bulkhead-runtime 0.1.0

package/dist/sandbox/manager.js

@@ -0,0 +1,245 @@
+import { spawn } from "node:child_process";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+import * as crypto from "node:crypto";
+import { detectCapabilities, buildUnshareArgs, buildNamespaceFlags } from "./namespace.js";
+import { createCgroupController, cgroupLimitsFromConfig } from "./cgroup.js";
+import { prepareRootfs, buildMountScript } from "./rootfs.js";
+export function createSandboxManager() {
+    let cachedCapabilities = null;
+    return {
+        async capabilities() {
+            if (!cachedCapabilities) {
+                cachedCapabilities = detectCapabilities();
+            }
+            return cachedCapabilities;
+        },
+        async spawn(options) {
+            const caps = await this.capabilities();
+            if (caps.platform === "linux" && caps.hasUnshare) {
+                return spawnLinuxSandbox(options, caps);
+            }
+            return spawnFallbackSandbox(options);
+        },
+    };
+}
+function generateSandboxId() {
+    return `sb_${Date.now()}_${crypto.randomBytes(4).toString("hex")}`;
+}
+async function spawnLinuxSandbox(options, caps) {
+    const sandboxId = generateSandboxId();
+    const config = options.config;
+    const nsFlags = buildNamespaceFlags(caps, config.networkIsolation ?? false);
+    const unshareArgs = buildUnshareArgs(nsFlags);
+    let cgroup = null;
+    if (caps.hasCgroupV2) {
+        const limits = cgroupLimitsFromConfig(config);
+        cgroup = createCgroupController(sandboxId, limits);
+    }
+    let rootfs = null;
+    let wrapperScriptPath = null;
+    if (nsFlags.mount) {
+        rootfs = prepareRootfs({
+            sandboxId,
+            workspaceDir: options.cwd,
+            additionalBinds: config.mountBinds,
+        });
+        const mountScript = buildMountScript(rootfs.rootDir, rootfs.mounts, options.cwd);
+        wrapperScriptPath = writeWrapperScript(sandboxId, mountScript, options);
+    }
+    const sanitizedEnv = {
+        PATH: "/usr/local/bin:/usr/bin:/bin",
+        HOME: "/tmp",
+        NODE_ENV: "production",
+        SANDBOX_ID: sandboxId,
+        ...options.env,
+    };
+    const preserved = preserveKeys(sanitizedEnv, options.protectedKeys);
+    removeCredentialKeys(sanitizedEnv);
+    Object.assign(sanitizedEnv, preserved);
+    let fullArgs;
+    if (wrapperScriptPath) {
+        fullArgs = [...unshareArgs, "/bin/sh", wrapperScriptPath];
+    }
+    else {
+        fullArgs = [...unshareArgs, options.command, ...options.args];
+    }
+    const child = spawn("unshare", fullArgs, {
+        cwd: options.cwd,
+        env: sanitizedEnv,
+        stdio: ["pipe", "pipe", "pipe"],
+    });
+    let spawnError = null;
+    child.on("error", (err) => {
+        spawnError = err;
+    });
+    if (cgroup && child.pid) {
+        cgroup.apply(child.pid);
+    }
+    if (options.onStderr && child.stderr) {
+        child.stderr.on("data", (data) => {
+            options.onStderr(data.toString("utf-8"));
+        });
+    }
+    let timeoutTimer = null;
+    if (config.timeoutMs) {
+        timeoutTimer = setTimeout(() => {
+            child.kill("SIGKILL");
+        }, config.timeoutMs);
+    }
+    const cleanupAll = () => {
+        if (timeoutTimer)
+            clearTimeout(timeoutTimer);
+        cgroup?.cleanup();
+        rootfs?.cleanup();
+        if (wrapperScriptPath)
+            cleanupFile(wrapperScriptPath);
+    };
+    child.on("exit", cleanupAll);
+    return {
+        pid: child.pid ?? -1,
+        stdin: child.stdin,
+        stdout: child.stdout,
+        stderr: child.stderr,
+        kill() {
+            try {
+                child.kill("SIGKILL");
+            }
+            catch { /* already dead */ }
+        },
+        waitForExit() {
+            return new Promise((resolve, reject) => {
+                if (spawnError) {
