bulkhead-runtime 0.1.0

package/dist/platform/platform.js

@@ -0,0 +1,68 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { createWorkspace, validateWorkspaceId, loadWorkspaceConfig, } from "../workspace/workspace.js";
+import { createSkillRegistry } from "../skills/registry.js";
+export function createPlatform(config) {
+    const { stateDir } = config;
+    const skillsDir = config.skillsDir ?? path.join(stateDir, "skills");
+    const workspacesDir = path.join(stateDir, "workspaces");
+    fs.mkdirSync(stateDir, { recursive: true });
+    fs.mkdirSync(skillsDir, { recursive: true });
+    fs.mkdirSync(workspacesDir, { recursive: true });
+    const skills = createSkillRegistry(skillsDir);
+    return {
+        stateDir,
+        skills,
+        async createWorkspace(userId, wsConfig) {
+            validateWorkspaceId(userId);
+            const wsDir = path.join(workspacesDir, userId);
+            if (fs.existsSync(wsDir)) {
+                throw new Error(`Workspace "${userId}" already exists`);
+            }
+            const mergedConfig = { ...wsConfig };
+            return createWorkspace({
+                userId,
+                stateDir,
+                config: mergedConfig,
+                skillRegistry: skills,
+            });
+        },
+        async getWorkspace(userId) {
+            validateWorkspaceId(userId);
+            const wsDir = path.join(workspacesDir, userId);
+            if (!fs.existsSync(wsDir)) {
+                throw new Error(`Workspace "${userId}" does not exist`);
+            }
+            const wsConfig = loadWorkspaceConfig(wsDir);
+            return createWorkspace({
+                userId,
+                stateDir,
+                config: wsConfig,
+                skillRegistry: skills,
+            });
+        },
+        async listWorkspaces() {
+            try {
+                const entries = fs.readdirSync(workspacesDir, { withFileTypes: true });
+                return entries.filter((e) => e.isDirectory()).map((e) => e.name);
+            }
+            catch {
+                return [];
+            }
+        },
+        async deleteWorkspace(userId) {
+            validateWorkspaceId(userId);
+            const wsDir = path.join(workspacesDir, userId);
+            if (!fs.existsSync(wsDir)) {
+                throw new Error(`Workspace "${userId}" does not exist`);
+            }
+            fs.rmSync(wsDir, { recursive: true, force: true });
+        },
+        async workspaceExists(userId) {
+            validateWorkspaceId(userId);
+            const wsDir = path.join(workspacesDir, userId);
+            return fs.existsSync(wsDir);
+        },
+    };
+}
+//# sourceMappingURL=platform.js.map

package/dist/platform/platform.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform.js","sourceRoot":"","sources":["../../src/platform/platform.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACpE,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAExD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,EAAE,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IAE9C,OAAO;QACL,QAAQ;QACR,MAAM;QAEN,KAAK,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ;YACpC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,cAAc,MAAM,kBAAkB,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,YAAY,GAAoB,EAAE,GAAG,QAAQ,EAAE,CAAC;YACtD,OAAO,eAAe,CAAC;gBACrB,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,YAAY;gBACpB,aAAa,EAAE,MAAM;aACtB,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,MAAM;YACvB,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,cAAc,MAAM,kBAAkB,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,QAAQ,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC5C,OAAO,eAAe,CAAC;gBACrB,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,QAAQ;gBAChB,aAAa,EAAE,MAAM;aACtB,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,cAAc;YAClB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;gBACvE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACnE,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,MAAM;YAC1B,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,cAAc,MAAM,kBAAkB,CAAC,CAAC;YAC1D,CAAC;YACD,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,MAAM;YAC1B,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/C,OAAO,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/platform/types.d.ts

