anon-pi 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/anon-pi.js CHANGED
@@ -24,26 +24,55 @@ import { fileURLToPath } from 'node:url';
24
24
  /** The container path the workdir is mounted at (pi's cwd). */
25
25
  export const CONTAINER_WORKDIR = '/work';
26
26
  /**
27
- * Where the seed (just models.json) is mounted read-only in the container. The
28
- * run command copies models.json FROM here INTO the container's own
29
- * ~/.pi/agent, so it LAYERS onto the image's config (extensions/skills the image
30
- * installed survive) instead of replacing it. This is why we mount+copy rather
31
- * than mount-as-agent-dir: mounting over ~/.pi/agent would shadow the image's
32
- * extensions.
27
+ * The container path pi uses as its config+state home. anon-pi mounts a
28
+ * PERSISTENT host dir here (Model B), so everything pi writes, sessions,
29
+ * history, settings (your model choice), `pi install`ed extensions, downloaded
30
+ * bin/fd, survives across launches. Statefulness is the default; --ephemeral
31
+ * mounts a throwaway dir here instead.
33
32
  */
34
- export const CONTAINER_SEED_DIR = '/anon-pi-seed';
33
+ export const CONTAINER_AGENT_DIR = '/root/.pi/agent';
35
34
  /**
36
- * The container command: copy the seeded models.json into pi's own config dir
37
- * (creating it if absent), then exec pi. `$HOME/.pi/agent` is pi's default
38
- * config dir when PI_CODING_AGENT_DIR is unset, i.e. exactly where the image
39
- * installed pi + any extensions, so the copy augments rather than shadows.
35
+ * Where the image STAGES its first-launch defaults (extensions + trust.json).
36
+ * NOT the agent dir, so it never conflicts with the persistent mount. The
37
+ * entrypoint promotes these into the mounted agent dir only when the home is
38
+ * FRESH (Model C seed-if-fresh).
40
39
  */
41
- export const CONTAINER_RUN_CMD = `mkdir -p "$HOME/.pi/agent" && ` +
42
- `cp ${CONTAINER_SEED_DIR}/models.json "$HOME/.pi/agent/models.json" && ` +
43
- `exec pi`;
44
- /** The single file the seed carries: pi's model/provider registry. */
40
+ export const CONTAINER_STAGE_DIR = '/opt/anon-pi-seed/agent';
41
+ /**
42
+ * Where anon-pi mounts the canonical models.json (from `import`) read-only, so
43
+ * the first-launch seed can copy it into the fresh home alongside the image's
44
+ * staged defaults. Read-only: the container never writes back to the host seed.
45
+ */
46
+ export const CONTAINER_MODELS_SEED = '/anon-pi-seed/models.json';
47
+ /** Marker file written into the agent dir after seeding; holds the seed version. */
48
+ export const SEED_MARKER = '.anon-pi-seed';
49
+ /** The single file the host-side seed carries: pi's model/provider registry. */
45
50
  export const MODELS_FILE = 'models.json';
46
- const DEFAULT_PROXY = 'socks5h://127.0.0.1:9050';
51
+ /**
52
+ * containerRunCmd builds the container command: on a FRESH home (no seed
53
+ * marker), promote the image's staged defaults + the mounted models.json into
54
+ * the persistent agent dir and stamp the marker; then exec pi. On a seeded home
55
+ * it does nothing but exec pi, so pi's persisted state (incl. anything you
56
+ * `pi install`ed or models pi added) is used as-is and NEVER clobbered.
57
+ *
58
+ * seedVersion is written into the marker so a future image can re-seed changed
59
+ * defaults on a version bump; v1 only seeds when the marker is absent.
60
+ */
61
+ export function containerRunCmd(seedVersion) {
62
+ const agent = CONTAINER_AGENT_DIR;
63
+ const marker = `${agent}/${SEED_MARKER}`;
64
+ return (`mkdir -p "${agent}" && ` +
65
+ `if [ ! -f "${marker}" ]; then ` +
66
+ // image-staged defaults (extensions, trust.json), if the image provides them
67
+ `{ [ -d "${CONTAINER_STAGE_DIR}" ] && cp -a "${CONTAINER_STAGE_DIR}/." "${agent}/" || true; } && ` +
68
+ // the host-imported models.json, if mounted
69
+ `{ [ -f "${CONTAINER_MODELS_SEED}" ] && cp "${CONTAINER_MODELS_SEED}" "${agent}/${MODELS_FILE}" || true; } && ` +
70
+ `printf '%s\\n' "${seedVersion}" > "${marker}"; ` +
71
+ `fi && ` +
72
+ `exec pi`);
73
+ }
74
+ /** The seed version anon-pi stamps when it seeds a fresh home (bump to re-seed). */
75
+ export const SEED_VERSION = '1';
47
76
  /** A user-facing error whose message is meant to be printed verbatim (no stack). */
48
77
  export class AnonPiError extends Error {
49
78
  }
@@ -56,12 +85,33 @@ export function resolveAnonPiHome(env) {
56
85
  : join(env.home, '.config');
57
86
  return join(base, 'anon-pi');
58
87
  }
59
- /** The seed dir (holds models.json), mounted read-only into the container. */
88
+ /**
89
+ * The CANONICAL host seed dir holding models.json (written by `anon-pi import`).
90
+ * Mounted read-only so the first-launch seed can copy models.json into a fresh
91
+ * persistent home. Workdir-independent (import does not need a workdir).
92
+ */
60
93
  export function resolveConfigSeed(env) {
61
94
  if (env.configSeed)
62
95
  return resolve(env.configSeed);
63
96
  return join(resolveAnonPiHome(env), 'agent');
64
97
  }
98
+ /**
99
+ * Encode an absolute path into a directory name using pi's OWN convention (see
100
+ * pi coding-agent session-manager: `--${cwd without leading slash, / \ : -> -}--`),
101
+ * so an anon-pi state dir is readable and matches pi's mental model (no opaque
102
+ * hash). e.g. /home/u/dev/x -> --home-u-dev-x--
103
+ */
104
+ export function pathSlug(absPath) {
105
+ return `--${absPath.replace(/^[/\\]/, '').replace(/[/\\:]/g, '-')}--`;
106
+ }
107
+ /**
108
+ * The persistent per-workdir state dir on the host (mounted at the container's
109
+ * ~/.pi/agent). Keyed by the workdir via pi's path-slug convention:
110
+ * <anonPiHome>/state/<slug>/agent
111
+ */
112
+ export function stateAgentDir(env, absWorkdir) {
113
+ return join(resolveAnonPiHome(env), 'state', pathSlug(absWorkdir), 'agent');
114
+ }
65
115
  /**
66
116
  * Normalise a proxy-less host:port key from an ANON_PI_LLM value or a provider
67
117
  * baseUrl, so `192.168.1.150:8080` matches `http://192.168.1.150:8080/v1`.