+                    reject(spawnError);
+                    return;
+                }
+                if (child.exitCode !== null) {
+                    resolve(child.exitCode);
+                    return;
+                }
+                child.on("error", reject);
+                child.on("exit", (code) => { resolve(code ?? 1); });
+            });
+        },
+    };
+}
+async function spawnFallbackSandbox(options) {
+    const sandboxId = generateSandboxId();
+    const sanitizedEnv = {
+        PATH: process.env["PATH"] ?? "/usr/local/bin:/usr/bin:/bin",
+        HOME: process.env["HOME"] ?? "/tmp",
+        NODE_ENV: "production",
+        SANDBOX_ID: sandboxId,
+        ...options.env,
+    };
+    const preserved = preserveKeys(sanitizedEnv, options.protectedKeys);
+    removeCredentialKeys(sanitizedEnv);
+    Object.assign(sanitizedEnv, preserved);
+    const child = spawn(options.command, options.args, {
+        cwd: options.cwd,
+        env: sanitizedEnv,
+        stdio: ["pipe", "pipe", "pipe"],
+    });
+    let spawnError = null;
+    child.on("error", (err) => {
+        spawnError = err;
+    });
+    if (options.onStderr && child.stderr) {
+        child.stderr.on("data", (data) => {
+            options.onStderr(data.toString("utf-8"));
+        });
+    }
+    let timeoutTimer = null;
+    if (options.config.timeoutMs) {
+        timeoutTimer = setTimeout(() => {
+            child.kill("SIGKILL");
+        }, options.config.timeoutMs);
+    }
+    return {
+        pid: child.pid ?? -1,
+        stdin: child.stdin,
+        stdout: child.stdout,
+        stderr: child.stderr,
+        kill() {
+            if (timeoutTimer)
+                clearTimeout(timeoutTimer);
+            try {
+                child.kill("SIGKILL");
+            }
+            catch { /* already dead */ }
+        },
+        waitForExit() {
+            return new Promise((resolve, reject) => {
+                if (spawnError) {
+                    reject(spawnError);
+                    return;
+                }
+                if (child.exitCode !== null) {
+                    resolve(child.exitCode);
+                    return;
+                }
+                child.on("error", reject);
+                child.on("exit", (code) => {
+                    if (timeoutTimer)
+                        clearTimeout(timeoutTimer);
+                    resolve(code ?? 1);
+                });
+            });
+        },
+    };
+}
+function writeWrapperScript(sandboxId, mountScript, options) {
+    const tmpDir = path.join(os.tmpdir(), "openclaw-sandbox");
+    fs.mkdirSync(tmpDir, { recursive: true });
+    const scriptPath = path.join(tmpDir, `${sandboxId}-init.sh`);
+    const escapedArgs = options.args.map((a) => `'${a.replace(/'/g, "'\\''")}'`).join(" ");
+    const script = [
+        "#!/bin/sh",
+        "set -e",
+        "",
+        mountScript,
+        "",
+        `exec ${options.command} ${escapedArgs}`,
+    ].join("\n");
+    fs.writeFileSync(scriptPath, script, { mode: 0o755 });
+    return scriptPath;
+}
+function cleanupFile(filePath) {
+    try {
+        fs.unlinkSync(filePath);
+    }
+    catch {
+        // best effort
+    }
+}
+const CREDENTIAL_KEY_PATTERNS = [
+    /_API_KEY$/,
+    /_SECRET$/,
+    /_TOKEN$/,
+    /_PASSWORD$/,
+    /^AWS_/,
+    /^OPENAI_/,
+    /^ANTHROPIC_/,
+    /^GEMINI_/,
+    /^GOOGLE_/,
+    /^OPENCLAW_CREDENTIAL/,
+];
+export function preserveKeys(env, keys) {
+    if (!keys)
+        return {};
+    const saved = {};
+    for (const key of keys) {
+        if (key in env)
+            saved[key] = env[key];
+    }
+    return saved;
+}
+export function removeCredentialKeys(env) {
+    for (const key of Object.keys(env)) {
+        if (CREDENTIAL_KEY_PATTERNS.some((p) => p.test(key))) {
+            delete env[key];
+        }
+    }
+}
+//# sourceMappingURL=manager.js.map