@@ -0,0 +1,16 @@
+import type { Workspace, WorkspaceConfig } from "../workspace/types.js";
+import type { SkillRegistry } from "../skills/registry.js";
+export interface PlatformConfig {
+    stateDir: string;
+    skillsDir?: string;
+}
+export interface Platform {
+    readonly stateDir: string;
+    readonly skills: SkillRegistry;
+    createWorkspace(userId: string, config?: Partial<WorkspaceConfig>): Promise<Workspace>;
+    getWorkspace(userId: string): Promise<Workspace>;
+    listWorkspaces(): Promise<string[]>;
+    deleteWorkspace(userId: string): Promise<void>;
+    workspaceExists(userId: string): Promise<boolean>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/platform/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/platform/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAE/B,eAAe,CACb,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,GAChC,OAAO,CAAC,SAAS,CAAC,CAAC;IACtB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACjD,cAAc,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpC,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACnD"}

package/dist/platform/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/platform/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/platform/types.ts"],"names":[],"mappings":""}

package/dist/runtime/agent.d.ts

@@ -0,0 +1,28 @@
+import { type AgentSessionEventListener, type ToolDefinition } from "@mariozechner/pi-coding-agent";
+import { type HookRunner } from "../hooks/index.js";
+import { type SimpleMemoryManager } from "../memory/index.js";
+import { type AgentRuntimeConfig } from "../config/index.js";
+export interface AgentRunOptions {
+    message: string;
+    sessionId?: string;
+    model?: string;
+    provider?: string;
+    apiKey?: string;
+    workspaceDir?: string;
+    systemPrompt?: string;
+    configPath?: string;
+    tools?: ToolDefinition[];
+    onEvent?: AgentSessionEventListener;
+}
+export interface AgentRunResult {
+    response: string;
+    sessionId: string;
+}
+export interface AgentRuntime {
+    run(options: AgentRunOptions): Promise<AgentRunResult>;
+    hooks: HookRunner;
+    memory: SimpleMemoryManager;
+    config: AgentRuntimeConfig;
+}
+export declare function createRuntime(overrides?: Partial<AgentRuntimeConfig>): Promise<AgentRuntime>;
+//# sourceMappingURL=agent.d.ts.map

package/dist/runtime/agent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/runtime/agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,yBAAyB,EAE9B,KAAK,cAAc,EACpB,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAA6B,KAAK,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAOzF,OAAO,EAGL,KAAK,kBAAkB,EACxB,MAAM,oBAAoB,CAAC;AAI5B,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,cAAc,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,yBAAyB,CAAC;CACrC;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACvD,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,MAAM,EAAE,kBAAkB,CAAC;CAC5B;AAED,wBAAsB,aAAa,CACjC,SAAS,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,GACtC,OAAO,CAAC,YAAY,CAAC,CAuHvB"}

