airlock-bot 0.2.19 → 0.2.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +162 -24
- package/dist/backend/cli/adapter.d.ts.map +1 -1
- package/dist/backend/cli/adapter.js +7 -1
- package/dist/backend/cli/adapter.js.map +1 -1
- package/dist/backend/exec-adapter.d.ts.map +1 -1
- package/dist/backend/exec-adapter.js +2 -1
- package/dist/backend/exec-adapter.js.map +1 -1
- package/dist/backend/factory.d.ts.map +1 -1
- package/dist/backend/factory.js +3 -2
- package/dist/backend/factory.js.map +1 -1
- package/dist/backend/mcp-adapter.d.ts +7 -1
- package/dist/backend/mcp-adapter.d.ts.map +1 -1
- package/dist/backend/mcp-adapter.js +49 -1
- package/dist/backend/mcp-adapter.js.map +1 -1
- package/dist/config/loader.d.ts.map +1 -1
- package/dist/config/loader.js +23 -0
- package/dist/config/loader.js.map +1 -1
- package/dist/config/schema.d.ts +1518 -16
- package/dist/config/schema.d.ts.map +1 -1
- package/dist/config/schema.js +151 -3
- package/dist/config/schema.js.map +1 -1
- package/dist/hitl/engine.d.ts +2 -0
- package/dist/hitl/engine.d.ts.map +1 -1
- package/dist/hitl/engine.js +2 -0
- package/dist/hitl/engine.js.map +1 -1
- package/dist/hitl/formatter.d.ts.map +1 -1
- package/dist/hitl/formatter.js +17 -1
- package/dist/hitl/formatter.js.map +1 -1
- package/dist/hitl/providers/tui.d.ts.map +1 -1
- package/dist/hitl/providers/tui.js +4 -0
- package/dist/hitl/providers/tui.js.map +1 -1
- package/dist/hitl/providers/types.d.ts +2 -0
- package/dist/hitl/providers/types.d.ts.map +1 -1
- package/dist/middleware/chain-builder.d.ts.map +1 -1
- package/dist/middleware/chain-builder.js +3 -1
- package/dist/middleware/chain-builder.js.map +1 -1
- package/dist/middleware/core/execute.d.ts.map +1 -1
- package/dist/middleware/core/execute.js +9 -3
- package/dist/middleware/core/execute.js.map +1 -1
- package/dist/middleware/core/hitl-gate.d.ts.map +1 -1
- package/dist/middleware/core/hitl-gate.js +16 -3
- package/dist/middleware/core/hitl-gate.js.map +1 -1
- package/dist/middleware/core/sandbox.d.ts +3 -0
- package/dist/middleware/core/sandbox.d.ts.map +1 -0
- package/dist/middleware/core/sandbox.js +15 -0
- package/dist/middleware/core/sandbox.js.map +1 -0
- package/dist/registry/registry.d.ts +1 -1
- package/dist/registry/registry.d.ts.map +1 -1
- package/dist/registry/registry.js +36 -18
- package/dist/registry/registry.js.map +1 -1
- package/dist/sandbox/index.d.ts +39 -0
- package/dist/sandbox/index.d.ts.map +1 -0
- package/dist/sandbox/index.js +147 -0
- package/dist/sandbox/index.js.map +1 -0
- package/dist/tools/exec.d.ts +2 -1
- package/dist/tools/exec.d.ts.map +1 -1
- package/dist/tools/exec.js +5 -2
- package/dist/tools/exec.js.map +1 -1
- package/dist/types.d.ts +1 -0
- package/dist/types.d.ts.map +1 -1
- package/examples/gateway.yaml +30 -0
- package/examples/sandbox-presets.yaml +142 -0
- package/package.json +7 -1
- package/schema.json +293 -3
|
@@ -1,16 +1,29 @@
|
|
|
1
1
|
import { McpError, ErrorCode } from '@modelcontextprotocol/sdk/types.js';
|
|
2
|
+
function serializeAuditArgs(args, meta) {
|
|
3
|
+
const sandbox = meta.sandbox_info;
|
|
4
|
+
if (!sandbox)
|
|
5
|
+
return JSON.stringify(args);
|
|
6
|
+
return JSON.stringify({ ...args, _airlock: { sandbox } });
|
|
7
|
+
}
|
|
2
8
|
export function hitlGateMiddleware() {
|
|
3
9
|
return async (ctx, next) => {
|
|
4
10
|
if (!ctx.meta.needsApproval)
|
|
5
11
|
return next();
|
|
6
12
|
const { hitlEngine, hitlBatcher, auditLogger } = ctx.deps;
|
|
7
|
-
const
|
|
13
|
+
const sandboxInfo = ctx.meta.sandbox_info;
|
|
14
|
+
const ticket = hitlEngine.create({
|
|
15
|
+
agentId: ctx.agentId,
|
|
16
|
+
tool: ctx.toolName,
|
|
17
|
+
args: ctx.args,
|
|
18
|
+
sandbox: sandboxInfo,
|
|
19
|
+
});
|
|
8
20
|
hitlBatcher.add({
|
|
9
21
|
id: ticket.id,
|
|
10
22
|
code: ticket.code,
|
|
11
23
|
agentId: ctx.agentId,
|
|
12
24
|
tool: ctx.toolName,
|
|
13
25
|
args: ctx.args,
|
|
26
|
+
...(sandboxInfo ? { sandbox: sandboxInfo } : {}),
|
|
14
27
|
timeoutMs: hitlEngine.timeoutMs,
|
|
15
28
|
});
|
|
16
29
|
// If the transport provides an abort signal, race the HITL promise against it
|
|
@@ -50,7 +63,7 @@ export function hitlGateMiddleware() {
|
|
|
50
63
|
auditLogger.log({
|
|
51
64
|
agent_id: ctx.agentId,
|
|
52
65
|
tool: ctx.toolName,
|
|
53
|
-
args:
|
|
66
|
+
args: serializeAuditArgs(ctx.args, ctx.meta),
|
|
54
67
|
result: 'hitl_denied',
|
|
55
68
|
});
|
|
56
69
|
throw new McpError(ErrorCode.InvalidRequest, 'Request denied by operator');
|
|
@@ -59,7 +72,7 @@ export function hitlGateMiddleware() {
|
|
|
59
72
|
auditLogger.log({
|
|
60
73
|
agent_id: ctx.agentId,
|
|
61
74
|
tool: ctx.toolName,
|
|
62
|
-
args:
|
|
75
|
+
args: serializeAuditArgs(ctx.args, ctx.meta),
