2 -2
package/dist/tools/NotebookEditTool/NotebookEditTool.js +5 -1
package/dist/tools/NotebookEditTool/NotebookEditTool.js.map +2 -2
package/dist/tools/NotebookReadTool/NotebookReadTool.js +8 -4
package/dist/tools/NotebookReadTool/NotebookReadTool.js.map +2 -2
package/dist/tools/PlanModeTool/EnterPlanModeTool.js +74 -0
package/dist/tools/PlanModeTool/EnterPlanModeTool.js.map +7 -0
package/dist/tools/PlanModeTool/ExitPlanModeTool.js +108 -0
package/dist/tools/PlanModeTool/ExitPlanModeTool.js.map +7 -0
package/dist/tools/PlanModeTool/prompt.js +94 -0
package/dist/tools/PlanModeTool/prompt.js.map +7 -0
package/dist/tools/ReadMcpResourceTool/ReadMcpResourceTool.js +130 -0
package/dist/tools/ReadMcpResourceTool/ReadMcpResourceTool.js.map +7 -0
package/dist/tools/ReadMcpResourceTool/prompt.js +17 -0
package/dist/tools/ReadMcpResourceTool/prompt.js.map +7 -0
package/dist/tools/SkillTool/SkillTool.js +14 -3
package/dist/tools/SkillTool/SkillTool.js.map +2 -2
package/dist/tools/SlashCommandTool/SlashCommandTool.js +260 -0
package/dist/tools/SlashCommandTool/SlashCommandTool.js.map +7 -0
package/dist/tools/SlashCommandTool/prompt.js +35 -0
package/dist/tools/SlashCommandTool/prompt.js.map +7 -0
package/dist/tools/TaskOutputTool/TaskOutputTool.js +189 -0
package/dist/tools/TaskOutputTool/TaskOutputTool.js.map +7 -0
package/dist/tools/TaskOutputTool/prompt.js +15 -0
package/dist/tools/TaskOutputTool/prompt.js.map +7 -0
package/dist/tools/TaskTool/TaskTool.js +321 -146
package/dist/tools/TaskTool/TaskTool.js.map +2 -2
package/dist/tools/TaskTool/prompt.js.map +2 -2
package/dist/tools/TodoWriteTool/TodoWriteTool.js +42 -73
package/dist/tools/TodoWriteTool/TodoWriteTool.js.map +2 -2
package/dist/tools/URLFetcherTool/URLFetcherTool.js +7 -1
package/dist/tools/URLFetcherTool/URLFetcherTool.js.map +2 -2
package/dist/tools/URLFetcherTool/cache.js +55 -8
package/dist/tools/URLFetcherTool/cache.js.map +2 -2
package/dist/tools/WebSearchTool/WebSearchTool.js +6 -1
package/dist/tools/WebSearchTool/WebSearchTool.js.map +2 -2
package/dist/tools.js +31 -2
package/dist/tools.js.map +2 -2
package/dist/types/hooks.js +4 -0
package/dist/types/hooks.js.map +2 -2
package/dist/types/marketplace.js.map +2 -2
package/dist/types/messageGroup.js +36 -0
package/dist/types/messageGroup.js.map +7 -0
package/dist/types/plugin.js.map +2 -2
package/dist/types/thinking.js +1 -0
package/dist/types/thinking.js.map +7 -0
package/dist/utils/BackgroundShellManager.js +136 -39
package/dist/utils/BackgroundShellManager.js.map +2 -2
package/dist/utils/MessageBatchBuffer.js +102 -0
package/dist/utils/MessageBatchBuffer.js.map +7 -0
package/dist/utils/PersistentShell.js +151 -1
package/dist/utils/PersistentShell.js.map +2 -2
package/dist/utils/agentLoader.js +1 -23
package/dist/utils/agentLoader.js.map +2 -2
package/dist/utils/agentTranscripts.js +641 -0
package/dist/utils/agentTranscripts.js.map +7 -0
package/dist/utils/animationManager.js +213 -0
package/dist/utils/animationManager.js.map +7 -0
package/dist/utils/animationSync.js +110 -0
package/dist/utils/animationSync.js.map +7 -0
package/dist/utils/asyncFile.js +215 -0
package/dist/utils/asyncFile.js.map +7 -0
package/dist/utils/backgroundAgentManager.js +231 -0
package/dist/utils/backgroundAgentManager.js.map +7 -0
package/dist/utils/config.js +63 -7
package/dist/utils/config.js.map +2 -2
package/dist/utils/conversationRecovery.js +19 -0
package/dist/utils/conversationRecovery.js.map +2 -2
package/dist/utils/exit.js +73 -0
package/dist/utils/exit.js.map +7 -0
package/dist/utils/format.js +73 -5
package/dist/utils/format.js.map +2 -2
package/dist/utils/generators.js +76 -6
package/dist/utils/generators.js.map +2 -2
package/dist/utils/globalErrorHandler.js +149 -0
package/dist/utils/globalErrorHandler.js.map +7 -0
package/dist/utils/groupHandlers/index.js +8 -0
package/dist/utils/groupHandlers/index.js.map +7 -0
package/dist/utils/groupHandlers/parallelTasksHandler.js +140 -0
package/dist/utils/groupHandlers/parallelTasksHandler.js.map +7 -0
package/dist/utils/groupHandlers/taskHandler.js +104 -0
package/dist/utils/groupHandlers/taskHandler.js.map +7 -0
package/dist/utils/groupHandlers/types.js +1 -0
package/dist/utils/groupHandlers/types.js.map +7 -0
package/dist/utils/logRotation.js +224 -0
package/dist/utils/logRotation.js.map +7 -0
package/dist/utils/marketplaceManager.js +3 -5
package/dist/utils/marketplaceManager.js.map +2 -2
package/dist/utils/memSafety.js +264 -0
package/dist/utils/memSafety.js.map +7 -0
package/dist/utils/messageGroupManager.js +274 -0
package/dist/utils/messageGroupManager.js.map +7 -0
package/dist/utils/messages.js +13 -4
package/dist/utils/messages.js.map +2 -2
package/dist/utils/model.js +119 -15
package/dist/utils/model.js.map +3 -3
package/dist/utils/permissions/filesystem.js +157 -5
package/dist/utils/permissions/filesystem.js.map +2 -2
package/dist/utils/plan/planMode.js +143 -0
package/dist/utils/plan/planMode.js.map +7 -0
package/dist/utils/pluginLoader.js +17 -21
package/dist/utils/pluginLoader.js.map +2 -2
package/dist/utils/ripgrep.js +55 -2
package/dist/utils/ripgrep.js.map +2 -2
package/dist/utils/sanitizeInput.js +32 -0
package/dist/utils/sanitizeInput.js.map +7 -0
package/dist/utils/secureKeyStorage.js +312 -0
package/dist/utils/secureKeyStorage.js.map +7 -0
package/dist/utils/session/sessionPlugins.js +67 -0
package/dist/utils/session/sessionPlugins.js.map +7 -0
package/dist/utils/taskDisplayUtils.js +257 -0
package/dist/utils/taskDisplayUtils.js.map +7 -0
package/dist/utils/teamConfig.js +2 -1
package/dist/utils/teamConfig.js.map +2 -2
package/dist/utils/todoStorage.js +92 -2
package/dist/utils/todoStorage.js.map +2 -2
package/dist/utils/toolTimeout.js +136 -0
package/dist/utils/toolTimeout.js.map +7 -0
package/dist/utils/tooling/safeRender.js +115 -0
package/dist/utils/tooling/safeRender.js.map +7 -0
package/dist/utils/userFriendlyError.js +346 -0