@@ -133,15 +183,25 @@ export function resolveSourceModelsPath(env) {
133
183
  /**
134
184
  * Build the run plan from the environment + the (optional) workdir arg. PURE: it
135
185
  * resolves paths and composes the netcage argv, performing NO filesystem writes
136
- * or spawns. It THROWS AnonPiError for the hard preconditions (missing image,
137
- * missing llm, missing seed models.json) so the required inputs fail loud.
186
+ * or spawns. It THROWS AnonPiError for the required inputs (image, llm, proxy).
187
+ *
188
+ * Statefulness (Model B): a persistent per-workdir host dir is mounted at the
189
+ * container's ~/.pi/agent, so pi's sessions/history/settings/extensions persist.
190
+ * First-launch seed (Model C): when that home is FRESH, the container run
191
+ * command promotes the image's staged defaults + the imported models.json into
192
+ * it and stamps a marker; thereafter pi OWNS the home and nothing is clobbered.
138
193
  *
139
- * The seed (models.json) is mounted READ-ONLY at /anon-pi-seed and copied into
140
- * the container's own ~/.pi/agent by the run command, so it LAYERS onto the
141
- * image's config (image-installed extensions/skills survive) rather than
142
- * shadowing it.
194
+ * `modelsSeedExists` reports whether the canonical import models.json exists (so
195
+ * it is mounted for the seed); `stateExists` reports whether this workdir's
196
+ * state home already exists (so `fresh` is known).
197
+ *
198
+ * --ephemeral mounts NO writable state: pi writes to the container's own
199
+ * filesystem, which netcage runs with `--rm`, so it is destroyed when the
200
+ * container exits. Nothing writable ever touches a host path; there is no
201
+ * cleanup and no leftover-on-crash. (The read-only models.json seed is still
202
+ * mounted; it is a single file anon-pi never writes to.)
143
203
  */
144
- export function buildRunPlan(env, workdirArg, seedModelsExists) {
204
+ export function buildRunPlan(env, workdirArg, modelsSeedExists, stateExists) {
145
205
  if (!env.image || env.image.trim() === '') {
146
206
  // dockerfilePath is injected (cli.ts resolves the shipped Dockerfile.pi via
147
207
  // import.meta.url; tests pass a fixed path). Every command is emitted
@@ -149,6 +209,7 @@ export function buildRunPlan(env, workdirArg, seedModelsExists) {
149
209
  // leading spaces into the Dockerfile and break the EOF terminator, so we
150
210
  // point at the shipped file instead of printing a heredoc.
151
211
  const df = env.dockerfilePath ?? 'Dockerfile.pi';
212
+ const wv = env.webveilDockerfilePath ?? 'examples/Dockerfile.pi-webveil';
152
213
  throw new AnonPiError('anon-pi: set ANON_PI_IMAGE to a container image that has `pi` on its PATH.\n' +
153
214
  '\n' +
154
215
  'No image yet? A ready Dockerfile.pi ships with anon-pi (it installs the\n' +
@@ -157,53 +218,88 @@ export function buildRunPlan(env, workdirArg, seedModelsExists) {
157
218
  `podman build -t localhost/anon-pi-pi:latest -f "${df}" "$(dirname "${df}")"\n` +
158
219
  'export ANON_PI_IMAGE=localhost/anon-pi-pi:latest\n' +
159
220
  '\n' +
221
+ 'Or the fuller example with the pi-webveil extension + a local SearXNG\n' +
222
+ '(anonymized web search):\n' +
223
+ '\n' +
224
+ `podman build -t localhost/anon-pi-webveil:latest -f "${wv}" "$(dirname "${wv}")"\n` +
225
+ 'export ANON_PI_IMAGE=localhost/anon-pi-webveil:latest\n' +
226
+ '\n' +
160
227
  'See the README (Providing a pi image) for details and a community-image note.');
161
228
  }
162
229
  if (!env.llmDirect || env.llmDirect.trim() === '') {
163
230
  throw new AnonPiError('anon-pi: set ANON_PI_LLM to the RFC1918/link-local IP[:port] of the local model pi should reach directly (e.g. ANON_PI_LLM=192.168.1.150:8080). All other egress stays forced through the proxy.');
164
231
  }
232
+ if (!env.proxy || env.proxy.trim() === '') {
233
+ // No default: this is an anonymity tool, so the proxy is REQUIRED and never
234
+ // guessed (mirrors netcage, which fails closed without --proxy). A silent
235
+ // default would anonymize through the wrong endpoint, or fail deep in the
236
+ // jail with a confusing DNS error, if the guessed proxy is not actually up.
237
+ throw new AnonPiError('anon-pi: set ANON_PI_PROXY to your socks5h proxy. anon-pi has no default:\n' +
238
+ 'the proxy is what makes the session anonymous, so it is never guessed.\n' +
239
+ '\n' +
240
+ 'Pick the one you run (copy-paste), then re-run anon-pi:\n' +
241
+ '\n' +
242
+ '# Tor (system tor / Tor Browser bundle default port)\n' +
243
+ 'export ANON_PI_PROXY=socks5h://127.0.0.1:9050\n' +
244
+ '\n' +
245
+ '# wireproxy -> a WireGuard VPN (Mullvad, Proton, ...); use YOUR configured\n' +
246
+ '# [Socks5] BindAddress port (1080 in wireproxy examples):\n' +
247
+ 'export ANON_PI_PROXY=socks5h://127.0.0.1:1080\n' +
248
+ '\n' +
249
+ '# an SSH dynamic-forward (ssh -D 1080 host) or any other socks5h endpoint\n' +
250
+ 'export ANON_PI_PROXY=socks5h://127.0.0.1:1080\n' +
251
+ '\n' +
252
+ 'Only socks5h:// is accepted (plain socks5:// resolves DNS locally and leaks).');
253
+ }
165
254
  const home = env.home;
166
255
  if (!home || home.trim() === '') {
167
256
  throw new AnonPiError('anon-pi: could not resolve HOME.');
168
257
  }
169
258
  const raw = workdirArg && workdirArg.trim() !== '' ? workdirArg : process.cwd();
170
259
  const workdir = isAbsolute(raw) ? raw : resolve(raw);
171
- const configSeed = resolveConfigSeed(env);
172
- const modelsJson = join(configSeed, MODELS_FILE);
173
- if (!seedModelsExists(modelsJson)) {
174
- throw new AnonPiError(`anon-pi: no seed models.json at ${modelsJson}.\n` +
175
- '\n' +
176
- 'anon-pi never populates it for you. Generate it from your local model:\n' +
177
- '\n' +
178
- 'anon-pi import\n' +
179
- '\n' +
180
- '`import` reads your host ~/.pi/agent/models.json, picks the provider that\n' +
181
- 'serves ANON_PI_LLM, and writes just that provider here (no auth for other\n' +
182
- 'providers, no sessions, no identity). See the README (Populating the seed).');
183
- }
184
- const proxy = env.proxy && env.proxy.trim() !== '' ? env.proxy : DEFAULT_PROXY;
260
+ // Persistent per-workdir state home, unless --ephemeral (no writable mount).