|
|
63
76
|
result: 'hitl_timeout',
|
|
64
77
|
});
|
|
65
78
|
throw new McpError(ErrorCode.InvalidRequest, 'Approval timed out. Re-request when operator is available.');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hitl-gate.js","sourceRoot":"","sources":["../../../src/middleware/core/hitl-gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"hitl-gate.js","sourceRoot":"","sources":["../../../src/middleware/core/hitl-gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAIzE,SAAS,kBAAkB,CAAC,IAA6B,EAAE,IAA6B;IACtF,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,EAAE,CAAC;QAE3C,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAC1D,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC,YAA8C,CAAC;QAC5E,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;YAC/B,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,OAAO,EAAE,WAAW;SACrB,CAAC,CAAC;QAEH,WAAW,CAAC,GAAG,CAAC;YACd,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,SAAS,EAAE,UAAU,CAAC,SAAS;SAChC,CAAC,CAAC;QAEH,8EAA8E;QAC9E,gDAAgD;QAChD,IAAI,MAAsD,CAAC;QAC3D,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAC1B,MAAM,CAAC,MAAM;gBACb,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,EAAE;oBACtC,IAAI,GAAG,CAAC,MAAO,CAAC,OAAO,EAAE,CAAC;wBACxB,OAAO,CAAC,cAAc,CAAC,CAAC;oBAC1B,CAAC;yBAAM,CAAC;wBACN,GAAG,CAAC,MAAO,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;oBACvF,CAAC;gBACH,CAAC,CAAC;aACH,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YAC/B,sDAAsD;YACtD,MAAM,GAAG,cAAc,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC;QAC/B,CAAC;QAED,IAAI,MAAM,KAAK,cAAc,EAAE,CAAC;YAC9B,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC7B,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC9B,MAAM,EAAE,mBAAmB;aAC5B,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,8CAA8C,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxB,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC;gBAC5C,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,4BAA4B,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,WAAW,CAAC,GAAG,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO;gBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC;gBAC5C,MAAM,EAAE,cAAc;aACvB,CAAC,CAAC;YACH,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,cAAc,EACxB,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../../src/middleware/core/sandbox.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAG9C,wBAAgB,iBAAiB,IAAI,UAAU,CAmB9C"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { getSandboxDisplayInfo, resolveSandboxConfig } from '../../sandbox/index.js';
|
|
2
|
+
export function sandboxMiddleware() {
|
|
3
|
+
return async (ctx, next) => {
|
|
4
|
+
const agentSandbox = ctx.agentConfig?.sandbox;
|
|
5
|
+
if (agentSandbox?.enabled) {
|
|
6
|
+
// Check if there's a tool-specific sandbox from tool_overrides (alias)
|
|
7
|
+
const toolOverride = ctx.agentConfig?.tool_overrides?.[ctx.toolName];
|
|
8
|
+
const toolOverrideSandbox = toolOverride?.sandbox;
|
|
9
|
+
ctx.meta.sandbox = resolveSandboxConfig(agentSandbox, ctx.toolName, toolOverrideSandbox);
|
|
10
|
+
ctx.meta.sandbox_info = getSandboxDisplayInfo(ctx.agentConfig, ctx.toolName, ctx.meta.sandbox);
|
|
11
|
+
}
|
|
12
|
+
return next();
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=sandbox.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../../src/middleware/core/sandbox.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAErF,MAAM,UAAU,iBAAiB;IAC/B,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC;QAE9C,IAAI,YAAY,EAAE,OAAO,EAAE,CAAC;YAC1B,uEAAuE;YACvE,MAAM,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,cAAc,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrE,MAAM,mBAAmB,GAAG,YAAY,EAAE,OAAO,CAAC;YAElD,GAAG,CAAC,IAAI,CAAC,OAAO,GAAG,oBAAoB,CAAC,YAAY,EAAE,GAAG,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;YACzF,GAAG,CAAC,IAAI,CAAC,YAAY,GAAG,qBAAqB,CAC3C,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,QAAQ,EACZ,GAAG,CAAC,IAAI,CAAC,OAAkD,CAC5D,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -12,7 +12,7 @@ export declare class ToolRegistry {
|
|
|
12
12
|
setAdapters(adapters: BackendAdapter[]): void;
|
|
13
13
|
refresh(): Promise<void>;
|
|
14
14
|
getFiltered(agentId: string): Tool[];
|
|
15
|
-
call(namespacedName: string, args: Record<string, unknown>, agentId: string): Promise<unknown>;
|
|
15
|
+
call(namespacedName: string, args: Record<string, unknown>, agentId: string, meta?: Record<string, unknown>): Promise<unknown>;
|
|
16
16
|
getAllTools(): Tool[];
|
|
17
17
|
stopAll(): Promise<void>;
|
|
18
