airaknit 1.1.2-rc.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (440) hide show
  1. package/LICENSE +84 -0
  2. package/README.md +202 -0
  3. package/bin/airaknit +9 -0
  4. package/bin/airaknit-project +14 -0
  5. package/bin/kanna +9 -0
  6. package/dist/client/assets/CompactSummaryMessage-Yw0BDWEJ.js +1 -0
  7. package/dist/client/assets/ExitPlanModeMessage-DIdkQ4uF.js +1 -0
  8. package/dist/client/assets/LocalFilePreviewDialog-DQx2eiCc.js +3 -0
  9. package/dist/client/assets/LocalProjectsSection-C4xlWkgS.js +1 -0
  10. package/dist/client/assets/TextMessage-B5G39DEJ.js +1 -0
  11. package/dist/client/assets/UserMessage-CIkWk-0L.js +1 -0
  12. package/dist/client/assets/_basePickBy-CVrAFfnZ.js +1 -0
  13. package/dist/client/assets/_baseUniq-JL-aaF4P.js +1 -0
  14. package/dist/client/assets/arc-B07zg7ol.js +1 -0
  15. package/dist/client/assets/architecture-YZFGNWBL-PSLVJL3p.js +1 -0
  16. package/dist/client/assets/architectureDiagram-Q4EWVU46-DfWIF1G_.js +36 -0
  17. package/dist/client/assets/array-BGFCBI0e.js +1 -0
  18. package/dist/client/assets/blockDiagram-DXYQGD6D-CzwIeo_B.js +132 -0
  19. package/dist/client/assets/bundle-mjs-BDE2gWbQ.js +1 -0
  20. package/dist/client/assets/button-DO50qOGv.js +1 -0
  21. package/dist/client/assets/c4Diagram-AHTNJAMY-CR8DCQRE.js +10 -0
  22. package/dist/client/assets/channel-Dj-UUfaF.js +1 -0
  23. package/dist/client/assets/chunk-2KRD3SAO-dznP-cn8.js +1 -0
  24. package/dist/client/assets/chunk-336JU56O-Dqss5Vu6.js +2 -0
  25. package/dist/client/assets/chunk-426QAEUC-CEKis_0_.js +1 -0
  26. package/dist/client/assets/chunk-4BX2VUAB-BYOv0Gm1.js +1 -0
  27. package/dist/client/assets/chunk-4TB4RGXK-BxzubH5S.js +206 -0
  28. package/dist/client/assets/chunk-55IACEB6-BSlTj03a.js +1 -0
  29. package/dist/client/assets/chunk-5FUZZQ4R-9Au93Bi1.js +62 -0
  30. package/dist/client/assets/chunk-5PVQY5BW-BhksHFEZ.js +2 -0
  31. package/dist/client/assets/chunk-67CJDMHE-BFwhz-8t.js +1 -0
  32. package/dist/client/assets/chunk-7N4EOEYR-BDUPds87.js +1 -0
  33. package/dist/client/assets/chunk-AA7GKIK3-CEWTdyXO.js +1 -0
  34. package/dist/client/assets/chunk-BO2N2NFS-D0LvxnhU.js +103 -0
  35. package/dist/client/assets/chunk-BSJP7CBP-BNJnK6sq.js +1 -0
  36. package/dist/client/assets/chunk-Bj-mKKzh.js +1 -0
  37. package/dist/client/assets/chunk-CIAEETIT-CYhfoCeN.js +1 -0
  38. package/dist/client/assets/chunk-EDXVE4YY-C5ovJLc0.js +1 -0
  39. package/dist/client/assets/chunk-ENJZ2VHE-HOhYaeGr.js +10 -0
  40. package/dist/client/assets/chunk-FMBD7UC4-BLCiKcAQ.js +15 -0
  41. package/dist/client/assets/chunk-FOC6F5B3-B6GtY2ek.js +1 -0
  42. package/dist/client/assets/chunk-ICPOFSXX-DPoIZoC5.js +122 -0
  43. package/dist/client/assets/chunk-K5T4RW27-BsKN63rv.js +94 -0
  44. package/dist/client/assets/chunk-KGLVRYIC-BUGn9uuY.js +1 -0
  45. package/dist/client/assets/chunk-LIHQZDEY-DhaZyo03.js +1 -0
  46. package/dist/client/assets/chunk-ORNJ4GCN-DlpeeJyi.js +1 -0
  47. package/dist/client/assets/chunk-OYMX7WX6-Dc9q7aYA.js +231 -0
  48. package/dist/client/assets/chunk-QZHKN3VN-BEdrPoSb.js +1 -0
  49. package/dist/client/assets/chunk-U2HBQHQK-CIB3Bjjd.js +70 -0
  50. package/dist/client/assets/chunk-X2U36JSP-CtB-o8Yp.js +1 -0
  51. package/dist/client/assets/chunk-XPW4576I-C6iHhX_8.js +32 -0
  52. package/dist/client/assets/chunk-YZCP3GAM-CTmKr6ZH.js +1 -0
  53. package/dist/client/assets/chunk-ZZ45TVLE-BgU8A2RF.js +1 -0
  54. package/dist/client/assets/classDiagram-6PBFFD2Q-Bqk5e679.js +1 -0
  55. package/dist/client/assets/classDiagram-v2-HSJHXN6E-6pSaZOkC.js +1 -0
  56. package/dist/client/assets/client-BrKWI4CM.js +1 -0
  57. package/dist/client/assets/client-CGgNRU9w.js +1 -0
  58. package/dist/client/assets/client-DMSLRzg9.js +6 -0
  59. package/dist/client/assets/clone-DWcL7whJ.js +1 -0
  60. package/dist/client/assets/cose-bilkent-S5V4N54A-CrV5wsV_.js +1 -0
  61. package/dist/client/assets/cytoscape.esm--aLzKuep.js +321 -0
  62. package/dist/client/assets/dagre-CuRxWcrj.js +1 -0
  63. package/dist/client/assets/dagre-KV5264BT-BIDiVnkA.js +4 -0
  64. package/dist/client/assets/defaultLocale-CRZydyG6.js +1 -0
  65. package/dist/client/assets/diagram-5BDNPKRD-i1kjKRCB.js +10 -0
  66. package/dist/client/assets/diagram-G4DWMVQ6-9ZSLuhbl.js +24 -0
  67. package/dist/client/assets/diagram-MMDJMWI5-B4_CUjgv.js +43 -0
  68. package/dist/client/assets/diagram-TYMM5635-Ct5eTGS8.js +24 -0
  69. package/dist/client/assets/dist-CuB4kiSK.js +1 -0
  70. package/dist/client/assets/erDiagram-SMLLAGMA-Cy38ercc.js +85 -0
  71. package/dist/client/assets/flowDiagram-DWJPFMVM-CZKuYl0V.js +162 -0
  72. package/dist/client/assets/ganttDiagram-T4ZO3ILL-DLPjCh7a.js +292 -0
  73. package/dist/client/assets/gitGraph-7Q5UKJZL-DqbrtEp9.js +1 -0
  74. package/dist/client/assets/gitGraphDiagram-UUTBAWPF-BoRBkDhQ.js +106 -0
  75. package/dist/client/assets/graphlib-BcQ6qlQh.js +1 -0
  76. package/dist/client/assets/highlighted-body-OFNGDK62-BEpBVDTX.js +1 -0
  77. package/dist/client/assets/index-CetCiuqP.js +105 -0
  78. package/dist/client/assets/index-N29Mip7A.css +1 -0
  79. package/dist/client/assets/info-OMHHGYJF-D98DRBJX.js +1 -0
  80. package/dist/client/assets/infoDiagram-42DDH7IO-BAcdTWbt.js +2 -0
  81. package/dist/client/assets/init-B8gtcn7T.js +1 -0
  82. package/dist/client/assets/isArrayLikeObject-D8SJFmkN.js +1 -0
  83. package/dist/client/assets/isEmpty-BF3YX5Jk.js +1 -0
  84. package/dist/client/assets/ishikawaDiagram-UXIWVN3A-Ynu2VKdC.js +70 -0
  85. package/dist/client/assets/journeyDiagram-VCZTEJTY-BjfhQaN3.js +139 -0
