@within-7/minto 0.1.7 → 0.3.0

package/dist/services/sandbox/sandboxController.js

@@ -0,0 +1,574 @@
+import { spawn } from "child_process";
+import { platform } from "os";
+import { existsSync } from "fs";
+import { resolve } from "path";
+import { DEFAULT_SANDBOX_CONFIG } from "./types.js";
+import { FilesystemBoundary } from "./filesystemBoundary.js";
+import { NetworkProxy } from "./networkProxy.js";
+class SandboxController {
+  config;
+  implementation;
+  filesystemBoundary;
+  networkProxy;
+  violations = [];
+  workingDir;
+  constructor(workingDir, config) {
+    this.workingDir = resolve(workingDir);
+    this.config = { ...DEFAULT_SANDBOX_CONFIG, ...config };
+    this.implementation = this.detectImplementation();
+    this.filesystemBoundary = new FilesystemBoundary(
+      this.config.filesystem,
+      this.workingDir
+    );
+    this.networkProxy = new NetworkProxy(this.config.network);
+  }
+  /**
+   * Check if sandbox is available on this system
+   */
+  async isAvailable() {
+    if (!this.config.enabled) {
+      return false;
+    }
+    switch (this.implementation) {
+      case "seatbelt":
+        return this.isSeatbeltAvailable();
+      case "bubblewrap":
+        return this.isBubblewrapAvailable();
+      case "docker":
+        return this.isDockerAvailable();
+      default:
+        return false;
+    }
+  }
+  /**
+   * Get the implementation type
+   */
+  getImplementationType() {
+    return this.implementation;
+  }
+  /**
+   * Initialize the sandbox
+   */
+  async initialize(config) {
+    this.config = config;
+    this.filesystemBoundary = new FilesystemBoundary(
+      config.filesystem,
+      this.workingDir
+    );
+    this.networkProxy = new NetworkProxy(config.network);
+    this.violations = [];
+  }
+  /**
+   * Pre-validate a command against policies
+   */
+  async validateCommand(command) {
+    const violations = [];
+    if (this.isExcludedCommand(command)) {
+      return { valid: true, violations: [] };
+    }
+    const fsResult = this.filesystemBoundary.analyzeCommand(command);
+    for (const violation of fsResult.violations) {
+      violation.command = command;
+      violations.push(violation);
+    }
+    const netResult = this.networkProxy.analyzeCommand(command);
+    for (const violation of netResult.violations) {
+      violation.command = command;
+      violations.push(violation);
+    }
+    this.violations.push(...violations);
+    return {
+      valid: violations.length === 0,
+      violations
+    };
+  }
+  /**
+   * Execute a command in the sandbox
+   */
+  async execute(command, workingDir, signal, timeout) {
+    const startTime = Date.now();
+    this.workingDir = resolve(workingDir);
+    this.filesystemBoundary.setWorkingDir(this.workingDir);
+    if (!this.config.enabled) {
+      return this.executeDirectly(command, signal, timeout);
+    }
+    const validation = await this.validateCommand(command);
+    if (!validation.valid) {
+      return {
+        stdout: "",
+        stderr: `Sandbox blocked command:
+${validation.violations.map((v) => `- ${v.details}`).join("\n")}`,
+        exitCode: 1,
+        interrupted: false,
+        blocked: true,
+        blockReason: validation.violations[0]?.details,
+        duration: Date.now() - startTime
+      };
+    }
+    if (this.isExcludedCommand(command)) {
+      return this.executeDirectly(command, signal, timeout);
+    }
+    switch (this.implementation) {
+      case "seatbelt":
+        return this.executeWithSeatbelt(command, signal, timeout, startTime);
+      case "bubblewrap":
+        return this.executeWithBubblewrap(command, signal, timeout, startTime);
+      case "docker":
+        return this.executeWithDocker(command, signal, timeout, startTime);
+      default:
+        return this.executeDirectly(command, signal, timeout);
+    }
+  }
+  /**
+   * Get current configuration
+   */
+  getConfig() {
+    return { ...this.config };
+  }
+  /**
+   * Update configuration
+   */
+  updateConfig(config) {
+    this.config = { ...this.config, ...config };
+    if (config.filesystem) {
+      this.filesystemBoundary.updatePolicy(config.filesystem);
+    }
+    if (config.network) {
+      this.networkProxy.updatePolicy(config.network);
+    }
+  }
+  /**
+   * Get violation history
+   */
+  getViolations() {
+    return [
+      ...this.violations,
+      ...this.filesystemBoundary.getViolations(),
+      ...this.networkProxy.getViolations()
+    ];
+  }
+  /**
+   * Clear violation history
+   */
+  clearViolations() {
+    this.violations = [];
+    this.filesystemBoundary.clearViolations();
+    this.networkProxy.clearViolations();
+  }
+  /**
+   * Get filesystem boundary instance
+   */
+  getFilesystemBoundary() {
+    return this.filesystemBoundary;
+  }
+  /**
+   * Get network proxy instance
+   */
+  getNetworkProxy() {
+    return this.networkProxy;
+  }
+  /**
+   * Detect the best available sandbox implementation
+   */
+  detectImplementation() {
+    const os = platform();
+    if (os === "darwin") {
+      return "seatbelt";
+    } else if (os === "linux") {
+      if (this.hasBubblewrap()) {
+        return "bubblewrap";
+      } else if (this.hasDocker()) {
+        return "docker";
+      }
+    }
+    return "none";
+  }
+  /**
+   * Check if bubblewrap is installed
+   */
+  hasBubblewrap() {
+    return existsSync("/usr/bin/bwrap") || existsSync("/usr/local/bin/bwrap");
+  }
+  /**
+   * Check if docker is available
+   */
+  hasDocker() {
+    return existsSync("/usr/bin/docker") || existsSync("/usr/local/bin/docker");
+  }
+  /**
+   * Check if seatbelt (macOS sandbox-exec) is available
+   */
+  async isSeatbeltAvailable() {
+    return platform() === "darwin" && existsSync("/usr/bin/sandbox-exec");
+  }
+  /**
+   * Check if bubblewrap is available and working
+   */
+  async isBubblewrapAvailable() {
+    if (!this.hasBubblewrap()) return false;
