attocode 0.2.3 → 0.2.5

package/dist/src/integrations/safety/safety.js

@@ -0,0 +1,470 @@
+/**
+ * Lesson 23: Safety Integration
+ *
+ * Integrates sandboxing (Lesson 20) and human-in-the-loop (Lesson 21)
+ * into the production agent. Provides execution safety and approval workflows.
+ */
+import { resolve, isAbsolute, dirname } from 'node:path';
+import { realpathSync, existsSync, lstatSync } from 'node:fs';
+import { evaluateBashCommandByProfile, isToolAllowedByProfile, resolvePolicyProfile, } from './policy-engine.js';
+import { stripCdPrefix } from './bash-policy.js';
+import { logger } from '../utilities/logger.js';
+// =============================================================================
+// SANDBOX MANAGER
+// =============================================================================
+/**
+ * Manages sandboxed execution of tools.
+ */
+export class SandboxManager {
+    config;
+    policyEngineConfig;
+    constructor(config, policyEngineConfig) {
+        this.config = config;
+        this.policyEngineConfig = policyEngineConfig || undefined;
+    }
+    /**
+     * Check if a command is allowed.
+     */
+    isCommandAllowed(command) {
+        const { profile } = resolvePolicyProfile({
+            policyEngine: this.policyEngineConfig,
+            sandboxConfig: this.config,
+        });
+        const policyDecision = evaluateBashCommandByProfile(command, profile);
+        if (!policyDecision.allowed) {
+            return { allowed: false, reason: policyDecision.reason };
+        }
+        // Check blocked patterns first
+        for (const blocked of this.config.blockedCommands || []) {
+            if (command.includes(blocked)) {
+                return { allowed: false, reason: `Blocked pattern: ${blocked}` };
+            }
+        }
+        // Check allowed commands
+        const allowedCommands = this.config.allowedCommands || [];
+        const effective = stripCdPrefix(command);
+        const commandBase = effective.split(' ')[0];
+        if (allowedCommands.length > 0 && !allowedCommands.includes(commandBase)) {
+            const suggestions = allowedCommands.slice(0, 10).join(', ');
+            return {
+                allowed: false,
+                reason: `Command '${commandBase}' is not in the sandbox allowlist. Use built-in tools (read_file, write_file, edit_file, glob, grep) instead, or use bash with an allowed command: ${suggestions}...`,
+            };
+        }
+        return { allowed: true };
+    }
+    /**
+     * Check if a path is allowed.
+     * Resolves relative paths against cwd before comparison.
+     * Uses realpath to resolve symlinks and prevent symlink escape attacks.
+     */
+    isPathAllowed(path) {
+        const allowedPaths = this.config.allowedPaths || ['.'];
+        // Resolve the path, handling symlinks for security
+        let resolvedPath;
+        try {
+            const absolutePath = isAbsolute(path) ? path : resolve(process.cwd(), path);
+            // If path exists, use realpath to resolve symlinks
+            if (existsSync(absolutePath)) {
+                resolvedPath = realpathSync(absolutePath);
+            }
+            else {
+                // Special case: broken symlink exists as a link entry but target is missing.
+                // Deny to fail closed and avoid symlink-escape bypasses.
+                try {
+                    const stat = lstatSync(absolutePath);
+                    if (stat.isSymbolicLink()) {
+                        return false;
+                    }
+                }
+                catch {
+                    // No direct entry - continue with parent-directory check.
+                }
+                // Path doesn't exist yet - recursively check that parent is allowed
+                const parentDir = dirname(absolutePath);
+                if (parentDir === absolutePath) {
+                    return false; // Root reached without match
+                }
+                return this.isPathAllowed(parentDir);
+            }
+        }
+        catch {
+            // realpath failed (broken symlink, permission denied, etc.)
+            // Fail closed - deny access
+            return false;
+        }
+        for (const allowed of allowedPaths) {
+            let resolvedAllowed;
+            try {
+                const absoluteAllowed = isAbsolute(allowed) ? allowed : resolve(process.cwd(), allowed);
+                // Use realpath if allowed path exists, otherwise just the absolute path
+                resolvedAllowed = existsSync(absoluteAllowed)
+                    ? realpathSync(absoluteAllowed)
+                    : absoluteAllowed;
+            }
+            catch {
+                continue; // Skip invalid allowed paths
+            }
+            // Check if resolved target is within resolved allowed path
+            if (resolvedPath === resolvedAllowed || resolvedPath.startsWith(resolvedAllowed + '/')) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Get resource limits.
