attocode 0.1.0

package/dist/src/integrations/sandbox/landlock.js

@@ -0,0 +1,326 @@
+/**
+ * Landlock Sandbox (Linux)
+ *
+ * Uses Linux Landlock LSM for unprivileged process sandboxing.
+ * Requires Linux kernel 5.13+ with Landlock enabled.
+ *
+ * Landlock works by creating a ruleset that restricts what the process can do:
+ * - File system access (read, write, execute)
+ * - Network access (Linux 6.7+)
+ *
+ * Unlike seccomp, Landlock operates at the file path level rather than
+ * syscall level, making it more suitable for path-based restrictions.
+ */
+import { spawn, execFile } from 'node:child_process';
+import { readFile, access, constants } from 'node:fs/promises';
+import { platform } from 'node:os';
+import { resolve } from 'node:path';
+// =============================================================================
+// HELPER: Safe command check
+// =============================================================================
+/**
+ * Safely check if a command exists using execFile (not exec).
+ */
+async function commandExists(command) {
+    return new Promise((resolve) => {
+        execFile('which', [command], { encoding: 'utf-8' }, (error) => {
+            resolve(error === null);
+        });
+    });
+}
+// =============================================================================
+// LANDLOCK DETECTION
+// =============================================================================
+/**
+ * Check if Landlock is available on this system.
+ */
+async function isLandlockAvailable() {
+    // Must be Linux
+    if (platform() !== 'linux') {
+        return { available: false, reason: 'Not Linux' };
+    }
+    // Check kernel version (need 5.13+)
+    try {
+        const release = await readFile('/proc/sys/kernel/osrelease', 'utf-8');
+        const match = release.match(/^(\d+)\.(\d+)/);
+        if (!match) {
+            return { available: false, reason: 'Cannot parse kernel version' };
+        }
+        const major = parseInt(match[1], 10);
+        const minor = parseInt(match[2], 10);
+        // Landlock requires kernel 5.13+
+        if (major < 5 || (major === 5 && minor < 13)) {
+            return { available: false, reason: `Kernel ${major}.${minor} too old (need 5.13+)` };
+        }
+        // Determine Landlock ABI version
+        let landlockABI = 1;
+        if (major >= 6 || (major === 5 && minor >= 19)) {
+            landlockABI = 2; // File truncation support
+        }
+        if (major >= 6 && minor >= 7) {
+            landlockABI = 4; // Network support
+        }
+        // Check if Landlock is enabled in kernel
+        try {
+            await access('/sys/kernel/security/landlock', constants.F_OK);
+        }
+        catch {
+            return { available: false, reason: 'Landlock not enabled in kernel' };
+        }
+        return { available: true, version: landlockABI };
+    }
+    catch {
+        return { available: false, reason: 'Cannot read kernel info' };
+    }
+}
+// =============================================================================
+// LANDLOCK SANDBOX CLASS
+// =============================================================================
+/**
+ * Landlock-based sandbox for Linux.
+ * Falls back to bubblewrap or firejail if native Landlock is not easily accessible.