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAMvD,qBAAa,YAAY;IAIrB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,MAAM;IALhB,OAAO,CAAC,WAAW,CAAc;gBAGvB,QAAQ,EAAE,cAAc,EAAE,EAC1B,SAAS,EAAE,eAAe,EAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;IAG7C,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAI;IAIvD,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI;IAIvC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB9B,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE;
|
|
1
|
+
{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAMvD,qBAAa,YAAY;IAIrB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,MAAM;IALhB,OAAO,CAAC,WAAW,CAAc;gBAGvB,QAAQ,EAAE,cAAc,EAAE,EAC1B,SAAS,EAAE,eAAe,EAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;IAG7C,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAI;IAIvD,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI;IAIvC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB9B,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE;IAmC9B,IAAI,CACR,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,OAAO,CAAC;IAyBnB,WAAW,IAAI,IAAI,EAAE;IAIf,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}
|
|
@@ -39,36 +39,54 @@ export class ToolRegistry {
|
|
|
39
39
|
getFiltered(agentId) {
|
|
40
40
|
const agent = this.agents[agentId];
|
|
41
41
|
const overrides = agent?.tool_overrides ?? {};
|
|
42
|
-
|
|
42
|
+
const filtered = this.cachedTools
|
|
43
43
|
.filter((t) => this.allowlist.evaluate(agentId, t.name) !== 'deny')
|
|
44
|
-
.map((t) => {
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
44
|
+
.map((t) => ({
|
|
45
|
+
...t,
|
|
46
|
+
description: sanitizeToolDescription(t.name, t.description, overrides[t.name]?.description),
|
|
47
|
+
}));
|
|
48
|
+
// Add alias tools from tool_overrides that have alias_of
|
|
49
|
+
for (const [aliasName, override] of Object.entries(overrides)) {
|
|
50
|
+
if (!override.alias_of)
|
|
51
|
+
continue;
|
|
52
|
+
// Find the base tool in the full tool list (not filtered)
|
|
53
|
+
const baseTool = this.cachedTools.find((t) => t.name === override.alias_of);
|
|
54
|
+
if (!baseTool) {
|
|
55
|
+
log.warn({ aliasName, aliasOf: override.alias_of }, 'Alias references unknown tool');
|
|
56
|
+
continue;
|
|
52
57
|
}
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
+
// Check if the alias itself is allowed
|
|
59
|
+
if (this.allowlist.evaluate(agentId, aliasName) === 'deny')
|
|
60
|
+
continue;
|
|
61
|
+
filtered.push({
|
|
62
|
+
...baseTool,
|
|
63
|
+
name: aliasName,
|
|
64
|
+
description: sanitizeToolDescription(aliasName, baseTool.description, override.description),
|
|
65
|
+
});
|
|
66
|
+
}
|
|
67
|
+
return filtered;
|
|
58
68
|
}
|
|
59
|
-
async call(namespacedName, args, agentId) {
|
|
69
|
+
async call(namespacedName, args, agentId, meta) {
|
|
70
|
+
// Resolve alias: if the tool name is an alias, map it to the real backend tool
|
|
71
|
+
let resolvedName = namespacedName;
|
|
72
|
+
const agent = this.agents[agentId];
|
|
73
|
+
const override = agent?.tool_overrides?.[namespacedName];
|
|
74
|
+
if (override?.alias_of) {
|
|
75
|
+
resolvedName = override.alias_of;
|
|
76
|
+
log.info({ alias: namespacedName, resolved: resolvedName }, 'Resolved tool alias');
|
|
77
|
+
}
|
|
60
78
|
// Find the adapter that owns this tool by matching its prefix
|
|
61
79
|
for (const adapter of this.adapters) {
|
|
62
80
|
const prefix = getAdapterPrefix(adapter);
|
|
63
|
-
if (prefix &&
|
|
64
|
-
const result = await adapter.call({ tool:
|
|
81
|
+
if (prefix && resolvedName.startsWith(prefix)) {
|
|
82
|
+
const result = await adapter.call({ tool: resolvedName, args, agentId, meta });
|
|
65
83
|
if (!result.success) {
|
|
66
84
|
throw new Error(result.error ?? 'Tool call failed');
|
|
67
85
|
}
|
|
68
86
|
return result.data;
|
|
69
87
|
}
|
|
70
88
|
}
|
|
71
|
-
throw new Error(`Unknown tool: ${
|
|
89
|
+
throw new Error(`Unknown tool: ${resolvedName}`);
|
|
72
90
|
}
|
|
73
91
|
getAllTools() {
|
|
74
92
|
return this.cachedTools;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;AAEpC,MAAM,OAAO,YAAY;IAIb;IACA;IACA;IALF,WAAW,GAAW,EAAE,CAAC;IAEjC,YACU,QAA0B,EAC1B,SAA0B,EAC1B,MAAmC;QAFnC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,cAAS,GAAT,SAAS,CAAiB;QAC1B,WAAM,GAAN,MAAM,CAA6B;IAC1C,CAAC;IAEJ,YAAY,CAAC,MAAmC;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,WAAW,CAAC,QAA0B;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAW,EAAE,CAAC;QAEzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC/C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;oBAChC,KAAK,CAAC,IAAI,CAAC;wBACT,GAAG,IAAI;wBACP,WAAW,EAAE,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC;qBAClE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,mCAAmC,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;IAC/D,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,SAAS,GAAG,KAAK,EAAE,cAAc,IAAI,EAAE,CAAC;QAE9C,