package/dist/runtime/agent.js

@@ -0,0 +1,102 @@
+import { createAgentSession, SessionManager, codingTools, } from "@mariozechner/pi-coding-agent";
+import { getModel } from "@mariozechner/pi-ai";
+import { createHookRunner } from "../hooks/index.js";
+import { createSimpleMemoryManager } from "../memory/index.js";
+import { createEmbeddingProvider } from "../memory/embeddings.js";
+import { getOrCreateSession, updateSession, } from "../sessions/index.js";
+import { loadWorkspaceSkills } from "../skills/index.js";
+import { loadConfig, resolveStateDir, } from "../config/index.js";
+import * as path from "node:path";
+import * as fs from "node:fs";
+export async function createRuntime(overrides) {
+    const fileConfig = loadConfig(overrides?.stateDir);
+    const config = { ...fileConfig, ...overrides };
+    const stateDir = resolveStateDir(config);
+    const hooks = createHookRunner();
+    const memoryDir = config.memory?.dir ?? path.join(stateDir, "memory");
+    // Create embedding provider from config if available
+    const embeddingProvider = config.memory?.embeddingProvider
+        ? createEmbeddingProvider(config.memory.embeddingProvider)
+        : undefined;
+    const memory = createSimpleMemoryManager({ dbDir: memoryDir, embeddingProvider });
+    fs.mkdirSync(stateDir, { recursive: true });
+    async function run(options) {
+        const sessionId = options.sessionId ?? `session_${Date.now()}`;
+        const modelId = options.model ?? config.model ?? "claude-sonnet-4-20250514";
+        const provider = (options.provider ?? config.provider ?? "anthropic");
+        const providerEnvKey = `${provider.toUpperCase().replace(/-/g, "_")}_API_KEY`;
+        const apiKey = options.apiKey ?? config.apiKey ?? process.env[providerEnvKey] ?? "";
+        const workspaceDir = options.workspaceDir ?? config.workspaceDir ?? process.cwd();
+        const sessionsDir = path.join(stateDir, "sessions");
+        fs.mkdirSync(sessionsDir, { recursive: true });
+        getOrCreateSession(stateDir, sessionId, { model: modelId });
+        await hooks.run("session_start", { sessionId });
+        await hooks.run("before_agent_start", {
+            sessionId,
+            message: options.message,
+            model: modelId,
+        });
+        let skillsPrompt = "";
+        if (config.skills?.enabled !== false) {
+            try {
+                const snapshot = loadWorkspaceSkills(workspaceDir);
+                skillsPrompt = snapshot.promptText;
+            }
+            catch {
+                // skills loading is optional
+            }
+        }
+        const systemPrompt = [
+            options.systemPrompt ?? config.systemPrompt ?? "",
+            skillsPrompt,
+        ]
+            .filter(Boolean)
+            .join("\n\n");
+        const model = getModel(provider, modelId);
+        // Set API key in environment for the provider
+        if (apiKey) {
+            const envKey = `${provider.toUpperCase().replace(/-/g, "_")}_API_KEY`;
+            process.env[envKey] = apiKey;
+        }
+        const sessionManager = SessionManager.create(workspaceDir, sessionsDir);
+        const sessionOpts = {
+            cwd: workspaceDir,
+            model,
+            tools: [...codingTools],
+            customTools: options.tools,
+            sessionManager,
+        };
+        const { session } = await createAgentSession(sessionOpts);
+        let responseText = "";
+        const unsubscribe = session.subscribe((event) => {
+            options.onEvent?.(event);
+        });
+        try {
+            await session.sendUserMessage(options.message);
+        }
+        finally {
+            unsubscribe();
+        }
+        // Extract text from the last assistant message's content blocks
+        const messages = session.messages;
+        for (let i = messages.length - 1; i >= 0; i--) {
+            const msg = messages[i];
+            if (msg.role === "assistant" && Array.isArray(msg.content)) {
+                responseText = msg.content
+                    .filter((block) => block.type === "text")
+                    .map((block) => block.text ?? "")
+                    .join("");
+                break;
+            }
+        }
+        await hooks.run("after_agent_end", {
+            sessionId,
+            result: responseText,
+        });
+        await hooks.run("session_end", { sessionId });
+        updateSession(stateDir, sessionId, { model: modelId });
+        return { response: responseText, sessionId };
+    }
+    return { run, hooks, memory, config };
+}
+//# sourceMappingURL=agent.js.map