package/dist/utils/userFriendlyError.js.map +7 -0
package/dist/utils/vendor/ripgrep/arm64-darwin/rg +0 -0
package/dist/version.js +2 -2
package/dist/version.js.map +1 -1
package/package.json +14 -4
package/scripts/postinstall.js +128 -38
package/dist/commands/agents.js +0 -2086
package/dist/commands/agents.js.map +0 -7
package/dist/commands/build.js +0 -74
package/dist/commands/build.js.map +0 -7
package/dist/commands/compression.js +0 -57
package/dist/commands/compression.js.map +0 -7
package/dist/commands/listen.js +0 -37
package/dist/commands/listen.js.map +0 -7
package/dist/commands/login.js +0 -37
package/dist/commands/login.js.map +0 -7
package/dist/commands/logout.js +0 -33
package/dist/commands/logout.js.map +0 -7
package/dist/commands/mcp.js +0 -40
package/dist/commands/mcp.js.map +0 -7
package/dist/commands/mcp_refresh.js +0 -40
package/dist/commands/mcp_refresh.js.map +0 -7
package/dist/commands/modelstatus.js +0 -21
package/dist/commands/modelstatus.js.map +0 -7
package/dist/commands/onboarding.js +0 -36
package/dist/commands/onboarding.js.map +0 -7
package/dist/commands/plugin-interactive.js +0 -446
package/dist/commands/plugin-interactive.js.map +0 -7
package/dist/commands/pr_comments.js +0 -61
package/dist/commands/pr_comments.js.map +0 -7
package/dist/commands/release-notes.js +0 -30
package/dist/commands/release-notes.js.map +0 -7
package/dist/commands/review.js +0 -51
package/dist/commands/review.js.map +0 -7
package/dist/components/Bug.js +0 -147
package/dist/components/Bug.js.map +0 -7
package/dist/components/ModelSelector.js +0 -2062
package/dist/components/ModelSelector.js.map +0 -7
package/dist/components/ModelStatusDisplay.js +0 -87
package/dist/components/ModelStatusDisplay.js.map +0 -7
package/dist/entrypoints/cli-wrapper.js +0 -61
package/dist/entrypoints/cli-wrapper.js.map +0 -7
package/dist/screens/Doctor.js +0 -22
package/dist/screens/Doctor.js.map +0 -7

package/dist/services/responseStateManager.js CHANGED Viewed

@@ -1,11 +1,32 @@
 class ResponseStateManager {
   conversationStates = /* @__PURE__ */ new Map();
+  cleanupIntervalId = null;
   // Cache cleanup after 1 hour of inactivity
   CLEANUP_INTERVAL = 60 * 60 * 1e3;
   constructor() {
-    setInterval(() => {
-      this.cleanup();
-    }, this.CLEANUP_INTERVAL);
+    this.startCleanupInterval();
+  }
+  /**
+   * Start the periodic cleanup interval
+   */
+  startCleanupInterval() {
+    if (this.cleanupIntervalId === null) {
+      this.cleanupIntervalId = setInterval(() => {
+        this.cleanup();
+      }, this.CLEANUP_INTERVAL);
+      if (this.cleanupIntervalId.unref) {
+        this.cleanupIntervalId.unref();
+      }
+    }
+  }
+  /**
+   * Stop the periodic cleanup interval
+   */
+  stopCleanupInterval() {
+    if (this.cleanupIntervalId !== null) {
+      clearInterval(this.cleanupIntervalId);
+      this.cleanupIntervalId = null;
+    }
   }
   /**
    * Set the previous response ID for a conversation
@@ -56,8 +77,21 @@ class ResponseStateManager {
   getStateSize() {
     return this.conversationStates.size;
   }
+  /**
+   * Dispose of the manager and stop cleanup interval
+   * Call this when shutting down to prevent memory leaks
+   */
+  dispose() {
+    this.stopCleanupInterval();
+    this.conversationStates.clear();
+  }
 }
 const responseStateManager = new ResponseStateManager();
+if (typeof process !== "undefined" && process.on) {
+  process.on("beforeExit", () => {
+    responseStateManager.dispose();
+  });
+}
 function getConversationId(agentId, messageId) {
   return agentId || messageId || `conv_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
 }

package/dist/services/responseStateManager.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/services/responseStateManager.ts"],
-  "sourcesContent": ["/**\n * GPT-5 Responses API state management\n * Manages previous_response_id for conversation continuity and reasoning context reuse\n */\n\ninterface ConversationState {\n  previousResponseId?: string\n  lastUpdate: number\n}\n\nclass ResponseStateManager {\n  private conversationStates = new Map<string, ConversationState>()\n\n  // Cache cleanup after 1 hour of inactivity\n  private readonly CLEANUP_INTERVAL = 60 * 60 * 1000\n\n  constructor() {\n    // Periodic cleanup of stale conversations\n    setInterval(() => {\n      this.cleanup()\n    }, this.CLEANUP_INTERVAL)\n  }\n\n  /**\n   * Set the previous response ID for a conversation\n   */\n  setPreviousResponseId(conversationId: string, responseId: string): void {\n    this.conversationStates.set(conversationId, {\n      previousResponseId: responseId,\n      lastUpdate: Date.now(),\n    })\n  }\n\n  /**\n   * Get the previous response ID for a conversation\n   */\n  getPreviousResponseId(conversationId: string): string | undefined {\n    const state = this.conversationStates.get(conversationId)\n    if (state) {\n      // Update last access time\n      state.lastUpdate = Date.now()\n      return state.previousResponseId\n    }\n    return undefined\n  }\n\n  /**\n   * Clear state for a conversation\n   */\n  clearConversation(conversationId: string): void {\n    this.conversationStates.delete(conversationId)\n  }\n\n  /**\n   * Clear all conversation states\n   */\n  clearAll(): void {\n    this.conversationStates.clear()\n  }\n\n  /**\n   * Clean up stale conversations\n   */\n  private cleanup(): void {\n    const now = Date.now()\n    for (const [conversationId, state] of this.conversationStates.entries()) {\n      if (now - state.lastUpdate > this.CLEANUP_INTERVAL) {\n        this.conversationStates.delete(conversationId)\n      }\n    }\n  }\n\n  /**\n   * Get current state size (for debugging/monitoring)\n   */\n  getStateSize(): number {\n    return this.conversationStates.size\n  }\n}\n\n// Singleton instance\nexport const responseStateManager = new ResponseStateManager()\n\n/**\n * Helper to generate conversation ID from context\n */\nexport function getConversationId(\n  agentId?: string,\n  messageId?: string,\n): string {\n  // Use agentId as primary identifier, fallback to messageId or timestamp\n  return (\n    agentId ||\n    messageId ||\n    `conv_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`\n  )\n}\n"],