+     */
+    getResourceLimits() {
+        return this.config.resourceLimits || {
+            maxCpuSeconds: 30,
+            maxMemoryMB: 512,
+            maxOutputBytes: 1024 * 1024,
+            timeout: 60000,
+        };
+    }
+    /**
+     * Wrap execution with resource limits.
+     */
+    async executeWithLimits(fn, timeout) {
+        const limits = this.getResourceLimits();
+        const timeoutMs = timeout || limits.timeout;
+        return new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                reject(new Error(`Execution timeout: ${timeoutMs}ms`));
+            }, timeoutMs);
+            fn()
+                .then((result) => {
+                clearTimeout(timer);
+                resolve(result);
+            })
+                .catch((err) => {
+                clearTimeout(timer);
+                reject(err);
+            });
+        });
+    }
+    /**
+     * Validate tool call against sandbox rules.
+     */
+    validateToolCall(toolCall) {
+        const args = toolCall.arguments;
+        const { profile } = resolvePolicyProfile({
+            policyEngine: this.policyEngineConfig,
+            sandboxConfig: this.config,
+        });
+        const toolDecision = isToolAllowedByProfile(toolCall.name, profile);
+        if (!toolDecision.allowed) {
+            return { valid: false, reason: toolDecision.reason };
+        }
+        // Check for command execution tools
+        if (toolCall.name === 'bash' || toolCall.name === 'shell' || toolCall.name === 'execute') {
+            const command = String(args.command || args.cmd || '');
+            const result = this.isCommandAllowed(command);
+            return { valid: result.allowed, reason: result.reason };
+        }
+        // Check for file operation tools
+        if (toolCall.name === 'read_file' || toolCall.name === 'write_file' || toolCall.name === 'edit_file') {
+            const path = String(args.path || args.file || args.file_path || '');
+            if (!this.isPathAllowed(path)) {
+                return { valid: false, reason: `Path not allowed: ${path}` };
+            }
+        }
+        return { valid: true };
+    }
+}
+// =============================================================================
+// HUMAN-IN-LOOP MANAGER
+// =============================================================================
+/**
+ * Manages human approval workflows.
+ */
+export class HumanInLoopManager {
+    config;
+    auditLog = [];
+    pendingApprovals = new Map();
+    approvalScope = null;
+    // Audit log limits to prevent unbounded memory growth
+    maxAuditEntries = 10000;
+    auditTrimSize = 5000; // Keep this many when trimming
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * Set an approval scope for pre-approved operations.
+     * Used by subagents to reduce approval interruptions.
+     */
+    setApprovalScope(scope) {
+        this.approvalScope = scope;
+    }
+    /**
+     * Check if a tool call is pre-approved by the current scope.
+     */
+    isPreApproved(toolCall) {
+        if (!this.approvalScope)
+            return false;
+        const toolName = toolCall.name.toLowerCase();
+        // Check require-approval list first (highest priority) — exact match only
+        if (this.approvalScope.requireApproval?.some(t => toolName === t.toLowerCase())) {
+            return false;
+        }
+        // Check auto-approve list — exact match only
+        if (this.approvalScope.autoApprove?.some(t => toolName === t.toLowerCase())) {
+            return true;
+        }
+        // Check scoped approval (tool + path match)
+        if (this.approvalScope.scopedApprove?.[toolCall.name]) {
+            const scope = this.approvalScope.scopedApprove[toolCall.name];
+            const args = toolCall.arguments;
+            const filePath = String(args.path || args.file_path || '');
+            if (filePath && scope.paths.some(p => {
+                // Directory-aware path matching
+                const dir = p.endsWith('/**') ? p.slice(0, -3) : p;
+                // Ensure directory boundary: "src/" matches "src/foo.ts" but not "src-backup/foo.ts"
+                // If dir already ends with '/', use as-is; otherwise check exact match or '/' boundary
+                if (dir.endsWith('/')) {
+                    return filePath.startsWith(dir);
+                }
+                return filePath === dir || filePath.startsWith(dir + '/');
+            })) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Determine risk level of an action.
