daycare-cli 2026.2.26 → 2026.2.27

package/dist/plugins/shell/tool.js

@@ -1,25 +1,10 @@
-import { promises as fs } from "node:fs";
-import os from "node:os";
 import path from "node:path";
 import { Type } from "@sinclair/typebox";
 import { toolExecutionResultOutcomeWithTyped, toolMessageTextExtract } from "../../engine/modules/tools/toolReturnOutcome.js";
-import { resolveWorkspacePath } from "../../engine/permissions.js";
-import { isWithinSecure, openSecure } from "../../sandbox/pathResolveSecure.js";
-import { runInSandbox } from "../../sandbox/runtime.js";
-import { sandboxAllowedDomainsResolve } from "../../sandbox/sandboxAllowedDomainsResolve.js";
-import { sandboxAllowedDomainsValidate } from "../../sandbox/sandboxAllowedDomainsValidate.js";
-import { sandboxCanRead } from "../../sandbox/sandboxCanRead.js";
-import { sandboxCanWrite } from "../../sandbox/sandboxCanWrite.js";
-import { sandboxFilesystemPolicyBuild } from "../../sandbox/sandboxFilesystemPolicyBuild.js";
-import { envNormalize } from "../../util/envNormalize.js";
 import { stringTruncateTail } from "../../utils/stringTruncateTail.js";
 const READ_MAX_LINES = 2000;
 const READ_MAX_BYTES = 50 * 1024;
-const MAX_EXEC_BUFFER = 1_000_000;
 const MAX_EXEC_STREAM_OUTPUT_CHARS = 8_000;
-const DEFAULT_EXEC_TIMEOUT = 30_000;
-const UNICODE_SPACES = /[\u00A0\u2000-\u200A\u202F\u205F\u3000]/g;
-const NARROW_NO_BREAK_SPACE = "\u202F";
 const editItemSchema = Type.Object({
     search: Type.String({ minLength: 1 }),
     replace: Type.String(),
@@ -45,7 +30,6 @@ const execSchema = Type.Object({
     cwd: Type.Optional(Type.String({ minLength: 1 })),
     timeoutMs: Type.Optional(Type.Number({ minimum: 100, maximum: 300_000 })),
     env: Type.Optional(envSchema),
-    home: Type.Optional(Type.String({ minLength: 1 })),
     packageManagers: Type.Optional(Type.Array(Type.Union([
         Type.Literal("dart"),
         Type.Literal("dotnet"),
@@ -86,13 +70,38 @@ export function buildWorkspaceReadTool() {
         returns: shellReturns,
         execute: async (args, toolContext, toolCall) => {
             const payload = args;
-            const workingDir = toolContext.permissions.workingDir;
-            if (!workingDir) {
-                throw new Error("Workspace is not configured.");
+            const readResult = await toolContext.sandbox.read({
+                path: payload.path,
+                offset: payload.offset,
+                limit: payload.limit
+            });
+            if (readResult.type === "image") {
+                const text = `Read image file: ${readResult.displayPath} [${readResult.mimeType}]`;
+                const toolMessage = buildToolMessage(toolCall, text, false, {
+                    action: "read",
+                    path: readResult.displayPath,
+                    bytes: readResult.bytes,
+                    mimeType: readResult.mimeType
+                });
+                toolMessage.content = [
+                    { type: "text", text },
+                    { type: "image", data: readResult.content.toString("base64"), mimeType: readResult.mimeType }
+                ];
+                return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "read"));
             }
-            const targetPath = await resolveReadInputPath(payload.path, workingDir);
-            const resolved = await resolveReadPathSecure(toolContext.permissions, targetPath);
-            return handleReadSecure(resolved, payload.path, payload.offset, payload.limit, workingDir, toolCall);
+            if (readResult.type !== "text") {
+                throw new Error("Path is not a text or image file.");
+            }
+            const toolMessage = buildToolMessage(toolCall, readResult.content, false, {
+                action: "read",
+                path: readResult.displayPath,
+                bytes: readResult.bytes,
+                truncated: readResult.truncated,
+                truncatedBy: readResult.truncatedBy,
+                offset: payload.offset ?? null,
+                limit: payload.limit ?? null
+            });
+            return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "read"));
         }
     };
 }
@@ -106,13 +115,19 @@ export function buildWorkspaceWriteTool() {
         returns: shellReturns,
         execute: async (args, toolContext, toolCall) => {
             const payload = args;
-            const workingDir = toolContext.permissions.workingDir;
-            if (!workingDir) {