|
|
1
|
+
{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;AAEpC,MAAM,OAAO,YAAY;IAIb;IACA;IACA;IALF,WAAW,GAAW,EAAE,CAAC;IAEjC,YACU,QAA0B,EAC1B,SAA0B,EAC1B,MAAmC;QAFnC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,cAAS,GAAT,SAAS,CAAiB;QAC1B,WAAM,GAAN,MAAM,CAA6B;IAC1C,CAAC;IAEJ,YAAY,CAAC,MAAmC;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,WAAW,CAAC,QAA0B;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAW,EAAE,CAAC;QAEzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC/C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;oBAChC,KAAK,CAAC,IAAI,CAAC;wBACT,GAAG,IAAI;wBACP,WAAW,EAAE,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC;qBAClE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,mCAAmC,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;IAC/D,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,SAAS,GAAG,KAAK,EAAE,cAAc,IAAI,EAAE,CAAC;QAE9C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW;aAC9B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC;aAClE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,GAAG,CAAC;YACJ,WAAW,EAAE,uBAAuB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC;SAC5F,CAAC,CAAC,CAAC;QAEN,yDAAyD;QACzD,KAAK,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9D,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBAAE,SAAS;YAEjC,0DAA0D;YAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC5E,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAAE,+BAA+B,CAAC,CAAC;gBACrF,SAAS;YACX,CAAC;YAED,uCAAuC;YACvC,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,KAAK,MAAM;gBAAE,SAAS;YAErE,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG,QAAQ;gBACX,IAAI,EAAE,SAAS;gBACf,WAAW,EAAE,uBAAuB,CAAC,SAAS,EAAE,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,WAAW,CAAC;aAC5F,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,IAAI,CACR,cAAsB,EACtB,IAA6B,EAC7B,OAAe,EACf,IAA8B;QAE9B,+EAA+E;QAC/E,IAAI,YAAY,GAAG,cAAc,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,KAAK,EAAE,cAAc,EAAE,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;YACvB,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,qBAAqB,CAAC,CAAC;QACrF,CAAC;QAED,8DAA8D;QAC9D,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,MAAM,IAAI,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC/E,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,IAAI,kBAAkB,CAAC,CAAC;gBACtD,CAAC;gBACD,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iBAAiB,YAAY,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;CACF;AAED,mEAAmE;AACnE,SAAS,gBAAgB,CAAC,OAAuB;IAC/C,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,CAAC;IACtB,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,IAAI,EAAE,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,EAAE,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import type { AgentConfig, SandboxConfig, SandboxOverrideConfig } from '../config/schema.js';
|
|
2
|
+
import { type SandboxRuntimeConfig } from '@anthropic-ai/sandbox-runtime';
|
|
3
|
+
export interface ResolvedSandboxConfig {
|
|
4
|
+
filesystem: {
|
|
5
|
+
allow_write: string[];
|
|
6
|
+
deny_read: string[];
|
|
7
|
+
deny_write: string[];
|
|
8
|
+
allow_read?: string[];
|
|
9
|
+
};
|
|
10
|
+
network: {
|
|
11
|
+
allowed_domains: string[];
|
|
12
|
+
denied_domains: string[];
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
export interface SandboxDisplayInfo {
|
|
16
|
+
enabled: boolean;
|
|
17
|
+
presets: string[];
|
|
18
|
+
toolPresets: string[];
|
|
19
|
+
summary: string[];
|
|
20
|
+
config?: ResolvedSandboxConfig;
|
|
21
|
+
}
|
|
22
|
+
export declare function getSandboxDisplayInfo(agentConfig: AgentConfig, toolName: string, resolved?: ResolvedSandboxConfig): SandboxDisplayInfo | undefined;
|
|
23
|
+
/**
|
|
24
|
+
* Resolve the effective sandbox config for a tool call.
|
|
25
|
+
* Merges base agent sandbox config with the most specific matching override.
|
|
26
|
+
* Also checks tool_overrides for alias-specific sandbox config.
|
|
27
|
+
*/
|
|
28
|
+
export declare function resolveSandboxConfig(sandboxConfig: SandboxConfig, toolName: string, toolOverrideSandbox?: SandboxOverrideConfig): ResolvedSandboxConfig;
|
|
29
|
+
/**
|
|
30
|
+
* Convert a ResolvedSandboxConfig into a SandboxRuntimeConfig suitable for
|
|
31
|
+
* the @anthropic-ai/sandbox-runtime SandboxManager.
|
|
32
|
+
*/
|
|
33
|
+
export declare function toSandboxRuntimeConfig(config: ResolvedSandboxConfig): SandboxRuntimeConfig;
|
|
34
|
+
/**
|
|
35
|
+
* Wraps a shell command using the SandboxManager programmatic API.
|
|
36
|
+
* Returns the wrapped command string that includes sandbox restrictions.