+     */
+    assessRisk(toolCall) {
+        const toolName = toolCall.name.toLowerCase();
+        const args = toolCall.arguments;
+        // Check always-approve list (high risk)
+        for (const pattern of this.config.alwaysApprove || []) {
+            if (toolName.includes(pattern.toLowerCase())) {
+                return 'high';
+            }
+        }
+        // Check never-approve list (low risk, auto-approve)
+        for (const pattern of this.config.neverApprove || []) {
+            if (toolName.includes(pattern.toLowerCase())) {
+                return 'low';
+            }
+        }
+        // Internal bookkeeping tools are always low risk regardless of name patterns
+        const internalTools = ['task_create', 'task_update', 'task_get', 'task_list'];
+        if (internalTools.includes(toolName)) {
+            return 'low';
+        }
+        // Heuristic risk assessment
+        const highRiskPatterns = ['delete', 'remove', 'drop', 'truncate', 'wipe', 'destroy'];
+        for (const pattern of highRiskPatterns) {
+            if (toolName.includes(pattern)) {
+                return 'high';
+            }
+        }
+        const moderateRiskPatterns = ['write', 'modify', 'update'];
+        for (const pattern of moderateRiskPatterns) {
+            if (toolName.includes(pattern)) {
+                return 'moderate';
+            }
+        }
+        // Check for destructive arguments
+        const argsStr = JSON.stringify(args).toLowerCase();
+        if (argsStr.includes('--force') || argsStr.includes('-rf') || argsStr.includes('--hard')) {
+            return 'moderate';
+        }
+        return 'low';
+    }
+    /**
+     * Check if action needs approval.
+     */
+    needsApproval(toolCall) {
+        // Check pre-approval scope first (for subagent batched approvals)
+        if (this.isPreApproved(toolCall)) {
+            return false;
+        }
+        const risk = this.assessRisk(toolCall);
+        const threshold = this.config.riskThreshold || 'high';
+        const riskLevels = ['low', 'moderate', 'high'];
+        const riskIndex = riskLevels.indexOf(risk);
+        const thresholdIndex = riskLevels.indexOf(threshold);
+        return riskIndex >= thresholdIndex;
+    }
+    /**
+     * Request approval for an action.
+     */
+    async requestApproval(toolCall, context) {
+        const risk = this.assessRisk(toolCall);
+        // Auto-approve low risk if below threshold
+        if (!this.needsApproval(toolCall)) {
+            this.logAction(toolCall, true, 'auto', risk);
+            return { approved: true, approver: 'auto' };
+        }
+        // Use custom handler if provided
+        if (this.config.approvalHandler) {
+            const approvalRequest = {
+                id: `approval-${Date.now()}`,
+                action: toolCall.name,
+                tool: toolCall.name,
+                args: toolCall.arguments,
+                risk,
+                context,
+            };
+            const response = await this.executeWithTimeout(() => this.config.approvalHandler(approvalRequest), this.config.approvalTimeout || 300000);
+            // Convert ApprovalResponse to ApprovalResult
+            const result = {
+                approved: response.approved,
+                reason: response.reason,
+                modifiedArgs: response.modifiedArgs,
+                approver: 'handler',
+            };
+            this.logAction(toolCall, result.approved, result.approver || 'handler', risk);
+            return result;
+        }
+        // Default: console-based approval
+        return this.consoleApproval(toolCall, context, risk);
+    }
+    /**
+     * Console-based approval (for demos).
+     */
+    async consoleApproval(toolCall, context, risk) {
+        logger.info('Approval required', {
+            tool: toolCall.name,
+            risk: risk.toUpperCase(),
+            arguments: JSON.stringify(toolCall.arguments).slice(0, 47),
+            context: context.slice(0, 47),
+        });
+        // In non-interactive mode, auto-approve for demo
+        logger.debug('Demo mode: Auto-approving');
+        this.logAction(toolCall, true, 'demo', risk);
+        return { approved: true, approver: 'demo' };
+    }
+    /**
+     * Execute with timeout.