+ */
+export class LandlockSandbox {
+    defaults;
+    landlockAvailable = null;
+    landlockVersion = 0;
+    useBubblewrap = false;
+    useFirejail = false;
+    constructor(defaults) {
+        this.defaults = {
+            writablePaths: defaults.writablePaths ?? ['.'],
+            readablePaths: defaults.readablePaths ?? ['/'],
+            networkAllowed: defaults.networkAllowed ?? false,
+            timeout: defaults.timeout ?? 60000,
+            workingDir: defaults.workingDir ?? process.cwd(),
+            env: defaults.env ?? {},
+            maxMemoryMB: defaults.maxMemoryMB ?? 512,
+            maxCpuSeconds: defaults.maxCpuSeconds ?? 30,
+            allowedCommands: defaults.allowedCommands ?? [],
+            blockedCommands: defaults.blockedCommands ?? [],
+        };
+    }
+    async isAvailable() {
+        if (this.landlockAvailable !== null) {
+            return this.landlockAvailable;
+        }
+        // Check platform
+        if (platform() !== 'linux') {
+            this.landlockAvailable = false;
+            return false;
+        }
+        // Check for Landlock support
+        const landlockCheck = await isLandlockAvailable();
+        if (landlockCheck.available) {
+            this.landlockAvailable = true;
+            this.landlockVersion = landlockCheck.version ?? 1;
+            return true;
+        }
+        // Fall back to bubblewrap
+        if (await commandExists('bwrap')) {
+            this.useBubblewrap = true;
+            this.landlockAvailable = true;
+            return true;
+        }
+        // Check for firejail as another fallback
+        if (await commandExists('firejail')) {
+            this.useFirejail = true;
+            this.landlockAvailable = true;
+            return true;
+        }
+        this.landlockAvailable = false;
+        return false;
+    }
+    getType() {
+        // Note: 'landlock' is an extended mode not in the base SandboxMode type
+        return 'landlock';
+    }
+    async execute(command, options) {
+        const opts = { ...this.defaults, ...options };
+        // Build the sandboxed command
+        const { program, args } = await this.buildSandboxedCommand(command, opts);
+        return new Promise((resolve) => {
+            const workDir = opts.workingDir ?? process.cwd();
+            const proc = spawn(program, args, {
+                cwd: workDir,
+                env: { ...process.env, ...opts.env },
+                stdio: ['pipe', 'pipe', 'pipe'],
+                shell: false, // Don't use shell to avoid injection
+            });
+            let stdout = '';
+            let stderr = '';
+            let killed = false;
+            let timedOut = false;
+            const timer = setTimeout(() => {
+                timedOut = true;
+                killed = true;
+                proc.kill('SIGKILL');
+            }, opts.timeout);
+            proc.stdout?.on('data', (data) => {
+                stdout += data.toString();
+            });
+            proc.stderr?.on('data', (data) => {
+                stderr += data.toString();
+            });
+            proc.on('close', (code) => {
+                clearTimeout(timer);
+                resolve({
+                    stdout,
+                    stderr,
+                    exitCode: code ?? 1,
+                    killed,
+                    timedOut,
+                });
+            });
+            proc.on('error', (err) => {
+                clearTimeout(timer);
+                resolve({
+                    stdout,
+                    stderr,
+                    exitCode: 1,
+                    killed: false,
+                    timedOut: false,
+                    error: err.message,
+                });
+            });
+        });
+    }
+    /**
+     * Build the sandboxed command.
+     */
+    async buildSandboxedCommand(command, opts) {
+        // Check what isolation method is available
+        if (this.useBubblewrap || await commandExists('bwrap')) {
+            return this.buildBubblewrapCommand(command, opts);
+        }
+        if (this.useFirejail || await commandExists('firejail')) {
+            return this.buildFirejailCommand(command, opts);
+        }
+        // No isolation available - run with ulimit constraints only
+        return this.buildUlimitCommand(command, opts);
+    }
+    /**
+     * Build command using bubblewrap (bwrap).
+     */
+    buildBubblewrapCommand(command, opts) {
+        const args = [];
+        // Create a minimal root filesystem
+        args.push('--ro-bind', '/usr', '/usr');
+        args.push('--ro-bind', '/lib', '/lib');
+        args.push('--ro-bind', '/bin', '/bin');
+        args.push('--ro-bind', '/etc', '/etc');
+        // Try to bind lib64 if it exists
+        args.push('--ro-bind-try', '/lib64', '/lib64');
+        // Add proc and dev
+        args.push('--proc', '/proc');
+        args.push('--dev', '/dev');
+        args.push('--tmpfs', '/tmp');
+        // Add readable paths
+        for (const readPath of opts.readablePaths) {
+            const absPath = resolve(readPath);
+            args.push('--ro-bind', absPath, absPath);
+        }
+        // Add writable paths
+        for (const writePath of opts.writablePaths) {
+            const absPath = resolve(writePath);
+            args.push('--bind', absPath, absPath);
+        }
+        // Network isolation
+        if (!opts.networkAllowed) {
+            args.push('--unshare-net');
+        }
+        // Unshare other namespaces for isolation
+        args.push('--unshare-pid');
+        args.push('--unshare-ipc');
+        // Set working directory
+        args.push('--chdir', opts.workingDir);
+        // Add the command
+        args.push('--');
+        args.push('bash', '-c', command);
+        return { program: 'bwrap', args };
+    }
+    /**
+     * Build command using firejail.