  86. package/dist/client/assets/jsx-runtime-CyI9ICYU.js +1 -0
  87. package/dist/client/assets/kanban-definition-6JOO6SKY-JLXH9zUJ.js +89 -0
  88. package/dist/client/assets/katex-B94qP8b6.js +265 -0
  89. package/dist/client/assets/lib--QVjyxmL.js +29 -0
  90. package/dist/client/assets/lib-B6rgJiZ9.js +1 -0
  91. package/dist/client/assets/line-DCrYfLBn.js +1 -0
  92. package/dist/client/assets/linear-_4upLmeo.js +1 -0
  93. package/dist/client/assets/mermaid-GHXKKRXX-rwJHYUmW.js +1 -0
  94. package/dist/client/assets/mermaid-parser.core-KZinfW8o.js +4 -0
  95. package/dist/client/assets/mermaid.core-QqY9gSNe.js +11 -0
  96. package/dist/client/assets/mindmap-definition-QFDTVHPH-TWgHDAzp.js +96 -0
  97. package/dist/client/assets/ordinal-CCj7PWgZ.js +1 -0
  98. package/dist/client/assets/packet-4T2RLAQJ-DEvfkn3F.js +1 -0
  99. package/dist/client/assets/path-DZF-JdEe.js +1 -0
  100. package/dist/client/assets/pie-ZZUOXDRM-72e6WVjb.js +1 -0
  101. package/dist/client/assets/pieDiagram-DEJITSTG-Cl8PCsoj.js +30 -0
  102. package/dist/client/assets/preload-helper-rov5CBGT.js +1 -0
  103. package/dist/client/assets/pty-client-DZ27IS00.js +1 -0
  104. package/dist/client/assets/ptyInstancesStore-D9ag7SYd.js +1 -0
  105. package/dist/client/assets/quadrantDiagram-34T5L4WZ-CHyVGp9E.js +7 -0
  106. package/dist/client/assets/radar-PYXPWWZC-Cp7xd_EY.js +1 -0
  107. package/dist/client/assets/react-CClhXMB2.js +1 -0
  108. package/dist/client/assets/react-Dd6D81m0.js +1 -0
  109. package/dist/client/assets/react-dom--G6_6fQ_.js +1 -0
  110. package/dist/client/assets/requirementDiagram-MS252O5E-DaanG2iM.js +84 -0
  111. package/dist/client/assets/rough.esm-BsmKo2S5.js +1 -0
  112. package/dist/client/assets/sankeyDiagram-XADWPNL6-B_fhLY36.js +10 -0
  113. package/dist/client/assets/sequenceDiagram-FGHM5R23-C5FNrveI.js +157 -0
  114. package/dist/client/assets/src-DeTlMJAU.js +1 -0
  115. package/dist/client/assets/stateDiagram-FHFEXIEX-nTTcdjjQ.js +1 -0
  116. package/dist/client/assets/stateDiagram-v2-QKLJ7IA2-Dw0632j_.js +1 -0
  117. package/dist/client/assets/timeline-definition-GMOUNBTQ-DkQV1yP8.js +120 -0
  118. package/dist/client/assets/treeView-SZITEDCU-ZLIgC7_K.js +1 -0
  119. package/dist/client/assets/treemap-W4RFUUIX-BqaMbB6N.js +1 -0
  120. package/dist/client/assets/uiIdentityOverlay-Ba7GNj7m.js +1 -0
  121. package/dist/client/assets/vennDiagram-DHZGUBPP-DbZ2xgs6.js +34 -0
  122. package/dist/client/assets/wardley-RL74JXVD-DXQS8zf4.js +1 -0
  123. package/dist/client/assets/wardleyDiagram-NUSXRM2D-BzCJ6MAu.js +20 -0
  124. package/dist/client/assets/xychartDiagram-5P7HB3ND-BSlFecop.js +7 -0
  125. package/dist/client/favicon.png +0 -0
  126. package/dist/client/favicon.svg +15 -0
  127. package/dist/client/fonts/body-medium.woff2 +0 -0
  128. package/dist/client/fonts/body-regular-italic.woff2 +0 -0
  129. package/dist/client/fonts/body-regular.woff2 +0 -0
  130. package/dist/client/fonts/body-semibold.woff2 +0 -0
  131. package/dist/client/index.html +31 -0
  132. package/dist/client/manifest.webmanifest +12 -0
  133. package/dist/client/sw.js +32 -0
  134. package/package.json +122 -0
  135. package/src/nats/auth-callout/callout-config.test.ts +93 -0
  136. package/src/nats/auth-callout/callout-config.ts +109 -0
  137. package/src/nats/auth-callout/callout.integration.test.ts +332 -0
  138. package/src/nats/auth-callout/keys.ts +103 -0
  139. package/src/nats/auth-callout/responder.ts +241 -0
  140. package/src/nats/auth-callout/scope-policy.test.ts +159 -0
  141. package/src/nats/auth-callout/scope-policy.ts +210 -0
  142. package/src/nats/auth-callout/token.test.ts +163 -0
  143. package/src/nats/auth-callout/token.ts +157 -0
  144. package/src/nats/nats-daemon-callout.ts +194 -0
  145. package/src/nats/nats-daemon.test.ts +77 -0
  146. package/src/nats/nats-daemon.ts +50 -0
  147. package/src/nats/nats-token.test.ts +61 -0
  148. package/src/nats/nats-token.ts +59 -0
  149. package/src/runner/coordination-mcp-integration.test.ts +134 -0
  150. package/src/runner/nats-coordination-client.test.ts +49 -0
  151. package/src/runner/nats-coordination-client.ts +94 -0
  152. package/src/runner/runner-agent.test.ts +469 -0
  153. package/src/runner/runner-agent.ts +453 -0
  154. package/src/runner/runner-credential.test.ts +93 -0
  155. package/src/runner/runner-credential.ts +82 -0
  156. package/src/runner/runner-nats.test.ts +495 -0
  157. package/src/runner/runner-nats.ts +323 -0
  158. package/src/runner/runner-pair.test.ts +107 -0
  159. package/src/runner/runner-pair.ts +81 -0
  160. package/src/runner/runner.test.ts +135 -0
  161. package/src/runner/runner.ts +212 -0
  162. package/src/runner/turn-factories.test.ts +97 -0
  163. package/src/runner/turn-factories.ts +475 -0
  164. package/src/server/agent-config-journey.test.ts +106 -0
  165. package/src/server/agent.ts +8 -0
  166. package/src/server/auto-continue/auth-error-detector.ts +66 -0
  167. package/src/server/auto-continue/limit-detector.ts +194 -0
  168. package/src/server/bm25.test.ts +92 -0
  169. package/src/server/bm25.ts +101 -0
  170. package/src/server/chat-events-jetstream.test.ts +135 -0
  171. package/src/server/claude-harness.ts +360 -0
  172. package/src/server/claude-pty/agent-normalizers.ts +309 -0
  173. package/src/server/claude-pty/auth.test.ts +38 -0
  174. package/src/server/claude-pty/auth.ts +32 -0
  175. package/src/server/claude-pty/claude-session-registry.adapter.ts +81 -0
  176. package/src/server/claude-pty/claude-session-registry.test.ts +149 -0
  177. package/src/server/claude-pty/driver.test.ts +902 -0