package/dist/sandbox/manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/sandbox/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAOtC,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC3F,OAAO,EAAE,sBAAsB,EAAE,sBAAsB,EAAyB,MAAM,aAAa,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAuB,MAAM,aAAa,CAAC;AAEnF,MAAM,UAAU,oBAAoB;IAClC,IAAI,kBAAkB,GAA+B,IAAI,CAAC;IAE1D,OAAO;QACL,KAAK,CAAC,YAAY;YAChB,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,kBAAkB,GAAG,kBAAkB,EAAE,CAAC;YAC5C,CAAC;YACD,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,KAAK,CAAC,KAAK,CAAC,OAA4B;YACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAEvC,IAAI,IAAI,CAAC,QAAQ,KAAK,OAAO,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACjD,OAAO,iBAAiB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACrE,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,OAA4B,EAC5B,IAAyB;IAEzB,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAE9B,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAC;IAC5E,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAE9C,IAAI,MAAM,GAA4B,IAAI,CAAC;IAC3C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,GAAG,sBAAsB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,MAAM,GAA0B,IAAI,CAAC;IACzC,IAAI,iBAAiB,GAAkB,IAAI,CAAC;IAE5C,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,GAAG,aAAa,CAAC;YACrB,SAAS;YACT,YAAY,EAAE,OAAO,CAAC,GAAG;YACzB,eAAe,EAAE,MAAM,CAAC,UAAU;SACnC,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACjF,iBAAiB,GAAG,kBAAkB,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,YAAY,GAA2B;QAC3C,IAAI,EAAE,8BAA8B;QACpC,IAAI,EAAE,MAAM;QACZ,QAAQ,EAAE,YAAY;QACtB,UAAU,EAAE,SAAS;QACrB,GAAG,OAAO,CAAC,GAAG;KACf,CAAC;IAEF,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACpE,oBAAoB,CAAC,YAAY,CAAC,CAAC;IACnC,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAEvC,IAAI,QAAkB,CAAC;IACvB,IAAI,iBAAiB,EAAE,CAAC;QACtB,QAAQ,GAAG,CAAC,GAAG,WAAW,EAAE,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,CAAC,GAAG,WAAW,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,EAAE,QAAQ,EAAE;QACvC,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,YAAY;QACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;KAChC,CAAC,CAAC;IAEH,IAAI,UAAU,GAAiB,IAAI,CAAC;IACpC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QACxB,UAAU,GAAG,GAAG,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,IAAI,MAAM,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACrC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvC,OAAO,CAAC,QAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,GAAyC,IAAI,CAAC;IAC9D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;YAC7B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxB,CAAC,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,EAAE;QACtB,IAAI,YAAY;YAAE,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7C,MAAM,EAAE,OAAO,EAAE,CAAC;QAClB,MAAM,EAAE,OAAO,EAAE,CAAC;QAClB,IAAI,iBAAiB;YAAE,WAAW,CAAC,iBAAiB,CAAC,CAAC;IACxD,CAAC,CAAC;IAEF,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAE7B,OAAO;QACL,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;QACpB,KAAK,EAAE,KAAK,CAAC,KAAM;QACnB,MAAM,EAAE,KAAK,CAAC,MAAO;QACrB,MAAM,EAAE,KAAK,CAAC,MAAO;QAErB,IAAI;YACF,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;QAC7D,CAAC;QAED,WAAW;YACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,IAAI,UAAU,EAAE,CAAC;oBAAC,MAAM,CAAC,UAAU,CAAC,CAAC;oBAAC,OAAO;gBAAC,CAAC;gBAC/C,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;oBAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBAAC,OAAO;gBAAC,CAAC;gBACjE,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC1B,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACtD,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,OAA4B;IAE5B,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;IAEtC,MAAM,YAAY,GAA2B;QAC3C,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,8BAA8B;QAC3D,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM;QACnC,QAAQ,EAAE,YAAY;QACtB,UAAU,EAAE,SAAS;QACrB,GAAG,OAAO,CAAC,GAAG;KACf,CAAC;IAEF,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACpE,oBAAoB,CAAC,YAAY,CAAC,CAAC;IACnC,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAEvC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE;QACjD,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,YAAY;QACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;KAChC,CAAC,CAAC;IAEH,IAAI,UAAU,GAAiB,IAAI,CAAC;IACpC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QACxB,UAAU,GAAG,GAAG,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACrC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvC,OAAO,CAAC,QAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,GAAyC,IAAI,CAAC;IAC9D,IAAI,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAC7B,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;YAC7B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxB,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO;QACL,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;QACpB,KAAK,EAAE,KAAK,CAAC,KAAM;QACnB,MAAM,EAAE,KAAK,CAAC,MAAO;QACrB,MAAM,EAAE,KAAK,CAAC,MAAO;QAErB,IAAI;YACF,IAAI,YAAY;gBAAE,YAAY,CAAC,YAAY,CAAC,CAAC;YAC7C,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;QAC7D,CAAC;QAED,WAAW;YACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,IAAI,UAAU,EAAE,CAAC;oBAAC,MAAM,CAAC,UAAU,CAAC,CAAC;oBAAC,OAAO;gBAAC,CAAC;gBAC/C,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;oBAC5B,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBACxB,OAAO;gBACT,CAAC;gBACD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC1B,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;oBACxB,IAAI,YAAY;wBAAE,YAAY,CAAC,YAAY,CAAC,CAAC;oBAC7C,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;gBACrB,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,SAAiB,EACjB,WAAmB,EACnB,OAA4B;IAE5B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAC1D,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,UAAU,CAAC,CAAC;IAE7D,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEvF,MAAM,MAAM,GAAG;QACb,WAAW;QACX,QAAQ;QACR,EAAE;QACF,WAAW;QACX,EAAE;QACF,QAAQ,OAAO,CAAC,OAAO,IAAI,WAAW,EAAE;KACzC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC;AAED,MAAM,uBAAuB,GAAG;IAC9B,WAAW;IACX,UAAU;IACV,SAAS;IACT,YAAY;IACZ,OAAO;IACP,UAAU;IACV,aAAa;IACb,UAAU;IACV,UAAU;IACV,sBAAsB;CACvB,CAAC;AAEF,MAAM,UAAU,YAAY,CAC1B,GAA2B,EAC3B,IAAe;IAEf,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,MAAM,KAAK,GAA2B,EAAE,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,IAAI,GAAG;YAAE,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,GAA2B;IAC9D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrD,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/sandbox/namespace.d.ts