|
|
37
|
+
*/
|
|
38
|
+
export declare function wrapCommandWithSandbox(command: string, sandbox: ResolvedSandboxConfig): Promise<string>;
|
|
39
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC7F,OAAO,EAAkB,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAE1F,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE;QACV,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;KACvB,CAAC;IACF,OAAO,EAAE;QACP,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,qBAAqB,CAAC;CAChC;AAuBD,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,qBAAqB,GAC/B,kBAAkB,GAAG,SAAS,CAchC;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,EAAE,aAAa,EAC5B,QAAQ,EAAE,MAAM,EAChB,mBAAmB,CAAC,EAAE,qBAAqB,GAC1C,qBAAqB,CAsBvB;AAuCD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,qBAAqB,GAAG,oBAAoB,CAa1F;AAsCD;;;GAGG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,MAAM,CAAC,CAIjB"}
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
import { matches } from '../allowlist/pattern.js';
|
|
2
|
+
import { SandboxManager } from '@anthropic-ai/sandbox-runtime';
|
|
3
|
+
function summarizeSandbox(config) {
|
|
4
|
+
const summary = [];
|
|
5
|
+
summary.push(config.network.allowed_domains.length === 0
|
|
6
|
+
? 'network:none'
|
|
7
|
+
: `network:${config.network.allowed_domains.join(',')}`);
|
|
8
|
+
if (config.filesystem.allow_write.length > 0) {
|
|
9
|
+
summary.push(`write:${config.filesystem.allow_write.join(',')}`);
|
|
10
|
+
}
|
|
11
|
+
if (config.filesystem.allow_read && config.filesystem.allow_read.length > 0) {
|
|
12
|
+
summary.push(`read:${config.filesystem.allow_read.join(',')}`);
|
|
13
|
+
}
|
|
14
|
+
if (config.filesystem.deny_read.length > 0) {
|
|
15
|
+
summary.push(`deny-read:${config.filesystem.deny_read.join(',')}`);
|
|
16
|
+
}
|
|
17
|
+
return summary;
|
|
18
|
+
}
|
|
19
|
+
export function getSandboxDisplayInfo(agentConfig, toolName, resolved) {
|
|
20
|
+
if (!agentConfig.sandbox.enabled || !resolved)
|
|
21
|
+
return undefined;
|
|
22
|
+
const toolOverride = agentConfig.tool_overrides[toolName];
|
|
23
|
+
const presets = agentConfig.sandbox.presets ?? [];
|
|
24
|
+
const toolPresets = toolOverride?.sandbox_presets ?? [];
|
|
25
|
+
return {
|
|
26
|
+
enabled: true,
|
|
27
|
+
presets,
|
|
28
|
+
toolPresets,
|
|
29
|
+
summary: summarizeSandbox(resolved),
|
|
30
|
+
config: resolved,
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Resolve the effective sandbox config for a tool call.
|
|
35
|
+
* Merges base agent sandbox config with the most specific matching override.
|
|
36
|
+
* Also checks tool_overrides for alias-specific sandbox config.
|
|
37
|
+
*/
|
|
38
|
+
export function resolveSandboxConfig(sandboxConfig, toolName, toolOverrideSandbox) {
|
|
39
|
+
const base = {
|
|
40
|
+
filesystem: { ...sandboxConfig.filesystem },
|
|
41
|
+
network: { ...sandboxConfig.network },
|
|
42
|
+
};
|
|
43
|
+
// Find matching overrides from sandbox.overrides, most specific wins
|
|
44
|
+
// (exact match > longer prefix > shorter prefix)
|
|
45
|
+
const matchingOverrides = Object.entries(sandboxConfig.overrides)
|
|
46
|
+
.filter(([pattern]) => matches(pattern, toolName))
|
|
47
|
+
.sort((a, b) => b[0].length - a[0].length); // longer patterns first
|
|
48
|
+
if (matchingOverrides.length > 0) {
|
|
49
|
+
mergeOverride(base, matchingOverrides[0][1]);
|
|
50
|
+
}
|
|
51
|
+
// Tool-specific sandbox from tool_overrides (alias) takes highest priority
|
|
52
|
+
if (toolOverrideSandbox) {
|
|
53
|
+
mergeOverride(base, toolOverrideSandbox);
|
|
54
|
+
}
|
|
55
|
+
return base;
|
|
56
|
+
}
|
|
57
|
+
function mergeOverride(base, override) {
|
|
58
|
+
if (override.filesystem) {
|
|
59
|
+
// allow_write replaces (the tool flavor defines its own restrictions)
|
|
60
|
+
if (override.filesystem.allow_write !== undefined) {
|
|
61
|
+
base.filesystem.allow_write = override.filesystem.allow_write;
|
|
62
|
+
}
|
|
63
|
+
// deny_read is additive
|
|
64
|
+
if (override.filesystem.deny_read !== undefined) {
|
|
65
|
+
base.filesystem.deny_read = [...base.filesystem.deny_read, ...override.filesystem.deny_read];
|
|
66
|
+
}
|
|
67
|
+
// deny_write is additive
|
|
68
|
+
if (override.filesystem.deny_write !== undefined) {
|
|
69
|
+
base.filesystem.deny_write = [
|
|
70
|
+
...base.filesystem.deny_write,
|
|
71
|
+
...override.filesystem.deny_write,
|
|
72
|
+
];
|
|
73
|
+
}
|
|
74
|
+
// allow_read replaces
|
|
75
|
+
if (override.filesystem.allow_read !== undefined) {
|
|
76
|
+
base.filesystem.allow_read = override.filesystem.allow_read;
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
if (override.network) {
|
|
80
|
+
// allowed_domains replaces
|
|
81
|
+
if (override.network.allowed_domains !== undefined) {
|
|
82
|
+
base.network.allowed_domains = override.network.allowed_domains;
|
|
83
|
+
}
|
|
84
|
+
// denied_domains is additive
|
|
85
|
+
if (override.network.denied_domains !== undefined) {
|
|
86
|
+
base.network.denied_domains = [
|
|
87
|
+
...base.network.denied_domains,
|
|
88
|
+
...override.network.denied_domains,
|
|
89
|
+
];
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Convert a ResolvedSandboxConfig into a SandboxRuntimeConfig suitable for
|
|
95
|
+
* the @anthropic-ai/sandbox-runtime SandboxManager.