  178. package/src/server/claude-pty/driver.ts +807 -0
  179. package/src/server/claude-pty/jsonl-path.adapter.ts +57 -0
  180. package/src/server/claude-pty/jsonl-path.test.ts +114 -0
  181. package/src/server/claude-pty/jsonl-to-event.test.ts +241 -0
  182. package/src/server/claude-pty/jsonl-to-event.ts +174 -0
  183. package/src/server/claude-pty/output-ring.test.ts +35 -0
  184. package/src/server/claude-pty/output-ring.ts +25 -0
  185. package/src/server/claude-pty/parity-matrix.test.ts +227 -0
  186. package/src/server/claude-pty/pid-registry.adapter.ts +135 -0
  187. package/src/server/claude-pty/pid-registry.test.ts +122 -0
  188. package/src/server/claude-pty/preflight/binary-fingerprint.adapter.ts +20 -0
  189. package/src/server/claude-pty/preflight/binary-fingerprint.test.ts +32 -0
  190. package/src/server/claude-pty/pty-instance-registry.test.ts +177 -0
  191. package/src/server/claude-pty/pty-instance-registry.ts +166 -0
  192. package/src/server/claude-pty/pty-memory-sampler.adapter.test.ts +103 -0
  193. package/src/server/claude-pty/pty-memory-sampler.adapter.ts +85 -0
  194. package/src/server/claude-pty/pty-process.adapter.ts +66 -0
  195. package/src/server/claude-pty/pty-process.test.ts +49 -0
  196. package/src/server/claude-pty/resolve-binary.adapter.ts +106 -0
  197. package/src/server/claude-pty/resolve-binary.test.ts +118 -0
  198. package/src/server/claude-pty/runtime-dir.adapter.ts +19 -0
  199. package/src/server/claude-pty/settings-writer.adapter.ts +27 -0
  200. package/src/server/claude-pty/settings-writer.test.ts +22 -0
  201. package/src/server/claude-pty/smoke-test-io.adapter.ts +28 -0
  202. package/src/server/claude-pty/smoke-test.test.ts +191 -0
  203. package/src/server/claude-pty/smoke-test.ts +185 -0
  204. package/src/server/claude-pty/subagent-orchestrator.ts +887 -0
  205. package/src/server/claude-pty/tool-callback.ts +274 -0
  206. package/src/server/claude-pty/tui-control.test.ts +272 -0
  207. package/src/server/claude-pty/tui-control.ts +182 -0
  208. package/src/server/claude-pty/tui-source.adapter.test.ts +360 -0
  209. package/src/server/claude-pty/tui-source.adapter.ts +343 -0
  210. package/src/server/claude-pty/tunnel-gateway.ts +12 -0
  211. package/src/server/claude-pty-mcp/canonical-args.ts +15 -0
  212. package/src/server/claude-pty-mcp/fs-stat.adapter.ts +8 -0
  213. package/src/server/claude-pty-mcp/history-primer.ts +90 -0
  214. package/src/server/claude-pty-mcp/http-server.adapter.ts +33 -0
  215. package/src/server/claude-pty-mcp/mcp-http.ts +177 -0
  216. package/src/server/claude-pty-mcp/mcp.ts +412 -0
  217. package/src/server/claude-pty-mcp/mention-parser.ts +25 -0
  218. package/src/server/claude-pty-mcp/paths.ts +24 -0
  219. package/src/server/claude-pty-mcp/permission-gate.ts +243 -0
  220. package/src/server/claude-pty-mcp/terminal-pid-registry.adapter.ts +107 -0
  221. package/src/server/claude-pty-mcp/tools/ask-user-question.test.ts +119 -0
  222. package/src/server/claude-pty-mcp/tools/ask-user-question.ts +61 -0
  223. package/src/server/claude-pty-mcp/tools/bash.adapter.ts +76 -0
  224. package/src/server/claude-pty-mcp/tools/bash.test.ts +56 -0
  225. package/src/server/claude-pty-mcp/tools/delegate-subagent.test.ts +155 -0
  226. package/src/server/claude-pty-mcp/tools/delegate-subagent.ts +111 -0
  227. package/src/server/claude-pty-mcp/tools/edit.adapter.ts +95 -0
  228. package/src/server/claude-pty-mcp/tools/edit.test.ts +93 -0
  229. package/src/server/claude-pty-mcp/tools/exit-plan-mode.test.ts +61 -0
  230. package/src/server/claude-pty-mcp/tools/exit-plan-mode.ts +50 -0
  231. package/src/server/claude-pty-mcp/tools/glob.adapter.ts +86 -0
  232. package/src/server/claude-pty-mcp/tools/glob.test.ts +61 -0
  233. package/src/server/claude-pty-mcp/tools/grep.adapter.ts +126 -0
  234. package/src/server/claude-pty-mcp/tools/grep.test.ts +62 -0
  235. package/src/server/claude-pty-mcp/tools/read.adapter.ts +58 -0
  236. package/src/server/claude-pty-mcp/tools/read.test.ts +62 -0
  237. package/src/server/claude-pty-mcp/tools/tool-callback-shim.ts +42 -0
  238. package/src/server/claude-pty-mcp/tools/webfetch.test.ts +81 -0
  239. package/src/server/claude-pty-mcp/tools/webfetch.ts +82 -0
  240. package/src/server/claude-pty-mcp/tools/websearch.test.ts +40 -0
  241. package/src/server/claude-pty-mcp/tools/websearch.ts +42 -0
  242. package/src/server/claude-pty-mcp/tools/write.adapter.ts +60 -0
  243. package/src/server/claude-pty-mcp/tools/write.test.ts +52 -0
  244. package/src/server/claude-pty-mcp/uploads.adapter.ts +98 -0
  245. package/src/server/claude-pty-mcp/uploads.ts +38 -0
  246. package/src/server/claude-turn.test.ts +176 -0
  247. package/src/server/cli-runtime.test.ts +456 -0
  248. package/src/server/cli-runtime.ts +374 -0
  249. package/src/server/cli-supervisor.ts +81 -0
  250. package/src/server/cli.ts +78 -0
  251. package/src/server/client-log-forwarder.test.ts +74 -0
  252. package/src/server/client-log-forwarder.ts +75 -0
  253. package/src/server/codex-app-server-protocol.ts +449 -0
  254. package/src/server/codex-app-server.test.ts +2990 -0
  255. package/src/server/codex-app-server.ts +1713 -0
  256. package/src/server/coordination-integration.test.ts +63 -0
  257. package/src/server/coordination-mcp.test.ts +149 -0
  258. package/src/server/coordination-mcp.ts +197 -0
  259. package/src/server/delegation-coordinator.test.ts +675 -0
  260. package/src/server/delegation-coordinator.ts +454 -0
  261. package/src/server/discovery.test.ts +211 -0
  262. package/src/server/discovery.ts +301 -0