-  "mappings": "AAUA,MAAM,qBAAqB;AAAA,EACjB,qBAAqB,oBAAI,IAA+B;AAAA;AAAA,EAG/C,mBAAmB,KAAK,KAAK;AAAA,EAE9C,cAAc;AAEZ,gBAAY,MAAM;AAChB,WAAK,QAAQ;AAAA,IACf,GAAG,KAAK,gBAAgB;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,gBAAwB,YAA0B;AACtE,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C,oBAAoB;AAAA,MACpB,YAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,gBAA4C;AAChE,UAAM,QAAQ,KAAK,mBAAmB,IAAI,cAAc;AACxD,QAAI,OAAO;AAET,YAAM,aAAa,KAAK,IAAI;AAC5B,aAAO,MAAM;AAAA,IACf;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB,gBAA8B;AAC9C,SAAK,mBAAmB,OAAO,cAAc;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,WAAiB;AACf,SAAK,mBAAmB,MAAM;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAgB;AACtB,UAAM,MAAM,KAAK,IAAI;AACrB,eAAW,CAAC,gBAAgB,KAAK,KAAK,KAAK,mBAAmB,QAAQ,GAAG;AACvE,UAAI,MAAM,MAAM,aAAa,KAAK,kBAAkB;AAClD,aAAK,mBAAmB,OAAO,cAAc;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAuB;AACrB,WAAO,KAAK,mBAAmB;AAAA,EACjC;AACF;AAGO,MAAM,uBAAuB,IAAI,qBAAqB;AAKtD,SAAS,kBACd,SACA,WACQ;AAER,SACE,WACA,aACA,QAAQ,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,OAAO,GAAG,CAAC,CAAC;AAEjE;",
+  "sourcesContent": ["/**\n * GPT-5 Responses API state management\n * Manages previous_response_id for conversation continuity and reasoning context reuse\n */\n\ninterface ConversationState {\n  previousResponseId?: string\n  lastUpdate: number\n}\n\nclass ResponseStateManager {\n  private conversationStates = new Map<string, ConversationState>()\n  private cleanupIntervalId: ReturnType<typeof setInterval> | null = null\n\n  // Cache cleanup after 1 hour of inactivity\n  private readonly CLEANUP_INTERVAL = 60 * 60 * 1000\n\n  constructor() {\n    this.startCleanupInterval()\n  }\n\n  /**\n   * Start the periodic cleanup interval\n   */\n  private startCleanupInterval(): void {\n    // Only start if not already running\n    if (this.cleanupIntervalId === null) {\n      this.cleanupIntervalId = setInterval(() => {\n        this.cleanup()\n      }, this.CLEANUP_INTERVAL)\n\n      // Ensure the interval doesn't prevent process exit\n      if (this.cleanupIntervalId.unref) {\n        this.cleanupIntervalId.unref()\n      }\n    }\n  }\n\n  /**\n   * Stop the periodic cleanup interval\n   */\n  private stopCleanupInterval(): void {\n    if (this.cleanupIntervalId !== null) {\n      clearInterval(this.cleanupIntervalId)\n      this.cleanupIntervalId = null\n    }\n  }\n\n  /**\n   * Set the previous response ID for a conversation\n   */\n  setPreviousResponseId(conversationId: string, responseId: string): void {\n    this.conversationStates.set(conversationId, {\n      previousResponseId: responseId,\n      lastUpdate: Date.now(),\n    })\n  }\n\n  /**\n   * Get the previous response ID for a conversation\n   */\n  getPreviousResponseId(conversationId: string): string | undefined {\n    const state = this.conversationStates.get(conversationId)\n    if (state) {\n      // Update last access time\n      state.lastUpdate = Date.now()\n      return state.previousResponseId\n    }\n    return undefined\n  }\n\n  /**\n   * Clear state for a conversation\n   */\n  clearConversation(conversationId: string): void {\n    this.conversationStates.delete(conversationId)\n  }\n\n  /**\n   * Clear all conversation states\n   */\n  clearAll(): void {\n    this.conversationStates.clear()\n  }\n\n  /**\n   * Clean up stale conversations\n   */\n  private cleanup(): void {\n    const now = Date.now()\n    for (const [conversationId, state] of this.conversationStates.entries()) {\n      if (now - state.lastUpdate > this.CLEANUP_INTERVAL) {\n        this.conversationStates.delete(conversationId)\n      }\n    }\n  }\n\n  /**\n   * Get current state size (for debugging/monitoring)\n   */\n  getStateSize(): number {\n    return this.conversationStates.size\n  }\n\n  /**\n   * Dispose of the manager and stop cleanup interval\n   * Call this when shutting down to prevent memory leaks\n   */\n  dispose(): void {\n    this.stopCleanupInterval()\n    this.conversationStates.clear()\n  }\n}\n\n// Singleton instance\nexport const responseStateManager = new ResponseStateManager()\n\n// Register cleanup on process exit\nif (typeof process !== 'undefined' && process.on) {\n  process.on('beforeExit', () => {\n    responseStateManager.dispose()\n  })\n}\n\n/**\n * Helper to generate conversation ID from context\n */\nexport function getConversationId(\n  agentId?: string,\n  messageId?: string,\n): string {\n  // Use agentId as primary identifier, fallback to messageId or timestamp\n  return (\n    agentId ||\n    messageId ||\n    `conv_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`\n  )\n}\n"],
+  "mappings": "AAUA,MAAM,qBAAqB;AAAA,EACjB,qBAAqB,oBAAI,IAA+B;AAAA,EACxD,oBAA2D;AAAA;AAAA,EAGlD,mBAAmB,KAAK,KAAK;AAAA,EAE9C,cAAc;AACZ,SAAK,qBAAqB;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKQ,uBAA6B;AAEnC,QAAI,KAAK,sBAAsB,MAAM;AACnC,WAAK,oBAAoB,YAAY,MAAM;AACzC,aAAK,QAAQ;AAAA,MACf,GAAG,KAAK,gBAAgB;AAGxB,UAAI,KAAK,kBAAkB,OAAO;AAChC,aAAK,kBAAkB,MAAM;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,sBAA4B;AAClC,QAAI,KAAK,sBAAsB,MAAM;AACnC,oBAAc,KAAK,iBAAiB;AACpC,WAAK,oBAAoB;AAAA,IAC3B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,gBAAwB,YAA0B;AACtE,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C,oBAAoB;AAAA,MACpB,YAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,gBAA4C;AAChE,UAAM,QAAQ,KAAK,mBAAmB,IAAI,cAAc;AACxD,QAAI,OAAO;AAET,YAAM,aAAa,KAAK,IAAI;AAC5B,aAAO,MAAM;AAAA,IACf;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB,gBAA8B;AAC9C,SAAK,mBAAmB,OAAO,cAAc;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,WAAiB;AACf,SAAK,mBAAmB,MAAM;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAgB;AACtB,UAAM,MAAM,KAAK,IAAI;AACrB,eAAW,CAAC,gBAAgB,KAAK,KAAK,KAAK,mBAAmB,QAAQ,GAAG;AACvE,UAAI,MAAM,MAAM,aAAa,KAAK,kBAAkB;AAClD,aAAK,mBAAmB,OAAO,cAAc;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAuB;AACrB,WAAO,KAAK,mBAAmB;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAgB;AACd,SAAK,oBAAoB;AACzB,SAAK,mBAAmB,MAAM;AAAA,EAChC;AACF;AAGO,MAAM,uBAAuB,IAAI,qBAAqB;AAG7D,IAAI,OAAO,YAAY,eAAe,QAAQ,IAAI;AAChD,UAAQ,GAAG,cAAc,MAAM;AAC7B,yBAAqB,QAAQ;AAAA,EAC/B,CAAC;AACH;AAKO,SAAS,kBACd,SACA,WACQ;AAER,SACE,WACA,aACA,QAAQ,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,OAAO,GAAG,CAAC,CAAC;AAEjE;",