@@ -0,0 +1,12 @@
+import type { SandboxCapabilities } from "./types.js";
+export declare function detectCapabilities(): SandboxCapabilities;
+export interface NamespaceFlags {
+    user: boolean;
+    mount: boolean;
+    pid: boolean;
+    net: boolean;
+    uts: boolean;
+}
+export declare function buildUnshareArgs(flags: NamespaceFlags): string[];
+export declare function buildNamespaceFlags(capabilities: SandboxCapabilities, networkIsolation: boolean): NamespaceFlags;
+//# sourceMappingURL=namespace.d.ts.map

package/dist/sandbox/namespace.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"namespace.d.ts","sourceRoot":"","sources":["../../src/sandbox/namespace.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEtD,wBAAgB,kBAAkB,IAAI,mBAAmB,CA0BxD;AAqED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;CACd;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,EAAE,CAsBhE;AAED,wBAAgB,mBAAmB,CACjC,YAAY,EAAE,mBAAmB,EACjC,gBAAgB,EAAE,OAAO,GACxB,cAAc,CAQhB"}

package/dist/sandbox/namespace.js

@@ -0,0 +1,120 @@
+import { execSync } from "node:child_process";
+import * as fs from "node:fs";
+export function detectCapabilities() {
+    const platform = detectPlatform();
+    if (platform !== "linux") {
+        return {
+            hasUserNamespace: false,
+            hasPidNamespace: false,
+            hasMountNamespace: false,
+            hasNetNamespace: false,
+            hasCgroupV2: false,
+            hasSeccomp: false,
+            hasUnshare: false,
+            platform,
+        };
+    }
+    return {
+        hasUserNamespace: checkUserNamespace(),
+        hasPidNamespace: checkNamespaceSupport("pid"),
+        hasMountNamespace: checkNamespaceSupport("mnt"),
+        hasNetNamespace: checkNamespaceSupport("net"),
+        hasCgroupV2: checkCgroupV2(),
+        hasSeccomp: checkSeccomp(),
+        hasUnshare: checkUnshare(),
+        platform,
+    };
+}
+function detectPlatform() {
+    switch (process.platform) {
+        case "linux":
+            return "linux";
+        case "darwin":
+            return "darwin";
+        default:
+            return "other";
+    }
+}
+function checkUserNamespace() {
+    try {
+        const max = fs
+            .readFileSync("/proc/sys/user/max_user_namespaces", "utf-8")
+            .trim();
+        return parseInt(max, 10) > 0;
+    }
+    catch {
+        return false;
+    }
+}
+function checkNamespaceSupport(ns) {
+    if (!fs.existsSync(`/proc/self/ns/${ns}`))
+        return false;
+    const flagMap = { mnt: "--mount", pid: "--pid", net: "--net" };
+    const flag = flagMap[ns];
+    if (!flag)
+        return false;
+    try {
+        execSync(`unshare --user --map-root-user ${flag} ${ns === "pid" ? "--fork" : ""} -- true`, { stdio: "pipe", timeout: 3000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function checkCgroupV2() {
+    try {
+        const mounts = fs.readFileSync("/proc/mounts", "utf-8");
+        return mounts.includes("cgroup2");
+    }
+    catch {
+        return false;
+    }
+}
+function checkSeccomp() {
+    try {
+        const status = fs.readFileSync("/proc/self/status", "utf-8");
+        return status.includes("Seccomp:");
+    }
+    catch {
+        return false;
+    }
+}
+function checkUnshare() {
+    try {
+        execSync("which unshare", { stdio: "pipe" });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export function buildUnshareArgs(flags) {