  263. package/src/server/event-store-agent-config.test.ts +124 -0
  264. package/src/server/event-store-coordination.test.ts +149 -0
  265. package/src/server/event-store-profile.test.ts +132 -0
  266. package/src/server/event-store-repo.test.ts +154 -0
  267. package/src/server/event-store-runner-team.test.ts +104 -0
  268. package/src/server/event-store.test.ts +342 -0
  269. package/src/server/event-store.ts +2208 -0
  270. package/src/server/events.ts +379 -0
  271. package/src/server/extension-router.test.ts +183 -0
  272. package/src/server/extension-router.ts +114 -0
  273. package/src/server/extensions/agents/server.test.ts +191 -0
  274. package/src/server/extensions/agents/server.ts +108 -0
  275. package/src/server/extensions/c3/server.test.ts +284 -0
  276. package/src/server/extensions/c3/server.ts +212 -0
  277. package/src/server/extensions/code/server.test.ts +200 -0
  278. package/src/server/extensions/code/server.ts +150 -0
  279. package/src/server/extensions.config.ts +10 -0
  280. package/src/server/external-open.ts +69 -0
  281. package/src/server/generate-fork-context.ts +58 -0
  282. package/src/server/generate-merge-context.test.ts +290 -0
  283. package/src/server/generate-merge-context.ts +141 -0
  284. package/src/server/generate-title.ts +36 -0
  285. package/src/server/git-clone-policy.test.ts +138 -0
  286. package/src/server/git-clone-policy.ts +27 -0
  287. package/src/server/harness-types.ts +1 -0
  288. package/src/server/journey-verification.test.ts +640 -0
  289. package/src/server/journey-verification.ts +195 -0
  290. package/src/server/machine-name.ts +22 -0
  291. package/src/server/nats-auth.test.ts +92 -0
  292. package/src/server/nats-auth.ts +6 -0
  293. package/src/server/nats-bind-guard.test.ts +71 -0
  294. package/src/server/nats-bind-guard.ts +42 -0
  295. package/src/server/nats-bridge.test.ts +141 -0
  296. package/src/server/nats-bridge.ts +111 -0
  297. package/src/server/nats-connector.test.ts +56 -0
  298. package/src/server/nats-connector.ts +71 -0
  299. package/src/server/nats-daemon-manager.test.ts +76 -0
  300. package/src/server/nats-daemon-manager.ts +174 -0
  301. package/src/server/nats-publisher.test.ts +356 -0
  302. package/src/server/nats-publisher.ts +271 -0
  303. package/src/server/nats-responders.test.ts +1018 -0
  304. package/src/server/nats-responders.ts +925 -0
  305. package/src/server/nats-streams.test.ts +112 -0
  306. package/src/server/nats-streams.ts +129 -0
  307. package/src/server/oauth-pool/oauth-responders.ts +185 -0
  308. package/src/server/oauth-pool/oauth-settings-store.ts +173 -0
  309. package/src/server/oauth-pool/oauth-token-pool.ts +303 -0
  310. package/src/server/orchestration.test.ts +1063 -0
  311. package/src/server/orchestration.ts +716 -0
  312. package/src/server/pairing-endpoints.test.ts +171 -0
  313. package/src/server/pairing-store.test.ts +154 -0
  314. package/src/server/pairing-store.ts +124 -0
  315. package/src/server/paths.ts +27 -0
  316. package/src/server/pr3-liveness.test.ts +252 -0
  317. package/src/server/process-utils.ts +10 -0
  318. package/src/server/project-cli.ts +180 -0
  319. package/src/server/provider-catalog.test.ts +177 -0
  320. package/src/server/provider-catalog.ts +146 -0
  321. package/src/server/pty-responders.ts +345 -0
  322. package/src/server/push-notifications.test.ts +234 -0
  323. package/src/server/push-notifications.ts +188 -0
  324. package/src/server/quick-response.test.ts +196 -0
  325. package/src/server/quick-response.ts +154 -0
  326. package/src/server/read-models-agent-config.test.ts +59 -0
  327. package/src/server/read-models-coordination.test.ts +69 -0
  328. package/src/server/read-models.test.ts +332 -0
  329. package/src/server/read-models.ts +258 -0
  330. package/src/server/repo-journey.test.ts +96 -0
  331. package/src/server/repo-manager.test.ts +118 -0
  332. package/src/server/repo-manager.ts +97 -0
  333. package/src/server/repo-status.test.ts +54 -0
  334. package/src/server/repo-status.ts +82 -0
  335. package/src/server/restart.test.ts +27 -0
  336. package/src/server/restart.ts +30 -0
  337. package/src/server/runner-incompatible-gate.test.ts +383 -0
  338. package/src/server/runner-manager.test.ts +72 -0
  339. package/src/server/runner-manager.ts +312 -0
  340. package/src/server/runner-pairing-urls.test.ts +59 -0
  341. package/src/server/runner-pairing-urls.ts +67 -0
  342. package/src/server/runner-proxy.test.ts +456 -0
  343. package/src/server/runner-proxy.ts +494 -0
  344. package/src/server/runner-router.test.ts +429 -0
  345. package/src/server/runner-router.ts +212 -0
  346. package/src/server/runner-routing.test.ts +584 -0
  347. package/src/server/runtime-registry.test.ts +436 -0
  348. package/src/server/runtime-registry.ts +307 -0
  349. package/src/server/sandbox-health.test.ts +127 -0
  350. package/src/server/sandbox-health.ts +94 -0
  351. package/src/server/sandbox-journey.test.ts +232 -0
  352. package/src/server/sandbox-manager.test.ts +146 -0
  353. package/src/server/sandbox-manager.ts +159 -0
  354. package/src/server/server.test.ts +287 -0
  355. package/src/server/server.ts +1108 -0
  356. package/src/server/session-discovery.test.ts +129 -0
  357. package/src/server/session-discovery.ts +475 -0
  358. package/src/server/session-index.test.ts +362 -0
  359. package/src/server/session-index.ts +119 -0
  360. package/src/server/session-seed.ts +288 -0
  361. package/src/server/share.test.ts +108 -0
  362. package/src/server/share.ts +113 -0
  363. package/src/server/skill-discovery.test.ts +201 -0
