airlock-bot 0.2.18 → 0.2.20

package/dist/hook/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/hook/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAMzC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;AAEpC,SAAS,iBAAiB,CAAC,CAAS,EAAE,CAAS;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC9C,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AAkBD,4DAA4D;AAC5D,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAoB,EAAE,IAAiB;IACzE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAEzE,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACjD,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,MAAM,EAAE,CAAC,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACzC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAmC,CAAC;QAEzD,IAAI,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;QAE7D,sEAAsE;QACtE,MAAM,OAAO,GAAG,KAAK,IAAI,MAAM,CAAC;QAChC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAEtD,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,yBAAyB,CAAC,CAAC;QAE/G,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;QAE9D,eAAe;QACf,WAAW,CAAC,GAAG,CAAC;YACd,QAAQ,EAAE,OAAO;YACjB,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;YAC3B,MAAM,EAAE,QAAQ,QAAQ,EAAE;SAC3B,CAAC,CAAC;QAEH,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC,IAAI,CAAC;gBAChB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,UAAU,CAAC,IAAI;gBACrB,MAAM,EAAE,4BAA4B;aACrC,CAAC,CAAC;QACL,CAAC;QAED,wDAAwD;QACxD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;YAC/B,OAAO;YACP,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;QAEH,WAAW,CAAC,GAAG,CAAC;YACd,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO;YACP,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,IAAI,EAAE,KAAK;YACX,SAAS,EAAE,UAAU,CAAC,SAAS;SAChC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAErF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC;QAEnC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,oBAAoB,CAAC;QAClF,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/hook/normalizer.d.ts

@@ -0,0 +1,26 @@
+export interface NormalizedTool {
+    /** Airlock tool name, e.g. "bash/git", "file/edit", "bash/_complex" */
+    name: string;
+    /** Extracted executable for bash commands, e.g. "git", "npm" */
+    executable?: string;
+}
+/**
+ * Check if a command string is "simple" — a single command with no
+ * shell metacharacters that could chain or inject additional commands.
+ */
+export declare function isSimpleCommand(command: string): boolean;
+/**
+ * Extract the executable name from a simple command string.
+ * Handles path-prefixed commands (e.g. /usr/bin/git → git)
+ * and leading env vars (e.g. FOO=bar git status → git).
+ */
+export declare function extractExecutable(command: string): string | null;
+/**
+ * Normalize an external tool name into Airlock's namespaced format.
+ *
+ * For bash/shell tools, inspects the command to produce fine-grained
+ * names like "bash/git", "bash/npm", or "bash/_complex" for commands
+ * with shell metacharacters.
+ */
+export declare function normalizeTool(client: string, tool: string, input: Record<string, unknown>): NormalizedTool;
+//# sourceMappingURL=normalizer.d.ts.map

package/dist/hook/normalizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"normalizer.d.ts","sourceRoot":"","sources":["../../src/hook/normalizer.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,uEAAuE;IACvE,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AA2BD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAExD;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAgBhE;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,cAAc,CA+BhB"}

package/dist/hook/normalizer.js

@@ -0,0 +1,84 @@
+import path from 'path';
+/** Shell metacharacters that indicate a non-simple command */
+const COMPLEX_COMMAND_RE = /[;|&`$(){}><]/;
+/**
+ * Tool name mappings per client.
+ * Maps external tool names → Airlock namespace/tool format.
+ * Unknown tools pass through as-is.
+ */
+const CLIENT_TOOL_MAPS = {
+    'claude-code': {
+        Bash: 'bash',
+        Edit: 'file/edit',
+        Read: 'file/read',
+        Write: 'file/write',
+        Glob: 'file/glob',
+        Grep: 'file/grep',
+        WebFetch: 'http/fetch',
+        WebSearch: 'http/search',
+        Agent: 'agent/spawn',
+        TodoRead: 'todo/read',
+        TodoWrite: 'todo/write',
+        NotebookEdit: 'notebook/edit',
+    },
+};
+/**
+ * Check if a command string is "simple" — a single command with no
+ * shell metacharacters that could chain or inject additional commands.
+ */
+export function isSimpleCommand(command) {
+    return !COMPLEX_COMMAND_RE.test(command);
+}
+/**
+ * Extract the executable name from a simple command string.
+ * Handles path-prefixed commands (e.g. /usr/bin/git → git)
+ * and leading env vars (e.g. FOO=bar git status → git).
+ */
+export function extractExecutable(command) {
+    const trimmed = command.trim();
+    if (!trimmed)
+        return null;
+    const tokens = trimmed.split(/\s+/);
+    // Skip leading env var assignments (KEY=VALUE)
+    let i = 0;
+    while (i < tokens.length && /^[A-Za-z_]\w*=/.test(tokens[i])) {
+        i++;
+    }
+    const exe = tokens[i];
+    if (!exe)
+        return null;
+    return path.basename(exe);
+}
+/**
+ * Normalize an external tool name into Airlock's namespaced format.
+ *
+ * For bash/shell tools, inspects the command to produce fine-grained
+ * names like "bash/git", "bash/npm", or "bash/_complex" for commands
+ * with shell metacharacters.
+ */
+export function normalizeTool(client, tool, input) {
+    const mapping = CLIENT_TOOL_MAPS[client] ?? {};
+    const mapped = mapping[tool];
+    // No mapping → pass through as-is (e.g. mcp__server__tool)
+    if (mapped === undefined) {
+        return { name: tool };
+    }
+    // Non-bash tools → return the mapped name directly
+    if (mapped !== 'bash') {
+        return { name: mapped };
+    }
+    // Bash tool — inspect the command for granular matching
+    const command = typeof input.command === 'string' ? input.command : '';
+    if (!command.trim()) {
+        return { name: 'bash/_empty' };
+    }
+    if (!isSimpleCommand(command)) {
+        return { name: 'bash/_complex', executable: undefined };
+    }
+    const exe = extractExecutable(command);
+    if (!exe) {
+        return { name: 'bash/_complex' };
+    }
+    return { name: `bash/${exe}`, executable: exe };
+}
+//# sourceMappingURL=normalizer.js.map