+    const args = [];
+    if (flags.user) {
+        args.push("--user", "--map-root-user");
+    }
+    if (flags.mount) {
+        args.push("--mount");
+    }
+    if (flags.pid) {
+        args.push("--pid", "--fork");
+    }
+    if (flags.net) {
+        args.push("--net");
+    }
+    if (flags.uts) {
+        args.push("--uts");
+    }
+    args.push("--");
+    return args;
+}
+export function buildNamespaceFlags(capabilities, networkIsolation) {
+    return {
+        user: capabilities.hasUserNamespace,
+        mount: capabilities.hasMountNamespace,
+        pid: capabilities.hasPidNamespace,
+        net: networkIsolation && capabilities.hasNetNamespace,
+        uts: capabilities.hasUserNamespace,
+    };
+}
+//# sourceMappingURL=namespace.js.map

package/dist/sandbox/namespace.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"namespace.js","sourceRoot":"","sources":["../../src/sandbox/namespace.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAG9B,MAAM,UAAU,kBAAkB;IAChC,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;IAElC,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,eAAe,EAAE,KAAK;YACtB,iBAAiB,EAAE,KAAK;YACxB,eAAe,EAAE,KAAK;YACtB,WAAW,EAAE,KAAK;YAClB,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,KAAK;YACjB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,OAAO;QACL,gBAAgB,EAAE,kBAAkB,EAAE;QACtC,eAAe,EAAE,qBAAqB,CAAC,KAAK,CAAC;QAC7C,iBAAiB,EAAE,qBAAqB,CAAC,KAAK,CAAC;QAC/C,eAAe,EAAE,qBAAqB,CAAC,KAAK,CAAC;QAC7C,WAAW,EAAE,aAAa,EAAE;QAC5B,UAAU,EAAE,YAAY,EAAE;QAC1B,UAAU,EAAE,YAAY,EAAE;QAC1B,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,SAAS,cAAc;IACrB,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzB,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE;aACX,YAAY,CAAC,oCAAoC,EAAE,OAAO,CAAC;aAC3D,IAAI,EAAE,CAAC;QACV,OAAO,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,EAAU;IACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,iBAAiB,EAAE,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IAExD,MAAM,OAAO,GAA2B,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;IACvF,MAAM,IAAI,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAExB,IAAI,CAAC;QACH,QAAQ,CACN,kCAAkC,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,EAChF,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CACjC,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,aAAa;IACpB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,YAAY;IACnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;QAC7D,OAAO,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,YAAY;IACnB,IAAI,CAAC;QACH,QAAQ,CAAC,eAAe,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAUD,MAAM,UAAU,gBAAgB,CAAC,KAAqB;IACpD,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QACf,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IACD,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/B,CAAC;IACD,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrB,CAAC;IACD,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrB,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEhB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,YAAiC,EACjC,gBAAyB;IAEzB,OAAO;QACL,IAAI,EAAE,YAAY,CAAC,gBAAgB;QACnC,KAAK,EAAE,YAAY,CAAC,iBAAiB;QACrC,GAAG,EAAE,YAAY,CAAC,eAAe;QACjC,GAAG,EAAE,gBAAgB,IAAI,YAAY,CAAC,eAAe;QACrD,GAAG,EAAE,YAAY,CAAC,gBAAgB;KACnC,CAAC;AACJ,CAAC"}