package/dist/runtime/agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.js","sourceRoot":"","sources":["../../src/runtime/agent.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,WAAW,GAKZ,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAmB,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAA4B,MAAM,oBAAoB,CAAC;AACzF,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,aAAa,GACd,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,mBAAmB,EAAsB,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EACL,UAAU,EACV,eAAe,GAEhB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AA2B9B,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,SAAuC;IAEvC,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACnD,MAAM,MAAM,GAAuB,EAAE,GAAG,UAAU,EAAE,GAAG,SAAS,EAAE,CAAC;IACnE,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEtE,qDAAqD;IACrD,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,iBAAiB;QACxD,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC;QAC1D,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,MAAM,GAAG,yBAAyB,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAElF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5C,KAAK,UAAU,GAAG,CAAC,OAAwB;QACzC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,WAAW,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAC/D,MAAM,OAAO,GACX,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,0BAA0B,CAAC;QAC9D,MAAM,QAAQ,GACZ,CAAC,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,IAAI,WAAW,CAE/C,CAAC;QACP,MAAM,cAAc,GAAG,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC;QAC9E,MAAM,MAAM,GACV,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QACvE,MAAM,YAAY,GAChB,OAAO,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAE/D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACpD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/C,kBAAkB,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAE5D,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QAChD,MAAM,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE;YACpC,SAAS;YACT,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,OAAO;SACf,CAAC,CAAC;QAEH,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACrC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAkB,mBAAmB,CAAC,YAAY,CAAC,CAAC;gBAClE,YAAY,GAAG,QAAQ,CAAC,UAAU,CAAC;YACrC,CAAC;YAAC,MAAM,CAAC;gBACP,6BAA6B;YAC/B,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG;YACnB,OAAO,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,IAAI,EAAE;YACjD,YAAY;SACb;aACE,MAAM,CAAC,OAAO,CAAC;aACf,IAAI,CAAC,MAAM,CAAC,CAAC;QAEhB,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAgB,CAAC,CAAC;QAEnD,8CAA8C;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,MAAM,GAAG,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC;YACtE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;QAC/B,CAAC;QAED,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QAExE,MAAM,WAAW,GAA8B;YAC7C,GAAG,EAAE,YAAY;YACjB,KAAK;YACL,KAAK,EAAE,CAAC,GAAG,WAAW,CAAC;YACvB,WAAW,EAAE,OAAO,CAAC,KAAK;YAC1B,cAAc;SACf,CAAC;QAEF,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAE1D,IAAI,YAAY,GAAG,EAAE,CAAC;QAEtB,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,KAAwB,EAAE,EAAE;YACjE,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACjD,CAAC;gBAAS,CAAC;YACT,WAAW,EAAE,CAAC;QAChB,CAAC;QAED,gEAAgE;QAChE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACxB,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3D,YAAY,GAAG,GAAG,CAAC,OAAO;qBACvB,MAAM,CACL,CAAC,KAAuB,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CACnD;qBACA,GAAG,CACF,CAAC,KAAsC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAC7D;qBACA,IAAI,CAAC,EAAE,CAAC,CAAC;gBACZ,MAAM;YACR,CAAC;QACH,CAAC;QAED,MAAM,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,SAAS;YACT,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;QACH,MAAM,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QAE9C,aAAa,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAEvD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACxC,CAAC"}

package/dist/runtime/index.d.ts

@@ -0,0 +1,2 @@
+export { createRuntime, type AgentRuntime, type AgentRunOptions, type AgentRunResult, } from "./agent.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/runtime/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,cAAc,GACpB,MAAM,YAAY,CAAC"}

package/dist/runtime/index.js

@@ -0,0 +1,2 @@
+export { createRuntime, } from "./agent.js";
+//# sourceMappingURL=index.js.map

package/dist/runtime/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,GAId,MAAM,YAAY,CAAC"}

package/dist/sandbox/cgroup.d.ts

@@ -0,0 +1,17 @@
+export interface CgroupLimits {
+    memoryLimitBytes?: number;
+    cpuWeight?: number;
+    pidsMax?: number;
+}
+export interface CgroupController {
+    cgroupPath: string;
+    apply(pid: number): void;
+    cleanup(): void;
+}
+export declare function createCgroupController(sandboxId: string, limits: CgroupLimits): CgroupController;
+export declare function cgroupLimitsFromConfig(config: {
+    memoryLimitMb?: number;
+    cpuWeight?: number;
+    pidsLimit?: number;
+}): CgroupLimits;
+//# sourceMappingURL=cgroup.d.ts.map

package/dist/sandbox/cgroup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cgroup.d.ts","sourceRoot":"","sources":["../../src/sandbox/cgroup.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,YAAY;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,IAAI,IAAI,CAAC;CACjB;AASD,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,YAAY,GACnB,gBAAgB,CAuDlB;AAED,wBAAgB,sBAAsB,CAAC,MAAM,EAAE;IAC7C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,YAAY,CAQf"}