package/dist/hook/normalizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"normalizer.js","sourceRoot":"","sources":["../../src/hook/normalizer.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AASxB,8DAA8D;AAC9D,MAAM,kBAAkB,GAAG,eAAe,CAAC;AAE3C;;;;GAIG;AACH,MAAM,gBAAgB,GAA2C;IAC/D,aAAa,EAAE;QACb,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,YAAY;QACnB,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,YAAY;QACtB,SAAS,EAAE,aAAa;QACxB,KAAK,EAAE,aAAa;QACpB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,YAAY;QACvB,YAAY,EAAE,eAAe;KAC9B;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEpC,+CAA+C;IAC/C,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,CAAC,EAAE,CAAC;IACN,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,MAAc,EACd,IAAY,EACZ,KAA8B;IAE9B,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B,2DAA2D;IAC3D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,mDAAmD;IACnD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED,wDAAwD;IACxD,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAEvE,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACpB,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;IACjC,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;IAC1D,CAAC;IAED,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AAClD,CAAC"}

package/dist/middleware/chain-builder.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"chain-builder.d.ts","sourceRoot":"","sources":["../../src/middleware/chain-builder.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAwF7D;;;;;;;;;;;GAWG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,cAAc,GAAG,UAAU,CAmDhG"}
+{"version":3,"file":"chain-builder.d.ts","sourceRoot":"","sources":["../../src/middleware/chain-builder.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAyF7D;;;;;;;;;;;GAWG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,cAAc,GAAG,UAAU,CAoDhG"}

package/dist/middleware/chain-builder.js

@@ -3,6 +3,7 @@ import { allowlistMiddleware } from './core/allowlist.js';
 import { execPolicyMiddleware } from './core/exec-policy.js';
 import { hitlGateMiddleware } from './core/hitl-gate.js';
 import { executeMiddleware } from './core/execute.js';
+import { sandboxMiddleware } from './core/sandbox.js';
 import { schemaValidatorMiddleware } from './core/schema-validator.js';
 import { rateLimiterMiddleware } from './core/rate-limiter.js';
 import { untrustedEnvelopeMiddleware } from './post/untrusted-envelope.js';
@@ -121,13 +122,14 @@ export function buildMiddlewareChain(agentConfig, _deps) {
     const schemaValidators = coreUserMiddleware.filter((m) => m.name === 'schema-validator');
     const detectors = coreUserMiddleware.filter((m) => m.name !== 'schema-validator');
     // Core zone: fixed security-critical order
-    //   allowlist → exec-policy → schema-validator → [detectors] → hitl-gate → execute
+    //   allowlist → exec-policy → schema-validator → [detectors] → hitl-gate → sandbox → execute
     const coreMiddlewares = [
         allowlistMiddleware(),
         execPolicyMiddleware(),
         ...schemaValidators.map((m) => withToolFilter(resolveMiddleware(m), m)),
         ...detectors.map((m) => withToolFilter(resolveMiddleware(m), m)),
         hitlGateMiddleware(),
+        sandboxMiddleware(),
         executeMiddleware(),
     ];
     // Post zone: user-configurable