261
+ const ephemeral = env.ephemeral === true;
262
+ const stateDir = ephemeral ? '' : stateAgentDir(env, workdir);
263
+ // Ephemeral home is always fresh (the container's throwaway layer); a
264
+ // persistent home is fresh iff its dir is absent.
265
+ const fresh = ephemeral ? true : !stateExists(stateDir);
266
+ // The canonical imported models.json is mounted (read-only) for the seed only
267
+ // when it exists; pi can also start with no models and you add them in-session.
268
+ const modelsSeed = join(resolveConfigSeed(env), MODELS_FILE);
269
+ const haveModelsSeed = modelsSeedExists(modelsSeed);
270
+ const proxy = env.proxy.trim();
271
+ // netcage's --allow-direct wants a bare IP[:port]/CIDR (no scheme/path), but a
272
+ // user naturally sets ANON_PI_LLM to a URL (http://192.168.1.150:8080). Strip
273
+ // it to host:port with the same helper `import` uses to match providers, so a
274
+ // URL, an ip:port, or a bare ip all work.
275
+ const directTarget = hostPortKey(env.llmDirect);
276
+ const seedVersion = env.seedVersion ?? SEED_VERSION;
185
277
  const netcageArgs = [
186
278
  'run',
187
279
  '--proxy',
188
280
  proxy,
189
281
  '--allow-direct',
190
- env.llmDirect,
282
+ directTarget,
191
283
  '-it',
192
284
  '-v',
193
285
  workdir, // netcage defaults a target-less -v to /work and cwd to /work
194
- '-v',
195
- // Mount the seed READ-ONLY at a neutral path; the run command copies
196
- // models.json into the container's own ~/.pi/agent so image extensions
197
- // survive (see CONTAINER_RUN_CMD).
198
- `${configSeed}:${CONTAINER_SEED_DIR}:ro`,
199
- env.image,
200
- 'sh',
201
- '-c',
202
- CONTAINER_RUN_CMD,
203
286
  ];
287
+ // Persistent mode ONLY: mount the per-workdir state home at ~/.pi/agent
288
+ // (Model B). --ephemeral mounts nothing writable: pi writes to the container's
289
+ // own --rm layer, gone on exit, no host state.
290
+ if (!ephemeral) {
291
+ netcageArgs.push('-v', `${stateDir}:${CONTAINER_AGENT_DIR}`);
292
+ }
293
+ // Mount the imported models.json read-only for the first-launch seed, if any.
294
+ if (haveModelsSeed) {
295
+ netcageArgs.push('-v', `${modelsSeed}:${CONTAINER_MODELS_SEED}:ro`);
296
+ }
297
+ netcageArgs.push(env.image, 'sh', '-c', containerRunCmd(seedVersion));
204
298
  return {
205
299
  workdir,
206
- configSeed,
300
+ stateDir,
301
+ configSeed: haveModelsSeed ? modelsSeed : '',
302
+ fresh,
207
303
  netcageArgs,
208
304
  };
209
305
  }
@@ -214,13 +310,24 @@ export function buildRunPlan(env, workdirArg, seedModelsExists) {
214
310
  * build command concrete.
215
311
  */
216
312
  export function shippedDockerfilePath() {
313
+ return shippedFile('Dockerfile.pi');
314
+ }
315
+ /**
316
+ * Absolute path to the fuller pi-webveil + SearXNG example that ships with
317
+ * anon-pi (examples/Dockerfile.pi-webveil), or undefined if not found.
318
+ */
319
+ export function shippedWebveilDockerfilePath() {
320
+ return shippedFile(join('examples', 'Dockerfile.pi-webveil'));
321
+ }
322
+ /**
323
+ * Resolve a file shipped in the package root, from this module's location
324
+ * (package root is one level up from dist/anon-pi.js). Returns undefined if it
325
+ * cannot be found or import.meta.url is unavailable.
326
+ */
327
+ function shippedFile(rel) {
217
328
  try {
218
329
  const here = dirname(fileURLToPath(import.meta.url));
219
- // dist/anon-pi.js -> ../Dockerfile.pi; also try alongside for safety.
220
- for (const p of [
221
- join(here, '..', 'Dockerfile.pi'),
222
- join(here, 'Dockerfile.pi'),
223
- ]) {
330
+ for (const p of [join(here, '..', rel), join(here, rel)]) {
224
331
  if (existsSync(p))
225
332
  return p;
226
333
  }
@@ -241,16 +348,25 @@ export function envFromProcess(penv) {
241
348
  llmDirect: penv.ANON_PI_LLM,
242
349
  xdgConfigHome: penv.XDG_CONFIG_HOME,
243
350
  dockerfilePath: shippedDockerfilePath(),
351
+ webveilDockerfilePath: shippedWebveilDockerfilePath(),
244
352
  sourceModels: penv.ANON_PI_SOURCE_MODELS,
245
353
  piAgentDir: penv.PI_CODING_AGENT_DIR,
354
+ ephemeral: isTruthy(penv.ANON_PI_EPHEMERAL),
246
355
  };
247
356
  }
357
+ /** Whether an env-var string is set to a truthy value (1/true/yes, any case). */
358
+ function isTruthy(v) {
359
+ if (!v)
360
+ return false;
361
+ const s = v.trim().toLowerCase();
362
+ return s === '1' || s === 'true' || s === 'yes' || s === 'on';
363
+ }
248
364
  /** The --help text (kept here so it is covered by the same module). */
249
365
  export const HELP = `anon-pi - launch pi inside a netcage (anonymized egress + one direct local model)
250
366
 
251
367
  USAGE
252
368
  anon-pi [WORKDIR] launch pi jailed, working in WORKDIR (default: cwd)
253
- anon-pi import write the seed models.json from your local model
369
+ anon-pi import seed models.json from your local model
254
370
 
255
371
  WORKDIR the host folder pi works in (mounted at ${CONTAINER_WORKDIR}; pi's cwd). Files pi
256
372
  writes there land on the host.