   "names": []
 }

package/dist/services/sandbox/filesystemBoundary.js ADDED Viewed

@@ -0,0 +1,300 @@
+import { resolve, relative, isAbsolute, dirname } from "path";
+import { minimatch } from "minimatch";
+class FilesystemBoundary {
+  policy;
+  workingDir;
+  violations = [];
+  constructor(policy, workingDir) {
+    this.policy = policy;
+    this.workingDir = resolve(workingDir);
+  }
+  /**
+   * Update the filesystem policy
+   */
+  updatePolicy(policy) {
+    this.policy = { ...this.policy, ...policy };
+  }
+  /**
+   * Update the working directory
+   */
+  setWorkingDir(dir) {
+    this.workingDir = resolve(dir);
+  }
+  /**
+   * Check if a path can be read
+   */
+  canRead(path) {
+    const absolutePath = this.resolvePath(path);
+    const relativePath = this.getRelativePath(absolutePath);
+    if (this.matchesPattern(relativePath, this.policy.denied)) {
+      const violation2 = this.createViolation(
+        "filesystem_path_denied",
+        `Read access denied for path matching deny pattern: ${path}`,
+        absolutePath
+      );
+      return { allowed: false, violation: violation2 };
+    }
+    if (this.matchesPattern(relativePath, this.policy.readAllowed)) {
+      return { allowed: true };
+    }
+    if (this.matchesPattern(absolutePath, this.policy.readAllowed)) {
+      return { allowed: true };
+    }
+    if (this.policy.readAllowed.includes("*")) {
+      return { allowed: true };
+    }
+    const violation = this.createViolation(
+      "filesystem_read_denied",
+      `Read access denied: path does not match any allowed pattern: ${path}`,
+      absolutePath
+    );
+    return { allowed: false, violation };
+  }
+  /**
+   * Check if a path can be written
+   */
+  canWrite(path) {
+    const absolutePath = this.resolvePath(path);
+    const relativePath = this.getRelativePath(absolutePath);
+    if (this.matchesPattern(relativePath, this.policy.denied)) {
+      const violation2 = this.createViolation(
+        "filesystem_path_denied",
+        `Write access denied for path matching deny pattern: ${path}`,
+        absolutePath
+      );
+      return { allowed: false, violation: violation2 };
+    }
+    if (this.matchesPattern(relativePath, this.policy.writeAllowed)) {
+      return { allowed: true };
+    }
+    if (this.matchesPattern(absolutePath, this.policy.writeAllowed)) {
+      return { allowed: true };
+    }
+    if (this.policy.writeAllowed.includes("*")) {
+      return { allowed: true };
+    }
+    if (this.isUnderWorkingDir(absolutePath)) {
+      if (this.policy.writeAllowed.includes("./")) {
+        return { allowed: true };
+      }
+    }
+    const violation = this.createViolation(
+      "filesystem_write_denied",
+      `Write access denied: path does not match any allowed pattern: ${path}`,
+      absolutePath
+    );
+    return { allowed: false, violation };
+  }
+  /**
+   * Analyze a command for filesystem operations and validate them
+   */
+  analyzeCommand(command) {
+    const readPaths = [];
+    const writePaths = [];
+    const violations = [];
+    const extractedPaths = this.extractPathsFromCommand(command);
+    const redirectMatches = command.matchAll(/>\s*["']?([^\s"';&|]+)["']?/g);
+    for (const match of redirectMatches) {
+      if (match[1] && !match[1].startsWith("&")) {
+        writePaths.push(match[1]);
+      }
+    }
+    const teeMatches = command.matchAll(
+      /\btee\s+(?:-a\s+)?["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of teeMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    const cpMatches = command.matchAll(
+      /\bcp\s+(?:-[a-zA-Z]+\s+)*\S+\s+["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of cpMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    const mvMatches = command.matchAll(
+      /\bmv\s+(?:-[a-zA-Z]+\s+)*\S+\s+["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of mvMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    const rmMatches = command.matchAll(
+      /\brm\s+(?:-[a-zA-Z]+\s+)*["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of rmMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    const mkdirMatches = command.matchAll(
+      /\bmkdir\s+(?:-[a-zA-Z]+\s+)*["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of mkdirMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    const rmdirMatches = command.matchAll(
+      /\brmdir\s+(?:-[a-zA-Z]+\s+)*["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of rmdirMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    const touchMatches = command.matchAll(/\btouch\s+["']?([^\s"';&|]+)["']?/g);
+    for (const match of touchMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    const chmodMatches = command.matchAll(
+      /\bchmod\s+(?:-[a-zA-Z]+\s+)*\S+\s+["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of chmodMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    const chownMatches = command.matchAll(
+      /\bchown\s+(?:-[a-zA-Z]+\s+)*\S+\s+["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of chownMatches) {
+      if (match[1]) writePaths.push(match[1]);
+    }
+    if (!command.includes(">")) {
+      const catMatches = command.matchAll(/\bcat\s+["']?([^\s"';&|]+)["']?/g);