  364. package/src/server/skill-discovery.ts +77 -0
  365. package/src/server/storage/test-helpers.ts +67 -0
  366. package/src/server/terminal-manager.test.ts +309 -0
  367. package/src/server/terminal-manager.ts +354 -0
  368. package/src/server/transcript-consumer.test.ts +339 -0
  369. package/src/server/transcript-consumer.ts +162 -0
  370. package/src/server/transcript-search.test.ts +193 -0
  371. package/src/server/transcript-search.ts +83 -0
  372. package/src/server/transcript-utils.ts +52 -0
  373. package/src/server/update-manager.test.ts +107 -0
  374. package/src/server/update-manager.ts +230 -0
  375. package/src/server/workflow-engine.test.ts +251 -0
  376. package/src/server/workflow-engine.ts +169 -0
  377. package/src/server/workflow-mcp.ts +49 -0
  378. package/src/server/workflow-store.test.ts +155 -0
  379. package/src/server/workflow-store.ts +139 -0
  380. package/src/server/workspace-agent-integration.test.ts +167 -0
  381. package/src/server/workspace-agent-routes.test.ts +127 -0
  382. package/src/server/workspace-agent-routes.ts +89 -0
  383. package/src/server/workspace-agent.test.ts +103 -0
  384. package/src/server/workspace-agent.ts +102 -0
  385. package/src/server/workspace-cli.test.ts +79 -0
  386. package/src/server/workspace-config-manager.test.ts +109 -0
  387. package/src/server/workspace-config-manager.ts +83 -0
  388. package/src/server/workspace-directory-policy.test.ts +109 -0
  389. package/src/server/workspace-directory-policy.ts +56 -0
  390. package/src/shared/agent-config-types.ts +25 -0
  391. package/src/shared/branding.test.ts +42 -0
  392. package/src/shared/branding.ts +54 -0
  393. package/src/shared/compression.test.ts +85 -0
  394. package/src/shared/compression.ts +42 -0
  395. package/src/shared/coordination-store.test.ts +24 -0
  396. package/src/shared/coordination-store.ts +26 -0
  397. package/src/shared/dev-ports.test.ts +84 -0
  398. package/src/shared/dev-ports.ts +100 -0
  399. package/src/shared/extension-types.ts +45 -0
  400. package/src/shared/fork-presets.ts +54 -0
  401. package/src/shared/harness-types.test.ts +15 -0
  402. package/src/shared/harness-types.ts +21 -0
  403. package/src/shared/log-sink.test.ts +112 -0
  404. package/src/shared/log-sink.ts +185 -0
  405. package/src/shared/mention-pattern.ts +7 -0
  406. package/src/shared/merge-presets.ts +41 -0
  407. package/src/shared/nats-subjects.test.ts +61 -0
  408. package/src/shared/nats-subjects.ts +131 -0
  409. package/src/shared/permission-policy.ts +136 -0
  410. package/src/shared/ports.ts +3 -0
  411. package/src/shared/preset-types.ts +15 -0
  412. package/src/shared/profile-types.ts +49 -0
  413. package/src/shared/projectFileUrl.ts +36 -0
  414. package/src/shared/protocol.ts +153 -0
  415. package/src/shared/pty-instance.ts +43 -0
  416. package/src/shared/puggy/diagnostics/result.ts +18 -0
  417. package/src/shared/puggy/expressions/evaluate.ts +292 -0
  418. package/src/shared/puggy/index.test.ts +101 -0
  419. package/src/shared/puggy/index.ts +69 -0
  420. package/src/shared/puggy/parser/ast.ts +110 -0
  421. package/src/shared/puggy/parser/parser.ts +624 -0
  422. package/src/shared/puggy/renderer/html.ts +447 -0
  423. package/src/shared/runner-protocol.test.ts +277 -0
  424. package/src/shared/runner-protocol.ts +210 -0
  425. package/src/shared/runner-team-types.ts +73 -0
  426. package/src/shared/runtime-types.ts +48 -0
  427. package/src/shared/sandbox-types.ts +53 -0
  428. package/src/shared/tailwind-build.test.ts +12 -0
  429. package/src/shared/tinkaria-system-prompt.ts +101 -0
  430. package/src/shared/tools.test.ts +335 -0
  431. package/src/shared/tools.ts +397 -0
  432. package/src/shared/transcript-entries.ts +27 -0
  433. package/src/shared/transcript-render.test.ts +225 -0
  434. package/src/shared/transcript-render.ts +467 -0
  435. package/src/shared/types.ts +1031 -0
  436. package/src/shared/vite-config.test.ts +47 -0
  437. package/src/shared/web-context.test.ts +110 -0
  438. package/src/shared/web-context.ts +76 -0
  439. package/src/shared/workflow-types.ts +51 -0
  440. package/src/shared/workspace-types.ts +100 -0
@@ -0,0 +1,232 @@
1
+ import { describe, test, expect, mock } from "bun:test"
2
+ import type { DockerClient, ExecResult } from "./sandbox-manager"
3
+ import { SandboxManager } from "./sandbox-manager"
4
+ import type { ContainerInspect } from "../shared/sandbox-types"
5
+ import type { SandboxRecord, SandboxSnapshot } from "../shared/sandbox-types"
6
+ import { DEFAULT_RESOURCE_LIMITS } from "../shared/sandbox-types"
7
+ import { createEmptyState, type StoreState, type SandboxEvent } from "./events"
8
+
9
+ function createMockDocker(): DockerClient {
10
+ return {
11
+ create: mock(() => Promise.resolve("ctr-sandbox-001")),
12
+ start: mock(() => Promise.resolve()),
13
+ stop: mock(() => Promise.resolve()),
14
+ rm: mock(() => Promise.resolve()),
15
+ exec: mock(() => Promise.resolve({ stdout: "", stderr: "", exitCode: 0 } satisfies ExecResult)),
16
+ logs: mock(() => Promise.resolve("")),
17
+ inspect: mock(() =>
18
+ Promise.resolve({
19
+ id: "ctr-sandbox-001",
20
+ status: "running",
21
+ running: true,
22
+ startedAt: "2026-01-01T00:00:00Z",
23
+ memoryUsage: 256,
24
+ cpuPercent: 12,
25
+ } satisfies ContainerInspect),
26
+ ),
27
+ }
28
+ }
29
+
30
+ /**
31
+ * Derive a SandboxSnapshot from StoreState for a given workspace.
32
+ * This mirrors what a read model would do -- since event-store does not yet
33
+ * have sandbox projection, we project sandbox events manually for the test.