+    try {
+      const result = await this.spawnAsync("bwrap", ["--version"]);
+      return result.exitCode === 0;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Check if docker is available and running
+   */
+  async isDockerAvailable() {
+    if (!this.hasDocker()) return false;
+    try {
+      const result = await this.spawnAsync("docker", ["info"]);
+      return result.exitCode === 0;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Check if a command is excluded from sandboxing
+   */
+  isExcludedCommand(command) {
+    const firstWord = command.trim().split(/\s+/)[0]?.toLowerCase();
+    if (!firstWord) return false;
+    return this.config.process.excludedCommands.some(
+      (excluded) => firstWord === excluded.toLowerCase()
+    );
+  }
+  /**
+   * Execute command directly without sandboxing
+   */
+  async executeDirectly(command, signal, timeout) {
+    const startTime = Date.now();
+    const effectiveTimeout = timeout || this.config.process.maxExecutionTime;
+    try {
+      const result = await this.spawnAsync("sh", ["-c", command], {
+        cwd: this.workingDir,
+        signal,
+        timeout: effectiveTimeout
+      });
+      return {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        exitCode: result.exitCode,
+        interrupted: result.interrupted,
+        blocked: false,
+        duration: Date.now() - startTime
+      };
+    } catch (error) {
+      const err = error;
+      return {
+        stdout: "",
+        stderr: err.message,
+        exitCode: 1,
+        interrupted: signal?.aborted || false,
+        blocked: false,
+        duration: Date.now() - startTime
+      };
+    }
+  }
+  /**
+   * Execute command with macOS seatbelt sandbox
+   */
+  async executeWithSeatbelt(command, signal, timeout, startTime) {
+    const start = startTime || Date.now();
+    const effectiveTimeout = timeout || this.config.process.maxExecutionTime;
+    const profile = this.generateSeatbeltProfile();
+    try {
+      const result = await this.spawnAsync(
+        "sandbox-exec",
+        ["-p", profile, "sh", "-c", command],
+        {
+          cwd: this.workingDir,
+          signal,
+          timeout: effectiveTimeout
+        }
+      );
+      return {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        exitCode: result.exitCode,
+        interrupted: result.interrupted,
+        blocked: false,
+        duration: Date.now() - start
+      };
+    } catch (error) {
+      const err = error;
+      const isBlocked = err.message.includes("sandbox") || err.message.includes("denied");
+      return {
+        stdout: "",
+        stderr: err.message,
+        exitCode: 1,
+        interrupted: signal?.aborted || false,
+        blocked: isBlocked,
+        blockReason: isBlocked ? "Sandbox policy violation" : void 0,
+        duration: Date.now() - start
+      };
+    }
+  }
+  /**
+   * Generate macOS seatbelt profile
+   */
+  generateSeatbeltProfile() {
+    const writeAllowed = this.config.filesystem.writeAllowed.map((p) => {
+      if (p === "./") return `(subpath "${this.workingDir}")`;
+      if (p === "*") return '(subpath "/")';
+      const absPath = resolve(this.workingDir, p);
+      return `(subpath "${absPath}")`;
+    }).join("\n    ");
+    const readAllowed = this.config.filesystem.readAllowed.map((p) => {
+      if (p === "*") return '(subpath "/")';
+      const absPath = resolve(this.workingDir, p);
+      return `(subpath "${absPath}")`;
+    }).join("\n    ");
+    const networkRules = this.config.network.blockAll ? "(deny network*)" : this.config.network.allowedDomains.length > 0 ? `(allow network-outbound
+    (remote tcp "${this.config.network.allowedDomains.join('", "')}"))` : "(allow network-outbound)";
+    return `
+(version 1)
+(deny default)
+
+; Allow basic system operations
+(allow process-exec*)
+(allow process-fork)
+(allow file-read-metadata)
+(allow sysctl-read)
+
+; Allow reading system libraries and executables
+(allow file-read*
+    (subpath "/usr")
+    (subpath "/bin")
+    (subpath "/sbin")
+    (subpath "/System")
+    (subpath "/Library")
+    (subpath "/private/var")
+    (subpath "/private/tmp")
+    (subpath "/dev")
+    (subpath "/tmp")
+    ${readAllowed}
+)
+
+; Allow writing to specific paths
+(allow file-write*
+    (subpath "/dev")
+    (subpath "/private/tmp")
+    (subpath "/tmp")
+    ${writeAllowed}
+)
+
+; Network rules
+${networkRules}
+
+; Allow stdout/stderr
+(allow file-write-data
+    (literal "/dev/null")
+    (literal "/dev/zero")
+    (literal "/dev/random")
+    (literal "/dev/urandom")
+    (literal "/dev/tty")
+    (literal "/dev/console")
+)
+
+; Allow process management
+(allow signal)
+(allow mach-lookup)
+(allow ipc-posix-shm-read-data)
+(allow ipc-posix-shm-write-data)
+`;
+  }
+  /**
+   * Execute command with Linux bubblewrap sandbox
+   */
+  async executeWithBubblewrap(command, signal, timeout, startTime) {
+    const start = startTime || Date.now();
+    const effectiveTimeout = timeout || this.config.process.maxExecutionTime;
+    const bwrapArgs = this.buildBubblewrapArgs();
+    try {
+      const result = await this.spawnAsync(
+        "bwrap",
+        [...bwrapArgs, "sh", "-c", command],
+        {
+          cwd: this.workingDir,
+          signal,
+          timeout: effectiveTimeout
+        }
+      );
+      return {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        exitCode: result.exitCode,
+        interrupted: result.interrupted,
+        blocked: false,
+        duration: Date.now() - start
+      };
+    } catch (error) {
+      const err = error;
+      return {
+        stdout: "",
+        stderr: err.message,
+        exitCode: 1,
+        interrupted: signal?.aborted || false,
+        blocked: false,
+        duration: Date.now() - start
+      };
+    }
+  }
+  /**
+   * Build bubblewrap command arguments
+   */
+  buildBubblewrapArgs() {
+    const args = [];