-                throw new Error("Workspace is not configured.");
-            }
-            ensureAbsolutePath(payload.path);
-            const resolved = await resolveWritePathSecure(toolContext.permissions, payload.path);
-            return handleWriteSecure(resolved, payload.content, payload.append ?? false, workingDir, toolCall);
+            const writeResult = await toolContext.sandbox.write({
+                path: payload.path,
+                content: payload.content,
+                append: payload.append ?? false
+            });
+            const text = `${payload.append ? "Appended" : "Wrote"} ${writeResult.bytes} bytes to ${writeResult.sandboxPath}.`;
+            const toolMessage = buildToolMessage(toolCall, text, false, {
+                action: "write",
+                path: writeResult.sandboxPath,
+                bytes: writeResult.bytes,
+                append: payload.append ?? false
+            });
+            return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "write"));
         }
     };
 }
@@ -126,13 +141,33 @@ export function buildWorkspaceEditTool() {
         returns: shellReturns,
         execute: async (args, toolContext, toolCall) => {
             const payload = args;
-            const workingDir = toolContext.permissions.workingDir;
-            if (!workingDir) {
-                throw new Error("Workspace is not configured.");
-            }
             ensureAbsolutePath(payload.path);
-            const resolved = await resolveWritePathSecure(toolContext.permissions, payload.path);
-            return handleEditSecure(resolved, payload.edits, workingDir, toolCall);
+            const readResult = await toolContext.sandbox.read({ path: payload.path, raw: true });
+            if (readResult.type !== "text") {
+                throw new Error("Path is not a text file.");
+            }
+            let updated = readResult.content;
+            const counts = [];
+            for (const edit of payload.edits) {
+                const { next, count } = applyEdit(updated, edit);
+                if (count === 0) {
+                    const preview = edit.search.length > 80 ? `${edit.search.slice(0, 77)}...` : edit.search;
+                    throw new Error(`Edit not applied: "${preview}" not found.`);
+                }
+                counts.push(count);
+                updated = next;
+            }
+            await toolContext.sandbox.write({ path: payload.path, content: updated });
+            const summary = counts
+                .map((count, index) => `edit ${index + 1}: ${count} replacement${count === 1 ? "" : "s"}`)
+                .join(", ");
+            const text = `Updated ${readResult.displayPath} (${summary}).`;
+            const toolMessage = buildToolMessage(toolCall, text, false, {
+                action: "edit",
+                path: readResult.displayPath,
+                edits: counts
+            });
+            return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "edit"));
         }
     };
 }
@@ -140,230 +175,34 @@ export function buildExecTool() {
     return {
         tool: {
             name: "exec",
-            description: "Execute a shell command inside the agent workspace (or a subdirectory). The cwd, if provided, must be an absolute path that resolves inside the workspace. Exec uses the caller's granted write directories and global read access with a protected deny-list. Optional home (absolute path within allowed write directories) remaps HOME and related env vars for sandboxed execution. Optional packageManagers language presets auto-allow ecosystem hosts (dart/dotnet/go/java/node/php/python/ruby/rust). Optional allowedDomains enables outbound access to specific domains (supports subdomain wildcards like *.example.com, no global wildcard). Returns stdout/stderr and failure details.",
+            description: "Execute a shell command inside the agent workspace (or a subdirectory). The cwd, if provided, must resolve inside the workspace. Exec uses the caller's granted write directories and global read access with a protected deny-list. Optional packageManagers language presets auto-allow ecosystem hosts (dart/dotnet/go/java/node/php/python/ruby/rust). Optional allowedDomains enables outbound access to specific domains (supports subdomain wildcards like *.example.com, no global wildcard). Returns stdout/stderr and failure details.",
             parameters: execSchema
         },
         returns: shellReturns,
         execute: async (args, toolContext, toolCall) => {