package/dist/sandbox/cgroup.js

@@ -0,0 +1,69 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+const CGROUP_BASE = "/sys/fs/cgroup";
+function findAvailableCgroupPath(name) {
+    const base = path.join(CGROUP_BASE, "openclaw");
+    return path.join(base, name);
+}
+export function createCgroupController(sandboxId, limits) {
+    const cgroupPath = findAvailableCgroupPath(sandboxId);
+    function ensureCgroupDir() {
+        try {
+            fs.mkdirSync(cgroupPath, { recursive: true });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    function writeController(filename, value) {
+        try {
+            fs.writeFileSync(path.join(cgroupPath, filename), value);
+        }
+        catch {
+            // controller may not be available or writable
+        }
+    }
+    return {
+        cgroupPath,
+        apply(pid) {
+            if (!ensureCgroupDir())
+                return;
+            if (limits.memoryLimitBytes !== undefined) {
+                writeController("memory.max", limits.memoryLimitBytes.toString());
+                writeController("memory.swap.max", "0");
+            }
+            if (limits.cpuWeight !== undefined) {
+                const weight = Math.max(1, Math.min(10000, limits.cpuWeight));
+                writeController("cpu.weight", weight.toString());
+            }
+            if (limits.pidsMax !== undefined) {
+                writeController("pids.max", limits.pidsMax.toString());
+            }
+            try {
+                fs.writeFileSync(path.join(cgroupPath, "cgroup.procs"), pid.toString());
+            }
+            catch {
+                // may not have permission to assign process
+            }
+        },
+        cleanup() {
+            try {
+                fs.rmSync(cgroupPath, { recursive: true, force: true });
+            }
+            catch {
+                // best effort cleanup
+            }
+        },
+    };
+}
+export function cgroupLimitsFromConfig(config) {
+    return {
+        memoryLimitBytes: config.memoryLimitMb
+            ? config.memoryLimitMb * 1024 * 1024
+            : undefined,
+        cpuWeight: config.cpuWeight,
+        pidsMax: config.pidsLimit,
+    };
+}
+//# sourceMappingURL=cgroup.js.map

package/dist/sandbox/cgroup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cgroup.js","sourceRoot":"","sources":["../../src/sandbox/cgroup.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAclC,MAAM,WAAW,GAAG,gBAAgB,CAAC;AAErC,SAAS,uBAAuB,CAAC,IAAY;IAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAChD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,SAAiB,EACjB,MAAoB;IAEpB,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAEtD,SAAS,eAAe;QACtB,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,SAAS,eAAe,CAAC,QAAgB,EAAE,KAAa;QACtD,IAAI,CAAC;YACH,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,KAAK,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU;QAEV,KAAK,CAAC,GAAW;YACf,IAAI,CAAC,eAAe,EAAE;gBAAE,OAAO;YAE/B,IAAI,MAAM,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBAC1C,eAAe,CAAC,YAAY,EAAE,MAAM,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAClE,eAAe,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YAC1C,CAAC;YAED,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC9D,eAAe,CAAC,YAAY,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YACnD,CAAC;YAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;gBACjC,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YACzD,CAAC;YAED,IAAI,CAAC;gBACH,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1E,CAAC;YAAC,MAAM,CAAC;gBACP,4CAA4C;YAC9C,CAAC;QACH,CAAC;QAED,OAAO;YACL,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,MAItC;IACC,OAAO;QACL,gBAAgB,EAAE,MAAM,CAAC,aAAa;YACpC,CAAC,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,GAAG,IAAI;YACpC,CAAC,CAAC,SAAS;QACb,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC"}