+    args.push("--unshare-all");
+    args.push("--die-with-parent");
+    args.push("--ro-bind", "/usr", "/usr");
+    args.push("--ro-bind", "/bin", "/bin");
+    args.push("--ro-bind", "/lib", "/lib");
+    if (existsSync("/lib64")) {
+      args.push("--ro-bind", "/lib64", "/lib64");
+    }
+    args.push("--ro-bind", "/etc", "/etc");
+    args.push("--tmpfs", "/tmp");
+    args.push("--bind", this.workingDir, this.workingDir);
+    args.push("--chdir", this.workingDir);
+    for (const path of this.config.filesystem.readAllowed) {
+      if (path !== "*" && path !== "./" && existsSync(path)) {
+        const absPath = resolve(this.workingDir, path);
+        if (existsSync(absPath)) {
+          args.push("--ro-bind", absPath, absPath);
+        }
+      }
+    }
+    for (const path of this.config.filesystem.writeAllowed) {
+      if (path !== "./" && path !== "*") {
+        const absPath = resolve(this.workingDir, path);
+        if (existsSync(absPath)) {
+          args.push("--bind", absPath, absPath);
+        }
+      }
+    }
+    if (this.config.network.blockAll) {
+      args.push("--unshare-net");
+    }
+    if (this.config.process.maxProcesses > 0) {
+      args.push(
+        "--setenv",
+        "MINTO_MAX_PROCS",
+        String(this.config.process.maxProcesses)
+      );
+    }
+    return args;
+  }
+  /**
+   * Execute command with Docker sandbox
+   */
+  async executeWithDocker(command, signal, timeout, startTime) {
+    const start = startTime || Date.now();
+    const effectiveTimeout = timeout || this.config.process.maxExecutionTime;
+    const dockerArgs = [
+      "run",
+      "--rm",
+      "-i",
+      "--network",
+      this.config.network.blockAll ? "none" : "bridge",
+      "-v",
+      `${this.workingDir}:/workspace`,
+      "-w",
+      "/workspace"
+    ];
+    if (this.config.process.maxMemory > 0) {
+      dockerArgs.push("--memory", `${this.config.process.maxMemory}`);
+    }
+    dockerArgs.push("alpine:latest");
+    dockerArgs.push("sh", "-c", command);
+    try {
+      const result = await this.spawnAsync("docker", dockerArgs, {
+        cwd: this.workingDir,
+        signal,
+        timeout: effectiveTimeout
+      });
+      return {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        exitCode: result.exitCode,
+        interrupted: result.interrupted,
+        blocked: false,
+        duration: Date.now() - start
+      };
+    } catch (error) {
+      const err = error;
+      return {
+        stdout: "",
+        stderr: err.message,
+        exitCode: 1,
+        interrupted: signal?.aborted || false,
+        blocked: false,
+        duration: Date.now() - start
+      };
+    }
+  }
+  /**
+   * Spawn a process with promise wrapper
+   */
+  spawnAsync(cmd, args, options) {
+    return new Promise((resolve2, reject) => {
+      let stdout = "";
+      let stderr = "";
+      let interrupted = false;
+      let child = null;
+      const timeoutId = options?.timeout ? setTimeout(() => {
+        interrupted = true;
+        child?.kill("SIGTERM");
+      }, options.timeout) : null;
+      if (options?.signal) {
+        options.signal.addEventListener("abort", () => {
+          interrupted = true;
+          child?.kill("SIGTERM");
+        });
+      }
+      child = spawn(cmd, args, {
+        cwd: options?.cwd || this.workingDir,
+        shell: false,
+        stdio: ["pipe", "pipe", "pipe"]
+      });
+      child.stdout?.on("data", (data) => {
+        stdout += data.toString();
+      });
+      child.stderr?.on("data", (data) => {
+        stderr += data.toString();
+      });
+      child.on("error", (error) => {
+        if (timeoutId) clearTimeout(timeoutId);
+        reject(error);
+      });
+      child.on("close", (code) => {
+        if (timeoutId) clearTimeout(timeoutId);
+        resolve2({
+          stdout,
+          stderr,
+          exitCode: code ?? 1,
+          interrupted
+        });
+      });
+    });
+  }
+}
+let globalSandboxController = null;
+function getSandboxController(workingDir) {
+  if (!globalSandboxController) {
+    globalSandboxController = new SandboxController(workingDir || process.cwd());
+  } else if (workingDir) {
+    globalSandboxController = new SandboxController(
+      workingDir,
+      globalSandboxController.getConfig()
+    );
+  }
+  return globalSandboxController;
+}
+function resetSandboxController() {
+  globalSandboxController = null;
+}
+export {
+  SandboxController,
+  getSandboxController,
+  resetSandboxController
+};
+//# sourceMappingURL=sandboxController.js.map

package/dist/services/sandbox/sandboxController.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/services/sandbox/sandboxController.ts"],
+  "sourcesContent": ["/**\n * Sandbox Controller\n *\n * Main controller for the sandbox execution system.\n * Coordinates filesystem, network, and process isolation.\n */\n\nimport { spawn, type ChildProcess } from 'child_process'\nimport { platform } from 'os'\nimport { existsSync } from 'fs'\nimport { resolve } from 'path'\nimport type {\n  ISandboxController,\n  SandboxConfig,\n  SandboxExecutionResult,\n  SandboxImplementation,\n  SandboxViolation,\n} from './types'\nimport { DEFAULT_SANDBOX_CONFIG } from './types'\nimport { FilesystemBoundary } from './filesystemBoundary'\nimport { NetworkProxy } from './networkProxy'\n\n/**\n * Sandbox Controller Implementation\n *\n * Provides unified sandbox management with OS-specific implementations.