package/dist/sandbox/proxy-tools.d.ts

@@ -0,0 +1,14 @@
+import type { IpcPeer } from "./ipc.js";
+interface ProxyToolResult {
+    resultForAssistant: string;
+}
+interface ProxyToolDef {
+    name: string;
+    label: string;
+    description: string;
+    parameters: Record<string, unknown>;
+    execute(toolCallId: string, params: Record<string, unknown>, signal: AbortSignal | undefined, onUpdate: unknown, ctx: unknown): Promise<ProxyToolResult>;
+}
+export declare function createProxyTools(peer: IpcPeer): ProxyToolDef[];
+export {};
+//# sourceMappingURL=proxy-tools.d.ts.map

package/dist/sandbox/proxy-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-tools.d.ts","sourceRoot":"","sources":["../../src/sandbox/proxy-tools.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AAExC,UAAU,eAAe;IACvB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,UAAU,YAAY;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,OAAO,CACL,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,EAAE,WAAW,GAAG,SAAS,EAC/B,QAAQ,EAAE,OAAO,EACjB,GAAG,EAAE,OAAO,GACX,OAAO,CAAC,eAAe,CAAC,CAAC;CAC7B;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,OAAO,GAAG,YAAY,EAAE,CAgE9D"}

package/dist/sandbox/proxy-tools.js

@@ -0,0 +1,63 @@
+export function createProxyTools(peer) {
+    return [
+        {
+            name: "memory_search",
+            label: "Memory Search",
+            description: "Search your memory for relevant information. Returns matching memories ranked by relevance.",
+            parameters: {
+                type: "Object",
+                properties: {
+                    query: { type: "String" },
+                    maxResults: { type: "Number" },
+                },
+                required: ["query"],
+            },
+            async execute(_toolCallId, params, _signal, _onUpdate, _ctx) {
+                const results = await peer.call("memory.search", {
+                    query: params.query,
+                    maxResults: params.maxResults ?? 5,
+                });
+                return { resultForAssistant: JSON.stringify(results, null, 2) };
+            },
+        },
+        {
+            name: "memory_store",
+            label: "Memory Store",
+            description: "Store information in your memory for future reference. Use this to remember important facts.",
+            parameters: {
+                type: "Object",
+                properties: {
+                    content: { type: "String" },
+                },
+                required: ["content"],
+            },
+            async execute(_toolCallId, params, _signal, _onUpdate, _ctx) {
+                const result = await peer.call("memory.store", {
+                    content: params.content,
+                });
+                return { resultForAssistant: JSON.stringify(result) };
+            },
+        },
+        {
+            name: "skill_execute",
+            label: "Execute Skill",
+            description: "Execute an enabled skill. Credentials are injected automatically by the platform.",
+            parameters: {
+                type: "Object",
+                properties: {
+                    skillId: { type: "String" },
+                    params: { type: "Object" },
+                },
+                required: ["skillId"],
+            },
+            async execute(_toolCallId, params, _signal, _onUpdate, _ctx) {
+                const result = await peer.call("skill.execute", {
+                    skillId: params.skillId,
+                    params: params.params,
+                });
+                return { resultForAssistant: JSON.stringify(result) };
+            },
+        },
+    ];
+}
+//# sourceMappingURL=proxy-tools.js.map