package/dist/middleware/chain-builder.js.map

@@ -1 +1 @@
-{"version":3,"file":"chain-builder.js","sourceRoot":"","sources":["../../src/middleware/chain-builder.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,iCAAiC,EAAE,MAAM,qCAAqC,CAAC;AACxF,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,+BAA+B,EAAE,MAAM,uCAAuC,CAAC;AACxF,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAGlD,SAAS,gBAAgB,CAAC,QAAgB,EAAE,KAAgB,EAAE,OAAkB;IAC9E,IAAI,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACpE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,EAAc,EAAE,IAA0B;IAChE,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAC5C,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACnB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAC7E,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACvB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAA0B;IACnD,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,kBAAkB;YACrB,OAAO,yBAAyB,EAAE,CAAC;QACrC,KAAK,cAAc;YACjB,OAAO,qBAAqB,CAAC;gBAC3B,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE;gBACrC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,MAAM;gBACnC,GAAG,EAAE,IAAI,CAAC,GAAG;aACd,CAAC,CAAC;QACL,KAAK,oBAAoB;YACvB,OAAO,2BAA2B,EAAE,CAAC;QACvC,KAAK,oBAAoB;YACvB,OAAO,0BAA0B,EAAE,CAAC;QACtC,KAAK,2BAA2B;YAC9B,OAAO,iCAAiC,CAAC;gBACvC,IAAI,EAAE,IAAI,CAAC,IAAuC,EAAE,8EAA8E;aACnI,CAAC,CAAC;QACL,KAAK,uBAAuB;YAC1B,OAAO,6BAA6B,EAAE,CAAC;QACzC,KAAK,qBAAqB;YACxB,OAAO,2BAA2B,CAAC;gBACjC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC;QACL,KAAK,mBAAmB;YACtB,OAAO,0BAA0B,CAAC;gBAChC,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,2BAA2B;gBAChD,eAAe,EAAE,IAAI,CAAC,eAAe;aACtC,CAAC,CAAC;QACL,KAAK,oBAAoB;YACvB,OAAO,2BAA2B,CAAC;gBACjC,OAAO,EAAE,IAAI,CAAC,OAA0C;gBACxD,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC;QACL,KAAK,wBAAwB;YAC3B,OAAO,+BAA+B,CAAC;gBACrC,IAAI,EAAE,IAAI,CAAC,IAAyC;gBACpD,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,OAAO,EAAE,IAAI,CAAC,OAA0C;gBACxD,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;QACL;YACE,MAAM,IAAI,KAAK,CAAC,uBAAwB,IAAyB,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,MAAM,kBAAkB,GAA2B;IACjD,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,IAAI,EAAE;IAC3C,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,IAAI,EAAE;IAC7C,EAAE,IAAI,EAAE,2BAA2B,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE;CACrE,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAAwB,EAAE,KAAqB;IAClF,MAAM,cAAc,GAAG,WAAW,CAAC,UAAU,CAAC;IAE9C,0FAA0F;IAC1F,oDAAoD;IACpD,gFAAgF;IAChF,IAAI,iBAAyC,CAAC;IAE9C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,iBAAiB,GAAG,kBAAkB,CAAC;IACzC,CAAC;SAAM,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,iBAAiB,GAAG,EAAE,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CACrE,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAC5D,CAAC;QACF,iBAAiB,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC;IAC1F,CAAC;IAED,qFAAqF;IACrF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,oBAAoB,EAAE,wBAAwB,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAChG,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAClF,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEnF,iEAAiE;IACjE,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;IAElF,2CAA2C;IAC3C,mFAAmF;IACnF,MAAM,eAAe,GAAiB;QACpC,mBAAmB,EAAE;QACrB,oBAAoB,EAAE;QACtB,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACvE,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChE,kBAAkB,EAAE;QACpB,iBAAiB,EAAE;KACpB,CAAC;IAEF,+BAA+B;IAC/B,MAAM,eAAe,GAAiB,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACjE,cAAc,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CACxC,CAAC;IAEF,uCAAuC;IACvC,wFAAwF;IACxF,OAAO,OAAO,CAAC,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC;AAC3D,CAAC"}
+{"version":3,"file":"chain-builder.js","sourceRoot":"","sources":["../../src/middleware/chain-builder.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,iCAAiC,EAAE,MAAM,qCAAqC,CAAC;AACxF,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,+BAA+B,EAAE,MAAM,uCAAuC,CAAC;AACxF,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAGlD,SAAS,gBAAgB,CAAC,QAAgB,EAAE,KAAgB,EAAE,OAAkB;IAC9E,IAAI,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACpE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,EAAc,EAAE,IAA0B;IAChE,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAC5C,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACnB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAC7E,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACvB,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAA0B;IACnD,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,kBAAkB;YACrB,OAAO,yBAAyB,EAAE,CAAC;QACrC,KAAK,cAAc;YACjB,OAAO,qBAAqB,CAAC;gBAC3B,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE;gBACrC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,MAAM;gBACnC,GAAG,EAAE,IAAI,CAAC,GAAG;aACd,CAAC,CAAC;QACL,KAAK,oBAAoB;YACvB,OAAO,2BAA2B,EAAE,CAAC;QACvC,KAAK,oBAAoB;YACvB,OAAO,0BAA0B,EAAE,CAAC;QACtC,KAAK,2BAA2B;YAC9B,OAAO,iCAAiC,CAAC;gBACvC,IAAI,EAAE,IAAI,CAAC,IAAuC,EAAE,8EAA8E;aACnI,CAAC,CAAC;QACL,KAAK,uBAAuB;YAC1B,OAAO,6BAA6B,EAAE,CAAC;QACzC,KAAK,qBAAqB;YACxB,OAAO,2BAA2B,CAAC;gBACjC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC;QACL,KAAK,mBAAmB;YACtB,OAAO,0BAA0B,CAAC;gBAChC,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,2BAA2B;gBAChD,eAAe,EAAE,IAAI,CAAC,eAAe;aACtC,CAAC,CAAC;QACL,KAAK,oBAAoB;YACvB,OAAO,2BAA2B,CAAC;gBACjC,OAAO,EAAE,IAAI,CAAC,OAA0C;gBACxD,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC;QACL,KAAK,wBAAwB;YAC3B,OAAO,+BAA+B,CAAC;gBACrC,IAAI,EAAE,IAAI,CAAC,IAAyC;gBACpD,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,OAAO,EAAE,IAAI,CAAC,OAA0C;gBACxD,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;QACL;YACE,MAAM,IAAI,KAAK,CAAC,uBAAwB,IAAyB,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,MAAM,kBAAkB,GAA2B;IACjD,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,IAAI,EAAE;IAC3C,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,IAAI,EAAE;IAC7C,EAAE,IAAI,EAAE,2BAA2B,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE;CACrE,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAAwB,EAAE,KAAqB;IAClF,MAAM,cAAc,GAAG,WAAW,CAAC,UAAU,CAAC;IAE9C,0FAA0F;IAC1F,oDAAoD;IACpD,gFAAgF;IAChF,IAAI,iBAAyC,CAAC;IAE9C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,iBAAiB,GAAG,kBAAkB,CAAC;IACzC,CAAC;SAAM,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,iBAAiB,GAAG,EAAE,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CACrE,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAC5D,CAAC;QACF,iBAAiB,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC;IAC1F,CAAC;IAED,qFAAqF;IACrF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,oBAAoB,EAAE,wBAAwB,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAChG,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAClF,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEnF,iEAAiE;IACjE,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;IAElF,2CAA2C;IAC3C,6FAA6F;IAC7F,MAAM,eAAe,GAAiB;QACpC,mBAAmB,EAAE;QACrB,oBAAoB,EAAE;QACtB,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACvE,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChE,kBAAkB,EAAE;QACpB,iBAAiB,EAAE;QACnB,iBAAiB,EAAE;KACpB,CAAC;IAEF,+BAA+B;IAC/B,MAAM,eAAe,GAAiB,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACjE,cAAc,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CACxC,CAAC;IAEF,uCAAuC;IACvC,wFAAwF;IACxF,OAAO,OAAO,CAAC,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/middleware/core/execute.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../../src/middleware/core/execute.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAoB,MAAM,aAAa,CAAC;AAEhE,wBAAgB,iBAAiB,IAAI,UAAU,CAkC9C"}
+{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../../src/middleware/core/execute.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAoB,MAAM,aAAa,CAAC;AAQhE,wBAAgB,iBAAiB,IAAI,UAAU,CAkC9C"}