\n */\nexport class SandboxController implements ISandboxController {\n  private config: SandboxConfig\n  private implementation: SandboxImplementation\n  private filesystemBoundary: FilesystemBoundary\n  private networkProxy: NetworkProxy\n  private violations: SandboxViolation[] = []\n  private workingDir: string\n\n  constructor(workingDir: string, config?: Partial<SandboxConfig>) {\n    this.workingDir = resolve(workingDir)\n    this.config = { ...DEFAULT_SANDBOX_CONFIG, ...config }\n    this.implementation = this.detectImplementation()\n    this.filesystemBoundary = new FilesystemBoundary(\n      this.config.filesystem,\n      this.workingDir,\n    )\n    this.networkProxy = new NetworkProxy(this.config.network)\n  }\n\n  /**\n   * Check if sandbox is available on this system\n   */\n  async isAvailable(): Promise<boolean> {\n    if (!this.config.enabled) {\n      return false\n    }\n\n    switch (this.implementation) {\n      case 'seatbelt':\n        return this.isSeatbeltAvailable()\n      case 'bubblewrap':\n        return this.isBubblewrapAvailable()\n      case 'docker':\n        return this.isDockerAvailable()\n      default:\n        return false\n    }\n  }\n\n  /**\n   * Get the implementation type\n   */\n  getImplementationType(): SandboxImplementation {\n    return this.implementation\n  }\n\n  /**\n   * Initialize the sandbox\n   */\n  async initialize(config: SandboxConfig): Promise<void> {\n    this.config = config\n    this.filesystemBoundary = new FilesystemBoundary(\n      config.filesystem,\n      this.workingDir,\n    )\n    this.networkProxy = new NetworkProxy(config.network)\n    this.violations = []\n  }\n\n  /**\n   * Pre-validate a command against policies\n   */\n  async validateCommand(command: string): Promise<{\n    valid: boolean\n    violations: SandboxViolation[]\n  }> {\n    const violations: SandboxViolation[] = []\n\n    // Check if command is excluded from sandboxing\n    if (this.isExcludedCommand(command)) {\n      return { valid: true, violations: [] }\n    }\n\n    // Validate filesystem access\n    const fsResult = this.filesystemBoundary.analyzeCommand(command)\n    for (const violation of fsResult.violations) {\n      violation.command = command\n      violations.push(violation)\n    }\n\n    // Validate network access\n    const netResult = this.networkProxy.analyzeCommand(command)\n    for (const violation of netResult.violations) {\n      violation.command = command\n      violations.push(violation)\n    }\n\n    // Store all violations\n    this.violations.push(...violations)\n\n    return {\n      valid: violations.length === 0,\n      violations,\n    }\n  }\n\n  /**\n   * Execute a command in the sandbox\n   */\n  async execute(\n    command: string,\n    workingDir: string,\n    signal?: AbortSignal,\n    timeout?: number,\n  ): Promise<SandboxExecutionResult> {\n    const startTime = Date.now()\n    this.workingDir = resolve(workingDir)\n    this.filesystemBoundary.setWorkingDir(this.workingDir)\n\n    // If sandbox is disabled, execute directly\n    if (!this.config.enabled) {\n      return this.executeDirectly(command, signal, timeout)\n    }\n\n    // Validate command first\n    const validation = await this.validateCommand(command)\n    if (!validation.valid) {\n      return {\n        stdout: '',\n        stderr: `Sandbox blocked command:\\n${validation.violations\n          .map(v => `- ${v.details}`)\n          .join('\\n')}`,\n        exitCode: 1,\n        interrupted: false,\n        blocked: true,\n        blockReason: validation.violations[0]?.details,\n        duration: Date.now() - startTime,\n      }\n    }\n\n    // Check if command is excluded from sandboxing\n    if (this.isExcludedCommand(command)) {\n      return this.executeDirectly(command, signal, timeout)\n    }\n\n    // Execute with appropriate sandbox\n    switch (this.implementation) {\n      case 'seatbelt':\n        return this.executeWithSeatbelt(command, signal, timeout, startTime)\n      case 'bubblewrap':\n        return this.executeWithBubblewrap(command, signal, timeout, startTime)\n      case 'docker':\n        return this.executeWithDocker(command, signal, timeout, startTime)\n      default:\n        // No sandbox available, execute directly with validation only\n        return this.executeDirectly(command, signal, timeout)\n    }\n  }\n\n  /**\n   * Get current configuration\n   */\n  getConfig(): SandboxConfig {\n    return { ...this.config }\n  }\n\n  /**\n   * Update configuration\n   */\n  updateConfig(config: Partial<SandboxConfig>): void {\n    this.config = { ...this.config, ...config }\n    if (config.filesystem) {\n      this.filesystemBoundary.updatePolicy(config.filesystem)\n    }\n    if (config.network) {\n      this.networkProxy.updatePolicy(config.network)\n    }\n  }\n\n  /**\n   * Get violation history\n   */\n  getViolations(): SandboxViolation[] {\n    return [\n      ...this.violations,\n      ...this.filesystemBoundary.getViolations(),\n      ...this.networkProxy.getViolations(),\n    ]\n  }\n\n  /**\n   * Clear violation history\n   */\n  clearViolations(): void {\n    this.violations = []\n    this.filesystemBoundary.clearViolations()\n    this.networkProxy.clearViolations()\n  }\n\n  /**\n   * Get filesystem boundary instance\n   */\n  getFilesystemBoundary(): FilesystemBoundary {\n    return this.filesystemBoundary\n  }\n\n  /**\n   * Get network proxy instance\n   */\n  getNetworkProxy(): NetworkProxy {\n    return this.networkProxy\n  }\n\n  /**\n   * Detect the best available sandbox implementation\n   */\n  private detectImplementation(): SandboxImplementation {\n    const os = platform()\n\n    if (os === 'darwin') {\n      // macOS - use seatbelt/sandbox-exec\n      return 'seatbelt'\n    } else if (os === 'linux') {\n      // Linux - prefer bubblewrap, fallback to docker\n      if (this.hasBubblewrap()) {\n        return 'bubblewrap'\n      } else if (this.hasDocker()) {\n        return 'docker'\n      }\n    }\n\n    return 'none'\n  }\n\n  /**\n   * Check if bubblewrap is installed\n   */\n  private hasBubblewrap(): boolean {\n    return existsSync('/usr/bin/bwrap') || existsSync('/usr/local/bin/bwrap')\n  }\n\n  /**\n   * Check if docker is available\n   */\n  private hasDocker(): boolean {\n    return existsSync('/usr/bin/docker') || existsSync('/usr/local/bin/docker')\n  }\n\n  /**\n   * Check if seatbelt (macOS sandbox-exec) is available\n   */\n  private async isSeatbeltAvailable(): Promise<boolean> {\n    return platform() === 'darwin' && existsSync('/usr/bin/sandbox-exec')\n  }\n\n  /**\n   * Check if bubblewrap is available and working\n   */\n  private async isBubblewrapAvailable(): Promise<boolean> {\n    if (!this.hasBubblewrap()) return false\n    try {\n      const result = await this.spawnAsync('bwrap', ['--version'])\n      return result.exitCode === 0\n    } catch {\n      return false\n    }\n  }\n\n  /**\n   * Check if docker is available and running\n   */\n  private async isDockerAvailable(): Promise<boolean> {\n    if (!this.hasDocker()) return false\n    try {\n      const result = await this.spawnAsync('docker', ['info'])\n      return result.exitCode === 0\n    } catch {\n      return false\n    }\n  }\n\n  /**\n   * Check if a command is excluded from sandboxing\n   */\n  private isExcludedCommand(command: string): boolean {\n    const firstWord = command.trim().split(/\\s+/)[0]?.toLowerCase()\n    if (!firstWord) return false\n    return this.config.process.excludedCommands.some(\n      excluded => firstWord === excluded.toLowerCase(),\n    )\n  }\n\n  /**\n   * Execute command directly without sandboxing\n   */\n  private async executeDirectly(\n    command: string,\n    signal?: AbortSignal,\n    timeout?: number,\n  ): Promise<SandboxExecutionResult> {\n    const startTime = Date.now()\n    const effectiveTimeout = timeout || this.config.process.maxExecutionTime\n\n    try {\n      const result = await this.spawnAsync('sh', ['-c', command], {\n        cwd: this.workingDir,\n        signal,\n        timeout: effectiveTimeout,\n      })\n\n      return {\n        stdout: result.stdout,\n        stderr: result.stderr,\n        exitCode: result.exitCode,\n        interrupted: result.interrupted,\n        blocked: false,\n        duration: Date.now() - startTime,\n      }\n    } catch (error) {\n      const err = error as Error\n      return {\n        stdout: '',\n        stderr: err.message,\n        exitCode: 1,\n        interrupted: signal?.aborted || false,\n        blocked: false,\n        duration: Date.now() - startTime,\n      }\n    }\n  }\n\n  /**\n   * Execute command with macOS seatbelt sandbox\n   */\n  private async executeWithSeatbelt(\n    command: string,\n    signal?: AbortSignal,\n    timeout?: number,\n    startTime?: number,\n  ): Promise<SandboxExecutionResult> {\n    const start = startTime || Date.now()\n    const effectiveTimeout = timeout || this.config.process.maxExecutionTime\n\n    // Generate seatbelt profile\n    const profile = this.generateSeatbeltProfile()\n\n    try {\n      const result = await this.spawnAsync(\n        'sandbox-exec',\n        ['-p', profile, 'sh', '-c', command],\n        {\n          cwd: this.workingDir,\n          signal,\n          timeout: effectiveTimeout,\n        },\n      )\n\n      return {\n        stdout: result.stdout,\n        stderr: result.stderr,\n        exitCode: result.exitCode,\n        interrupted: result.interrupted,\n        blocked: false,\n        duration: Date.now() - start,\n      }\n    } catch (error) {\n      const err = error as Error\n      const isBlocked =\n        err.message.includes('sandbox') || err.message.includes('denied')\n      return {\n        stdout: '',\n        stderr: err.message,\n        exitCode: 1,\n        interrupted: signal?.aborted || false,\n        blocked: isBlocked,\n        blockReason: isBlocked ? 'Sandbox policy violation' : undefined,\n        duration: Date.now() - start,\n      }\n    }\n  }\n\n  /**\n   * Generate macOS seatbelt profile\n   */\n  private generateSeatbeltProfile(): string {\n    const writeAllowed = this.config.filesystem.writeAllowed\n      .map(p => {\n        if (p === './') return `(subpath \"${this.workingDir}\")`\n        if (p === '*') return '(subpath \"/\")'\n        const absPath = resolve(this.workingDir, p)\n        return `(subpath \"${absPath}\")`\n      })\n      .join('\\n    ')\n\n    const readAllowed = this.config.filesystem.readAllowed\n      .map(p => {\n        if (p === '*') return '(subpath \"/\")'\n        const absPath = resolve(this.workingDir, p)\n        return `(subpath \"${absPath}\")`\n      })\n      .join('\\n    ')\n\n    const networkRules = this.config.network.blockAll\n      ? '(deny network*)'\n      : this.config.network.allowedDomains.length > 0\n        ? `(allow network-outbound\n    (remote tcp \"${this.config.network.allowedDomains.join('\", \"')}\"))`\n        : '(allow network-outbound)'\n\n    return `\n(version 1)\n(deny default)\n\n; Allow basic system operations\n(allow process-exec*)\n(allow process-fork)\n(allow file-read-metadata)\n(allow sysctl-read)\n\n; Allow reading system libraries and executables\n(allow file-read*\n    (subpath \"/usr\")\n    (subpath \"/bin\")\n    (subpath \"/sbin\")\n    (subpath \"/System\")\n    (subpath \"/Library\")\n    (subpath \"/private/var\")\n    (subpath \"/private/tmp\")\n    (subpath \"/dev\")\n    (subpath \"/tmp\")\n    ${readAllowed}\n)\n\n; Allow writing to specific paths\n(allow file-write*\n    (subpath \"/dev\")\n    (subpath \"/private/tmp\")\n    (subpath \"/tmp\")\n    ${writeAllowed}\n)\n\n; Network rules\n${networkRules}\n\n; Allow stdout/stderr\n(allow file-write-data\n    (literal \"/dev/null\")\n    (literal \"/dev/zero\")\n    (literal \"/dev/random\")\n    (literal \"/dev/urandom\")\n    (literal \"/dev/tty\")\n    (literal \"/dev/console\")\n)\n\n; Allow process management\n(allow signal)\n(allow mach-lookup)\n(allow ipc-posix-shm-read-data)\n(allow ipc-posix-shm-write-data)\n`\n  }\n\n  /**\n   * Execute command with Linux bubblewrap sandbox\n   */\n  private async executeWithBubblewrap(\n    command: string,\n    signal?: AbortSignal,\n    timeout?: number,\n    startTime?: number,\n  ): Promise<SandboxExecutionResult> {\n    