@@ -258,28 +374,41 @@ USAGE
258
374
  WHAT IT DOES
259
375
  Runs pi inside netcage with all web/DNS egress forced through the socks5h
260
376
  proxy (fail-closed) and ONE direct hole to your local model (ANON_PI_LLM).
261
- The seed models.json is mounted read-only and COPIED into the container's own
262
- ~/.pi/agent at start, so it layers onto the image's config: extensions and
263
- skills you baked into the image survive. Requires \`netcage\`.
377
+
378
+ STATEFUL by default: a persistent per-workdir home
379
+ (<ANON_PI_HOME>/state/<workdir>/agent) is mounted at the container's
380
+ ~/.pi/agent, so your conversations, history, settings (model choice), and any
381
+ extensions you \`pi install\` persist across launches. Re-running in the same
382
+ folder resumes it. On a FRESH home, the image's staged defaults (extensions,
383
+ trust) and your imported models.json are seeded in once; after that pi owns the
384
+ home and nothing is overwritten. Requires \`netcage\`.
385
+
386
+ --ephemeral (or ANON_PI_EPHEMERAL=1): mount NO writable state; pi writes to the
387
+ container's own --rm layer, gone on exit. Nothing writable touches the host,
388
+ no cleanup, no leftover-on-crash.
264
389
 
265
390
  import
266
391
  Reads your host ~/.pi/agent/models.json, picks the provider whose baseUrl
267
- serves ANON_PI_LLM, and writes JUST that provider to the seed
392
+ serves ANON_PI_LLM, and writes JUST that provider to the canonical seed
268
393
  (<ANON_PI_CONFIG>/models.json). No other provider's API keys, no sessions, no
269
- identity. Re-run with --force to overwrite an existing seed.
394
+ identity. It SEEDS a fresh home; models you later add inside pi persist and are
395
+ never clobbered. Re-run with --force to overwrite the canonical seed.
270
396
 
271
397
  ENVIRONMENT
272
398
  ANON_PI_IMAGE (required for run) image with \`pi\` on PATH. No image yet?
273
399
  Running anon-pi without it prints a ready-to-build
274
400
  Dockerfile.pi recipe; see the README (Providing a pi image).
275
401
  ANON_PI_LLM (required) RFC1918/link-local IP[:port] of the local model
276
- ANON_PI_PROXY socks5h URL (default ${DEFAULT_PROXY})
402
+ ANON_PI_PROXY (required) socks5h URL of your proxy (Tor/wireproxy/ssh -D).
403
+ No default: the proxy is what anonymizes, so it is never guessed.
404
+ ANON_PI_EPHEMERAL set to 1 for a throwaway (non-persistent) session
277
405
  ANON_PI_HOME anon-pi home (default $XDG_CONFIG_HOME/anon-pi or ~/.config/anon-pi)
278
- ANON_PI_CONFIG seed dir holding models.json (default <ANON_PI_HOME>/agent)
406
+ ANON_PI_CONFIG canonical seed dir holding models.json (default <ANON_PI_HOME>/agent)
279
407
  ANON_PI_SOURCE_MODELS (import) host models.json to read (default ~/.pi/agent/models.json)
280
408
 
281
- RESEED
282
- anon-pi import --force regenerates the seed models.json.
409
+ RESET A SESSION
410
+ Delete its state home to start fresh (re-seeds next launch):
411
+ rm -rf <ANON_PI_HOME>/state/<workdir-slug>/agent
283
412
 
284
413
  PLATFORM
285
414
  Linux only (via netcage's netns/nft jail). On macOS/Windows it works only
@@ -1 +1 @@
1
- {"version":3,"file":"anon-pi.js","sourceRoot":"","sources":["../src/anon-pi.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,+EAA+E;AAC/E,EAAE;AACF,sCAAsC;AACtC,8EAA8E;AAC9E,iFAAiF;AACjF,yEAAyE;AACzE,+EAA+E;AAC/E,kCAAkC;AAClC,gFAAgF;AAChF,sEAAsE;AACtE,6EAA6E;AAC7E,kFAAkF;AAClF,2EAA2E;AAC3E,kFAAkF;AAClF,yEAAyE;AACzE,kFAAkF;AAClF,iFAAiF;AACjF,gFAAgF;AAEhF,OAAO,EAAC,UAAU,EAAC,MAAM,SAAS,CAAC;AACnC,OAAO,EAAC,OAAO,EAAC,MAAM,SAAS,CAAC;AAChC,OAAO,EAAC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAC,MAAM,WAAW,CAAC;AAC7D,OAAO,EAAC,aAAa,EAAC,MAAM,UAAU,CAAC;AAEvC,+DAA+D;AAC/D,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAEzC;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,eAAe,CAAC;AAElD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAC7B,gCAAgC;IAChC,MAAM,kBAAkB,gDAAgD;IACxE,SAAS,CAAC;AAEX,sEAAsE;AACtE,MAAM,CAAC,MAAM,WAAW,GAAG,aAAa,CAAC;AAyCzC,MAAM,aAAa,GAAG,0BAA0B,CAAC;AAEjD,oFAAoF;AACpF,MAAM,OAAO,WAAY,SAAQ,KAAK;CAAG;AAEzC,qDAAqD;AACrD,MAAM,UAAU,iBAAiB,CAAC,GAAc;IAC/C,IAAI,GAAG,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACnD,MAAM,IAAI,GACT,GAAG,CAAC,aAAa,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE;QACnD,CAAC,CAAC,GAAG,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC9B,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AAC9B,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,iBAAiB,CAAC,GAAc;IAC/C,IAAI,GAAG,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACxC,IAAI,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACrB,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,MAAM,IAAI,CAAC;QAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,uBAAuB;IAC5C,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB;IACpD,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;AACxB,CAAC;AA8BD,6EAA6E;AAC7E,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3E;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CACjC,UAAwB,EACxB,SAAiB;IAEjB,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,IAAI,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,OAAO;YAAE,SAAS;QACxD,IAAI,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,IAAI;YAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;aACrC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aACvC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,MAAM,IAAI,WAAW,CACpB,+EAA+E,IAAI,MAAM;YACxF,CAAC,KAAK;gBACL,CAAC,CAAC,qBAAqB,KAAK,IAAI;gBAChC,CAAC,CAAC,2CAA2C,CAAC;YAC/C,