+     */
+    async executeWithTimeout(fn, timeout) {
+        return new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                reject(new Error('Approval timeout'));
+            }, timeout);
+            fn()
+                .then((result) => {
+                clearTimeout(timer);
+                resolve(result);
+            })
+                .catch((err) => {
+                clearTimeout(timer);
+                reject(err);
+            });
+        });
+    }
+    /**
+     * Log an action to audit trail.
+     * Trims the log when it exceeds maxAuditEntries to prevent unbounded growth.
+     */
+    logAction(toolCall, approved, approver, risk) {
+        if (!this.config.auditLog)
+            return;
+        const entry = {
+            timestamp: new Date(),
+            action: toolCall.name,
+            args: toolCall.arguments,
+            approved,
+            approver,
+            risk,
+        };
+        this.auditLog.push(entry);
+        // Trim if exceeded max size - keep most recent entries
+        if (this.auditLog.length > this.maxAuditEntries) {
+            this.auditLog = this.auditLog.slice(-this.auditTrimSize);
+        }
+    }
+    /**
+     * Get audit log.
+     */
+    getAuditLog() {
+        return [...this.auditLog];
+    }
+    /**
+     * Get audit summary.
+     */
+    getAuditSummary() {
+        const total = this.auditLog.length;
+        const approved = this.auditLog.filter((e) => e.approved).length;
+        const denied = total - approved;
+        const byRisk = {
+            low: this.auditLog.filter((e) => e.risk === 'low').length,
+            medium: this.auditLog.filter((e) => e.risk === 'moderate').length,
+            high: this.auditLog.filter((e) => e.risk === 'high').length,
+        };
+        return { total, approved, denied, byRisk };
+    }
+    /**
+     * Clear audit log.
+     */
+    clearAuditLog() {
+        this.auditLog = [];
+    }
+}
+// =============================================================================
+// COMBINED SAFETY MANAGER
+// =============================================================================
+/**
+ * Combined safety manager for the production agent.
+ */
+export class SafetyManager {
+    sandbox = null;
+    humanInLoop = null;
+    constructor(sandboxConfig, hilConfig, policyEngineConfig) {
+        if (sandboxConfig && sandboxConfig.enabled !== false) {
+            this.sandbox = new SandboxManager(sandboxConfig, policyEngineConfig);
+        }
+        if (hilConfig && hilConfig.enabled !== false) {
+            this.humanInLoop = new HumanInLoopManager(hilConfig);
+        }
+    }
+    /**
+     * Validate a tool call against all safety rules.
+     */
+    async validateAndApprove(toolCall, context, options) {
+        // Sandbox validation
+        if (this.sandbox) {
+            const validation = this.sandbox.validateToolCall(toolCall);
+            if (!validation.valid) {
+                return { allowed: false, reason: validation.reason };
+            }
+        }
+        // Human-in-loop approval
+        if (this.humanInLoop) {
+            if (!options?.skipHumanApproval && this.humanInLoop.needsApproval(toolCall)) {
+                const result = await this.humanInLoop.requestApproval(toolCall, context);
+                if (!result.approved) {
+                    return { allowed: false, reason: `Denied by ${result.approver}` };
+                }
+            }
+        }
+        return { allowed: true };
+    }
+    /**
+     * Execute a tool call with safety wrapping.