const start = startTime || Date.now()\n    const effectiveTimeout = timeout || this.config.process.maxExecutionTime\n\n    // Build bubblewrap arguments\n    const bwrapArgs = this.buildBubblewrapArgs()\n\n    try {\n      const result = await this.spawnAsync(\n        'bwrap',\n        [...bwrapArgs, 'sh', '-c', command],\n        {\n          cwd: this.workingDir,\n          signal,\n          timeout: effectiveTimeout,\n        },\n      )\n\n      return {\n        stdout: result.stdout,\n        stderr: result.stderr,\n        exitCode: result.exitCode,\n        interrupted: result.interrupted,\n        blocked: false,\n        duration: Date.now() - start,\n      }\n    } catch (error) {\n      const err = error as Error\n      return {\n        stdout: '',\n        stderr: err.message,\n        exitCode: 1,\n        interrupted: signal?.aborted || false,\n        blocked: false,\n        duration: Date.now() - start,\n      }\n    }\n  }\n\n  /**\n   * Build bubblewrap command arguments\n   */\n  private buildBubblewrapArgs(): string[] {\n    const args: string[] = []\n\n    // Basic sandboxing\n    args.push('--unshare-all')\n    args.push('--die-with-parent')\n\n    // Mount system directories read-only\n    args.push('--ro-bind', '/usr', '/usr')\n    args.push('--ro-bind', '/bin', '/bin')\n    args.push('--ro-bind', '/lib', '/lib')\n    if (existsSync('/lib64')) {\n      args.push('--ro-bind', '/lib64', '/lib64')\n    }\n    args.push('--ro-bind', '/etc', '/etc')\n\n    // Allow /tmp\n    args.push('--tmpfs', '/tmp')\n\n    // Set working directory with read-write access\n    args.push('--bind', this.workingDir, this.workingDir)\n    args.push('--chdir', this.workingDir)\n\n    // Add additional read paths\n    for (const path of this.config.filesystem.readAllowed) {\n      if (path !== '*' && path !== './' && existsSync(path)) {\n        const absPath = resolve(this.workingDir, path)\n        if (existsSync(absPath)) {\n          args.push('--ro-bind', absPath, absPath)\n        }\n      }\n    }\n\n    // Add additional write paths\n    for (const path of this.config.filesystem.writeAllowed) {\n      if (path !== './' && path !== '*') {\n        const absPath = resolve(this.workingDir, path)\n        if (existsSync(absPath)) {\n          args.push('--bind', absPath, absPath)\n        }\n      }\n    }\n\n    // Network isolation (if blocking all)\n    if (this.config.network.blockAll) {\n      args.push('--unshare-net')\n    }\n\n    // Process limits\n    if (this.config.process.maxProcesses > 0) {\n      args.push(\n        '--setenv',\n        'MINTO_MAX_PROCS',\n        String(this.config.process.maxProcesses),\n      )\n    }\n\n    return args\n  }\n\n  /**\n   * Execute command with Docker sandbox\n   */\n  private async executeWithDocker(\n    command: string,\n    signal?: AbortSignal,\n    timeout?: number,\n    startTime?: number,\n  ): Promise<SandboxExecutionResult> {\n    const start = startTime || Date.now()\n    const effectiveTimeout = timeout || this.config.process.maxExecutionTime\n\n    // Build docker run arguments\n    const dockerArgs = [\n      'run',\n      '--rm',\n      '-i',\n      '--network',\n      this.config.network.blockAll ? 'none' : 'bridge',\n      '-v',\n      `${this.workingDir}:/workspace`,\n      '-w',\n      '/workspace',\n    ]\n\n    // Add memory limit\n    if (this.config.process.maxMemory > 0) {\n      dockerArgs.push('--memory', `${this.config.process.maxMemory}`)\n    }\n\n    // Use a minimal image\n    dockerArgs.push('alpine:latest')\n    dockerArgs.push('sh', '-c', command)\n\n    try {\n      const result = await this.spawnAsync('docker', dockerArgs, {\n        cwd: this.workingDir,\n        signal,\n        timeout: effectiveTimeout,\n      })\n\n      return {\n        stdout: result.stdout,\n        stderr: result.stderr,\n        exitCode: result.exitCode,\n        interrupted: result.interrupted,\n        blocked: false,\n        duration: Date.now() - start,\n      }\n    } catch (error) {\n      const err = error as Error\n      return {\n        stdout: '',\n        stderr: err.message,\n        exitCode: 1,\n        interrupted: signal?.aborted || false,\n        blocked: false,\n        duration: Date.now() - start,\n      }\n    }\n  }\n\n  /**\n   * Spawn a process with promise wrapper\n   */\n  private spawnAsync(\n    cmd: string,\n    args: string[],\n    options?: {\n      cwd?: string\n      signal?: AbortSignal\n      timeout?: number\n    },\n  ): Promise<{\n    stdout: string\n    stderr: string\n    exitCode: number\n    interrupted: boolean\n  }> {\n    return new Promise((resolve, reject) => {\n      let stdout = ''\n      let stderr = ''\n      let interrupted = false\n      let child: ChildProcess | null = null\n\n      const timeoutId = options?.timeout\n        ? setTimeout(() => {\n            interrupted = true\n            child?.kill('SIGTERM')\n          }, options.timeout)\n        : null\n\n      // Handle abort signal\n      if (options?.signal) {\n        options.signal.addEventListener('abort', () => {\n          interrupted = true\n          child?.kill('SIGTERM')\n        })\n      }\n\n      child = spawn(cmd, args, {\n        cwd: options?.cwd || this.workingDir,\n        shell: false,\n        stdio: ['pipe', 'pipe', 'pipe'],\n      })\n\n      child.stdout?.on('data', (data: Buffer) => {\n        stdout += data.toString()\n      })\n\n      child.stderr?.on('data', (data: Buffer) => {\n        stderr += data.toString()\n      })\n\n      child.on('error', (error: Error) => {\n        if (timeoutId) clearTimeout(timeoutId)\n        reject(error)\n      })\n\n      child.on('close', (code: number | null) => {\n        if (timeoutId) clearTimeout(timeoutId)\n        resolve({\n          stdout,\n          stderr,\n          exitCode: code ?? 1,\n          interrupted,\n        })\n      })\n    })\n  }\n}\n\n// Global singleton instance\nlet globalSandboxController: SandboxController | null = null\n\n/**\n * Get the global sandbox controller instance\n */\nexport function getSandboxController(workingDir?: string): SandboxController {\n  if (!globalSandboxController) {\n    globalSandboxController = new SandboxController(workingDir || process.cwd())\n  } else if (workingDir) {\n    // Update working directory if provided\n    globalSandboxController = new SandboxController(\n      workingDir,\n      globalSandboxController.getConfig(),\n    )\n  }\n  return globalSandboxController\n}\n\n/**\n * Reset the global sandbox controller (for testing)\n */\nexport function resetSandboxController(): void {\n  globalSandboxController = null\n}\n"],