package/dist/sandbox/index.d.ts

@@ -0,0 +1,11 @@
+export { createSandboxManager, preserveKeys, removeCredentialKeys } from "./manager.js";
+export { createIpcServer, createIpcClient, createIpcPeer, type IpcServer, type IpcClient, type IpcPeer, type IpcHandler } from "./ipc.js";
+export { detectCapabilities, buildUnshareArgs, buildNamespaceFlags } from "./namespace.js";
+export { createCgroupController, cgroupLimitsFromConfig, type CgroupController, type CgroupLimits } from "./cgroup.js";
+export { buildDefaultProfile, buildRestrictedProfile, writeSeccompProfile, cleanupSeccompProfile } from "./seccomp.js";
+export { prepareRootfs, buildMountScript, type PreparedRootfs, type RootfsOptions } from "./rootfs.js";
+export { createProxyTools } from "./proxy-tools.js";
+export type { WorkerConfig } from "./worker.js";
+export type { SandboxConfig, SandboxCapabilities, SandboxManager, SandboxProcess, SandboxSpawnOptions, MountBind, IpcMessage, IpcError, } from "./types.js";
+export { IPC_ERROR_CODES } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/sandbox/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,aAAa,EAAE,KAAK,SAAS,EAAE,KAAK,SAAS,EAAE,KAAK,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAC1I,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC3F,OAAO,EAAE,sBAAsB,EAAE,sBAAsB,EAAE,KAAK,gBAAgB,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACvH,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,KAAK,cAAc,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AACvG,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EACV,aAAa,EACb,mBAAmB,EACnB,cAAc,EACd,cAAc,EACd,mBAAmB,EACnB,SAAS,EACT,UAAU,EACV,QAAQ,GACT,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC"}

package/dist/sandbox/index.js

@@ -0,0 +1,9 @@
+export { createSandboxManager, preserveKeys, removeCredentialKeys } from "./manager.js";
+export { createIpcServer, createIpcClient, createIpcPeer } from "./ipc.js";
+export { detectCapabilities, buildUnshareArgs, buildNamespaceFlags } from "./namespace.js";
+export { createCgroupController, cgroupLimitsFromConfig } from "./cgroup.js";
+export { buildDefaultProfile, buildRestrictedProfile, writeSeccompProfile, cleanupSeccompProfile } from "./seccomp.js";
+export { prepareRootfs, buildMountScript } from "./rootfs.js";
+export { createProxyTools } from "./proxy-tools.js";
+export { IPC_ERROR_CODES } from "./types.js";
+//# sourceMappingURL=index.js.map

package/dist/sandbox/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,aAAa,EAAiE,MAAM,UAAU,CAAC;AAC1I,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC3F,OAAO,EAAE,sBAAsB,EAAE,sBAAsB,EAA4C,MAAM,aAAa,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACvH,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAA2C,MAAM,aAAa,CAAC;AACvG,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAYpD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC"}

package/dist/sandbox/ipc.d.ts

@@ -0,0 +1,23 @@
+import type { Readable, Writable } from "node:stream";
+export interface IpcServer {
+    handle(method: string, handler: IpcHandler): void;
+    start(): void;
+    stop(): void;
+}
+export interface IpcClient {
+    call<T = unknown>(method: string, params?: unknown): Promise<T>;
+    notify(method: string, params?: unknown): void;
+    destroy(): void;
+}
+export interface IpcPeer {
+    handle(method: string, handler: IpcHandler): void;
+    call<T = unknown>(method: string, params?: unknown): Promise<T>;
+    notify(method: string, params?: unknown): void;
+    start(): void;
+    stop(): void;
+}
+export type IpcHandler = (params: unknown) => Promise<unknown>;
+export declare function createIpcPeer(input: Readable, output: Writable): IpcPeer;
+export declare function createIpcServer(input: Readable, output: Writable): IpcServer;
+export declare function createIpcClient(input: Readable, output: Writable): IpcClient;
+//# sourceMappingURL=ipc.d.ts.map

package/dist/sandbox/ipc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ipc.d.ts","sourceRoot":"","sources":["../../src/sandbox/ipc.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAGtD,MAAM,WAAW,SAAS;IACxB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,IAAI,CAAC;IAClD,KAAK,IAAI,IAAI,CAAC;IACd,IAAI,IAAI,IAAI,CAAC;CACd;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,CAAC,GAAG,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAChE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAC/C,OAAO,IAAI,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,IAAI,CAAC;IAClD,IAAI,CAAC,CAAC,GAAG,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAChE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAC/C,KAAK,IAAI,IAAI,CAAC;IACd,IAAI,IAAI,IAAI,CAAC;CACd;AAED,MAAM,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAI/D,wBAAgB,aAAa,CAC3B,KAAK,EAAE,QAAQ,EACf,MAAM,EAAE,QAAQ,GACf,OAAO,CA4HT;AAED,wBAAgB,eAAe,CAC7B,KAAK,EAAE,QAAQ,EACf,MAAM,EAAE,QAAQ,GACf,SAAS,CAOX;AAED,wBAAgB,eAAe,CAC7B,KAAK,EAAE,QAAQ,EACf,MAAM,EAAE,QAAQ,GACf,SAAS,CAQX"}