yFAAyF,CAC1F,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACxB,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACzD,MAAM,eAAe,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAElD,OAAO;QACN,IAAI;QACJ,MAAM,EAAE,EAAC,SAAS,EAAE,EAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAC,EAAC;QACvC,eAAe;KACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAc;IACrD,IAAI,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxD,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAClC,CAAC;IACD,MAAM,QAAQ,GACb,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE;QAC7C,CAAC,CAAC,GAAG,CAAC,UAAU;QAChB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;AACpC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAC3B,GAAc,EACd,UAA8B,EAC9B,gBAAqD;IAErD,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC3C,4EAA4E;QAC5E,sEAAsE;QACtE,uEAAuE;QACvE,yEAAyE;QACzE,2DAA2D;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,cAAc,IAAI,eAAe,CAAC;QACjD,MAAM,IAAI,WAAW,CACpB,8EAA8E;YAC7E,IAAI;YACJ,2EAA2E;YAC3E,wEAAwE;YACxE,IAAI;YACJ,mDAAmD,EAAE,iBAAiB,EAAE,OAAO;YAC/E,oDAAoD;YACpD,IAAI;YACJ,+EAA+E,CAChF,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACnD,MAAM,IAAI,WAAW,CACpB,kMAAkM,CAClM,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,WAAW,CAAC,kCAAkC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,GAAG,GACR,UAAU,IAAI,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IACrE,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAErD,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACjD,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,WAAW,CACpB,mCAAmC,UAAU,KAAK;YACjD,IAAI;YACJ,0EAA0E;YAC1E,IAAI;YACJ,kBAAkB;YAClB,IAAI;YACJ,6EAA6E;YAC7E,6EAA6E;YAC7E,6EAA6E,CAC9E,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GACV,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC;IAElE,MAAM,WAAW,GAAG;QACnB,KAAK;QACL,SAAS;QACT,KAAK;QACL,gBAAgB;QAChB,GAAG,CAAC,SAAS;QACb,KAAK;QACL,IAAI;QACJ,OAAO,EAAE,8DAA8D;QACvE,IAAI;QACJ,qEAAqE;QACrE,uEAAuE;QACvE,mCAAmC;QACnC,GAAG,UAAU,IAAI,kBAAkB,KAAK;QACxC,GAAG,CAAC,KAAK;QACT,IAAI;QACJ,IAAI;QACJ,iBAAiB;KACjB,CAAC;IAEF,OAAO;QACN,OAAO;QACP,UAAU;QACV,WAAW;KACX,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB;IACpC,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,sEAAsE;QACtE,KAAK,MAAM,CAAC,IAAI;YACf,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,eAAe,CAAC;YACjC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC;SAC3B,EAAE,CAAC;YACH,IAAI,UAAU,CAAC,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC;QAC7B,CAAC;IACF,CAAC;IAAC,MAAM,CAAC;QACR,uEAAuE;IACxE,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,cAAc,CAC7B,IAAwC;IAExC,OAAO;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,OAAO,EAAE;QAC5B,KAAK,EAAE,IAAI,CAAC,aAAa;QACzB,UAAU,EAAE,IAAI,CAAC,YAAY;QAC7B,UAAU,EAAE,IAAI,CAAC,cAAc;QAC/B,KAAK,EAAE,IAAI,CAAC,aAAa;QACzB,SAAS,EAAE,IAAI,CAAC,WAAW;QAC3B,aAAa,EAAE,IAAI,CAAC,eAAe;QACnC,cAAc,EAAE,qBAAqB,EAAE;QACvC,YAAY,EAAE,IAAI,CAAC,qBAAqB;QACxC,UAAU,EAAE,IAAI,CAAC,mBAAmB;KACpC,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,MAAM,CAAC,MAAM,IAAI,GAAG;;;;;;sDAMkC,iBAAiB;;;;;;;;;;;;;;;;;;;;;yCAqB9B,aAAa;;;;;;;;;;;CAWrD,CAAC"}
1
+ {"version":3,"file":"anon-pi.js","sourceRoot":"","sources":["../src/anon-pi.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,+EAA+E;AAC/E,EAAE;AACF,sCAAsC;AACtC,8EAA8E;AAC9E,iFAAiF;AACjF,yEAAyE;AACzE,+EAA+E;AAC/E,kCAAkC;AAClC,gFAAgF;AAChF,sEAAsE;AACtE,6EAA6E;AAC7E,kFAAkF;AAClF,2EAA2E;AAC3E,kFAAkF;AAClF,yEAAyE;AACzE,kFAAkF;AAClF,iFAAiF;AACjF,gFAAgF;AAEhF,OAAO,EAAC,UAAU,EAAC,MAAM,SAAS,CAAC;AACnC,OAAO,EAAC,OAAO,EAAC,MAAM,SAAS,CAAC;AAChC,OAAO,EAAC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAC,MAAM,WAAW,CAAC;AAC7D,OAAO,EAAC,aAAa,EAAC,MAAM,UAAU,CAAC;AAEvC,+DAA+D;AAC/D,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAEzC;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAErD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,yBAAyB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,2BAA2B,CAAC;AAEjE,oFAAoF;AACpF,MAAM,CAAC,MAAM,WAAW,GAAG,eAAe,CAAC;AAE3C,gFAAgF;AAChF,MAAM,CAAC,MAAM,WAAW,GAAG,aAAa,CAAC;AAEzC;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,WAAmB;IAClD,MAAM,KAAK,GAAG,mBAAmB,CAAC;IAClC,MAAM,MAAM,GAAG,GAAG,KAAK,IAAI,WAAW,EAAE,CAAC;IACzC,OAAO,CACN,aAAa,KAAK,OAAO;QACzB,cAAc,MAAM,YAAY;QAChC,6EAA6E;QAC7E,WAAW,mBAAmB,iBAAiB,mBAAmB,QAAQ,KAAK,mBAAmB;QAClG,4CAA4C;QAC5C,WAAW,qBAAqB,cAAc,qBAAqB,MAAM,KAAK,IAAI,WAAW,kBAAkB;QAC/G,mBAAmB,WAAW,QAAQ,MAAM,KAAK;QACjD,QAAQ;QACR,SAAS,CACT,CAAC;AACH,CAAC;AAED,oFAAoF;AACpF,MAAM,CAAC,MAAM,YAAY,GAAG,GAAG,CAAC;AA0DhC,oFAAoF;AACpF,MAAM,OAAO,WAAY,SAAQ,KAAK;CAAG;AAEzC,qDAAqD;AACrD,MAAM,UAAU,iBAAiB,CAAC,GAAc;IAC/C,IAAI,GAAG,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACnD,MAAM,IAAI,GACT,GAAG,CAAC,aAAa,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE;QACnD,CAAC,CAAC,GAAG,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC9B,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAc;IAC/C,IAAI,GAAG,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe;IACvC,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC;AACvE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,GAAc,EAAE,UAAkB;IAC/D,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACxC,IAAI,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACrB,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,MAAM,IAAI,CAAC;QAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,uBAAuB;IAC5C,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB;IACpD,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;AACxB,CAAC;AA8