npm - agent.libx.js - Versions diffs - 0.94.12 → 0.94.13 - Mend

agent.libx.js 0.94.12 → 0.94.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.js CHANGED Viewed

@@ -1387,6 +1387,58 @@ var init_JailedFilesystem = __esm({
   }
 });
+// src/shell.sandbox.ts
+function writable(cwd, o, tmpDir) {
+  const set = /* @__PURE__ */ new Set([cwd, "/tmp", "/private/tmp", "/private/var/folders", "/dev", ...tmpDir ? [tmpDir] : [], ...o.writePaths]);
+  return [...set];
+}
+function seatbeltProfile(cwd, o, tmpDir) {
+  const allows = writable(cwd, o, tmpDir).map((p) => `(subpath ${sbQuote(p)})`).join(" ");
+  return [
+    "(version 1)",
+    "(allow default)",
+    ...o.network ? [] : ["(deny network*)"],
+    "(deny file-write*)",
+    `(allow file-write* ${allows})`
+  ].join("\n");
+}
+function sandboxArgv(command, cwd, opts = {}, platform = process.platform, tmpDir) {
+  const o = { ...new OsSandboxOptions(), ...opts };
+  if (platform === "darwin") {
+    return { bin: "/usr/bin/sandbox-exec", args: ["-p", seatbeltProfile(cwd, o, tmpDir), "/bin/sh", "-c", command] };
+  }
+  if (platform === "linux") {
+    const binds = writable(cwd, o, tmpDir).filter((p) => p !== "/dev" && !p.startsWith("/private")).flatMap((p) => ["--bind-try", p, p]);
+    return {
+      bin: "bwrap",
+      args: ["--ro-bind", "/", "/", ...binds, "--dev", "/dev", "--proc", "/proc", "--die-with-parent", ...o.network ? [] : ["--unshare-net"], "/bin/sh", "-c", command]
+    };
+  }
+  return null;
+}
+async function findSandboxWrapper(platform = process.platform) {
+  const { existsSync } = await import("fs");
+  if (platform === "darwin") return existsSync("/usr/bin/sandbox-exec") ? "/usr/bin/sandbox-exec" : null;
+  if (platform === "linux") {
+    for (const dir of (process.env.PATH ?? "/usr/bin:/bin").split(":")) if (dir && existsSync(`${dir}/bwrap`)) return `${dir}/bwrap`;
+    return null;
+  }
+  return null;
+}
+var OsSandboxOptions, sbQuote;
+var init_shell_sandbox = __esm({
+  "src/shell.sandbox.ts"() {
+    "use strict";
+    OsSandboxOptions = class {
+      /** Allow outbound network. Default OFF (Tier-1: no network unless granted). */
+      network = false;
+      /** Extra absolute paths writable beyond cwd + tmp (e.g. a build cache). */
+      writePaths = [];
+    };
+    sbQuote = (p) => `"${p.replace(/(["\\])/g, "\\$1")}"`;
+  }
+});
 // src/tools.shell.ts
 var tools_shell_exports = {};
 __export(tools_shell_exports, {
@@ -1394,6 +1446,14 @@ __export(tools_shell_exports, {
   makeRealShellTool: () => makeRealShellTool,
   makeShellJobTools: () => makeShellJobTools
 });
+async function spawnArgvFor(command, cwd, osSandbox) {
+  if (!osSandbox) return { bin: "/bin/sh", args: ["-c", command] };
+  const opts = osSandbox === true ? {} : osSandbox;
+  const wrapper = await findSandboxWrapper();
+  const wrapped = wrapper ? sandboxArgv(command, cwd, opts, process.platform, process.env.TMPDIR) : null;
+  if (!wrapped) throw new Error(`OS sandbox requested but no wrapper available on ${process.platform} (need sandbox-exec or bwrap)`);
+  return wrapped;
+}
 function childEnv(opts) {
   const base = {};
   const redact = opts.redactEnv !== false;
@@ -1426,6 +1486,14 @@ function makeRealShellTool(options) {
         return `Started background job ${id}. Poll output with ShellOutput({id:"${id}"}), check ShellStatus({id:"${id}"}), stop with ShellKill({id:"${id}"}).`;
       }
       const spawn = options.spawn ?? await nodeSpawn();
+      let argv = { bin: "/bin/sh", args: ["-c", cmd] };
+      if (options.osSandbox) {
+        try {
+          argv = await spawnArgvFor(cmd, options.cwd, options.osSandbox);
+        } catch (e) {
+          return `[exit 1] ${e?.message ?? e}`;
+        }
+      }
       const ctl = new AbortController();
       const onAbort = () => ctl.abort();
       if (ctx.signal) {
@@ -1460,7 +1528,7 @@ function makeRealShellTool(options) {
           };
           let proc;
           try {
-            proc = spawn("/bin/sh", ["-c", cmd], { cwd: options.cwd, env: childEnv(options), signal: ctl.signal });
+            proc = spawn(argv.bin, argv.args, { cwd: options.cwd, env: childEnv(options), signal: ctl.signal });
           } catch (e) {
             return finish(`[exit 1] failed to spawn shell: ${e?.message ?? e}`);
           }
@@ -1546,6 +1614,7 @@ var init_tools_shell = __esm({
     init_tools();
     init_redact();
     init_logging();
+    init_shell_sandbox();
     log4 = forComponent("shell");
     clean = (s) => truncateOutput(redactSecrets(s.replace(/\n+$/, "")));
     SECRET_ENV_RE = /(_API_KEY|_TOKEN|_SECRET|_PASSWORD|_PRIVATE_KEY|^AWS_|^GITHUB_TOKEN$|^OPENAI_|^ANTHROPIC_|^GOOGLE_|^GEMINI_|^GROQ_|^NPM_TOKEN$)/i;
@@ -1567,7 +1636,8 @@ var init_tools_shell = __esm({
         };
         try {
           const spawn = this.cfg.spawn ?? await nodeSpawn();
-          const proc = spawn("/bin/sh", ["-c", command], { cwd: this.cfg.cwd, env: childEnv(this.cfg) });
+          const argv = this.cfg.osSandbox ? await spawnArgvFor(command, this.cfg.cwd, this.cfg.osSandbox) : { bin: "/bin/sh", args: ["-c", command] };
+          const proc = spawn(argv.bin, argv.args, { cwd: this.cfg.cwd, env: childEnv(this.cfg) });
           job.proc = proc;
           proc.stdout?.on("data", append);
           proc.stderr?.on("data", append);