34
+ */
35
+ function deriveSandboxSnapshot(state: StoreState, workspaceId: string): SandboxSnapshot {
36
+ const record = state.sandboxByWorkspace.get(workspaceId) ?? null
37
+ return { workspaceId, sandbox: record, health: null }
38
+ }
39
+
40
+ function applySandboxEvent(state: StoreState, event: SandboxEvent): void {
41
+ switch (event.type) {
42
+ case "sandbox_created": {
43
+ const record: SandboxRecord = {
44
+ id: event.id,
45
+ workspaceId: event.workspaceId,
46
+ containerId: null,
47
+ status: "creating",
48
+ resourceLimits: event.resourceLimits,
49
+ natsUrl: "",
50
+ createdAt: event.timestamp,
51
+ updatedAt: event.timestamp,
52
+ lastHealthCheck: null,
53
+ error: null,
54
+ }
55
+ state.sandboxByWorkspace.set(event.workspaceId, record)
56
+ break
57
+ }
58
+ case "sandbox_started": {
59
+ const existing = state.sandboxByWorkspace.get(
60
+ [...state.sandboxByWorkspace.entries()].find(([, r]) => r.id === event.id)?.[0] ?? "",
61
+ )
62
+ if (existing) {
63
+ existing.containerId = event.containerId
64
+ existing.natsUrl = event.natsUrl
65
+ existing.status = "running"
66
+ existing.updatedAt = event.timestamp
67
+ }
68
+ break
69
+ }
70
+ case "sandbox_stopped": {
71
+ const rec = [...state.sandboxByWorkspace.values()].find((r) => r.id === event.id)
72
+ if (rec) {
73
+ rec.status = "stopped"
74
+ rec.updatedAt = event.timestamp
75
+ }
76
+ break
77
+ }
78
+ case "sandbox_destroyed": {
79
+ for (const [wsId, rec] of state.sandboxByWorkspace) {
80
+ if (rec.id === event.id) {
81
+ state.sandboxByWorkspace.delete(wsId)
82
+ break
83
+ }
84
+ }
85
+ break
86
+ }
87
+ case "sandbox_error": {
88
+ const rec = [...state.sandboxByWorkspace.values()].find((r) => r.id === event.id)
89
+ if (rec) {
90
+ rec.status = "error"
91
+ rec.error = event.error
92
+ rec.updatedAt = event.timestamp
93
+ }
94
+ break
95
+ }
96
+ case "sandbox_health_updated": {
97
+ // Health is stored separately in a full impl; skip for now
98
+ break
99
+ }
100
+ }
101
+ }
102
+
103
+ describe("Journey 3: Isolated Dev - Sandbox Lifecycle", () => {
104
+ const NATS_URL = "nats://localhost:4222"
105
+ const WS_ID = "ws-journey3-test"
106
+
107
+ test("stage 1: empty state - no sandbox returns null snapshot", () => {
108
+ const state = createEmptyState()
109
+ const snapshot = deriveSandboxSnapshot(state, WS_ID)
110
+ expect(snapshot.workspaceId).toBe(WS_ID)
111
+ expect(snapshot.sandbox).toBeNull()
112
+ expect(snapshot.health).toBeNull()
113
+ })
114
+
115
+ test("stage 2: create sandbox records creating status", () => {
116
+ const state = createEmptyState()
117
+ const event: SandboxEvent = {
118
+ v: 3,
119
+ type: "sandbox_created",
120
+ timestamp: Date.now(),
121
+ id: "sb-001",
122
+ workspaceId: WS_ID,
123
+ resourceLimits: DEFAULT_RESOURCE_LIMITS,
124
+ }
125
+ applySandboxEvent(state, event)
126
+
127
+ const snapshot = deriveSandboxSnapshot(state, WS_ID)
128
+ expect(snapshot.sandbox).not.toBeNull()
129
+ expect(snapshot.sandbox!.id).toBe("sb-001")
130
+ expect(snapshot.sandbox!.status).toBe("creating")
131
+ expect(snapshot.sandbox!.containerId).toBeNull()
132
+ expect(snapshot.sandbox!.resourceLimits).toEqual(DEFAULT_RESOURCE_LIMITS)
133
+ })
134
+
135
+ test("stage 3: start sandbox transitions to running with container id", () => {
136
+ const state = createEmptyState()
137
+ const now = Date.now()
138
+ applySandboxEvent(state, {
139
+ v: 3, type: "sandbox_created", timestamp: now, id: "sb-001", workspaceId: WS_ID, resourceLimits: DEFAULT_RESOURCE_LIMITS,
140
+ })
141
+ applySandboxEvent(state, {
142
+ v: 3, type: "sandbox_started", timestamp: now + 100, id: "sb-001", containerId: "ctr-abc", natsUrl: NATS_URL,
143
+ })
144
+
145
+ const snapshot = deriveSandboxSnapshot(state, WS_ID)
146
+ expect(snapshot.sandbox!.status).toBe("running")
147
+ expect(snapshot.sandbox!.containerId).toBe("ctr-abc")
148
+ expect(snapshot.sandbox!.natsUrl).toBe(NATS_URL)
149
+ })
150
+
151
+ test("stage 4-5: stop and restart transitions", () => {
152
+ const state = createEmptyState()
153
+ const now = Date.now()
154
+ applySandboxEvent(state, {
155
+ v: 3, type: "sandbox_created", timestamp: now, id: "sb-001", workspaceId: WS_ID, resourceLimits: DEFAULT_RESOURCE_LIMITS,
156
+ })
157
+ applySandboxEvent(state, {
158
+ v: 3, type: "sandbox_started", timestamp: now + 100, id: "sb-001", containerId: "ctr-abc", natsUrl: NATS_URL,
159
+ })
160
+
161
+ // Stop
162
+ applySandboxEvent(state, {
163
+ v: 3, type: "sandbox_stopped", timestamp: now + 200, id: "sb-001", reason: "user requested",
164
+ })
165
+ expect(deriveSandboxSnapshot(state, WS_ID).sandbox!.status).toBe("stopped")
166
+
167
+ // Restart
168
+ applySandboxEvent(state, {
169
+ v: 3, type: "sandbox_started", timestamp: now + 300, id: "sb-001", containerId: "ctr-abc", natsUrl: NATS_URL,
170
+ })
171
+ expect(deriveSandboxSnapshot(state, WS_ID).sandbox!.status).toBe("running")
172
+ })
173
+
174
+ test("stage 6: destroy sandbox returns to empty state", () => {
175
+ const state = createEmptyState()
176
+ const now = Date.now()
177
+ applySandboxEvent(state, {
178
+ v: 3, type: "sandbox_created", timestamp: now, id: "sb-001", workspaceId: WS_ID, resourceLimits: DEFAULT_RESOURCE_LIMITS,
179
+ })
180
+ applySandboxEvent(state, {
181
+ v: 3, type: "sandbox_started", timestamp: now + 100, id: "sb-001", containerId: "ctr-abc", natsUrl: NATS_URL,
182
+ })
183
+ applySandboxEvent(state, {
184
+ v: 3, type: "sandbox_destroyed", timestamp: now + 200, id: "sb-001",
185
+ })
186
+
187
+ const snapshot = deriveSandboxSnapshot(state, WS_ID)
188
+ expect(snapshot.sandbox).toBeNull()
189
+ })
190
+
191
+ test("error event transitions to error status", () => {
192
+ const state = createEmptyState()
193
+ const now = Date.now()
194
+ applySandboxEvent(state, {
195
+ v: 3, type: "sandbox_created", timestamp: now, id: "sb-001", workspaceId: WS_ID, resourceLimits: DEFAULT_RESOURCE_LIMITS,
196
+ })
197
+ applySandboxEvent(state, {
198
+ v: 3, type: "sandbox_error", timestamp: now + 50, id: "sb-001", error: "image not found",
199
+ })
200
+
201
+ const snapshot = deriveSandboxSnapshot(state, WS_ID)