BD,6EAA6E;AAC7E,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3E;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CACjC,UAAwB,EACxB,SAAiB;IAEjB,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,IAAI,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,OAAO;YAAE,SAAS;QACxD,IAAI,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,IAAI;YAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;aACrC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aACvC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,MAAM,IAAI,WAAW,CACpB,+EAA+E,IAAI,MAAM;YACxF,CAAC,KAAK;gBACL,CAAC,CAAC,qBAAqB,KAAK,IAAI;gBAChC,CAAC,CAAC,2CAA2C,CAAC;YAC/C,yFAAyF,CAC1F,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACxB,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACzD,MAAM,eAAe,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAElD,OAAO;QACN,IAAI;QACJ,MAAM,EAAE,EAAC,SAAS,EAAE,EAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAC,EAAC;QACvC,eAAe;KACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAc;IACrD,IAAI,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxD,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAClC,CAAC;IACD,MAAM,QAAQ,GACb,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE;QAC7C,CAAC,CAAC,GAAG,CAAC,UAAU;QAChB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;AACpC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,YAAY,CAC3B,GAAc,EACd,UAA8B,EAC9B,gBAAqD,EACrD,WAA0C;IAE1C,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC3C,4EAA4E;QAC5E,sEAAsE;QACtE,uEAAuE;QACvE,yEAAyE;QACzE,2DAA2D;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,cAAc,IAAI,eAAe,CAAC;QACjD,MAAM,EAAE,GAAG,GAAG,CAAC,qBAAqB,IAAI,gCAAgC,CAAC;QACzE,MAAM,IAAI,WAAW,CACpB,8EAA8E;YAC7E,IAAI;YACJ,2EAA2E;YAC3E,wEAAwE;YACxE,IAAI;YACJ,mDAAmD,EAAE,iBAAiB,EAAE,OAAO;YAC/E,oDAAoD;YACpD,IAAI;YACJ,yEAAyE;YACzE,4BAA4B;YAC5B,IAAI;YACJ,wDAAwD,EAAE,iBAAiB,EAAE,OAAO;YACpF,yDAAyD;YACzD,IAAI;YACJ,+EAA+E,CAChF,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACnD,MAAM,IAAI,WAAW,CACpB,kMAAkM,CAClM,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC3C,4EAA4E;QAC5E,0EAA0E;QAC1E,0EAA0E;QAC1E,4EAA4E;QAC5E,MAAM,IAAI,WAAW,CACpB,6EAA6E;YAC5E,0EAA0E;YAC1E,IAAI;YACJ,2DAA2D;YAC3D,IAAI;YACJ,wDAAwD;YACxD,iDAAiD;YACjD,IAAI;YACJ,8EAA8E;YAC9E,6DAA6D;YAC7D,iDAAiD;YACjD,IAAI;YACJ,6EAA6E;YAC7E,iDAAiD;YACjD,IAAI;YACJ,+EAA+E,CAChF,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,WAAW,CAAC,kCAAkC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,GAAG,GACR,UAAU,IAAI,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IACrE,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAErD,6EAA6E;IAC7E,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC;IACzC,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC9D,sEAAsE;IACtE,kDAAkD;IAClD,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAExD,8EAA8E;IAC9E,gFAAgF;IAChF,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;IAC7D,MAAM,cAAc,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAEpD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAE/B,+EAA+E;IAC/E,8EAA8E;IAC9E,8EAA8E;IAC9E,0CAA0C;IAC1C,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,IAAI,YAAY,CAAC;IAEpD,MAAM,WAAW,GAAG;QACnB,KAAK;QACL,SAAS;QACT,KAAK;QACL,gBAAgB;QAChB,YAAY;QACZ,KAAK;QACL,IAAI;QACJ,OAAO,EAAE,8DAA8D;KACvE,CAAC;IACF,wEAAwE;IACxE,+EAA+E;IAC/E,+CAA+C;IAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;QAChB,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,QAAQ,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,8EAA8E;IAC9E,IAAI,cAAc,EAAE,CAAC;QACpB,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;IACrE,CAAC;IACD,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC;IAEtE,OAAO;QACN,OAAO;QACP,QAAQ;QACR,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QAC5C,KAAK;QACL,WAAW;KACX,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB;IACpC,OAAO,WAAW,CAAC,eAAe,CAAC,CAAC;AACrC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,4BAA4B;IAC3C,OAAO,WAAW,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED;;;;GAIG;AACH,SAAS,WAAW,CAAC,GAAW;IAC/B,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,KAAK,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;YAC1D,IAAI,UAAU,CAAC,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC;QAC7B,CAAC;IACF,CAAC;IAAC,MAAM,CAAC;QACR,uEAAuE;IACxE,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,cAAc,CAC7B,IAAwC;IAExC,OAAO;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,OAAO,EAAE;QAC5B,KAAK,EAAE,IAAI,CAAC,aAAa;QACzB,UAAU,EAAE,IAAI,CAAC,YAAY;QAC7B,UAAU,EAAE,IAAI,CAAC,cAAc;QAC/B,KAAK,EAAE,IAAI,CAAC,aAAa;QACzB,SAAS,EAAE,IAAI,CAAC,WAAW;QAC3B,aAAa,EAAE,IAAI,CAAC,eAAe;QACnC,cAAc,EAAE,qBAAqB,EAAE;QACvC,qBAAqB,EAAE,4BAA4B,EAAE;QACrD,YAAY,EAAE,IAAI,CAAC,qBAAqB;QACxC,UAAU,EAAE,IAAI,CAAC,mBAAmB;QACpC,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC;KAC3C,CAAC;AACH,CAAC;AAED,iFAAiF;AACjF,SAAS,QAAQ,CAAC,CAAqB;IACtC,IAAI,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACrB,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC;AAC/D,CAAC;AAED,uEAAuE;AACvE,MAAM,CAAC,MAAM,IAAI,GAAG;;;;;;sDAMkC,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6CtE,CAAC"}
package/dist/cli.js CHANGED
@@ -25,11 +25,11 @@ function main(argv) {
25
25
  }
26
26
  // --- anon-pi [WORKDIR] : launch pi jailed -----------------------------------
27
27
  function runLaunch(args) {
28
- // The only positional is the optional workdir. Reject stray flags so a typo
29
- // (e.g. --allow-direct) is not silently swallowed: anon-pi owns the netcage
30
- // argv, extra flags are not passed through.