package/dist/middleware/core/execute.js

@@ -1,14 +1,20 @@
 import { McpError, ErrorCode } from '@modelcontextprotocol/sdk/types.js';
+function serializeAuditArgs(args, meta) {
+    const sandbox = meta.sandbox_info;
+    if (!sandbox)
+        return JSON.stringify(args);
+    return JSON.stringify({ ...args, _airlock: { sandbox } });
+}
 export function executeMiddleware() {
     return async (ctx, _next) => {
         const { registry, auditLogger } = ctx.deps;
         try {
-            const callResult = await registry.call(ctx.toolName, ctx.args, ctx.agentId);
+            const callResult = await registry.call(ctx.toolName, ctx.args, ctx.agentId, ctx.meta);
             const duration = Date.now() - ctx.startedAt;
             auditLogger.log({
                 agent_id: ctx.agentId,
                 tool: ctx.toolName,
-                args: JSON.stringify(ctx.args),
+                args: serializeAuditArgs(ctx.args, ctx.meta),
                 result: 'success',
                 duration_ms: duration,
             });
@@ -23,7 +29,7 @@ export function executeMiddleware() {
             auditLogger.log({
                 agent_id: ctx.agentId,
                 tool: ctx.toolName,
-                args: JSON.stringify(ctx.args),
+                args: serializeAuditArgs(ctx.args, ctx.meta),
                 result: 'error',
                 error,
                 duration_ms: duration,