202
+ expect(snapshot.sandbox!.status).toBe("error")
203
+ expect(snapshot.sandbox!.error).toBe("image not found")
204
+ })
205
+
206
+ test("full lifecycle through SandboxManager", async () => {
207
+ const docker = createMockDocker()
208
+ const mgr = new SandboxManager(docker, NATS_URL)
209
+
210
+ // Create
211
+ const containerId = await mgr.create(WS_ID, {
212
+ repos: [{ id: "repo-1", localPath: "/tmp/repo-1" }],
213
+ })
214
+ expect(containerId).toBe("ctr-sandbox-001")
215
+
216
+ // Start
217
+ await mgr.start(containerId)
218
+ expect(docker.start).toHaveBeenCalledWith(containerId)
219
+
220
+ // Stop
221
+ await mgr.stop(containerId, "pausing work")
222
+ expect(docker.stop).toHaveBeenCalledWith(containerId, 10)
223
+
224
+ // Restart
225
+ await mgr.start(containerId)
226
+ expect((docker.start as ReturnType<typeof mock>).mock.calls).toHaveLength(2)
227
+
228
+ // Destroy
229
+ await mgr.destroy(containerId)
230
+ expect(docker.rm).toHaveBeenCalledWith(containerId, true)
231
+ })
232
+ })
@@ -0,0 +1,146 @@
1
+ import { describe, test, expect, mock } from "bun:test"
2
+ import type { DockerClient, ExecResult } from "./sandbox-manager"
3
+ import { SandboxManager } from "./sandbox-manager"
4
+ import type { ContainerInspect } from "../shared/sandbox-types"
5
+ import { DEFAULT_RESOURCE_LIMITS } from "../shared/sandbox-types"
6
+
7
+ function createMockDocker(): DockerClient {
8
+ return {
9
+ create: mock(() => Promise.resolve("container-123")),
10
+ start: mock(() => Promise.resolve()),
11
+ stop: mock(() => Promise.resolve()),
12
+ rm: mock(() => Promise.resolve()),
13
+ exec: mock(() => Promise.resolve({ stdout: "", stderr: "", exitCode: 0 } satisfies ExecResult)),
14
+ logs: mock(() => Promise.resolve("")),
15
+ inspect: mock(() =>
16
+ Promise.resolve({
17
+ id: "container-123",
18
+ status: "running",
19
+ running: true,
20
+ startedAt: "2026-01-01T00:00:00Z",
21
+ memoryUsage: 100,
22
+ cpuPercent: 5,
23
+ } satisfies ContainerInspect),
24
+ ),
25
+ }
26
+ }
27
+
28
+ describe("SandboxManager", () => {
29
+ const NATS_URL = "nats://localhost:4222"
30
+ const IMAGE = "kanna-sandbox:latest"
31
+
32
+ test("create() builds correct docker args", async () => {
33
+ const docker = createMockDocker()
34
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
35
+
36
+ const id = await mgr.create("ws-abcdef123456", {
37
+ repos: [{ id: "repo1", localPath: "/home/user/repo1" }],
38
+ limits: { cpuShares: 256, memoryMb: 1024, diskMb: 5120, pidsLimit: 128 },
39
+ })
40
+
41
+ expect(id).toBe("container-123")
42
+ const args = (docker.create as ReturnType<typeof mock>).mock.calls[0][0] as string[]
43
+
44
+ expect(args).toContain("-v")
45
+ expect(args).toContain("/home/user/repo1:/workspace/repo1")
46
+ expect(args).toContain("--memory")
47
+ expect(args).toContain("1024m")
48
+ expect(args).toContain("--cpu-shares")
49
+ expect(args).toContain("256")
50
+ expect(args).toContain("--pids-limit")
51
+ expect(args).toContain("128")
52
+ expect(args[args.length - 1]).toBe(IMAGE)
53
+ })
54
+
55
+ test("create() uses default resource limits when not specified", async () => {
56
+ const docker = createMockDocker()
57
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
58
+
59
+ await mgr.create("ws-abcdef123456", {
60
+ repos: [{ id: "repo1", localPath: "/tmp/repo1" }],
61
+ })
62
+
63
+ const args = (docker.create as ReturnType<typeof mock>).mock.calls[0][0] as string[]
64
+ expect(args).toContain(String(DEFAULT_RESOURCE_LIMITS.cpuShares))
65
+ expect(args).toContain(`${DEFAULT_RESOURCE_LIMITS.memoryMb}m`)
66
+ expect(args).toContain(String(DEFAULT_RESOURCE_LIMITS.pidsLimit))
67
+ })
68
+
69
+ test("create() includes security flags", async () => {
70
+ const docker = createMockDocker()
71
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
72
+
73
+ await mgr.create("ws-abcdef123456", {
74
+ repos: [{ id: "r", localPath: "/tmp/r" }],
75
+ })
76
+
77
+ const args = (docker.create as ReturnType<typeof mock>).mock.calls[0][0] as string[]
78
+ expect(args).toContain("--cap-drop")
79
+ expect(args).toContain("ALL")
80
+ expect(args).toContain("--security-opt=no-new-privileges")
81
+ expect(args).toContain("--read-only")
82
+ expect(args.some((a: string) => a.startsWith("/tmp:"))).toBe(true)
83
+ expect(args).toContain("--add-host=host.docker.internal:host-gateway")
84
+ })
85
+
86
+ test("start() calls docker.start", async () => {
87
+ const docker = createMockDocker()
88
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
89
+
90
+ await mgr.start("container-123")
91
+ expect(docker.start).toHaveBeenCalledWith("container-123")
92
+ })
93
+
94
+ test("stop() calls docker.stop with timeout", async () => {
95
+ const docker = createMockDocker()
96
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
97
+
98
+ await mgr.stop("container-123", "shutting down")
99
+ expect(docker.stop).toHaveBeenCalledWith("container-123", 10)
100
+ })
101
+
102
+ test("destroy() calls docker.rm with force", async () => {
103
+ const docker = createMockDocker()
104
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
105
+
106
+ await mgr.destroy("container-123")
107
+ expect(docker.rm).toHaveBeenCalledWith("container-123", true)
108
+ })
109
+
110
+ test("exec() returns ExecResult", async () => {
111
+ const docker = createMockDocker()
112
+ ;(docker.exec as ReturnType<typeof mock>).mockImplementation(() =>
113
+ Promise.resolve({ stdout: "hello", stderr: "", exitCode: 0 }),
114
+ )
115
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
116
+
117
+ const result = await mgr.exec("container-123", ["echo", "hello"])
118
+ expect(result.stdout).toBe("hello")
119
+ expect(result.exitCode).toBe(0)
120
+ expect(docker.exec).toHaveBeenCalledWith("container-123", ["echo", "hello"])
121
+ })
122
+
123
+ test("logs() passes tail option", async () => {
124
+ const docker = createMockDocker()
125
+ ;(docker.logs as ReturnType<typeof mock>).mockImplementation(() =>
126
+ Promise.resolve("log line 1\nlog line 2"),
127
+ )
128
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
129
+
130