package/dist/sandbox/ipc.js

@@ -0,0 +1,138 @@
+import { IPC_ERROR_CODES } from "./types.js";
+const DELIMITER = "\n";
+export function createIpcPeer(input, output) {
+    const handlers = new Map();
+    let nextId = 1;
+    let buffer = "";
+    let running = false;
+    const pending = new Map();
+    function onData(chunk) {
+        buffer += chunk.toString("utf-8");
+        processBuffer();
+    }
+    function processBuffer() {
+        let idx;
+        while ((idx = buffer.indexOf(DELIMITER)) !== -1) {
+            const line = buffer.slice(0, idx).trim();
+            buffer = buffer.slice(idx + 1);
+            if (line)
+                dispatch(line);
+        }
+    }
+    function dispatch(line) {
+        let msg;
+        try {
+            msg = JSON.parse(line);
+        }
+        catch {
+            send({ jsonrpc: "2.0", id: 0, error: { code: IPC_ERROR_CODES.PARSE_ERROR, message: "Invalid JSON" } });
+            return;
+        }
+        if (msg.method) {
+            const handler = handlers.get(msg.method);
+            if (!handler) {
+                if (msg.id !== undefined) {
+                    send({
+                        jsonrpc: "2.0",
+                        id: msg.id,
+                        error: { code: IPC_ERROR_CODES.METHOD_NOT_FOUND, message: `Unknown method: ${msg.method}` },
+                    });
+                }
+            }
+            else {
+                executeHandler(msg, handler);
+            }
+        }
+        else if (msg.id !== undefined) {
+            handleResponse(msg);
+        }
+    }
+    async function executeHandler(msg, handler) {
+        try {
+            const result = await handler(msg.params);
+            if (msg.id !== undefined) {
+                send({ jsonrpc: "2.0", id: msg.id, result });
+            }
+        }
+        catch (err) {
+            if (msg.id !== undefined) {
+                send({
+                    jsonrpc: "2.0",
+                    id: msg.id,
+                    error: { code: IPC_ERROR_CODES.INTERNAL_ERROR, message: String(err) },
+                });
+            }
+        }
+    }
+    function handleResponse(msg) {
+        const handler = pending.get(msg.id);
+        if (!handler)
+            return;
+        pending.delete(msg.id);
+        if (msg.error) {
+            handler.reject(new Error(`IPC error ${msg.error.code}: ${msg.error.message}`));
+        }
+        else {
+            handler.resolve(msg.result);
+        }
+    }
+    function send(msg) {
+        const line = JSON.stringify(msg) + DELIMITER;
+        if (output.writableNeedDrain) {
+            setImmediate(() => output.write(line));
+        }
+        else {
+            process.nextTick(() => output.write(line));
+        }
+    }
+    return {
+        handle(method, handler) {
+            handlers.set(method, handler);
+        },
+        call(method, params) {
+            const id = nextId++;
+            send({ jsonrpc: "2.0", id, method, params });
+            return new Promise((resolve, reject) => {
+                pending.set(id, {
+                    resolve: resolve,
+                    reject,
+                });
+            });
+        },
+        notify(method, params) {
+            send({ jsonrpc: "2.0", method, params });
+        },
+        start() {
+            if (running)
+                return;
+            running = true;
+            input.on("data", onData);
+        },
+        stop() {
+            running = false;
+            input.removeListener("data", onData);
+            for (const [, handler] of pending) {
+                handler.reject(new Error("IPC peer stopped"));
+            }
+            pending.clear();
+        },
+    };
+}
+export function createIpcServer(input, output) {
+    const peer = createIpcPeer(input, output);
+    return {
+        handle: peer.handle,
+        start: peer.start,
+        stop: peer.stop,
+    };
+}
+export function createIpcClient(input, output) {
+    const peer = createIpcPeer(input, output);
+    peer.start();
+    return {
+        call: peer.call,
+        notify: peer.notify,
+        destroy: peer.stop,
+    };
+}
+//# sourceMappingURL=ipc.js.map