|
|
96
|
+
*/
|
|
97
|
+
export function toSandboxRuntimeConfig(config) {
|
|
98
|
+
return {
|
|
99
|
+
filesystem: {
|
|
100
|
+
allowWrite: config.filesystem.allow_write,
|
|
101
|
+
denyRead: config.filesystem.deny_read,
|
|
102
|
+
denyWrite: config.filesystem.deny_write,
|
|
103
|
+
...(config.filesystem.allow_read ? { allowRead: config.filesystem.allow_read } : {}),
|
|
104
|
+
},
|
|
105
|
+
network: {
|
|
106
|
+
allowedDomains: config.network.allowed_domains,
|
|
107
|
+
deniedDomains: config.network.denied_domains,
|
|
108
|
+
},
|
|
109
|
+
};
|
|
110
|
+
}
|
|
111
|
+
async function ensureSandboxRuntime(config) {
|
|
112
|
+
if (typeof SandboxManager.isSupportedPlatform === 'function' &&
|
|
113
|
+
!SandboxManager.isSupportedPlatform()) {
|
|
114
|
+
throw new Error('Sandbox runtime is not supported on this platform');
|
|
115
|
+
}
|
|
116
|
+
const canInitialize = typeof SandboxManager.initialize === 'function';
|
|
117
|
+
const isEnabled = typeof SandboxManager.isSandboxingEnabled === 'function'
|
|
118
|
+
? SandboxManager.isSandboxingEnabled()
|
|
119
|
+
: false;
|
|
120
|
+
if (canInitialize && !isEnabled) {
|
|
121
|
+
await SandboxManager.initialize(config);
|
|
122
|
+
return;
|
|
123
|
+
}
|
|
124
|
+
if (typeof SandboxManager.updateConfig === 'function') {
|
|
125
|
+
SandboxManager.updateConfig(config);
|
|
126
|
+
}
|
|
127
|
+
if (typeof SandboxManager.waitForNetworkInitialization === 'function') {
|
|
128
|
+
const ready = await SandboxManager.waitForNetworkInitialization();
|
|
129
|
+
if (!ready && canInitialize) {
|
|
130
|
+
await SandboxManager.initialize(config);
|
|
131
|
+
}
|
|
132
|
+
return;
|
|
133
|
+
}
|
|
134
|
+
if (canInitialize) {
|
|
135
|
+
await SandboxManager.initialize(config);
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Wraps a shell command using the SandboxManager programmatic API.
|
|
140
|
+
* Returns the wrapped command string that includes sandbox restrictions.
|
|
141
|
+
*/
|
|
142
|
+
export async function wrapCommandWithSandbox(command, sandbox) {
|
|
143
|
+
const runtimeConfig = toSandboxRuntimeConfig(sandbox);
|
|
144
|
+
await ensureSandboxRuntime(runtimeConfig);
|
|
145
|
+
return SandboxManager.wrapWithSandbox(command, undefined, runtimeConfig);
|
|
146
|
+
}
|
|
147
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAElD,OAAO,EAAE,cAAc,EAA6B,MAAM,+BAA+B,CAAC;AAuB1F,SAAS,gBAAgB,CAAC,MAA6B;IACrD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CACV,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC;QACzC,CAAC,CAAC,cAAc;QAChB,CAAC,CAAC,WAAW,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC1D,CAAC;IAEF,IAAI,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,OAAO,CAAC,IAAI,CAAC,QAAQ,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,WAAwB,EACxB,QAAgB,EAChB,QAAgC;IAEhC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,QAAQ;QAAE,OAAO,SAAS,CAAC;IAEhE,MAAM,YAAY,GAAG,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;IAClD,MAAM,WAAW,GAAG,YAAY,EAAE,eAAe,IAAI,EAAE,CAAC;IAExD,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO;QACP,WAAW;QACX,OAAO,EAAE,gBAAgB,CAAC,QAAQ,CAAC;QACnC,MAAM,EAAE,QAAQ;KACjB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,aAA4B,EAC5B,QAAgB,EAChB,mBAA2C;IAE3C,MAAM,IAAI,GAA0B;QAClC,UAAU,EAAE,EAAE,GAAG,aAAa,CAAC,UAAU,EAAE;QAC3C,OAAO,EAAE,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE;KACtC,CAAC;IAEF,qEAAqE;IACrE,iDAAiD;IACjD,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC;SAC9D,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;SACjD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,wBAAwB;IAEtE,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,aAAa,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,2EAA2E;IAC3E,IAAI,mBAAmB,EAAE,CAAC;QACxB,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,IAA2B,EAAE,QAA+B;IACjF,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,sEAAsE;QACtE,IAAI,QAAQ,CAAC,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAClD,IAAI,CAAC,UAAU,CAAC,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;QAChE,CAAC;QACD,wBAAwB;QACxB,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAChD,IAAI,CAAC,UAAU,CAAC,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC/F,CAAC;QACD,yBAAyB;QACzB,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACjD,IAAI,CAAC,UAAU,CAAC,UAAU,GAAG;gBAC3B,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU;gBAC7B,GAAG,QAAQ,CAAC,UAAU,CAAC,UAAU;aAClC,CAAC;QACJ,CAAC;QACD,sBAAsB;QACtB,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACjD,IAAI,CAAC,UAAU,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACrB,2BAA2B;QAC3B,IAAI,QAAQ,CAAC,OAAO,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;YACnD,IAAI,CAAC,OAAO,CAAC,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC;QAClE,CAAC;QACD,6BAA6B;QAC7B,IAAI,QAAQ,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YAClD,IAAI,CAAC,OAAO,CAAC,cAAc,GAAG;gBAC5B,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc;gBAC9B,GAAG,QAAQ,CAAC,OAAO,CAAC,cAAc;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAA6B;IAClE,OAAO;QACL,UAAU,EAAE;YACV,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,WAAW;YACzC,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,SAAS;YACrC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,UAAU;YACvC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACrF;QACD,OAAO,EAAE;YACP,cAAc,EAAE,MAAM,CAAC,OAAO,CAAC,eAAe;YAC9C,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,cAAc;SAC7C;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,MAA4B;IAC9D,IACE,OAAO,cAAc,CAAC,mBAAmB,KAAK,UAAU;QACxD,CAAC,cAAc,CAAC,mBAAmB,EAAE,EACrC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,cAAc,CAAC,UAAU,KAAK,UAAU,CAAC;IACtE,MAAM,SAAS,GACb,OAAO,cAAc,CAAC,mBAAmB,KAAK,UAAU;QACtD,CAAC,CAAC,cAAc,CAAC,mBAAmB,EAAE;QACtC,CAAC,CAAC,KAAK,CAAC;IAEZ,IAAI,aAAa,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACxC,OAAO;IACT,CAAC;IAED,IAAI,OAAO,cAAc,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;QACtD,cAAc,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,OAAO,cAAc,CAAC,4BAA4B,KAAK,UAAU,EAAE,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,4BAA4B,EAAE,CAAC;QAClE,IAAI,CAAC,KAAK,IAAI,aAAa,EAAE,CAAC;YAC5B,MAAM,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAe,EACf,OAA8B;IAE9B,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACtD,MAAM,oBAAoB,CAAC,aAAa,CAAC,CAAC;IAC1C,OAAO,cAAc,CAAC,eAAe,CAAC,OAAO,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;AAC3E,CAAC"}
|
package/dist/tools/exec.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import type { AgentConfig } from '../config/schema.js';
|
|
2
2
|
import type { Tool } from '@modelcontextprotocol/sdk/types.js';
|
|
3
|
+
import { type ResolvedSandboxConfig } from '../sandbox/index.js';
|
|
3
4
|
export interface ExecResult {
|
|
4
5
|
exit_code: number | null;
|
|
5
6
|
stdout: string;
|
|
@@ -16,5 +17,5 @@ export declare function buildExecTool(): Tool;
|
|
|
16
17
|
*/
|
|
17
18
|
export declare function containsShellInjection(command: string): boolean;
|
|
18
19
|
export declare function evaluateExecCommand(command: string, agentConfig: AgentConfig): ExecDecision;
|
|
19
|
-
export declare function executeExec(command: string, agentConfig: AgentConfig, cwd?: string, timeoutMs?: number): Promise<ExecResult>;
|
|
20
|
+
export declare function executeExec(command: string, agentConfig: AgentConfig, cwd?: string, timeoutMs?: number, sandbox?: ResolvedSandboxConfig): Promise<ExecResult>;
|
|
20
21
|
//# sourceMappingURL=exec.d.ts.map
|
package/dist/tools/exec.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/tools/exec.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/tools/exec.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE/D,OAAO,EAA0B,KAAK,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAEzF,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;AAOpD,wBAAgB,aAAa,IAAI,IAAI,CAcpC;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,GAAG,YAAY,CAS3F;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,WAAW,EACxB,GAAG,CAAC,EAAE,MAAM,EACZ,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,UAAU,CAAC,CAsErB"}
|
package/dist/tools/exec.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { spawn } from 'child_process';
|
|
2
2
|
import { matchesCommand } from '../allowlist/pattern.js';
|
|
3
|
+
import { wrapCommandWithSandbox } from '../sandbox/index.js';
|
|
3
4
|
const MAX_OUTPUT_BYTES = 10 * 1024 * 1024; // 10MB cap on stdout/stderr
|
|
4
5
|
/** Shell metacharacters that allow command chaining / injection */
|
|
5
6
|
const SHELL_INJECTION_RE = /[;|&`$(){}]/;
|
|
@@ -38,11 +39,13 @@ export function evaluateExecCommand(command, agentConfig) {
|
|
|
38
39
|
return 'allow';
|
|
39
40
|
return 'deny'; // fail-closed
|
|
40
41
|
}
|
|
41
|
-
export async function executeExec(command, agentConfig, cwd, timeoutMs) {
|
|
42
|
+
export async function executeExec(command, agentConfig, cwd, timeoutMs, sandbox) {
|
|
42
43
|
const timeout = timeoutMs ?? agentConfig.exec.default_timeout_ms;
|
|
43
44
|
const start = Date.now();
|
|
45
|
+
// Wrap command with sandbox if config is provided
|
|
46
|
+
const effectiveCommand = sandbox ? await wrapCommandWithSandbox(command, sandbox) : command;