package/dist/middleware/core/execute.js.map

@@ -1 +1 @@
-{"version":3,"file":"execute.js","sourceRoot":"","sources":["../../../src/middleware/core/execute.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAGzE,MAAM,UAAU,iBAAiB;IAC/B,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAA6B,EAAE;QACrD,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAE5E,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,CAAC;YAC5C,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC9B,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,QAAQ;aACtB,CAAC,CAAC;YAEH,OAAO;gBACL,MAAM,EAAE,UAAU;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;aACjC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,CAAC;YAC5C,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC/D,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC9B,MAAM,EAAE,OAAO;gBACf,KAAK;gBACL,WAAW,EAAE,QAAQ;aACtB,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"execute.js","sourceRoot":"","sources":["../../../src/middleware/core/execute.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAGzE,SAAS,kBAAkB,CAAC,IAA6B,EAAE,IAA6B;IACtF,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAA6B,EAAE;QACrD,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAEtF,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,CAAC;YAC5C,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC;gBAC5C,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,QAAQ;aACtB,CAAC,CAAC;YAEH,OAAO;gBACL,MAAM,EAAE,UAAU;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;aACjC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,CAAC;YAC5C,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC/D,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC;gBAC5C,MAAM,EAAE,OAAO;gBACf,KAAK;gBACL,WAAW,EAAE,QAAQ;aACtB,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/core/hitl-gate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hitl-gate.d.ts","sourceRoot":"","sources":["../../../src/middleware/core/hitl-gate.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,wBAAgB,kBAAkB,IAAI,UAAU,CAwE/C"}
+{"version":3,"file":"hitl-gate.d.ts","sourceRoot":"","sources":["../../../src/middleware/core/hitl-gate.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAQ9C,wBAAgB,kBAAkB,IAAI,UAAU,CA+E/C"}

package/dist/middleware/core/hitl-gate.js

@@ -1,16 +1,29 @@
 import { McpError, ErrorCode } from '@modelcontextprotocol/sdk/types.js';
+function serializeAuditArgs(args, meta) {
+    const sandbox = meta.sandbox_info;
+    if (!sandbox)
+        return JSON.stringify(args);
+    return JSON.stringify({ ...args, _airlock: { sandbox } });
+}
 export function hitlGateMiddleware() {
     return async (ctx, next) => {
         if (!ctx.meta.needsApproval)
             return next();
         const { hitlEngine, hitlBatcher, auditLogger } = ctx.deps;
-        const ticket = hitlEngine.create({ agentId: ctx.agentId, tool: ctx.toolName, args: ctx.args });
+        const sandboxInfo = ctx.meta.sandbox_info;
+        const ticket = hitlEngine.create({
+            agentId: ctx.agentId,
+            tool: ctx.toolName,
+            args: ctx.args,
+            sandbox: sandboxInfo,
+        });
         hitlBatcher.add({
             id: ticket.id,
             code: ticket.code,
             agentId: ctx.agentId,
             tool: ctx.toolName,
             args: ctx.args,
+            ...(sandboxInfo ? { sandbox: sandboxInfo } : {}),
             timeoutMs: hitlEngine.timeoutMs,
         });
         // If the transport provides an abort signal, race the HITL promise against it
@@ -50,7 +63,7 @@ export function hitlGateMiddleware() {
             auditLogger.log({
                 agent_id: ctx.agentId,
                 tool: ctx.toolName,
-                args: JSON.stringify(ctx.args),
+                args: serializeAuditArgs(ctx.args, ctx.meta),
                 result: 'hitl_denied',
             });
             throw new McpError(ErrorCode.InvalidRequest, 'Request denied by operator');
@@ -59,7 +72,7 @@ export function hitlGateMiddleware() {
             auditLogger.log({
                 agent_id: ctx.agentId,
                 tool: ctx.toolName,
-                args: JSON.stringify(ctx.args),
+                args: serializeAuditArgs(ctx.args, ctx.meta),
                 result: 'hitl_timeout',
             });
             throw new McpError(ErrorCode.InvalidRequest, 'Approval timed out. Re-request when operator is available.');

package/dist/middleware/core/hitl-gate.js.map

@@ -1 +1 @@
-{"version":3,"file":"hitl-gate.js","sourceRoot":"","sources":["../../../src/middleware/core/hitl-gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAGzE,MAAM,UAAU,kBAAkB;IAChC,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,EAAE,CAAC;QAE3C,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAC1D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QAE/F,WAAW,CAAC,GAAG,CAAC;YACd,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,SAAS,EAAE,UAAU,CAAC,SAAS;SAChC,CAAC,CAAC;QAEH,8EAA8E;QAC9E,gDAAgD;QAChD,IAAI,MAAsD,CAAC;QAC3D,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAC1B,MAAM,CAAC,MAAM;gBACb,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,EAAE;oBACtC,IAAI,GAAG,CAAC,MAAO,CAAC,OAAO,EAAE,CAAC;wBACxB,OAAO,CAAC,cAAc,CAAC,CAAC;oBAC1B,CAAC;yBAAM,CAAC;wBACN,GAAG,CAAC,MAAO,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;oBACvF,CAAC;gBACH,CAAC,CAAC;aACH,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YAC/B,sDAAsD;YACtD,MAAM,GAAG,cAAc,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC;QAC/B,CAAC;QAED,IAAI,MAAM,KAAK,cAAc,EAAE,CAAC;YAC9B,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC7B,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC9B,MAAM,EAAE,mBAAmB;aAC5B,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,8CAA8C,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxB,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC9B,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,4BAA4B,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC9B,MAAM,EAAE,cAAc;aACvB,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,cAAc,EACxB,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"hitl-gate.js","sourceRoot":"","sources":["../../../src/middleware/core/hitl-gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAIzE,SAAS,kBAAkB,CAAC,IAA6B,EAAE,IAA6B;IACtF,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,EAAE,CAAC;QAE3C,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAC1D,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC,YAA8C,CAAC;QAC5E,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;YAC/B,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,OAAO,EAAE,WAAW;SACrB,CAAC,CAAC;QAEH,WAAW,CAAC,GAAG,CAAC;YACd,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,SAAS,EAAE,UAAU,CAAC,SAAS;SAChC,CAAC,CAAC;QAEH,8EAA8E;QAC9E,gDAAgD;QAChD,IAAI,MAAsD,CAAC;QAC3D,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAC1B,MAAM,CAAC,MAAM;gBACb,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,EAAE;oBACtC,IAAI,GAAG,CAAC,MAAO,CAAC,OAAO,EAAE,CAAC;wBACxB,OAAO,CAAC,cAAc,CAAC,CAAC;oBAC1B,CAAC;yBAAM,CAAC;wBACN,GAAG,CAAC,MAAO,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;oBACvF,CAAC;gBACH,CAAC,CAAC;aACH,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YAC/B,sDAAsD;YACtD,MAAM,GAAG,cAAc,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC;QAC/B,CAAC;QAED,IAAI,MAAM,KAAK,cAAc,EAAE,CAAC;YAC9B,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC7B,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC9B,MAAM,EAAE,mBAAmB;aAC5B,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,8CAA8C,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxB,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC;gBAC5C,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,4BAA4B,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC;gBAC5C,MAAM,EAAE,cAAc;aACvB,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,cAAc,EACxB,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/core/sandbox.d.ts