+  "mappings": "AAOA,SAAS,aAAgC;AACzC,SAAS,gBAAgB;AACzB,SAAS,kBAAkB;AAC3B,SAAS,eAAe;AAQxB,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,oBAAoB;AAOtB,MAAM,kBAAgD;AAAA,EACnD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAiC,CAAC;AAAA,EAClC;AAAA,EAER,YAAY,YAAoB,QAAiC;AAC/D,SAAK,aAAa,QAAQ,UAAU;AACpC,SAAK,SAAS,EAAE,GAAG,wBAAwB,GAAG,OAAO;AACrD,SAAK,iBAAiB,KAAK,qBAAqB;AAChD,SAAK,qBAAqB,IAAI;AAAA,MAC5B,KAAK,OAAO;AAAA,MACZ,KAAK;AAAA,IACP;AACA,SAAK,eAAe,IAAI,aAAa,KAAK,OAAO,OAAO;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAgC;AACpC,QAAI,CAAC,KAAK,OAAO,SAAS;AACxB,aAAO;AAAA,IACT;AAEA,YAAQ,KAAK,gBAAgB;AAAA,MAC3B,KAAK;AACH,eAAO,KAAK,oBAAoB;AAAA,MAClC,KAAK;AACH,eAAO,KAAK,sBAAsB;AAAA,MACpC,KAAK;AACH,eAAO,KAAK,kBAAkB;AAAA,MAChC;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,wBAA+C;AAC7C,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,QAAsC;AACrD,SAAK,SAAS;AACd,SAAK,qBAAqB,IAAI;AAAA,MAC5B,OAAO;AAAA,MACP,KAAK;AAAA,IACP;AACA,SAAK,eAAe,IAAI,aAAa,OAAO,OAAO;AACnD,SAAK,aAAa,CAAC;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,SAGnB;AACD,UAAM,aAAiC,CAAC;AAGxC,QAAI,KAAK,kBAAkB,OAAO,GAAG;AACnC,aAAO,EAAE,OAAO,MAAM,YAAY,CAAC,EAAE;AAAA,IACvC;AAGA,UAAM,WAAW,KAAK,mBAAmB,eAAe,OAAO;AAC/D,eAAW,aAAa,SAAS,YAAY;AAC3C,gBAAU,UAAU;AACpB,iBAAW,KAAK,SAAS;AAAA,IAC3B;AAGA,UAAM,YAAY,KAAK,aAAa,eAAe,OAAO;AAC1D,eAAW,aAAa,UAAU,YAAY;AAC5C,gBAAU,UAAU;AACpB,iBAAW,KAAK,SAAS;AAAA,IAC3B;AAGA,SAAK,WAAW,KAAK,GAAG,UAAU;AAElC,WAAO;AAAA,MACL,OAAO,WAAW,WAAW;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QACJ,SACA,YACA,QACA,SACiC;AACjC,UAAM,YAAY,KAAK,IAAI;AAC3B,SAAK,aAAa,QAAQ,UAAU;AACpC,SAAK,mBAAmB,cAAc,KAAK,UAAU;AAGrD,QAAI,CAAC,KAAK,OAAO,SAAS;AACxB,aAAO,KAAK,gBAAgB,SAAS,QAAQ,OAAO;AAAA,IACtD;AAGA,UAAM,aAAa,MAAM,KAAK,gBAAgB,OAAO;AACrD,QAAI,CAAC,WAAW,OAAO;AACrB,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,QAAQ;AAAA,EAA6B,WAAW,WAC7C,IAAI,OAAK,KAAK,EAAE,OAAO,EAAE,EACzB,KAAK,IAAI,CAAC;AAAA,QACb,UAAU;AAAA,QACV,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa,WAAW,WAAW,CAAC,GAAG;AAAA,QACvC,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF;AAGA,QAAI,KAAK,kBAAkB,OAAO,GAAG;AACnC,aAAO,KAAK,gBAAgB,SAAS,QAAQ,OAAO;AAAA,IACtD;AAGA,YAAQ,KAAK,gBAAgB;AAAA,MAC3B,KAAK;AACH,eAAO,KAAK,oBAAoB,SAAS,QAAQ,SAAS,SAAS;AAAA,MACrE,KAAK;AACH,eAAO,KAAK,sBAAsB,SAAS,QAAQ,SAAS,SAAS;AAAA,MACvE,KAAK;AACH,eAAO,KAAK,kBAAkB,SAAS,QAAQ,SAAS,SAAS;AAAA,MACnE;AAEE,eAAO,KAAK,gBAAgB,SAAS,QAAQ,OAAO;AAAA,IACxD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAA2B;AACzB,WAAO,EAAE,GAAG,KAAK,OAAO;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAAsC;AACjD,SAAK,SAAS,EAAE,GAAG,KAAK,QAAQ,GAAG,OAAO;AAC1C,QAAI,OAAO,YAAY;AACrB,WAAK,mBAAmB,aAAa,OAAO,UAAU;AAAA,IACxD;AACA,QAAI,OAAO,SAAS;AAClB,WAAK,aAAa,aAAa,OAAO,OAAO;AAAA,IAC/C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAoC;AAClC,WAAO;AAAA,MACL,GAAG,KAAK;AAAA,MACR,GAAG,KAAK,mBAAmB,cAAc;AAAA,MACzC,GAAG,KAAK,aAAa,cAAc;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAwB;AACtB,SAAK,aAAa,CAAC;AACnB,SAAK,mBAAmB,gBAAgB;AACxC,SAAK,aAAa,gBAAgB;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKA,wBAA4C;AAC1C,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAgC;AAC9B,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKQ,uBAA8C;AACpD,UAAM,KAAK,SAAS;AAEpB,QAAI,OAAO,UAAU;AAEnB,aAAO;AAAA,IACT,WAAW,OAAO,SAAS;AAEzB,UAAI,KAAK,cAAc,GAAG;AACxB,eAAO;AAAA,MACT,WAAW,KAAK,UAAU,GAAG;AAC3B,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAyB;AAC/B,WAAO,WAAW,gBAAgB,KAAK,WAAW,sBAAsB;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAqB;AAC3B,WAAO,WAAW,iBAAiB,KAAK,WAAW,uBAAuB;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,sBAAwC;AACpD,WAAO,SAAS,MAAM,YAAY,WAAW,uBAAuB;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,wBAA0C;AACtD,QAAI,CAAC,KAAK,cAAc,EAAG,QAAO;AAClC,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,WAAW,SAAS,CAAC,WAAW,CAAC;AAC3D,aAAO,OAAO,aAAa;AAAA,IAC7B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,oBAAsC;AAClD,QAAI,CAAC,KAAK,UAAU,EAAG,QAAO;AAC9B,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,WAAW,UAAU,CAAC,MAAM,CAAC;AACvD,aAAO,OAAO,aAAa;AAAA,IAC7B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,SAA0B;AAClD,UAAM,YAAY,QAAQ,KAAK,EAAE,MAAM,KAAK,EAAE,CAAC,GAAG,YAAY;AAC9D,QAAI,CAAC,UAAW,QAAO;AACvB,WAAO,KAAK,OAAO,QAAQ,iBAAiB;AAAA,MAC1C,cAAY,cAAc,SAAS,YAAY;AAAA,IACjD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,gBACZ,SACA,QACA,SACiC;AACjC,UAAM,YAAY,KAAK,IAAI;AAC3B,UAAM,mBAAmB,WAAW,KAAK,OAAO,QAAQ;AAExD,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,WAAW,MAAM,CAAC,MAAM,OAAO,GAAG;AAAA,QAC1D,KAAK,KAAK;AAAA,QACV;AAAA,QACA,SAAS;AAAA,MACX,CAAC;AAED,aAAO;AAAA,QACL,QAAQ,OAAO;AAAA,QACf,QAAQ,OAAO;AAAA,QACf,UAAU,OAAO;AAAA,QACjB,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AACZ,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,QAAQ,IAAI;AAAA,QACZ,UAAU;AAAA,QACV,aAAa,QAAQ,WAAW;AAAA,QAChC,SAAS;AAAA,QACT,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,oBACZ,SACA,QACA,SACA,WACiC;AACjC,UAAM,QAAQ,aAAa,KAAK,IAAI;AACpC,UAAM,mBAAmB,WAAW,KAAK,OAAO,QAAQ;AAGxD,UAAM,UAAU,KAAK,wBAAwB;AAE7C,QAAI;AACF,YAAM,SAAS,MAAM,KAAK;AAAA,QACxB;AAAA,QACA,CAAC,MAAM,SAAS,MAAM,MAAM,OAAO;AAAA,QACnC;AAAA,UACE,KAAK,KAAK;AAAA,UACV;AAAA,UACA,SAAS;AAAA,QACX;AAAA,MACF;AAEA,aAAO;AAAA