package/dist/sandbox/ipc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ipc.js","sourceRoot":"","sources":["../../src/sandbox/ipc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAkC,MAAM,YAAY,CAAC;AAwB7E,MAAM,SAAS,GAAG,IAAI,CAAC;AAEvB,MAAM,UAAU,aAAa,CAC3B,KAAe,EACf,MAAgB;IAEhB,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC/C,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,OAAO,GAAG,IAAI,GAAG,EAGpB,CAAC;IAEJ,SAAS,MAAM,CAAC,KAAa;QAC3B,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,aAAa,EAAE,CAAC;IAClB,CAAC;IAED,SAAS,aAAa;QACpB,IAAI,GAAW,CAAC;QAChB,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YAC/B,IAAI,IAAI;gBAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,SAAS,QAAQ,CAAC,IAAY;QAC5B,IAAI,GAAe,CAAC;QACpB,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;YACvG,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACzC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;oBACzB,IAAI,CAAC;wBACH,OAAO,EAAE,KAAK;wBACd,EAAE,EAAE,GAAG,CAAC,EAAE;wBACV,KAAK,EAAE,EAAE,IAAI,EAAE,eAAe,CAAC,gBAAgB,EAAE,OAAO,EAAE,mBAAmB,GAAG,CAAC,MAAM,EAAE,EAAE;qBAC5F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;YAChC,cAAc,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,UAAU,cAAc,CAAC,GAAe,EAAE,OAAmB;QAChE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACzC,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;gBACzB,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,OAAO,EAAE,KAAK;oBACd,EAAE,EAAE,GAAG,CAAC,EAAE;oBACV,KAAK,EAAE,EAAE,IAAI,EAAE,eAAe,CAAC,cAAc,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE;iBACtE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,SAAS,cAAc,CAAC,GAAe;QACrC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAG,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO;YAAE,OAAO;QACrB,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAG,CAAC,CAAC;QAExB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,aAAa,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACjF,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,SAAS,IAAI,CAAC,GAAe;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;QAC7C,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAC7B,YAAY,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,CAAC,MAAM,EAAE,OAAO;YACpB,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,CAAc,MAAc,EAAE,MAAgB;YAChD,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7C,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACxC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE;oBACd,OAAO,EAAE,OAAmC;oBAC5C,MAAM;iBACP,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,MAAc,EAAE,MAAgB;YACrC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,KAAK;YACH,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC;QAED,IAAI;YACF,OAAO,GAAG,KAAK,CAAC;YAChB,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACrC,KAAK,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,OAAO,EAAE,CAAC;gBAClC,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAChD,CAAC;YACD,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,KAAe,EACf,MAAgB;IAEhB,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO;QACL,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,KAAe,EACf,MAAgB;IAEhB,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;IACb,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE,IAAI,CAAC,IAAI;KACnB,CAAC;AACJ,CAAC"}

package/dist/sandbox/manager.d.ts

@@ -0,0 +1,5 @@
+import type { SandboxManager } from "./types.js";
+export declare function createSandboxManager(): SandboxManager;
+export declare function preserveKeys(env: Record<string, string>, keys?: string[]): Record<string, string>;
+export declare function removeCredentialKeys(env: Record<string, string>): void;
+//# sourceMappingURL=manager.d.ts.map

package/dist/sandbox/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/sandbox/manager.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAEV,cAAc,EAGf,MAAM,YAAY,CAAC;AAKpB,wBAAgB,oBAAoB,IAAI,cAAc,CAqBrD;AAkOD,wBAAgB,YAAY,CAC1B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC3B,IAAI,CAAC,EAAE,MAAM,EAAE,GACd,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAOxB;AAED,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAMtE"}