+     */
+    async executeWithSafety(fn, toolCall, context) {
+        // Validate first
+        const validation = await this.validateAndApprove(toolCall, context);
+        if (!validation.allowed) {
+            throw new Error(`Tool call blocked: ${validation.reason}`);
+        }
+        // Execute with sandbox limits if enabled
+        if (this.sandbox) {
+            return this.sandbox.executeWithLimits(fn);
+        }
+        return fn();
+    }
+}
+// =============================================================================
+// FACTORY
+// =============================================================================
+export function createSafetyManager(sandboxConfig, hilConfig, policyEngineConfig) {
+    return new SafetyManager(sandboxConfig, hilConfig, policyEngineConfig);
+}
+//# sourceMappingURL=safety.js.map

package/dist/src/integrations/safety/safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety.js","sourceRoot":"","sources":["../../../../src/integrations/safety/safety.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAS9D,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAEhD,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,OAAO,cAAc;IACjB,MAAM,CAAgB;IACtB,kBAAkB,CAAsB;IAEhD,YAAY,MAAqB,EAAE,kBAA+C;QAChF,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,IAAI,SAAS,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,OAAe;QAC9B,MAAM,EAAE,OAAO,EAAE,GAAG,oBAAoB,CAAC;YACvC,YAAY,EAAE,IAAI,CAAC,kBAAkB;YACrC,aAAa,EAAE,IAAI,CAAC,MAAM;SAC3B,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,4BAA4B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACtE,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC5B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,MAAM,EAAE,CAAC;QAC3D,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,EAAE,CAAC;YACxD,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,OAAO,EAAE,EAAE,CAAC;YACnE,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAE5C,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACzE,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,YAAY,WAAW,sJAAsJ,WAAW,KAAK;aACtM,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,IAAY;QACxB,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,GAAG,CAAC,CAAC;QAEvD,mDAAmD;QACnD,IAAI,YAAoB,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,CAAC;YAE5E,mDAAmD;YACnD,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC7B,YAAY,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,6EAA6E;gBAC7E,yDAAyD;gBACzD,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;oBACrC,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;wBAC1B,OAAO,KAAK,CAAC;oBACf,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0DAA0D;gBAC5D,CAAC;gBAED,oEAAoE;gBACpE,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;gBACxC,IAAI,SAAS,KAAK,YAAY,EAAE,CAAC;oBAC/B,OAAO,KAAK,CAAC,CAAC,6BAA6B;gBAC7C,CAAC;gBACD,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,4DAA4D;YAC5D,4BAA4B;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,IAAI,eAAuB,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;gBACxF,wEAAwE;gBACxE,eAAe,GAAG,UAAU,CAAC,eAAe,CAAC;oBAC3C,CAAC,CAAC,YAAY,CAAC,eAAe,CAAC;oBAC/B,CAAC,CAAC,eAAe,CAAC;YACtB,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,CAAC,6BAA6B;YACzC,CAAC;YAED,2DAA2D;YAC3D,IAAI,YAAY,KAAK,eAAe,IAAI,YAAY,CAAC,UAAU,CAAC,eAAe,GAAG,GAAG,CAAC,EAAE,CAAC;gBACvF,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI;YACnC,aAAa,EAAE,EAAE;YACjB,WAAW,EAAE,GAAG;YAChB,cAAc,EAAE,IAAI,GAAG,IAAI;YAC3B,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,EAAoB,EACpB,OAAgB;QAEhB,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC;QAE5C,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACxC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,SAAS,IAAI,CAAC,CAAC,CAAC;YACzD,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,EAAE,EAAE;iBACD,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,QAAkB;QACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAoC,CAAC;QAC3D,MAAM,EAAE,OAAO,EAAE,GAAG,oBAAoB,CAAC;YACvC,YAAY,EAAE,IAAI,CAAC,kBAAkB;YACrC,aAAa,EAAE,IAAI,CAAC,MAAM;SAC3B,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,sBAAsB,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;QACvD,CAAC;QAED,oCAAoC;QACpC,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACzF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;YACvD,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC9C,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;QAC1D,CAAC;QAED,iCAAiC;QACjC,IAAI,QAAQ,CAAC,IAAI,KAAK,WAAW,IAAI,QAAQ,CAAC,IAAI,KAAK,YAAY,IAAI,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACrG,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;YACpE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,IAAI,EAAE,EAAE,CAAC;YAC/D,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;CACF;AAED,gFAAgF;AAChF,wBAAwB;AACxB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,OAAO,kBAAkB;IACrB,MAAM,CAAoB;IAC1B,QAAQ,GAAiB,EAAE,CAAC;IAC5B,gBAAgB,GAAiC,IAAI,GAAG,EAAE,CAAC;IAC3D,aAAa,GAAyB,IAAI,CAAC;IAEnD,sDAAsD;IACrC,eAAe,GAAG,KAAK,CAAC;IACxB,aAAa,GAAG,IAAI,CAAC,CAAC,+BAA+B;IAEtE,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,gBAAgB,CAAC,KAAoB;QACnC,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,QAAkB;QACtC,IAAI,CAAC,IAAI,CAAC,aAAa;YAAE,OAAO,KAAK,CAAC;QAEtC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QAE7C,0EAA0E;QAC1E,IAAI,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAChF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,6CAA6C;QAC7C,IAAI,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC5E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,4CAA4C;QAC5C,IAAI,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9D,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAoC,CAAC;YAC3D,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;YAE3D,IAAI,