@@ -0,0 +1,3 @@
+import type { Middleware } from '../types.js';
+export declare function sandboxMiddleware(): Middleware;
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/middleware/core/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../../src/middleware/core/sandbox.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAG9C,wBAAgB,iBAAiB,IAAI,UAAU,CAmB9C"}

package/dist/middleware/core/sandbox.js

@@ -0,0 +1,15 @@
+import { getSandboxDisplayInfo, resolveSandboxConfig } from '../../sandbox/index.js';
+export function sandboxMiddleware() {
+    return async (ctx, next) => {
+        const agentSandbox = ctx.agentConfig?.sandbox;
+        if (agentSandbox?.enabled) {
+            // Check if there's a tool-specific sandbox from tool_overrides (alias)
+            const toolOverride = ctx.agentConfig?.tool_overrides?.[ctx.toolName];
+            const toolOverrideSandbox = toolOverride?.sandbox;
+            ctx.meta.sandbox = resolveSandboxConfig(agentSandbox, ctx.toolName, toolOverrideSandbox);
+            ctx.meta.sandbox_info = getSandboxDisplayInfo(ctx.agentConfig, ctx.toolName, ctx.meta.sandbox);
+        }
+        return next();
+    };
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/middleware/core/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../../src/middleware/core/sandbox.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAErF,MAAM,UAAU,iBAAiB;IAC/B,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC;QAE9C,IAAI,YAAY,EAAE,OAAO,EAAE,CAAC;YAC1B,uEAAuE;YACvE,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,cAAc,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrE,MAAM,mBAAmB,GAAG,YAAY,EAAE,OAAO,CAAC;YAElD,GAAG,CAAC,IAAI,CAAC,OAAO,GAAG,oBAAoB,CAAC,YAAY,EAAE,GAAG,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;YACzF,GAAG,CAAC,IAAI,CAAC,YAAY,GAAG,qBAAqB,CAC3C,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,QAAQ,EACZ,GAAG,CAAC,IAAI,CAAC,OAAkD,CAC5D,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/registry/registry.d.ts

@@ -12,7 +12,7 @@ export declare class ToolRegistry {
     setAdapters(adapters: BackendAdapter[]): void;
     refresh(): Promise<void>;
     getFiltered(agentId: string): Tool[];
-    call(namespacedName: string, args: Record<string, unknown>, agentId: string): Promise<unknown>;
+    call(namespacedName: string, args: Record<string, unknown>, agentId: string, meta?: Record<string, unknown>): Promise<unknown>;
     getAllTools(): Tool[];
     stopAll(): Promise<void>;
 }

package/dist/registry/registry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAMvD,qBAAa,YAAY;IAIrB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,MAAM;IALhB,OAAO,CAAC,WAAW,CAAc;gBAGvB,QAAQ,EAAE,cAAc,EAAE,EAC1B,SAAS,EAAE,eAAe,EAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;IAG7C,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAI;IAIvD,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI;IAIvC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB9B,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE;IAsB9B,IAAI,CACR,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,OAAO,CAAC;IAgBnB,WAAW,IAAI,IAAI,EAAE;IAIf,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAMvD,qBAAa,YAAY;IAIrB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,MAAM;IALhB,OAAO,CAAC,WAAW,CAAc;gBAGvB,QAAQ,EAAE,cAAc,EAAE,EAC1B,SAAS,EAAE,eAAe,EAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;IAG7C,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAI;IAIvD,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI;IAIvC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB9B,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE;IAmC9B,IAAI,CACR,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,OAAO,CAAC;IAyBnB,WAAW,IAAI,IAAI,EAAE;IAIf,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}