+     */
+    buildFirejailCommand(command, opts) {
+        const args = [];
+        // Private mode for isolation
+        args.push('--private-tmp');
+        args.push('--private-dev');
+        // Network isolation
+        if (!opts.networkAllowed) {
+            args.push('--net=none');
+        }
+        // Whitelist writable paths
+        for (const writePath of opts.writablePaths) {
+            const absPath = resolve(writePath);
+            args.push(`--whitelist=${absPath}`);
+        }
+        // Read-only for other paths
+        for (const readPath of opts.readablePaths) {
+            const absPath = resolve(readPath);
+            if (!opts.writablePaths.includes(readPath)) {
+                args.push(`--read-only=${absPath}`);
+            }
+        }
+        // Resource limits
+        args.push(`--rlimit-as=${opts.maxMemoryMB * 1024 * 1024}`);
+        args.push(`--timeout=${Math.ceil(opts.timeout / 1000)}`);
+        // Add command
+        args.push('--');
+        args.push('bash', '-c', command);
+        return { program: 'firejail', args };
+    }
+    /**
+     * Build command with ulimit constraints (minimal isolation).
+     */
+    buildUlimitCommand(command, opts) {
+        // Use bash to set ulimits before running the command
+        const script = [
+            `ulimit -v $((${opts.maxMemoryMB} * 1024))`,
+            `ulimit -t ${opts.maxCpuSeconds}`,
+            command,
+        ].join(' && ');
+        return { program: 'bash', args: ['-c', script] };
+    }
+    async cleanup() {
+        // No cleanup needed
+    }
+}
+// =============================================================================
+// FACTORY
+// =============================================================================
+/**
+ * Create a Landlock sandbox.
+ */
+export function createLandlockSandbox(options) {
+    return new LandlockSandbox(options ?? {});
+}
+/**
+ * Check if Landlock/Linux isolation is available.
+ */
+export async function checkLandlockSupport() {
+    if (platform() !== 'linux') {
+        return { available: false, method: 'none', details: 'Not Linux' };
+    }
+    // Check native Landlock
+    const landlockCheck = await isLandlockAvailable();
+    if (landlockCheck.available) {
+        return {
+            available: true,
+            method: 'landlock',
+            details: `Native Landlock ABI v${landlockCheck.version}`,
+        };
+    }
+    // Check bubblewrap
+    if (await commandExists('bwrap')) {
+        return { available: true, method: 'bubblewrap', details: 'Using bubblewrap (bwrap)' };
+    }
+    // Check firejail
+    if (await commandExists('firejail')) {
+        return { available: true, method: 'firejail', details: 'Using firejail' };
+    }
+    // Fallback to ulimit only
+    return { available: true, method: 'ulimit', details: 'Using ulimit constraints only (minimal isolation)' };
+}
+//# sourceMappingURL=landlock.js.map

package/dist/src/integrations/sandbox/landlock.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"landlock.js","sourceRoot":"","sources":["../../../../src/integrations/sandbox/landlock.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAkBpC,gFAAgF;AAChF,6BAA6B;AAC7B,gFAAgF;AAEhF;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,OAAe;IAC1C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,QAAQ,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,EAAE;YAC5D,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF;;GAEG;AACH,KAAK,UAAU,mBAAmB;IAChC,gBAAgB;IAChB,IAAI,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACnD,CAAC;IAED,oCAAoC;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,4BAA4B,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;QACrE,CAAC;QAED,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAErC,iCAAiC;QACjC,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC;YAC7C,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,KAAK,IAAI,KAAK,uBAAuB,EAAE,CAAC;QACvF,CAAC;QAED,iCAAiC;QACjC,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC,EAAE,CAAC;YAC/C,WAAW,GAAG,CAAC,CAAC,CAAC,0BAA0B;QAC7C,CAAC;QACD,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YAC7B,WAAW,GAAG,CAAC,CAAC,CAAC,kBAAkB;QACrC,CAAC;QAED,yCAAyC;QACzC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,+BAA+B,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;QACxE,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IACjE,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,OAAO,eAAe;IAClB,QAAQ,CAA2B;IACnC,iBAAiB,GAAmB,IAAI,CAAC;IACzC,eAAe,GAAW,CAAC,CAAC;IAC5B,aAAa,GAAY,KAAK,CAAC;IAC/B,WAAW,GAAY,KAAK,CAAC;IAErC,YAAY,QAAiC;QAC3C,IAAI,CAAC,QAAQ,GAAG;YACd,aAAa,EAAE,QAAQ,CAAC,aAAa,IAAI,CAAC,GAAG,CAAC;YAC9C,aAAa,EAAE,QAAQ,CAAC,aAAa,IAAI,CAAC,GAAG,CAAC;YAC9C,cAAc,EAAE,QAAQ,CAAC,cAAc,IAAI,KAAK;YAChD,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,KAAK;YAClC,UAAU,EAAE,QAAQ,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE;YAChD,GAAG,EAAE,QAAQ,CAAC,GAAG,IAAI,EAAE;YACvB,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,GAAG;YACxC,aAAa,EAAE,QAAQ,CAAC,aAAa,IAAI,EAAE;YAC3C,eAAe,EAAE,QAAQ,CAAC,eAAe,IAAI,EAAE;YAC/C,eAAe,EAAE,QAAQ,CAAC,eAAe,IAAI,EAAE;SAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,IAAI,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,iBAAiB;QACjB,IAAI,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC3B,IAAI,CAAC,iBAAiB,GAAG,KAAK,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,6BAA6B;QAC7B,MAAM,aAAa,GAAG,MAAM,mBAAmB,EAAE,CAAC;QAClD,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;YAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;YAC9B,IAAI,CAAC,eAAe,GAAG,aAAa,CAAC,OAAO,IAAI,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,0BAA0B;QAC1B,IAAI,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yCAAyC;QACzC,IAAI,MAAM,aAAa,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,iBAAiB,GAAG,KAAK,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO;QACL,wEAAwE;QACxE,OAAO,UAAyB,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,OAAiC;QAC9D,MAAM,IAAI,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,GAAG,OAAO,EAAE,CAAC;QAE9C,8BAA8B;QAC9B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAE1E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAEjD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;gBAChC,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE;gBACpC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,KAAK,EAAE,KAAK,EAAE,qCAAqC;aACpD,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,KAAK,CAAC;YACnB,IAAI,QAAQ,GAAG,KAAK,CAAC;YAErB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,QAAQ,GAAG,IAAI,CAAC;gBAChB,MAAM,GAAG,IAAI,CAAC;gBACd,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvB,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YAEjB,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,CAAC;oBACN,MAAM;oBACN,MAAM;oBACN,QAAQ,EAAE,IAAI,IAAI,CAAC;oBACnB,MAAM;oBACN,QAAQ;iBACT,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACvB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,CAAC;oBACN,MAAM;oBACN,MAAM;oBACN,QAAQ,EAAE,CAAC;oBACX,MAAM,EAAE,KAAK;oBACb,QAAQ,EAAE,KAAK;oBACf,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB,CACjC,OAAe,EACf,IAA8B;QAE9B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,aAAa,IAAI,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;YACvD,OAAO,IAAI,CAAC,sBAAsB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,IAAI,MAAM,aAAa,CAAC,UAAU,CAAC,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAClD,CAAC;QAED,4DAA4D;QAC5D,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACK,sBAAsB,CAC5B,OAAe,EACf,IAA8B;QAE9B,MAAM,IAAI,GAAa,EAAE,CAAC;QAE1B,mCAAmC;QACnC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAEvC,iCAAiC;QACjC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAE/C,mBAAmB;QACnB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAE7B,qBAAqB;QACrB,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC3C,CAAC;QAED,qBAAqB;QACrB,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC;QAED,yCAAyC;QACzC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE3B,wBAAwB;QACxB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAEtC,kBAAkB;QAClB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAEjC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACpC,CAAC;IAED;;OAEG;IACK,oBAAoB,CAC1B,OAAe,EACf,IAA8B;QAE9B,MAAM,IAAI,GAAa,EAAE,CAAC;QAE1B,6BAA6B;QAC7B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE3B,oBAAoB;QACpB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC1B,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,eAAe,OAAO,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,4BAA4B;QAC5B,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3C,IAAI,CAAC,IAAI,CAAC,eAAe,OAAO,EAAE,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC,CAAC;QAC3D,