+      for (const match of catMatches) {
+        if (match[1]) readPaths.push(match[1]);
+      }
+    }
+    const headTailMatches = command.matchAll(
+      /\b(?:head|tail)\s+(?:-[a-zA-Z0-9]+\s+)*["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of headTailMatches) {
+      if (match[1]) readPaths.push(match[1]);
+    }
+    const pagerMatches = command.matchAll(
+      /\b(?:less|more)\s+["']?([^\s"';&|]+)["']?/g
+    );
+    for (const match of pagerMatches) {
+      if (match[1]) readPaths.push(match[1]);
+    }
+    for (const path of extractedPaths) {
+      if (!writePaths.includes(path) && !readPaths.includes(path)) {
+        readPaths.push(path);
+      }
+    }
+    const uniqueWritePaths = [...new Set(writePaths)];
+    const uniqueReadPaths = [...new Set(readPaths)];
+    for (const path of uniqueReadPaths) {
+      const result = this.canRead(path);
+      if (!result.allowed && result.violation) {
+        violations.push(result.violation);
+      }
+    }
+    for (const path of uniqueWritePaths) {
+      const result = this.canWrite(path);
+      if (!result.allowed && result.violation) {
+        violations.push(result.violation);
+      }
+    }
+    this.violations.push(...violations);
+    return {
+      readPaths: uniqueReadPaths,
+      writePaths: uniqueWritePaths,
+      violations
+    };
+  }
+  /**
+   * Get all recorded violations
+   */
+  getViolations() {
+    return [...this.violations];
+  }
+  /**
+   * Clear violation history
+   */
+  clearViolations() {
+    this.violations = [];
+  }
+  /**
+   * Extract potential file paths from a command string
+   */
+  extractPathsFromCommand(command) {
+    const paths = [];
+    const quotedMatches = command.matchAll(/["']([^"']+)["']/g);
+    for (const match of quotedMatches) {
+      if (match[1] && this.looksLikePath(match[1])) {
+        paths.push(match[1]);
+      }
+    }
+    const unquotedMatches = command.matchAll(
+      /(?:^|\s)((?:\.\/|\/|\.\.\/)[^\s;&|>]+)/g
+    );
+    for (const match of unquotedMatches) {
+      if (match[1]) {
+        paths.push(match[1]);
+      }
+    }
+    return [...new Set(paths)];
+  }
+  /**
+   * Check if a string looks like a file path
+   */
+  looksLikePath(str) {
+    return str.includes("/") || str.startsWith(".") || str.endsWith(".txt") || str.endsWith(".json") || str.endsWith(".js") || str.endsWith(".ts") || str.endsWith(".md");
+  }
+  /**
+   * Resolve a path to absolute
+   */
+  resolvePath(path) {
+    if (isAbsolute(path)) {
+      return path;
+    }
+    return resolve(this.workingDir, path);
+  }
+  /**
+   * Get path relative to working directory
+   */
+  getRelativePath(absolutePath) {
+    return relative(this.workingDir, absolutePath);
+  }
+  /**
+   * Check if a path is under the working directory
+   */
+  isUnderWorkingDir(absolutePath) {
+    const rel = relative(this.workingDir, absolutePath);
+    return !rel.startsWith("..") && !isAbsolute(rel);
+  }
+  /**
+   * Check if a path matches any of the given patterns
+   */
+  matchesPattern(path, patterns) {
+    for (const pattern of patterns) {
+      if (pattern === "*") {
+        return true;
+      }
+      if (pattern === "./") {
+        if (this.isUnderWorkingDir(this.resolvePath(path))) {
+          return true;
+        }
+        continue;
+      }
+      if (minimatch(path, pattern, { dot: true }) || minimatch(path, `**/${pattern}`, { dot: true })) {
+        return true;
+      }
+      const pathDir = dirname(path);
+      if (minimatch(pathDir, pattern, { dot: true })) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Create a violation record
+   */
+  createViolation(type, details, path) {
+    return {
+      type,
+      timestamp: Date.now(),
+      command: "",
+      // Will be set by caller
+      details,
+      path
+    };
+  }
+}
+export {
+  FilesystemBoundary
+};
+//# sourceMappingURL=filesystemBoundary.js.map

package/dist/services/sandbox/filesystemBoundary.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/services/sandbox/filesystemBoundary.ts"],
+  "sourcesContent": ["/**\n * Filesystem Boundary Service\n *\n * Validates file system access against configured policies.\n * Provides path validation and access control for sandboxed execution.\n */\n\nimport { resolve, relative, isAbsolute, dirname } from 'path'\nimport { minimatch } from 'minimatch'\nimport type { FilesystemPolicy, SandboxViolation } from './types'\n\n/**\n * Result of a filesystem access check\n */\nexport interface FilesystemCheckResult {\n  allowed: boolean\n  violation?: SandboxViolation\n}\n\n/**\n * Filesystem Boundary Validator\n */\nexport class FilesystemBoundary {\n  private policy: FilesystemPolicy\n  private workingDir: string\n  private violations: SandboxViolation[] = []\n\n  constructor(policy: FilesystemPolicy, workingDir: string) {\n    this.policy = policy\n    this.workingDir = resolve(workingDir)\n  }\n\n  /**\n   * Update the filesystem policy\n   */\n  updatePolicy(policy: Partial<FilesystemPolicy>): void {\n    this.policy = { ...this.policy, ...policy }\n  }\n\n  /**\n   * Update the working directory\n   */\n  setWorkingDir(dir: string): void {\n    this.workingDir = resolve(dir)\n  }\n\n  /**\n   * Check if a path can be read\n   */\n  canRead(path: string): FilesystemCheckResult {\n    const absolutePath = this.resolvePath(path)\n    const relativePath = this.getRelativePath(absolutePath)\n\n    // Check denied patterns first (highest priority)\n    if (this.matchesPattern(relativePath, this.policy.denied)) {\n      const violation = this.createViolation(\n        'filesystem_path_denied',\n        `Read access denied for path matching deny pattern: ${path}`,\n        absolutePath,\n      )\n      return { allowed: false, violation }\n    }\n\n    // Check if path matches read-allowed patterns\n    if (this.matchesPattern(relativePath, this.policy.readAllowed)) {\n      return { allowed: true }\n    }\n\n    // Also check with absolute path\n    if (this.matchesPattern(absolutePath, this.policy.readAllowed)) {\n      return { allowed: true }\n    }\n\n    // Wildcard allows all reads\n    if (this.policy.readAllowed.includes('*')) {\n      return { allowed: true }\n    }\n\n    const violation = this.createViolation(\n      'filesystem_read_denied',\n      `Read access denied: path does not match any allowed pattern: ${path}`,\n      absolutePath,\n    )\n    return { allowed: false, violation }\n  }\n\n  /**\n   * Check if a path can be written\n   */\n  canWrite(path: string): FilesystemCheckResult {\n    const absolutePath = this.resolvePath(path)\n    const relativePath = this.getRelativePath(absolutePath)\n\n    // Check denied patterns first (highest priority)\n    if (this.matchesPattern(relativePath, this.policy.denied)) {\n      const violation = this.createViolation(\n        'filesystem_path_denied',\n        `Write access denied for path matching deny pattern: ${path}`,\n        absolutePath,\n      )\n      return { allowed: false, violation }\n    }\n\n    // Check if path matches write-allowed patterns\n    if (this.matchesPattern(relativePath, this.policy.writeAllowed)) {\n      return { allowed: true }\n    }\n\n    // Also check with absolute path\n    if (this.matchesPattern(absolutePath, this.policy.writeAllowed)) {\n      return { allowed: true }\n    }\n\n    // Wildcard allows all writes\n    if (this.policy.writeAllowed.includes('*')) {\n      return { allowed: true }\n    }\n\n    // Check if path is under working directory (default write location)\n    if (this.isUnderWorkingDir(absolutePath)) {\n      // Only allow if './' is in writeAllowed\n      if (this.policy.writeAllowed.includes('./')) {\n        return { allowed: true }\n      }\n    }\n\n    const violation = this.createViolation(\n      'filesystem_write_denied',\n      `Write access denied: path does not match any allowed pattern: ${path}`,\n      absolutePath,\n    )\n    return { allowed: false, violation }\n  }\n\n  /**\n   * Analyze a command for filesystem operations and validate them\n   */\n  analyzeCommand(command: string): {\n    readPaths: string[]\n    writePaths: string[]\n    violations: SandboxViolation[]\n  } {\n    const readPaths: string[] = []\n    const writePaths: string[] = []\n    const violations: SandboxViolation[] = []\n\n    // Extract potential paths from command\n    const extractedPaths = this.extractPathsFromCommand(command)\n\n    // Detect redirect write operations first (highest priority)\n    // Match patterns like: command > file, command >> file\n    const redirectMatches = command.matchAll(/>\\s*[\"']?([^\\s\"';&|]+)[\"']?/g)\n    for (const match of redirectMatches) {\n      if (match[1] && !match[1].startsWith('&')) {\n        writePaths.push(match[1])\n      }\n    }\n\n    // Detect write operations with specific commands\n    // tee command\n    const teeMatches = command.matchAll(\n      /\\btee\\s+(?:-a\\s+)?[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of teeMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // cp command - target is the last argument\n    const cpMatches = command.matchAll(\n      /\\bcp\\s+(?:-[a-zA-Z]+\\s+)*\\S+\\s+[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of cpMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // mv command - target is the last argument\n    const mvMatches = command.matchAll(\n      /\\bmv\\s+(?:-[a-zA-Z]+\\s+)*\\S+\\s+[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of mvMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // rm command\n    const rmMatches = command.matchAll(\n      /\\brm\\s+(?:-[a-zA-Z]+\\s+)*[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of rmMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // mkdir command\n    const mkdirMatches = command.matchAll(\n      /\\bmkdir\\s+(?:-[a-zA-Z]+\\s+)*[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of mkdirMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // rmdir command\n    const rmdirMatches = command.matchAll(\n      /\\brmdir\\s+(?:-[a-zA-Z]+\\s+)*[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of rmdirMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // touch command\n    const touchMatches = command.matchAll(/\\btouch\\s+[\"']?([^\\s\"';&|]+)[\"']?/g)\n    for (const match of touchMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // chmod command - target is the last argument\n    const chmodMatches = command.matchAll(\n      /\\bchmod\\s+(?:-[a-zA-Z]+\\s+)*\\S+\\s+[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of chmodMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // chown command - target is the last argument\n    const chownMatches = command.matchAll(\n      /\\bchown\\s+(?:-[a-zA-Z]+\\s+)*\\S+\\s+[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of chownMatches) {\n      if (match[1]) writePaths.push(match[1])\n    }\n\n    // Detect read operations\n    // cat command (when not redirecting)\n    if (!command.includes('>')) {\n      const catMatches = command.matchAll(/\\bcat\\s+[\"']?([^\\s\"';&|]+)[\"']?/g)\n      for (const match of catMatches) {\n        if (match[1]) readPaths.push(match[1])\n      }\n    }\n\n    // head/tail commands\n    const headTailMatches = command.matchAll(\n      /\\b(?:head|tail)\\s+(?:-[a-zA-Z0-9]+\\s+)*[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of headTailMatches) {\n      if (match[1]) readPaths.push(match[1])\n    }\n\n    // less/more commands\n    const pagerMatches = command.matchAll(\n      /\\b(?:less|more)\\s+[\"']?([^\\s\"';&|]+)[\"']?