|
|
44
47
|
return new Promise((resolve, reject) => {
|
|
45
|
-
const child = spawn('/bin/sh', ['-c',
|
|
48
|
+
const child = spawn('/bin/sh', ['-c', effectiveCommand], {
|
|
46
49
|
cwd,
|
|
47
50
|
env: agentConfig.exec.env,
|
|
48
51
|
stdio: ['ignore', 'pipe', 'pipe'],
|
package/dist/tools/exec.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/tools/exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAGtC,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/tools/exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAGtC,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,sBAAsB,EAA8B,MAAM,qBAAqB,CAAC;AAazF,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,4BAA4B;AAEvE,mEAAmE;AACnE,MAAM,kBAAkB,GAAG,aAAa,CAAC;AAEzC,MAAM,UAAU,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,iDAAiD;QAC9D,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;gBAChE,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;gBACzD,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yBAAyB,EAAE;aACvE;YACD,QAAQ,EAAE,CAAC,SAAS,CAAC;SACtB;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,OAAO,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAe,EAAE,WAAwB;IAC3E,2DAA2D;IAC3D,IAAI,sBAAsB,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC;IAEnD,sBAAsB;IACtB,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IACjF,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/E,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAAE,OAAO,OAAO,CAAC;IACnF,OAAO,MAAM,CAAC,CAAC,cAAc;AAC/B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAe,EACf,WAAwB,EACxB,GAAY,EACZ,SAAkB,EAClB,OAA+B;IAE/B,MAAM,OAAO,GAAG,SAAS,IAAI,WAAW,CAAC,IAAI,CAAC,kBAAkB,CAAC;IACjE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,kDAAkD;IAClD,MAAM,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE5F,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,gBAAgB,CAAC,EAAE;YACvD,GAAG;YACH,GAAG,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG;YACzB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,IAAI,WAAW,GAAG,gBAAgB,EAAE,CAAC;gBACnC,MAAM,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;YACD,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,IAAI,WAAW,GAAG,gBAAgB,EAAE,CAAC;gBACnC,MAAM,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;YACD,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,QAAQ,GAAG,IAAI,CAAC;YAChB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtB,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,CAAC;oBACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACxB,CAAC;gBAAC,MAAM,CAAC;oBACP,iCAAiC;gBACnC,CAAC;YACH,CAAC,EAAE,IAAI,CAAC,CAAC;QACX,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,SAAS,EAAE,IAAI;gBACf,MAAM;gBACN,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,SAAS,EAAE,QAAQ;gBACnB,SAAS;aACV,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/types.d.ts
CHANGED
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;CAC1D"}
|
package/examples/gateway.yaml
CHANGED
|
@@ -31,6 +31,19 @@ providers:
|
|
|
31
31
|
exec: builtin
|
|
32
32
|
http: builtin
|
|
33
33
|
|
|
34
|
+
# Optional reusable sandbox presets for policy-wrapped tool variants.
|
|
35
|
+
# See examples/sandbox-presets.yaml for a focused end-to-end example.
|
|
36
|
+
# sandbox_presets:
|
|
37
|
+
# local_transform:
|
|
38
|
+
# filesystem:
|
|
39
|
+
# allow_read: ['.']
|
|
40
|
+
# allow_write: ['/tmp', '/private/tmp']
|
|
41
|
+
# deny_read: ['~/.ssh', '~/.aws', '.env']
|
|
42
|
+
# deny_write: ['.']
|
|
43
|
+
# network:
|
|
44
|
+
# allowed_domains: []
|
|
45
|
+
# denied_domains: []
|
|
46
|
+
|
|
34
47
|
# Agents
|
|
35
48
|
agents:
|
|
36
49
|
# Helena: full-access developer agent with approval on destructive ops
|
|
@@ -61,6 +74,23 @@ agents:
|
|
|
61
74
|
domain_allowlist:
|
|
62
75
|
- 'api.github.com'
|
|
63
76
|
- '*.sentry.io'
|
|
77
|
+
# sandbox:
|
|
78
|
+
# enabled: true
|
|
79
|
+
# presets: ['local_transform']
|
|
80
|
+
# tool_overrides:
|
|
81
|
+
# python/sandboxed:
|
|
82
|
+
# alias_of: 'exec/run'
|
|
83
|
+
# description: 'Run Python for local transforms only'
|
|
84
|
+
# python/full:
|
|
85
|
+
# alias_of: 'exec/run'
|
|
86
|
+
# description: 'Run Python with broader permissions after approval'
|
|
87
|
+
# sandbox:
|
|
88
|
+
# filesystem:
|
|
89
|
+
# allow_write: ['.', '/tmp', '/private/tmp']
|
|
90
|
+
# deny_write: []
|
|
91
|
+
# network:
|
|
92
|
+
# allowed_domains: ['pypi.org', '*.pythonhosted.org']
|
|
93
|
+
# denied_domains: []
|
|
64
94
|
|
|
65
95
|
# Claude Code: read-only, no approval needed
|
|
66
96
|
claude-code:
|