28
+ // One optional positional (the workdir) + the --ephemeral flag. Reject other
29
+ // flags so a typo is not silently swallowed: anon-pi owns the netcage argv.
30
+ const ephemeralFlag = args.includes('--ephemeral') || args.includes('--eph');
31
31
  const positionals = args.filter((a) => !a.startsWith('-'));
32
- const flags = args.filter((a) => a.startsWith('-'));
32
+ const flags = args.filter((a) => a.startsWith('-') && a !== '--ephemeral' && a !== '--eph');
33
33
  if (flags.length > 0) {
34
34
  process.stderr.write(`anon-pi: unknown option(s): ${flags.join(' ')}\nRun \`anon-pi --help\`.\n`);
35
35
  return 2;
@@ -39,9 +39,11 @@ function runLaunch(args) {
39
39
  return 2;
40
40
  }
41
41
  const env = envFromProcess(process.env);
42
+ if (ephemeralFlag)
43
+ env.ephemeral = true;
42
44
  let plan;
43
45
  try {
44
- plan = buildRunPlan(env, positionals[0], existsSync);
46
+ plan = buildRunPlan(env, positionals[0], existsSync, existsSync);
45
47
  }
46
48
  catch (e) {
47
49
  if (e instanceof AnonPiError) {
@@ -56,8 +58,19 @@ function runLaunch(args) {
56
58
  '(https://github.com/wighawag/netcage). Linux only.\n');
57
59
  return 1;
58
60
  }
59
- // Ensure the workdir exists (a fresh named folder is fine).
60
61
  mkdirSync(plan.workdir, { recursive: true });
62
+ if (env.ephemeral) {
63
+ // No host state dir: pi writes to the container's own --rm layer, so the
64
+ // session leaves NO trace on the host and there is nothing to clean up.
65
+ process.stderr.write('anon-pi: ephemeral session (nothing persisted; no host state)\n');
66
+ }
67
+ else {
68
+ // Persistent mode: create the per-workdir state home to mount.
69
+ mkdirSync(plan.stateDir, { recursive: true });
70
+ if (plan.fresh) {
71
+ process.stderr.write(`anon-pi: new session home ${plan.stateDir} (seeding on first launch)\n`);
72
+ }
73
+ }
61
74
  // Hand off to netcage with inherited stdio so -it is a real interactive TTY.
62
75
  const res = spawnSync('netcage', plan.netcageArgs, { stdio: 'inherit' });
63
76
  if (res.error) {
package/dist/cli.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,6BAA6B;AAC7B,+EAA+E;AAC/E,iFAAiF;AACjF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,iFAAiF;AACjF,4EAA4E;AAE5E,OAAO,EAAC,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAC,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAC,IAAI,EAAC,MAAM,WAAW,CAAC;AAC/B,OAAO,EACN,WAAW,EACX,YAAY,EACZ,cAAc,EACd,IAAI,EACJ,WAAW,EACX,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,GAEvB,MAAM,cAAc,CAAC;AAEtB,SAAS,IAAI,CAAC,IAAc;IAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE3B,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,CAAC,CAAC;IACV,CAAC;IAED,6DAA6D;IAC7D,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,+EAA+E;AAC/E,SAAS,SAAS,CAAC,IAAc;IAChC,4EAA4E;IAC5E,4EAA4E;IAC5E,4CAA4C;IAC5C,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,+BAA+B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,6BAA6B,CAC3E,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,sFAAsF,CACtF,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAExC,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACJ,IAAI,GAAG,YAAY,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACZ,IAAI,CAAC,YAAY,WAAW,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,CAAC;IACT,CAAC;IAED,oEAAoE;IACpE,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,6FAA6F;YAC5F,sDAAsD,CACvD,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,4DAA4D;IAC5D,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,EAAC,SAAS,EAAE,IAAI,EAAC,CAAC,CAAC;IAE3C,6EAA6E;IAC7E,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,EAAC,KAAK,EAAE,SAAS,EAAC,CAAC,CAAC;IACvE,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,mCAAmC,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,CACxD,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IACD,sEAAsE;IACtE,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,+EAA+E;AAC/E,SAAS,SAAS,CAAC,IAAc;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,CACzD,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,sCAAsC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,6BAA6B,CAClF,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAExC,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACnD,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,oFAAoF;YACnF,kFAAkF,CACnF,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,MAAM,MAAM,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAC5C,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,iDAAiD,MAAM,KAAK;YAC3D,kFAAkF,CACnF,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,IAAI,UAAwB,CAAC;IAC7B,IAAI,CAAC;QACJ,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAiB,CAAC;IACvE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,mCAAmC,MAAM,KAAM,CAAW,CAAC,OAAO,IAAI,CACtE,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACJ,MAAM,GAAG,kBAAkB,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACZ,IAAI,CAAC,YAAY,WAAW,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,CAAC;IACT,CAAC;IAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACxC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,mBAAmB,IAAI,sDAAsD,CAC7E,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,sCAAsC,MAAM,CAAC,IAAI,uCAAuC;YACvF,qFAAqF;YACrF,GAAG,IAAI,gCAAgC,CACxC,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAAO,EAAE,EAAC,SAAS,EAAE,IAAI,EAAC,CAAC,CAAC;IACtC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,yBAAyB,IAAI,eAAe,MAAM,CAAC,IAAI,kCAAkC,CACzF,CAAC;IACF,OAAO,CAAC,CAAC;AACV,CAAC;AAED,SAAS,UAAU;IAClB,MAAM,KAAK,GAAG,SAAS,CACtB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAClD,CAAC,IAAI,EAAE,SAAS,CAAC,EACjB;QACC,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;KACnC,CACD,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,uCAAuC;IACvC,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAC,KAAK,EAAE,QAAQ,EAAC,CAAC,CAAC;IAClE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC;AACrB,CAAC;AAED,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC"}
1