package/dist/registry/registry.js

@@ -39,36 +39,54 @@ export class ToolRegistry {
     getFiltered(agentId) {
         const agent = this.agents[agentId];
         const overrides = agent?.tool_overrides ?? {};
-        return this.cachedTools
+        const filtered = this.cachedTools
             .filter((t) => this.allowlist.evaluate(agentId, t.name) !== 'deny')
-            .map((t) => {
-            const override = overrides[t.name];
-            // Trusted tools bypass sanitization entirely
-            if (override?.trusted) {
-                return {
-                    ...t,
-                    description: override.description ?? t.description,
-                };
+            .map((t) => ({
+            ...t,
+            description: sanitizeToolDescription(t.name, t.description, overrides[t.name]?.description),
+        }));
+        // Add alias tools from tool_overrides that have alias_of
+        for (const [aliasName, override] of Object.entries(overrides)) {
+            if (!override.alias_of)
+                continue;
+            // Find the base tool in the full tool list (not filtered)
+            const baseTool = this.cachedTools.find((t) => t.name === override.alias_of);
+            if (!baseTool) {
+                log.warn({ aliasName, aliasOf: override.alias_of }, 'Alias references unknown tool');
+                continue;
             }
-            return {
-                ...t,
-                description: sanitizeToolDescription(t.name, t.description, override?.description),
-            };
-        });
+            // Check if the alias itself is allowed
+            if (this.allowlist.evaluate(agentId, aliasName) === 'deny')
+                continue;
+            filtered.push({
+                ...baseTool,
+                name: aliasName,
+                description: sanitizeToolDescription(aliasName, baseTool.description, override.description),
+            });
+        }
+        return filtered;
     }
-    async call(namespacedName, args, agentId) {
+    async call(namespacedName, args, agentId, meta) {
+        // Resolve alias: if the tool name is an alias, map it to the real backend tool
+        let resolvedName = namespacedName;
+        const agent = this.agents[agentId];
+        const override = agent?.tool_overrides?.[namespacedName];
+        if (override?.alias_of) {
+            resolvedName = override.alias_of;
+            log.info({ alias: namespacedName, resolved: resolvedName }, 'Resolved tool alias');
+        }
         // Find the adapter that owns this tool by matching its prefix
         for (const adapter of this.adapters) {
             const prefix = getAdapterPrefix(adapter);
-            if (prefix && namespacedName.startsWith(prefix)) {
-                const result = await adapter.call({ tool: namespacedName, args, agentId });
+            if (prefix && resolvedName.startsWith(prefix)) {
+                const result = await adapter.call({ tool: resolvedName, args, agentId, meta });
                 if (!result.success) {
                     throw new Error(result.error ?? 'Tool call failed');
                 }
                 return result.data;
             }
         }
-        throw new Error(`Unknown tool: ${namespacedName}`);
+        throw new Error(`Unknown tool: ${resolvedName}`);
     }
     getAllTools() {
         return this.cachedTools;