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBACnC,gCAAgC;gBAChC,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACnD,qFAAqF;gBACrF,uFAAuF;gBACvF,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,OAAO,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;gBAClC,CAAC;gBACD,OAAO,QAAQ,KAAK,GAAG,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;YAC5D,CAAC,CAAC,EAAE,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,QAAkB;QAC3B,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAoC,CAAC;QAE3D,wCAAwC;QACxC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,EAAE,CAAC;YACtD,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC7C,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;YACrD,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC7C,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,MAAM,aAAa,GAAG,CAAC,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QAC9E,IAAI,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,4BAA4B;QAC5B,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QACrF,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,MAAM,oBAAoB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC3D,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;YAC3C,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,OAAO,UAAU,CAAC;YACpB,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzF,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAkB;QAC9B,kEAAkE;QAClE,IAAI,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC;QAEtD,MAAM,UAAU,GAAgB,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAErD,OAAO,SAAS,IAAI,cAAc,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,QAAkB,EAClB,OAAe;QAEf,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAEvC,2CAA2C;QAC3C,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YAC7C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAC9C,CAAC;QAED,iCAAiC;QACjC,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAChC,MAAM,eAAe,GAAoB;gBACvC,EAAE,EAAE,YAAY,IAAI,CAAC,GAAG,EAAE,EAAE;gBAC5B,MAAM,EAAE,QAAQ,CAAC,IAAI;gBACrB,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,IAAI,EAAE,QAAQ,CAAC,SAAS;gBACxB,IAAI;gBACJ,OAAO;aACR,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC5C,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,eAAgB,CAAC,eAAe,CAAC,EACnD,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,MAAM,CACtC,CAAC;YAEF,6CAA6C;YAC7C,MAAM,MAAM,GAAmB;gBAC7B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,YAAY,EAAE,QAAQ,CAAC,YAAY;gBACnC,QAAQ,EAAE,SAAS;aACpB,CAAC;YAEF,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS,EAAE,IAAI,CAAC,CAAC;YAC9E,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,kCAAkC;QAClC,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAC3B,QAAkB,EAClB,OAAe,EACf,IAAe;QAEf,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE;YAC/B,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE;YACxB,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC1D,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SAC9B,CAAC,CAAC;QAEH,iDAAiD;QACjD,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC1C,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,EAAoB,EACpB,OAAe;QAEf,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACxC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,MAAM,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;YACxC,CAAC,EAAE,OAAO,CAAC,CAAC;YAEZ,EAAE,EAAE;iBACD,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,SAAS,CACf,QAAkB,EAClB,QAAiB,EACjB,QAAgB,EAChB,IAAe;QAEf,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ;YAAE,OAAO;QAElC,MAAM,KAAK,GAAe;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,MAAM,EAAE,QAAQ,CAAC,IAAI;YACrB,IAAI,EAAE,QAAQ,CAAC,SAAS;YACxB,QAAQ;YACR,QAAQ;YACR,IAAI;SACL,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAE1B,uDAAuD;QACvD,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAChD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;QAChE,MAAM,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC;QAChC,MAAM,MAAM,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,MAAM;YACzD,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,MAAM;YACjE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,MAAM;SAC5D,CAAC;QAEF,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,aAAa;QACX,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;IACrB,CAAC;CACF;AAED,gFAAgF;AAChF,0BAA0B;AAC1B,gFAAgF;AAEhF;;GAEG;AACH,MAAM,OAAO,aAAa;IACjB,OAAO,GAA0B,IAAI,CAAC;IACtC,WAAW,GAA8B,IAAI,CAAC;IAErD,YACE,aAAoC,EACpC,SAAoC,EACpC,kBAA+C;QAE/C,IAAI,aAAa,IAAI,aAAa,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YACrD,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,SAAS,IAAI,SAAS,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YAC7C,IAAI,CAAC,WAAW,GAAG,IAAI,kBAAkB,CAAC,SAAS,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACtB,QAAkB,EAClB,OAAe,EACf,OAAyC;QAEzC,qBAAqB;QACrB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC3D,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC;YACvD,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,EAAE,iBAAiB,IAAI,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACzE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACrB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,EAAoB,EACpB,QAAkB,EAClB,OAAe;QAEf,iBAAiB;QACjB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACpE,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,sBAAsB,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,OAAO,EAAE,EAAE,CAAC;IACd,CAAC;CACF;AAmED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF,MAAM,UAAU,mBAAmB,CACjC,aAAoC,EACpC,SAAoC,EACpC,kBAA+C;IAE/C,OAAO,IAAI,aAAa,CAAC,aAAa,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;AACzE,CAAC"}

package/dist/src/integrations/safety/sandbox/basic.d.ts

@@ -0,0 +1,81 @@
+/**
+ * Basic Sandbox (Fallback)
+ *
+ * A simple allowlist/blocklist-based sandbox that works everywhere.