/g,\n    )\n    for (const match of pagerMatches) {\n      if (match[1]) readPaths.push(match[1])\n    }\n\n    // Add extracted paths that might be read (if not already in writePaths)\n    for (const path of extractedPaths) {\n      if (!writePaths.includes(path) && !readPaths.includes(path)) {\n        readPaths.push(path)\n      }\n    }\n\n    // Deduplicate paths\n    const uniqueWritePaths = [...new Set(writePaths)]\n    const uniqueReadPaths = [...new Set(readPaths)]\n\n    // Validate all paths\n    for (const path of uniqueReadPaths) {\n      const result = this.canRead(path)\n      if (!result.allowed && result.violation) {\n        violations.push(result.violation)\n      }\n    }\n\n    for (const path of uniqueWritePaths) {\n      const result = this.canWrite(path)\n      if (!result.allowed && result.violation) {\n        violations.push(result.violation)\n      }\n    }\n\n    // Store violations\n    this.violations.push(...violations)\n\n    return {\n      readPaths: uniqueReadPaths,\n      writePaths: uniqueWritePaths,\n      violations,\n    }\n  }\n\n  /**\n   * Get all recorded violations\n   */\n  getViolations(): SandboxViolation[] {\n    return [...this.violations]\n  }\n\n  /**\n   * Clear violation history\n   */\n  clearViolations(): void {\n    this.violations = []\n  }\n\n  /**\n   * Extract potential file paths from a command string\n   */\n  private extractPathsFromCommand(command: string): string[] {\n    const paths: string[] = []\n\n    // Match quoted strings\n    const quotedMatches = command.matchAll(/[\"']([^\"']+)[\"']/g)\n    for (const match of quotedMatches) {\n      if (match[1] && this.looksLikePath(match[1])) {\n        paths.push(match[1])\n      }\n    }\n\n    // Match unquoted paths (starting with ./ or / or containing /)\n    const unquotedMatches = command.matchAll(\n      /(?:^|\\s)((?:\\.\\/|\\/|\\.\\.\\/)[^\\s;&|>]+)/g,\n    )\n    for (const match of unquotedMatches) {\n      if (match[1]) {\n        paths.push(match[1])\n      }\n    }\n\n    return [...new Set(paths)] // Deduplicate\n  }\n\n  /**\n   * Check if a string looks like a file path\n   */\n  private looksLikePath(str: string): boolean {\n    return (\n      str.includes('/') ||\n      str.startsWith('.') ||\n      str.endsWith('.txt') ||\n      str.endsWith('.json') ||\n      str.endsWith('.js') ||\n      str.endsWith('.ts') ||\n      str.endsWith('.md')\n    )\n  }\n\n  /**\n   * Resolve a path to absolute\n   */\n  private resolvePath(path: string): string {\n    if (isAbsolute(path)) {\n      return path\n    }\n    return resolve(this.workingDir, path)\n  }\n\n  /**\n   * Get path relative to working directory\n   */\n  private getRelativePath(absolutePath: string): string {\n    return relative(this.workingDir, absolutePath)\n  }\n\n  /**\n   * Check if a path is under the working directory\n   */\n  private isUnderWorkingDir(absolutePath: string): boolean {\n    const rel = relative(this.workingDir, absolutePath)\n    return !rel.startsWith('..') && !isAbsolute(rel)\n  }\n\n  /**\n   * Check if a path matches any of the given patterns\n   */\n  private matchesPattern(path: string, patterns: string[]): boolean {\n    for (const pattern of patterns) {\n      // Handle special '*' pattern for everything\n      if (pattern === '*') {\n        return true\n      }\n\n      // Handle './' for current directory\n      if (pattern === './') {\n        if (this.isUnderWorkingDir(this.resolvePath(path))) {\n          return true\n        }\n        continue\n      }\n\n      // Use minimatch for glob patterns\n      if (\n        minimatch(path, pattern, { dot: true }) ||\n        minimatch(path, `**/${pattern}`, { dot: true })\n      ) {\n        return true\n      }\n\n      // Check if pattern matches directory\n      const pathDir = dirname(path)\n      if (minimatch(pathDir, pattern, { dot: true })) {\n        return true\n      }\n    }\n    return false\n  }\n\n  /**\n   * Create a violation record\n   */\n  private createViolation(\n    type: SandboxViolation['type'],\n    details: string,\n    path: string,\n  ): SandboxViolation {\n    return {\n      type,\n      timestamp: Date.now(),\n      command: '', // Will be set by caller\n      details,\n      path,\n    }\n  }\n}\n"],
+  "mappings": "AAOA,SAAS,SAAS,UAAU,YAAY,eAAe;AACvD,SAAS,iBAAiB;AAcnB,MAAM,mBAAmB;AAAA,EACtB;AAAA,EACA;AAAA,EACA,aAAiC,CAAC;AAAA,EAE1C,YAAY,QAA0B,YAAoB;AACxD,SAAK,SAAS;AACd,SAAK,aAAa,QAAQ,UAAU;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAAyC;AACpD,SAAK,SAAS,EAAE,GAAG,KAAK,QAAQ,GAAG,OAAO;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,KAAmB;AAC/B,SAAK,aAAa,QAAQ,GAAG;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ,MAAqC;AAC3C,UAAM,eAAe,KAAK,YAAY,IAAI;AAC1C,UAAM,eAAe,KAAK,gBAAgB,YAAY;AAGtD,QAAI,KAAK,eAAe,cAAc,KAAK,OAAO,MAAM,GAAG;AACzD,YAAMA,aAAY,KAAK;AAAA,QACrB;AAAA,QACA,sDAAsD,IAAI;AAAA,QAC1D;AAAA,MACF;AACA,aAAO,EAAE,SAAS,OAAO,WAAAA,WAAU;AAAA,IACrC;AAGA,QAAI,KAAK,eAAe,cAAc,KAAK,OAAO,WAAW,GAAG;AAC9D,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,QAAI,KAAK,eAAe,cAAc,KAAK,OAAO,WAAW,GAAG;AAC9D,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,QAAI,KAAK,OAAO,YAAY,SAAS,GAAG,GAAG;AACzC,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAEA,UAAM,YAAY,KAAK;AAAA,MACrB;AAAA,MACA,gEAAgE,IAAI;AAAA,MACpE;AAAA,IACF;AACA,WAAO,EAAE,SAAS,OAAO,UAAU;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,MAAqC;AAC5C,UAAM,eAAe,KAAK,YAAY,IAAI;AAC1C,UAAM,eAAe,KAAK,gBAAgB,YAAY;AAGtD,QAAI,KAAK,eAAe,cAAc,KAAK,OAAO,MAAM,GAAG;AACzD,YAAMA,aAAY,KAAK;AAAA,QACrB;AAAA,QACA,uDAAuD,IAAI;AAAA,QAC3D;AAAA,MACF;AACA,aAAO,EAAE,SAAS,OAAO,WAAAA,WAAU;AAAA,IACrC;AAGA,QAAI,KAAK,eAAe,cAAc,KAAK,OAAO,YAAY,GAAG;AAC/D,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,QAAI,KAAK,eAAe,cAAc,KAAK,OAAO,YAAY,GAAG;AAC/D,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,QAAI,KAAK,OAAO,aAAa,SAAS,GAAG,GAAG;AAC1C,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,QAAI,KAAK,kBAAkB,YAAY,GAAG;AAExC,UAAI,KAAK,OAAO,aAAa,SAAS,IAAI,GAAG;AAC3C,eAAO,EAAE,SAAS,KAAK;AAAA,MACzB;AAAA,IACF;AAEA,UAAM,YAAY,KAAK;AAAA,MACrB;AAAA,MACA,iEAAiE,IAAI;AAAA,MACrE;AAAA,IACF;AACA,WAAO,EAAE,SAAS,OAAO,UAAU;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,SAIb;AACA,UAAM,YAAsB,CAAC;AAC7B,UAAM,aAAuB,CAAC;AAC9B,UAAM,aAAiC,CAAC;AAGxC,UAAM,iBAAiB,KAAK,wBAAwB,OAAO;AAI3D,UAAM,kBAAkB,QAAQ,SAAS,8BAA8B;AACvE,eAAW,SAAS,iBAAiB;AACnC,UAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,WAAW,GAAG,GAAG;AACzC,mBAAW,KAAK,MAAM,CAAC,CAAC;AAAA,MAC1B;AAAA,IACF;AAIA,UAAM,aAAa,QAAQ;AAAA,MACzB;AAAA,IACF;AACA,eAAW,SAAS,YAAY;AAC9B,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAGA,UAAM,YAAY,QAAQ;AAAA,MACxB;AAAA,IACF;AACA,eAAW,SAAS,WAAW;AAC7B,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAGA,UAAM,YAAY,QAAQ;AAAA,MACxB;AAAA,IACF;AACA,eAAW,SAAS,WAAW;AAC7B,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAGA,UAAM,YAAY,QAAQ;AAAA,MACxB;AAAA,IACF;AACA,eAAW,SAAS,WAAW;AAC7B,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAGA,UAAM,eAAe,QAAQ;AAAA,MAC3B;AAAA,IACF;AACA,eAAW,SAAS,cAAc;AAChC,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAGA,UAAM,eAAe,QAAQ;AAAA,MAC3B;AAAA,IACF;AACA,eAAW,SAAS,cAAc;AAChC,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAGA,UAAM,eAAe,QAAQ,SAAS,oCAAoC;AAC1E,eAAW,SAAS,cAAc;AAChC,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAGA,UAAM,eAAe,QAAQ;AAAA,MAC3B;AAAA,IACF;AACA,eAAW,SAAS,cAAc;AAChC,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAGA,UAAM,eAAe,QAAQ;AAAA,MAC3B;AAAA,IACF;AACA,eAAW,SAAS,cAAc;AAChC,UAAI,MAAM,CAAC,EAAG,YAAW,KAAK,MAAM,CAAC,CAAC;AAAA,IACxC;AAIA,QAAI,CAAC,QAAQ,SAAS,GAAG,GAAG;AAC1B,YAAM,aAAa,QAAQ,SAAS,kCAAkC;AACtE,iBAAW,SAAS,YAAY;AAC9B,YAAI,MAAM,CAAC,EAAG,WAAU,KAAK,MAAM,CAAC,CAAC;AAAA,MACvC;AAAA,IACF;AAGA,UAAM,kBAAkB,QAAQ;AAAA,MAC9B;AAAA,IACF;AACA,eAAW,SAAS,iBAAiB;AACnC,UAAI,MAAM,CAAC,EAAG,WAAU,KAAK,MAAM,CAAC,CAAC;AAAA,IACvC;AAGA,UAAM,eAAe,QAAQ;AAAA,MAC3B;AAAA,IACF;AACA,eAAW,SAAS,cAAc;AAChC,UAAI,MAAM,CAAC,EAAG,WAAU,KAAK,MAAM,CAAC,CAAC;AAAA,IACvC;AAGA,eAAW,QAAQ,gBAAgB;AACjC,UAAI,CAAC,WAAW,SAAS,IAAI,KAAK,CAAC,UAAU,SAAS,IAAI,GAAG;AAC3D,kBAAU,KAAK,IAAI;AAAA,MACrB;AAAA,IACF;AAGA,UAAM,mBAAmB,CAAC,GAAG,IAAI,IAAI,UAAU,CAAC;AAChD,UAAM,kBAAkB,CAAC,GAAG,IAAI,IAAI,SAAS,CAAC;AAG9C,eAAW,QAAQ,iBAAiB;AAClC,YAAM,SAAS,KAAK,QAAQ,IAAI;AAChC,UAAI,CAAC,OAAO,WAAW,OAAO,WAAW;AACvC,mBAAW,KAAK,OAAO,SAAS;AAAA,MAClC;AAAA,IACF;AAEA,eAAW,QAAQ,kBAAkB;AACnC,YAAM,SAAS,KAAK,SAAS,IAAI;AACjC,UAAI,CAAC,OAAO,WAAW,OAAO,WAAW;AACvC,mBAAW,KAAK,OAAO,SAAS;AAAA,MAClC;AAAA,IACF;AAGA,SAAK,WAAW,KAAK,GAAG,UAAU;AAElC,WAAO;AAAA,MACL,WAAW;AAAA,MACX,YAAY;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAoC;AAClC,WAAO,CAAC,GAAG,KAAK,UAAU;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAwB;AACtB,SAAK,aAAa,CAAC;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKQ,wBAAwB,SAA2B;AACzD,UAAM,QAAkB,CAAC;AAGzB,UAAM,gBAAgB,QAAQ,SAAS,mBAAmB;AAC1D,eAAW,SAAS,eAAe;AACjC,UAAI,MAAM,CAAC,KAAK,KAAK,cAAc,MAAM,CAAC,CAAC,GAAG;AAC5C,cAAM,KAAK,MAAM,CAAC,CAAC;AAAA,MACrB;AAAA,IACF;AAGA,UAAM,kBAAkB,QAAQ;AAAA,MAC9B;AAAA,IACF;AACA,eAAW,SAAS,iBAAiB;AACnC,UAAI,MAAM,CAAC,GAAG;AACZ,cAAM,KAAK,MAAM,CAAC,CAAC;AAAA,MACrB;AAAA,IACF;AAEA,WAAO,CAAC,GAAG,IAAI,IAAI,KAAK,CAAC;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,KAAsB;AAC1C,WACE,IAAI,SAAS,GAAG,KAChB,IAAI,WAAW,GAAG,KAClB,IAAI,SAAS,MAAM,KACnB,IAAI,SAAS,OAAO,KACpB,IAAI,SAAS,KAAK,KAClB,IAAI,SAAS,KAAK,KAClB,IAAI,SAAS,KAAK;AAAA,EAEtB;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAY,MAAsB;AACxC,QAAI,WAAW,IAAI,GAAG;AACpB,aAAO;AAAA,IACT;AACA,WAAO,QAAQ,KAAK,YAAY,IAAI;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAgB,cAA8B;AACpD,WAAO,SAAS,KAAK,YAAY,YAAY;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,cAA+B;AACvD,UAAM,MAAM,SAAS,KAAK,YAAY,YAAY;AAClD,WAAO,CAAC,IAAI,WAAW,IAAI,KAAK,CAAC,WAAW,GAAG;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,MAAc,UAA6B;AAChE,eAAW,WAAW,UAAU;AAE9B,UAAI,YAAY,KAAK;AACnB,eAAO;AAAA,MACT;AAGA,UAAI,YAAY,MAAM;AACpB,YAAI,KAAK,kBAAkB,KAAK,YAAY,IAAI,CAAC,GAAG;AAClD,iBAAO;AAAA,QACT;AACA;AAAA,MACF;AAGA,UACE,UAAU,MAAM,SAAS,EAAE,KAAK,KAAK,CAAC,KACtC,UAAU,MAAM,MAAM,OAAO,IAAI,EAAE,KAAK,KAAK,CAAC,GAC9C;AACA,eAAO;AAAA,MACT;AAGA,YAAM,UAAU,QAAQ,IAAI;AAC5B,UAAI,UAAU,SAAS,SAAS,EAAE,KAAK,KAAK,CAAC,GAAG;AAC9C,eAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,gBACN,MACA,SACA,MACkB;AAClB,WAAO;AAAA,MACL;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,SAAS;AAAA;AAAA,MACT;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": ["violation"]
+}

package/dist/services/sandbox/index.js ADDED Viewed

@@ -0,0 +1,14 @@
+export * from "./types.js";
+export * from "./filesystemBoundary.js";
+export * from "./networkProxy.js";
+import {
+  SandboxController,
+  getSandboxController,
+  resetSandboxController
+} from "./sandboxController.js";
+export {
+  SandboxController,
+  getSandboxController,
+  resetSandboxController
+};
+//# sourceMappingURL=index.js.map

package/dist/services/sandbox/index.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/services/sandbox/index.ts"],
+  "sourcesContent": ["/**\n * Sandbox System\n *\n * Provides OS-level isolation for command execution.\n *\n * Features:\n * - Filesystem boundary enforcement\n * - Network access control\n * - Process isolation (macOS seatbelt, Linux bubblewrap, Docker)\n * - Violation tracking and reporting\n *\n * Usage:\n * ```typescript\n * import { getSandboxController } from '@services/sandbox'\n *\n * const sandbox = getSandboxController('/path/to/project')\n * sandbox.updateConfig({ enabled: true })\n *\n * const result = await sandbox.execute('npm install', '/path/to/project')\n * if (result.blocked) {\n *   console.log('Command blocked:', result.blockReason)\n * }\n * ```\n */\n\nexport * from './types'\nexport * from './filesystemBoundary'\nexport * from './networkProxy'\nexport {\n  SandboxController,\n  getSandboxController,\n  resetSandboxController,\n} from './sandboxController'\n"],
+  "mappings": "AAyBA,cAAc;AACd,cAAc;AACd,cAAc;AACd;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;",
+  "names": []
+}