package/dist/registry/registry.js.map

@@ -1 +1 @@
-{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;AAEpC,MAAM,OAAO,YAAY;IAIb;IACA;IACA;IALF,WAAW,GAAW,EAAE,CAAC;IAEjC,YACU,QAA0B,EAC1B,SAA0B,EAC1B,MAAmC;QAFnC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,cAAS,GAAT,SAAS,CAAiB;QAC1B,WAAM,GAAN,MAAM,CAA6B;IAC1C,CAAC;IAEJ,YAAY,CAAC,MAAmC;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,WAAW,CAAC,QAA0B;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAW,EAAE,CAAC;QAEzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC/C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;oBAChC,KAAK,CAAC,IAAI,CAAC;wBACT,GAAG,IAAI;wBACP,WAAW,EAAE,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC;qBAClE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,mCAAmC,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;IAC/D,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,SAAS,GAAG,KAAK,EAAE,cAAc,IAAI,EAAE,CAAC;QAE9C,OAAO,IAAI,CAAC,WAAW;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC;aAClE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACT,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACnC,6CAA6C;YAC7C,IAAI,QAAQ,EAAE,OAAO,EAAE,CAAC;gBACtB,OAAO;oBACL,GAAG,CAAC;oBACJ,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW;iBACnD,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,GAAG,CAAC;gBACJ,WAAW,EAAE,uBAAuB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,QAAQ,EAAE,WAAW,CAAC;aACnF,CAAC;QACJ,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,IAAI,CACR,cAAsB,EACtB,IAA6B,EAC7B,OAAe;QAEf,8DAA8D;QAC9D,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,MAAM,IAAI,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC3E,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,IAAI,kBAAkB,CAAC,CAAC;gBACtD,CAAC;gBACD,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iBAAiB,cAAc,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;CACF;AAED,mEAAmE;AACnE,SAAS,gBAAgB,CAAC,OAAuB;IAC/C,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,CAAC;IACtB,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,IAAI,EAAE,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,EAAE,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,OAAO,IAAI,CAAC;AACd,CAAC"}
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;AAEpC,MAAM,OAAO,YAAY;IAIb;IACA;IACA;IALF,WAAW,GAAW,EAAE,CAAC;IAEjC,YACU,QAA0B,EAC1B,SAA0B,EAC1B,MAAmC;QAFnC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,cAAS,GAAT,SAAS,CAAiB;QAC1B,WAAM,GAAN,MAAM,CAA6B;IAC1C,CAAC;IAEJ,YAAY,CAAC,MAAmC;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,WAAW,CAAC,QAA0B;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAW,EAAE,CAAC;QAEzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC/C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;oBAChC,KAAK,CAAC,IAAI,CAAC;wBACT,GAAG,IAAI;wBACP,WAAW,EAAE,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC;qBAClE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,mCAAmC,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;IAC/D,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,SAAS,GAAG,KAAK,EAAE,cAAc,IAAI,EAAE,CAAC;QAE9C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW;aAC9B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC;aAClE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,GAAG,CAAC;YACJ,WAAW,EAAE,uBAAuB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC;SAC5F,CAAC,CAAC,CAAC;QAEN,yDAAyD;QACzD,KAAK,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9D,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBAAE,SAAS;YAEjC,0DAA0D;YAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC5E,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAAE,+BAA+B,CAAC,CAAC;gBACrF,SAAS;YACX,CAAC;YAED,uCAAuC;YACvC,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,KAAK,MAAM;gBAAE,SAAS;YAErE,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG,QAAQ;gBACX,IAAI,EAAE,SAAS;gBACf,WAAW,EAAE,uBAAuB,CAAC,SAAS,EAAE,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,WAAW,CAAC;aAC5F,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,IAAI,CACR,cAAsB,EACtB,IAA6B,EAC7B,OAAe,EACf,IAA8B;QAE9B,+EAA+E;QAC/E,IAAI,YAAY,GAAG,cAAc,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,KAAK,EAAE,cAAc,EAAE,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;YACvB,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,qBAAqB,CAAC,CAAC;QACrF,CAAC;QAED,8DAA8D;QAC9D,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,MAAM,IAAI,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC/E,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,IAAI,kBAAkB,CAAC,CAAC;gBACtD,CAAC;gBACD,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iBAAiB,YAAY,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;CACF;AAED,mEAAmE;AACnE,SAAS,gBAAgB,CAAC,OAAuB;IAC/C,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,CAAC;IACtB,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,IAAI,EAAE,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,EAAE,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/sandbox/index.d.ts

@@ -0,0 +1,39 @@
+import type { AgentConfig, SandboxConfig, SandboxOverrideConfig } from '../config/schema.js';
+import { type SandboxRuntimeConfig } from '@anthropic-ai/sandbox-runtime';
+export interface ResolvedSandboxConfig {
+    filesystem: {
+        allow_write: string[];
+        deny_read: string[];
+        deny_write: string[];
+        allow_read?: string[];
+    };
+    network: {
+        allowed_domains: string[];
+        denied_domains: string[];
+    };
+}
+export interface SandboxDisplayInfo {
+    enabled: boolean;
+    presets: string[];
+    toolPresets: string[];
+    summary: string[];
+    config?: ResolvedSandboxConfig;
+}
+export declare function getSandboxDisplayInfo(agentConfig: AgentConfig, toolName: string, resolved?: ResolvedSandboxConfig): SandboxDisplayInfo | undefined;
+/**
+ * Resolve the effective sandbox config for a tool call.
+ * Merges base agent sandbox config with the most specific matching override.
+ * Also checks tool_overrides for alias-specific sandbox config.
+ */
+export declare function resolveSandboxConfig(sandboxConfig: SandboxConfig, toolName: string, toolOverrideSandbox?: SandboxOverrideConfig): ResolvedSandboxConfig;
+/**
+ * Convert a ResolvedSandboxConfig into a SandboxRuntimeConfig suitable for
+ * the @anthropic-ai/sandbox-runtime SandboxManager.
+ */
+export declare function toSandboxRuntimeConfig(config: ResolvedSandboxConfig): SandboxRuntimeConfig;
+/**
+ * Wraps a shell command using the SandboxManager programmatic API.
+ * Returns the wrapped command string that includes sandbox restrictions.
+ */
+export declare function wrapCommandWithSandbox(command: string, sandbox: ResolvedSandboxConfig): Promise<string>;
+//# sourceMappingURL=index.d.ts.map

package/dist/sandbox/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC7F,OAAO,EAAkB,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAE1F,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE;QACV,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;KACvB,CAAC;IACF,OAAO,EAAE;QACP,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,qBAAqB,CAAC;CAChC;AAuBD,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,qBAAqB,GAC/B,kBAAkB,GAAG,SAAS,CAchC;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,EAAE,aAAa,EAC5B,QAAQ,EAAE,MAAM,EAChB,mBAAmB,CAAC,EAAE,qBAAqB,GAC1C,qBAAqB,CAsBvB;AAuCD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,qBAAqB,GAAG,oBAAoB,CAa1F;AAsCD;;;GAGG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,MAAM,CAAC,CAIjB"}