package/dist/sandbox/proxy-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-tools.js","sourceRoot":"","sources":["../../src/sandbox/proxy-tools.ts"],"names":[],"mappings":"AAoBA,MAAM,UAAU,gBAAgB,CAAC,IAAa;IAC5C,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,KAAK,EAAE,eAAe;YACtB,WAAW,EACT,6FAA6F;YAC/F,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAC/B;gBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;aACpB;YACD,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI;gBACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;oBAC/C,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC;iBACnC,CAAC,CAAC;gBACH,OAAO,EAAE,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;YAClE,CAAC;SACF;QACD;YACE,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE,cAAc;YACrB,WAAW,EACT,8FAA8F;YAChG,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAC5B;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;YACD,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI;gBACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;oBAC7C,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB,CAAC,CAAC;gBACH,OAAO,EAAE,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,CAAC;SACF;QACD;YACE,IAAI,EAAE,eAAe;YACrB,KAAK,EAAE,eAAe;YACtB,WAAW,EACT,mFAAmF;YACrF,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC3B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAC3B;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;YACD,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI;gBACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;oBAC9C,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;iBACtB,CAAC,CAAC;gBACH,OAAO,EAAE,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/sandbox/rootfs.d.ts

@@ -0,0 +1,15 @@
+import type { MountBind } from "./types.js";
+export interface RootfsOptions {
+    sandboxId: string;
+    workspaceDir: string;
+    nodeExecutable?: string;
+    additionalBinds?: MountBind[];
+}
+export interface PreparedRootfs {
+    rootDir: string;
+    mounts: MountBind[];
+    cleanup(): void;
+}
+export declare function prepareRootfs(options: RootfsOptions): PreparedRootfs;
+export declare function buildMountScript(rootDir: string, mounts: MountBind[], cwd: string): string;
+//# sourceMappingURL=rootfs.d.ts.map

package/dist/sandbox/rootfs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rootfs.d.ts","sourceRoot":"","sources":["../../src/sandbox/rootfs.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,SAAS,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,SAAS,EAAE,CAAC;IACpB,OAAO,IAAI,IAAI,CAAC;CACjB;AAkBD,wBAAgB,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CA0FpE;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAqC1F"}