+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,6BAA6B;AAC7B,+EAA+E;AAC/E,iFAAiF;AACjF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,iFAAiF;AACjF,4EAA4E;AAE5E,OAAO,EAAC,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAC,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAC,IAAI,EAAC,MAAM,WAAW,CAAC;AAC/B,OAAO,EACN,WAAW,EACX,YAAY,EACZ,cAAc,EACd,IAAI,EACJ,WAAW,EACX,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,GAEvB,MAAM,cAAc,CAAC;AAEtB,SAAS,IAAI,CAAC,IAAc;IAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE3B,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,CAAC,CAAC;IACV,CAAC;IAED,6DAA6D;IAC7D,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,+EAA+E;AAC/E,SAAS,SAAS,CAAC,IAAc;IAChC,6EAA6E;IAC7E,4EAA4E;IAC5E,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7E,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,aAAa,IAAI,CAAC,KAAK,OAAO,CAChE,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,+BAA+B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,6BAA6B,CAC3E,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,sFAAsF,CACtF,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,aAAa;QAAE,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC;IAExC,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACJ,IAAI,GAAG,YAAY,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAClE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACZ,IAAI,CAAC,YAAY,WAAW,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,CAAC;IACT,CAAC;IAED,oEAAoE;IACpE,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,6FAA6F;YAC5F,sDAAsD,CACvD,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,EAAC,SAAS,EAAE,IAAI,EAAC,CAAC,CAAC;IAC3C,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QACnB,yEAAyE;QACzE,wEAAwE;QACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,iEAAiE,CACjE,CAAC;IACH,CAAC;SAAM,CAAC;QACP,+DAA+D;QAC/D,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAC,SAAS,EAAE,IAAI,EAAC,CAAC,CAAC;QAC5C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,6BAA6B,IAAI,CAAC,QAAQ,8BAA8B,CACxE,CAAC;QACH,CAAC;IACF,CAAC;IAED,6EAA6E;IAC7E,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,EAAC,KAAK,EAAE,SAAS,EAAC,CAAC,CAAC;IACvE,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,mCAAmC,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,CACxD,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IACD,sEAAsE;IACtE,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,+EAA+E;AAC/E,SAAS,SAAS,CAAC,IAAc;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,CACzD,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,sCAAsC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,6BAA6B,CAClF,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAExC,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACnD,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,oFAAoF;YACnF,kFAAkF,CACnF,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,MAAM,MAAM,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAC5C,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,iDAAiD,MAAM,KAAK;YAC3D,kFAAkF,CACnF,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,IAAI,UAAwB,CAAC;IAC7B,IAAI,CAAC;QACJ,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAiB,CAAC;IACvE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,mCAAmC,MAAM,KAAM,CAAW,CAAC,OAAO,IAAI,CACtE,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACJ,MAAM,GAAG,kBAAkB,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACZ,IAAI,CAAC,YAAY,WAAW,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,CAAC;IACT,CAAC;IAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACxC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,mBAAmB,IAAI,sDAAsD,CAC7E,CAAC;QACF,OAAO,CAAC,CAAC;IACV,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,sCAAsC,MAAM,CAAC,IAAI,uCAAuC;YACvF,qFAAqF;YACrF,GAAG,IAAI,gCAAgC,CACxC,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAAO,EAAE,EAAC,SAAS,EAAE,IAAI,EAAC,CAAC,CAAC;IACtC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,yBAAyB,IAAI,eAAe,MAAM,CAAC,IAAI,kCAAkC,CACzF,CAAC;IACF,OAAO,CAAC,CAAC;AACV,CAAC;AAED,SAAS,UAAU;IAClB,MAAM,KAAK,GAAG,SAAS,CACtB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAClD,CAAC,IAAI,EAAE,SAAS,CAAC,EACjB;QACC,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;KACnC,CACD,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,uCAAuC;IACvC,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAC,KAAK,EAAE,QAAQ,EAAC,CAAC,CAAC;IAClE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC;AACrB,CAAC;AAED,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC"}
@@ -36,9 +36,15 @@ RUN apt-get update \
36
36
  uwsgi uwsgi-plugin-python3 \
37
37
  && rm -rf /var/lib/apt/lists/*
38
38
 
39
- # --- pi + the pi-webveil extension (via `pi install`, which records it) -------
39
+ # --- pi + the pi-webveil extension --------------------------------------------
40
+ # Install pi globally, then install the extension into the STAGING dir
41
+ # (PI_CODING_AGENT_DIR), NOT ~/.pi/agent: anon-pi mounts a persistent home over
42
+ # ~/.pi/agent and promotes the staging dir into it on first launch. Installing
43
+ # straight into ~/.pi/agent would be shadowed by that mount.
40
44
  RUN npm install -g --ignore-scripts @earendil-works/pi-coding-agent
41
- RUN pi install npm:pi-webveil
45
+ ENV ANON_PI_STAGE=/opt/anon-pi-seed/agent
46
+ RUN mkdir -p "$ANON_PI_STAGE" \
47
+ && PI_CODING_AGENT_DIR="$ANON_PI_STAGE" pi install npm:pi-webveil
42
48
 
43
49
  # --- SearXNG in a venv -------------------------------------------------------
44
50
  ENV SEARXNG_HOME=/opt/searxng
@@ -59,18 +65,18 @@ RUN mkdir -p /etc/searxng \
59
65
  > /etc/searxng/settings.yml
60
66
  ENV SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml
61
67
 
62
- # webveil.json (global): point at the Unix socket, backend hop DIRECT (netcage
63
- # anonymizes it). fetchEgress is left DIRECT too, since netcage forces the fetch
64
- # hop through the proxy as well; no webveil-side proxy config is needed in-jail.
65
- RUN mkdir -p /root/.pi/agent \
66
- && printf '%s\n' \
68
+ # webveil.json + trust.json go in the STAGING dir (promoted into the persistent
69
+ # home on first launch). webveil points at the Unix socket, backend hop DIRECT
70
+ # (netcage anonymizes it): no webveil-side proxy config is needed in-jail because
71
+ # netcage forces every process's egress through the proxy.
72
+ RUN printf '%s\n' \
67
73
  '{' \
68
74
  ' "backend": "searxng",' \
69
75
  ' "baseUrl": "unix:/run/searxng/socket",' \
70
76
  ' "egress": { "mode": "direct" }' \
71
77
  '}' \
72
- > /root/.pi/agent/webveil.json \
73
- && printf '{"/work": true}\n' > /root/.pi/agent/trust.json
78
+ > "$ANON_PI_STAGE/webveil.json" \
79
+ && printf '{"/work": true}\n' > "$ANON_PI_STAGE/trust.json"
74
80
 
75
81
  # --- entrypoint: start SearXNG (HTTP over the Unix socket), then exec CMD ------
76
82
  # anon-pi passes `sh -c 'cp ... && exec pi'` as the CMD; a Dockerfile ENTRYPOINT
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "anon-pi",
3
- "version": "0.2.0",
3
+ "version": "0.3.0",
4
4
  "description": "Launch pi inside a netcage: anonymized web egress through a socks5h proxy, one direct hole for a local model, seeded pi config on the host.",
5
5
  "license": "AGPL-3.0-only",
6
6
  "keywords": [