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC;QAEzD,cAAc;QACd,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAEjC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,OAAe,EACf,IAA8B;QAE9B,qDAAqD;QACrD,MAAM,MAAM,GAAG;YACb,gBAAgB,IAAI,CAAC,WAAW,WAAW;YAC3C,aAAa,IAAI,CAAC,aAAa,EAAE;YACjC,OAAO;SACR,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEf,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,OAAO;QACX,oBAAoB;IACtB,CAAC;CACF;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAiC;IACrE,OAAO,IAAI,eAAe,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB;IAKxC,IAAI,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IACpE,CAAC;IAED,wBAAwB;IACxB,MAAM,aAAa,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAClD,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;QAC5B,OAAO;YACL,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,wBAAwB,aAAa,CAAC,OAAO,EAAE;SACzD,CAAC;IACJ,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACxF,CAAC;IAED,iBAAiB;IACjB,IAAI,MAAM,aAAa,CAAC,UAAU,CAAC,EAAE,CAAC;QACpC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5E,CAAC;IAED,0BAA0B;IAC1B,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,mDAAmD,EAAE,CAAC;AAC7G,CAAC"}

package/dist/src/integrations/sandbox/seatbelt.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Seatbelt Sandbox (macOS)
+ *
+ * Uses macOS sandbox-exec with Seatbelt profiles to restrict command execution.
+ * Seatbelt is Apple's mandatory access control framework.
+ *
+ * Key features:
+ * - Fine-grained file system access control
+ * - Network access restrictions
+ * - Process spawning limits
+ * - Signal restrictions
+ *
+ * Note: This uses spawn() with explicit shell arguments for the sandboxed execution.
+ * The sandbox itself provides the security layer - we're wrapping shell execution
+ * with OS-level access controls.
+ *
+ * Reference: https://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf
+ */
+import type { Sandbox, SandboxMode, SandboxOptions, ExecResult } from './index.js';
+/**
+ * macOS Seatbelt sandbox implementation.
+ */
+export declare class SeatbeltSandbox implements Sandbox {
+    private options;
+    private available;
+    constructor(options: SandboxOptions);
+    /**
+     * Execute a command inside the Seatbelt sandbox.
+     *
+     * Note: We use spawn with 'bash -c' because the sandbox-exec command
+     * itself provides the security boundary. The command string is passed
+     * to the sandboxed shell, which has restricted access via Seatbelt.
+     */
+    execute(command: string, options?: Partial<SandboxOptions>): Promise<ExecResult>;
+    /**
+     * Check if Seatbelt is available on this system.
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Get sandbox type.
+     */
+    getType(): SandboxMode;
+    /**
+     * Cleanup resources.
+     */
+    cleanup(): Promise<void>;
+    /**
+     * Parse sandbox error from stderr.
+     */
+    private parseSandboxError;
+}
+/**
+ * Strict profile - minimal access for pure computation.
+ */
+export declare const STRICT_PROFILE: SandboxOptions;
+/**
+ * Development profile - allows npm, node, git operations.
+ */
+export declare const DEV_PROFILE: SandboxOptions;
+/**
+ * Build profile - allows compilation but no network.
+ */
+export declare const BUILD_PROFILE: SandboxOptions;
+/**
+ * Test profile - allows test execution with limited write access.
+ */
+export declare const TEST_PROFILE: SandboxOptions;
+//# sourceMappingURL=seatbelt.d.ts.map

package/dist/src/integrations/sandbox/seatbelt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seatbelt.d.ts","sourceRoot":"","sources":["../../../../src/integrations/sandbox/seatbelt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAqHnF;;GAEG;AACH,qBAAa,eAAgB,YAAW,OAAO;IAC7C,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,SAAS,CAAwB;gBAE7B,OAAO,EAAE,cAAc;IAInC;;;;;;OAMG;IACG,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IA2EtF;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAsBrC;;OAEG;IACH,OAAO,IAAI,WAAW;IAItB;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAI9B;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAU1B;AAMD;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,cAO5B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,EAAE,cAOzB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,cAO3B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,cAO1B,CAAC"}