+ const logs = await mgr.logs("container-123", 50)
131
+ expect(logs).toBe("log line 1\nlog line 2")
132
+ expect(docker.logs).toHaveBeenCalledWith("container-123", 50)
133
+ })
134
+
135
+ test("docker error surfaces as thrown error", async () => {
136
+ const docker = createMockDocker()
137
+ ;(docker.create as ReturnType<typeof mock>).mockImplementation(() =>
138
+ Promise.reject(new Error("daemon not running")),
139
+ )
140
+ const mgr = new SandboxManager(docker, NATS_URL, IMAGE)
141
+
142
+ await expect(
143
+ mgr.create("ws-abc", { repos: [{ id: "r", localPath: "/tmp/r" }] }),
144
+ ).rejects.toThrow("daemon not running")
145
+ })
146
+ })
@@ -0,0 +1,159 @@
1
+ import { LOG_PREFIX } from "../shared/branding"
2
+ import type { ResourceLimits, ContainerInspect } from "../shared/sandbox-types"
3
+ import { DEFAULT_RESOURCE_LIMITS } from "../shared/sandbox-types"
4
+
5
+ export interface ExecResult {
6
+ stdout: string
7
+ stderr: string
8
+ exitCode: number
9
+ }
10
+
11
+ export interface DockerClient {
12
+ create(args: string[]): Promise<string>
13
+ start(containerId: string): Promise<void>
14
+ stop(containerId: string, timeoutSecs?: number): Promise<void>
15
+ rm(containerId: string, force?: boolean): Promise<void>
16
+ exec(containerId: string, cmd: string[]): Promise<ExecResult>
17
+ logs(containerId: string, tail?: number): Promise<string>
18
+ inspect(containerId: string): Promise<ContainerInspect>
19
+ }
20
+
21
+ export class BunDockerClient implements DockerClient {
22
+ private async run(args: string[]): Promise<{ stdout: string; stderr: string; exitCode: number }> {
23
+ const proc = Bun.spawn(["docker", ...args], {
24
+ stdout: "pipe",
25
+ stderr: "pipe",
26
+ })
27
+ const [stdout, stderr] = await Promise.all([
28
+ new Response(proc.stdout).text(),
29
+ new Response(proc.stderr).text(),
30
+ ])
31
+ const exitCode = await proc.exited
32
+ if (exitCode !== 0) {
33
+ throw new Error(`docker ${args[0]} failed (exit ${exitCode}): ${stderr.trim()}`)
34
+ }
35
+ return { stdout, stderr, exitCode }
36
+ }
37
+
38
+ async create(args: string[]): Promise<string> {
39
+ const result = await this.run(["create", ...args])
40
+ return result.stdout.trim()
41
+ }
42
+
43
+ async start(containerId: string): Promise<void> {
44
+ await this.run(["start", containerId])
45
+ }
46
+
47
+ async stop(containerId: string, timeoutSecs = 10): Promise<void> {
48
+ await this.run(["stop", "-t", String(timeoutSecs), containerId])
49
+ }
50
+
51
+ async rm(containerId: string, force = false): Promise<void> {
52
+ const args = force ? ["rm", "-f", containerId] : ["rm", containerId]
53
+ await this.run(args)
54
+ }
55
+
56
+ async exec(containerId: string, cmd: string[]): Promise<ExecResult> {
57
+ const proc = Bun.spawn(["docker", "exec", containerId, ...cmd], {
58
+ stdout: "pipe",
59
+ stderr: "pipe",
60
+ })
61
+ const [stdout, stderr] = await Promise.all([
62
+ new Response(proc.stdout).text(),
63
+ new Response(proc.stderr).text(),
64
+ ])
65
+ const exitCode = await proc.exited
66
+ return { stdout, stderr, exitCode }
67
+ }
68
+
69
+ async logs(containerId: string, tail = 100): Promise<string> {
70
+ const result = await this.run(["logs", "--tail", String(tail), containerId])
71
+ return result.stdout
72
+ }
73
+
74
+ async inspect(containerId: string): Promise<ContainerInspect> {
75
+ const result = await this.run(["inspect", "--format", "{{json .}}", containerId])
76
+ try {
77
+ return JSON.parse(result.stdout) as ContainerInspect
78
+ } catch {
79
+ throw new Error(`Failed to parse docker inspect output for ${containerId}`)
80
+ }
81
+ }
82
+ }
83
+
84
+ export class SandboxManager {
85
+ constructor(
86
+ private readonly docker: DockerClient,
87
+ private readonly natsUrl: string,
88
+ private readonly imageName: string = "kanna-sandbox:latest",
89
+ ) {}
90
+
91
+ getNatsUrl(): string {
92
+ return this.natsUrl
93
+ }
94
+
95
+ async create(
96
+ workspaceId: string,
97
+ opts: { repos: Array<{ id: string; localPath: string }>; limits?: ResourceLimits },
98
+ ): Promise<string> {
99
+ const limits = opts.limits ?? DEFAULT_RESOURCE_LIMITS
100
+ const args: string[] = []
101
+
102
+ for (const repo of opts.repos) {
103
+ args.push("-v", `${repo.localPath}:/workspace/${repo.id}`)
104
+ }
105
+
106
+ args.push("-e", `NATS_URL=${this.natsUrl}`)
107
+ args.push("-e", `WORKSPACE_ID=${workspaceId}`)
108
+ args.push("--name", `kanna-sandbox-${workspaceId.slice(0, 12)}`)
109
+
110
+ // Security flags
111
+ args.push("--cap-drop", "ALL")
112
+ args.push("--security-opt=no-new-privileges")
113
+ args.push("--read-only")
114
+ args.push("--tmpfs", "/tmp:size=128m")
115
+ args.push("--add-host=host.docker.internal:host-gateway")
116
+
117
+ // Resource limits
118
+ args.push("--cpu-shares", String(limits.cpuShares))
119
+ args.push("--memory", `${limits.memoryMb}m`)
120
+ args.push("--pids-limit", String(limits.pidsLimit))
121
+
122
+ args.push(this.imageName)
123
+
124
+ try {
125
+ return await this.docker.create(args)
126
+ } catch (err: unknown) {
127
+ const msg = err instanceof Error ? err.message : String(err)
128
+ console.warn(LOG_PREFIX, `Failed to create sandbox for ${workspaceId}: ${msg}`)
129
+ throw err
130
+ }
131
+ }
132
+
133
+ async start(containerId: string): Promise<void> {
134
+ await this.docker.start(containerId)
135
+ }
136
+
137
+ async stop(containerId: string, reason?: string): Promise<void> {
138
+ if (reason) {
139
+ console.warn(LOG_PREFIX, `Stopping container ${containerId}: ${reason}`)
140
+ }
141
+ await this.docker.stop(containerId, 10)
142
+ }
143
+
144
+ async destroy(containerId: string): Promise<void> {
145
+ await this.docker.rm(containerId, true)
146
+ }
147
+
148
+ async exec(containerId: string, cmd: string[]): Promise<ExecResult> {
149
+ return this.docker.exec(containerId, cmd)
150
+ }
151
+
152
+ async logs(containerId: string, tail?: number): Promise<string> {
153
+ return this.docker.logs(containerId, tail)
154
+ }
155
+
156
+ async inspect(containerId: string): Promise<ContainerInspect> {
157
+ return this.docker.inspect(containerId)
158
+ }
159
+ }