+ * Does not provide true isolation but validates commands before execution.
+ *
+ * Features:
+ * - Command allowlist validation
+ * - Dangerous pattern blocking
+ * - Path validation
+ * - Timeout enforcement
+ *
+ * Note: This is NOT a security sandbox - it's a best-effort validation
+ * layer for environments where proper sandboxing isn't available.
+ */
+import type { Sandbox, SandboxMode, SandboxOptions, ExecResult } from './index.js';
+/**
+ * Legacy compatibility shim used by older call sites/tests.
+ */
+export declare function detectFileCreationViaBash(command: string): {
+    detected: boolean;
+    reason?: string;
+};
+/**
+ * Basic allowlist-based sandbox.
+ */
+export declare class BasicSandbox implements Sandbox {
+    private options;
+    constructor(options: SandboxOptions);
+    /**
+     * Execute a command with validation.
+     */
+    execute(command: string, options?: Partial<SandboxOptions>): Promise<ExecResult>;
+    /**
+     * Validate a command against allowlist and blocklist.
+     */
+    validateCommand(command: string, options: SandboxOptions): {
+        allowed: boolean;
+        reason?: string;
+    };
+    /**
+     * Extract the base command from a command string.
+     */
+    private extractBaseCommand;
+    /**
+     * Validate path access in command.
+     */
+    private validatePaths;
+    /**
+     * Check if a path is in the writable list.
+     */
+    private isPathWritable;
+    /**
+     * Always available.
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Get sandbox type.
+     */
+    getType(): SandboxMode;
+    /**
+     * Cleanup resources.
+     */
+    cleanup(): Promise<void>;
+}
+/**
+ * Check if a command is safe to execute (static validation).
+ */
+export declare function isCommandSafe(command: string): {
+    safe: boolean;
+    reason?: string;
+};
+/**
+ * Sanitize a command argument for safe shell use.
+ */
+export declare function sanitizeArgument(arg: string): string;
+/**
+ * Build a safe command string from parts.
+ */
+export declare function buildSafeCommand(command: string, args: string[]): string;
+//# sourceMappingURL=basic.d.ts.map

package/dist/src/integrations/safety/sandbox/basic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"basic.d.ts","sourceRoot":"","sources":["../../../../../src/integrations/safety/sandbox/basic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AA+DnF;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAWjG;AAMD;;GAEG;AACH,qBAAa,YAAa,YAAW,OAAO;IAC1C,OAAO,CAAC,OAAO,CAAiB;gBAEpB,OAAO,EAAE,cAAc;IAInC;;OAEG;IACG,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IAyEtF;;OAEG;IACH,eAAe,CACb,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,cAAc,GACtB;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAuDxC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAoB1B;;OAEG;IACH,OAAO,CAAC,aAAa;IA2BrB;;OAEG;IACH,OAAO,CAAC,cAAc;IA+BtB;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAIrC;;OAEG;IACH,OAAO,IAAI,WAAW;IAItB;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B;AAMD;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAgBjF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAGpD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAUxE"}