package/dist/sandbox/rootfs.js

@@ -0,0 +1,163 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+const SYSTEM_READONLY_PATHS = [
+    "/usr",
+    "/lib",
+    "/lib64",
+    "/bin",
+    "/sbin",
+    "/etc/alternatives",
+    "/etc/ssl",
+    "/etc/ca-certificates",
+    "/etc/resolv.conf",
+    "/etc/hosts",
+    "/etc/nsswitch.conf",
+    "/etc/passwd",
+    "/etc/group",
+];
+export function prepareRootfs(options) {
+    const rootDir = path.join(os.tmpdir(), "openclaw-rootfs", options.sandboxId);
+    fs.mkdirSync(rootDir, { recursive: true });
+    const mounts = [];
+    for (const sysPath of SYSTEM_READONLY_PATHS) {
+        if (!fs.existsSync(sysPath))
+            continue;
+        const targetInRoot = path.join(rootDir, sysPath);
+        const stat = safeStat(sysPath);
+        if (stat?.isDirectory()) {
+            fs.mkdirSync(targetInRoot, { recursive: true });
+        }
+        else {
+            fs.mkdirSync(path.dirname(targetInRoot), { recursive: true });
+            safeTouch(targetInRoot);
+        }
+        mounts.push({ source: sysPath, target: targetInRoot, readonly: true });
+    }
+    const nodeExec = options.nodeExecutable ?? process.execPath;
+    const nodeDir = path.dirname(nodeExec);
+    const nodeDirInRoot = path.join(rootDir, nodeDir);
+    fs.mkdirSync(nodeDirInRoot, { recursive: true });
+    mounts.push({ source: nodeDir, target: nodeDirInRoot, readonly: true });
+    const nodeModulesPath = findNodeModules();
+    if (nodeModulesPath) {
+        const nmInRoot = path.join(rootDir, nodeModulesPath);
+        fs.mkdirSync(nmInRoot, { recursive: true });
+        mounts.push({ source: nodeModulesPath, target: nmInRoot, readonly: true });
+    }
+    const wsInRoot = path.join(rootDir, options.workspaceDir);
+    fs.mkdirSync(wsInRoot, { recursive: true });
+    mounts.push({
+        source: options.workspaceDir,
+        target: wsInRoot,
+        readonly: false,
+    });
+    const tmpInRoot = path.join(rootDir, "tmp");
+    fs.mkdirSync(tmpInRoot, { recursive: true });
+    const devDir = path.join(rootDir, "dev");
+    fs.mkdirSync(devDir, { recursive: true });
+    for (const dev of ["null", "zero", "urandom", "random"]) {
+        const devPath = `/dev/${dev}`;
+        if (fs.existsSync(devPath)) {
+            const devInRoot = path.join(rootDir, "dev", dev);
+            safeTouch(devInRoot);
+            mounts.push({ source: devPath, target: devInRoot, readonly: true });
+        }
+    }
+    const procDir = path.join(rootDir, "proc");
+    fs.mkdirSync(procDir, { recursive: true });
+    const oldRootDir = path.join(rootDir, ".old-root");
+    fs.mkdirSync(oldRootDir, { recursive: true });
+    if (options.additionalBinds) {
+        for (const bind of options.additionalBinds) {
+            const targetInRoot = path.join(rootDir, bind.target);
+            const srcStat = safeStat(bind.source);
+            if (srcStat?.isDirectory()) {
+                fs.mkdirSync(targetInRoot, { recursive: true });
+            }
+            else {
+                fs.mkdirSync(path.dirname(targetInRoot), { recursive: true });
+                safeTouch(targetInRoot);
+            }
+            mounts.push({ source: bind.source, target: targetInRoot, readonly: bind.readonly });
+        }
+    }
+    return {
+        rootDir,
+        mounts,
+        cleanup() {
+            try {
+                fs.rmSync(rootDir, { recursive: true, force: true });
+            }
+            catch {
+                // best effort
+            }
+        },
+    };
+}
+export function buildMountScript(rootDir, mounts, cwd) {
+    const lines = [
+        "#!/bin/sh",
+        "set -e",
+        "",
+        `ROOTDIR="${rootDir}"`,
+        "",
+        '# Make rootDir a mount point for pivot_root',
+        'mount --bind "$ROOTDIR" "$ROOTDIR"',
+        "",
+    ];
+    for (const mount of mounts) {
+        if (mount.readonly) {
+            lines.push(`mount --bind "${mount.source}" "${mount.target}"`);
+            lines.push(`mount -o remount,ro,bind "${mount.target}"`);
+        }
+        else {
+            lines.push(`mount --bind "${mount.source}" "${mount.target}"`);
+        }
+    }
+    lines.push("");
+    lines.push("# Mount proc inside the new root");
+    lines.push(`mount -t proc proc "$ROOTDIR/proc" 2>/dev/null || true`);
+    lines.push("");
+    lines.push("# pivot_root: swap root filesystem");
+    lines.push(`cd "$ROOTDIR"`);
+    lines.push('pivot_root . .old-root');
+    lines.push("");
+    lines.push("# Unmount old root - fail-closed: abort if old root stays visible");
+    lines.push("umount -l /.old-root 2>/dev/null");
+    lines.push('if [ -d "/.old-root" ]; then');
+    lines.push('  rmdir /.old-root 2>/dev/null || { echo "FATAL: old root still accessible" >&2; exit 1; }');
+    lines.push("fi");
+    lines.push("");
+    return lines.join("\n");
+}
+function findNodeModules() {
+    let dir = process.cwd();
+    for (let i = 0; i < 10; i++) {
+        const nmPath = path.join(dir, "node_modules");
+        if (fs.existsSync(nmPath))
+            return nmPath;
+        const parent = path.dirname(dir);
+        if (parent === dir)
+            break;
+        dir = parent;
+    }
+    return null;
+}
+function safeStat(p) {
+    try {
+        return fs.statSync(p);
+    }
+    catch {
+        return null;
+    }
+}
+function safeTouch(p) {
+    try {
+        fs.writeFileSync(p, "", { flag: "a" });
+    }
+    catch {
+        // best effort
+    }
+}
+//# sourceMappingURL=rootfs.js.map