,QACL,QAAQ,OAAO;AAAA,QACf,QAAQ,OAAO;AAAA,QACf,UAAU,OAAO;AAAA,QACjB,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AACZ,YAAM,YACJ,IAAI,QAAQ,SAAS,SAAS,KAAK,IAAI,QAAQ,SAAS,QAAQ;AAClE,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,QAAQ,IAAI;AAAA,QACZ,UAAU;AAAA,QACV,aAAa,QAAQ,WAAW;AAAA,QAChC,SAAS;AAAA,QACT,aAAa,YAAY,6BAA6B;AAAA,QACtD,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,0BAAkC;AACxC,UAAM,eAAe,KAAK,OAAO,WAAW,aACzC,IAAI,OAAK;AACR,UAAI,MAAM,KAAM,QAAO,aAAa,KAAK,UAAU;AACnD,UAAI,MAAM,IAAK,QAAO;AACtB,YAAM,UAAU,QAAQ,KAAK,YAAY,CAAC;AAC1C,aAAO,aAAa,OAAO;AAAA,IAC7B,CAAC,EACA,KAAK,QAAQ;AAEhB,UAAM,cAAc,KAAK,OAAO,WAAW,YACxC,IAAI,OAAK;AACR,UAAI,MAAM,IAAK,QAAO;AACtB,YAAM,UAAU,QAAQ,KAAK,YAAY,CAAC;AAC1C,aAAO,aAAa,OAAO;AAAA,IAC7B,CAAC,EACA,KAAK,QAAQ;AAEhB,UAAM,eAAe,KAAK,OAAO,QAAQ,WACrC,oBACA,KAAK,OAAO,QAAQ,eAAe,SAAS,IAC1C;AAAA,mBACS,KAAK,OAAO,QAAQ,eAAe,KAAK,MAAM,CAAC,QACxD;AAEN,WAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAqBL,WAAW;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQX,YAAY;AAAA;AAAA;AAAA;AAAA,EAIhB,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,sBACZ,SACA,QACA,SACA,WACiC;AACjC,UAAM,QAAQ,aAAa,KAAK,IAAI;AACpC,UAAM,mBAAmB,WAAW,KAAK,OAAO,QAAQ;AAGxD,UAAM,YAAY,KAAK,oBAAoB;AAE3C,QAAI;AACF,YAAM,SAAS,MAAM,KAAK;AAAA,QACxB;AAAA,QACA,CAAC,GAAG,WAAW,MAAM,MAAM,OAAO;AAAA,QAClC;AAAA,UACE,KAAK,KAAK;AAAA,UACV;AAAA,UACA,SAAS;AAAA,QACX;AAAA,MACF;AAEA,aAAO;AAAA,QACL,QAAQ,OAAO;AAAA,QACf,QAAQ,OAAO;AAAA,QACf,UAAU,OAAO;AAAA,QACjB,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AACZ,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,QAAQ,IAAI;AAAA,QACZ,UAAU;AAAA,QACV,aAAa,QAAQ,WAAW;AAAA,QAChC,SAAS;AAAA,QACT,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,sBAAgC;AACtC,UAAM,OAAiB,CAAC;AAGxB,SAAK,KAAK,eAAe;AACzB,SAAK,KAAK,mBAAmB;AAG7B,SAAK,KAAK,aAAa,QAAQ,MAAM;AACrC,SAAK,KAAK,aAAa,QAAQ,MAAM;AACrC,SAAK,KAAK,aAAa,QAAQ,MAAM;AACrC,QAAI,WAAW,QAAQ,GAAG;AACxB,WAAK,KAAK,aAAa,UAAU,QAAQ;AAAA,IAC3C;AACA,SAAK,KAAK,aAAa,QAAQ,MAAM;AAGrC,SAAK,KAAK,WAAW,MAAM;AAG3B,SAAK,KAAK,UAAU,KAAK,YAAY,KAAK,UAAU;AACpD,SAAK,KAAK,WAAW,KAAK,UAAU;AAGpC,eAAW,QAAQ,KAAK,OAAO,WAAW,aAAa;AACrD,UAAI,SAAS,OAAO,SAAS,QAAQ,WAAW,IAAI,GAAG;AACrD,cAAM,UAAU,QAAQ,KAAK,YAAY,IAAI;AAC7C,YAAI,WAAW,OAAO,GAAG;AACvB,eAAK,KAAK,aAAa,SAAS,OAAO;AAAA,QACzC;AAAA,MACF;AAAA,IACF;AAGA,eAAW,QAAQ,KAAK,OAAO,WAAW,cAAc;AACtD,UAAI,SAAS,QAAQ,SAAS,KAAK;AACjC,cAAM,UAAU,QAAQ,KAAK,YAAY,IAAI;AAC7C,YAAI,WAAW,OAAO,GAAG;AACvB,eAAK,KAAK,UAAU,SAAS,OAAO;AAAA,QACtC;AAAA,MACF;AAAA,IACF;AAGA,QAAI,KAAK,OAAO,QAAQ,UAAU;AAChC,WAAK,KAAK,eAAe;AAAA,IAC3B;AAGA,QAAI,KAAK,OAAO,QAAQ,eAAe,GAAG;AACxC,WAAK;AAAA,QACH;AAAA,QACA;AAAA,QACA,OAAO,KAAK,OAAO,QAAQ,YAAY;AAAA,MACzC;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,kBACZ,SACA,QACA,SACA,WACiC;AACjC,UAAM,QAAQ,aAAa,KAAK,IAAI;AACpC,UAAM,mBAAmB,WAAW,KAAK,OAAO,QAAQ;AAGxD,UAAM,aAAa;AAAA,MACjB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,KAAK,OAAO,QAAQ,WAAW,SAAS;AAAA,MACxC;AAAA,MACA,GAAG,KAAK,UAAU;AAAA,MAClB;AAAA,MACA;AAAA,IACF;AAGA,QAAI,KAAK,OAAO,QAAQ,YAAY,GAAG;AACrC,iBAAW,KAAK,YAAY,GAAG,KAAK,OAAO,QAAQ,SAAS,EAAE;AAAA,IAChE;AAGA,eAAW,KAAK,eAAe;AAC/B,eAAW,KAAK,MAAM,MAAM,OAAO;AAEnC,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,WAAW,UAAU,YAAY;AAAA,QACzD,KAAK,KAAK;AAAA,QACV;AAAA,QACA,SAAS;AAAA,MACX,CAAC;AAED,aAAO;AAAA,QACL,QAAQ,OAAO;AAAA,QACf,QAAQ,OAAO;AAAA,QACf,UAAU,OAAO;AAAA,QACjB,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AACZ,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,QAAQ,IAAI;AAAA,QACZ,UAAU;AAAA,QACV,aAAa,QAAQ,WAAW;AAAA,QAChC,SAAS;AAAA,QACT,UAAU,KAAK,IAAI,IAAI;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,WACN,KACA,MACA,SAUC;AACD,WAAO,IAAI,QAAQ,CAACA,UAAS,WAAW;AACtC,UAAI,SAAS;AACb,UAAI,SAAS;AACb,UAAI,cAAc;AAClB,UAAI,QAA6B;AAEjC,YAAM,YAAY,SAAS,UACvB,WAAW,MAAM;AACf,sBAAc;AACd,eAAO,KAAK,SAAS;AAAA,MACvB,GAAG,QAAQ,OAAO,IAClB;AAGJ,UAAI,SAAS,QAAQ;AACnB,gBAAQ,OAAO,iBAAiB,SAAS,MAAM;AAC7C,wBAAc;AACd,iBAAO,KAAK,SAAS;AAAA,QACvB,CAAC;AAAA,MACH;AAEA,cAAQ,MAAM,KAAK,MAAM;AAAA,QACvB,KAAK,SAAS,OAAO,KAAK;AAAA,QAC1B,OAAO;AAAA,QACP,OAAO,CAAC,QAAQ,QAAQ,MAAM;AAAA,MAChC,CAAC;AAED,YAAM,QAAQ,GAAG,QAAQ,CAAC,SAAiB;AACzC,kBAAU,KAAK,SAAS;AAAA,MAC1B,CAAC;AAED,YAAM,QAAQ,GAAG,QAAQ,CAAC,SAAiB;AACzC,kBAAU,KAAK,SAAS;AAAA,MAC1B,CAAC;AAED,YAAM,GAAG,SAAS,CAAC,UAAiB;AAClC,YAAI,UAAW,cAAa,SAAS;AACrC,eAAO,KAAK;AAAA,MACd,CAAC;AAED,YAAM,GAAG,SAAS,CAAC,SAAwB;AACzC,YAAI,UAAW,cAAa,SAAS;AACrC,QAAAA,SAAQ;AAAA,UACN;AAAA,UACA;AAAA,UACA,UAAU,QAAQ;AAAA,UAClB;AAAA,QACF,CAAC;AAAA,MACH,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AACF;AAGA,IAAI,0BAAoD;AAKjD,SAAS,qBAAqB,YAAwC;AAC3E,MAAI,CAAC,yBAAyB;AAC5B,8BAA0B,IAAI,kBAAkB,cAAc,QAAQ,IAAI,CAAC;AAAA,EAC7E,WAAW,YAAY;AAErB,8BAA0B,IAAI;AAAA,MAC5B;AAAA,MACA,wBAAwB,UAAU;AAAA,IACpC;AAAA,EACF;AACA,SAAO;AACT;AAKO,SAAS,yBAA+B;AAC7C,4BAA0B;AAC5B;",
+  "names": ["resolve"]
+}

package/dist/services/sandbox/types.js

@@ -0,0 +1,50 @@
+const DEFAULT_SANDBOX_CONFIG = {
+  enabled: false,
+  // Disabled by default for backward compatibility
+  filesystem: {
+    writeAllowed: ["./"],
+    // Current working directory
+    readAllowed: ["*"],
+    // Allow reading everything by default
+    denied: [
+      ".env*",
+      ".env",
+      ".env.local",
+      ".env.*.local",
+      "secrets/**",
+      ".ssh/**",
+      ".gnupg/**",
+      ".aws/credentials",
+      ".config/gcloud/**",
+      "**/*.pem",
+      "**/*.key",
+      "**/id_rsa",
+      "**/id_ed25519"
+    ]
+  },
+  network: {
+    allowedDomains: [
+      "api.anthropic.com",
+      "api.openai.com",
+      "github.com",
+      "api.github.com",
+      "registry.npmjs.org",
+      "pypi.org"
+    ],
+    promptForNewDomains: true,
+    blockAll: false
+  },
+  process: {
+    excludedCommands: ["docker", "git", "node", "npm", "bun", "pnpm", "yarn"],
+    maxExecutionTime: 6e5,
+    // 10 minutes
+    maxMemory: 0,
+    // Unlimited
+    maxProcesses: 0
+    // Unlimited
+  }
+};
+export {
+  DEFAULT_SANDBOX_CONFIG
+};
+//# sourceMappingURL=types.js.map