             const payload = args;
-            const workingDir = toolContext.permissions.workingDir;
-            if (!workingDir) {
-                throw new Error("Workspace is not configured.");
-            }
-            const permissions = resolveExecPermissions(toolContext.permissions);
-            if (payload.cwd) {
-                ensureAbsolutePath(payload.cwd);
-            }
-            if (payload.home) {
-                ensureAbsolutePath(payload.home);
-            }
-            const cwd = payload.cwd ? resolveWorkspacePath(workingDir, payload.cwd) : workingDir;
-            const home = payload.home ? await resolveWritePathSecure(permissions, payload.home) : undefined;
-            const allowedDomains = sandboxAllowedDomainsResolve(payload.allowedDomains, payload.packageManagers);
-            const domainIssues = sandboxAllowedDomainsValidate(allowedDomains);
-            if (domainIssues.length > 0) {
-                throw new Error(domainIssues.join(" "));
-            }
-            const envOverrides = envNormalize(payload.env);
-            const env = envOverrides ? { ...process.env, ...envOverrides } : process.env;
-            const timeout = payload.timeoutMs ?? DEFAULT_EXEC_TIMEOUT;
-            const sandboxConfig = buildSandboxConfig(permissions, allowedDomains);
-            try {
-                const result = await runInSandbox(payload.command, sandboxConfig, {
-                    cwd,
-                    env,
-                    home,
-                    timeoutMs: timeout,
-                    maxBufferBytes: MAX_EXEC_BUFFER
-                });
-                const stdout = toText(result.stdout);
-                const stderr = toText(result.stderr);
-                const text = formatExecOutput(stdout, stderr, false);
-                const toolMessage = buildToolMessage(toolCall, text, false, {
-                    cwd: path.relative(workingDir, cwd) || "."
-                });
-                return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "exec"));
-            }
-            catch (error) {
-                const execError = error;
-                const stdout = toText(execError.stdout);
-                const stderr = toText(execError.stderr);
-                const text = formatExecOutput(stdout, stderr, true);
-                const toolMessage = buildToolMessage(toolCall, text, true, {
-                    cwd: path.relative(workingDir, cwd) || ".",
-                    exitCode: execError.code ?? null,
-                    signal: execError.signal ?? null
-                });
-                return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "exec"));
-            }
+            const workingDir = toolContext.sandbox.workingDir;
+            const result = await toolContext.sandbox.exec({
+                command: payload.command,
+                cwd: payload.cwd,
+                timeoutMs: payload.timeoutMs,
+                env: payload.env,
+                packageManagers: payload.packageManagers,
+                allowedDomains: payload.allowedDomains
+            });
+            const text = formatExecOutput(result.stdout, result.stderr, result.failed);
+            const toolMessage = buildToolMessage(toolCall, text, result.failed, {
+                cwd: path.relative(workingDir, result.cwd) || ".",
+                exitCode: result.exitCode,
+                signal: result.signal
+            });
+            return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "exec"));
         }
     };
 }
-/**
- * Secure read handler that uses lstat + openSecure to prevent TOCTOU attacks.
- * The path has already been securely resolved (symlinks followed, containment verified).
- */
-async function handleReadSecure(resolvedPath, requestedPath, offset, limit, workingDir, toolCall) {
-    // Use lstat to check file type without following symlinks
-    const stats = await fs.lstat(resolvedPath);
-    if (stats.isSymbolicLink()) {
-        throw new Error("Cannot read symbolic link directly.");
-    }
-    if (!stats.isFile()) {
-        throw new Error("Path is not a file.");
-    }
-    const displayPath = formatDisplayPath(workingDir, resolvedPath);
-    const mimeType = await detectSupportedImageMimeTypeFromFile(resolvedPath);
-    if (mimeType) {
-        const imageBuffer = await readBinaryFileSecure(resolvedPath);
-        const text = `Read image file: ${displayPath} [${mimeType}]`;
-        const toolMessage = buildToolMessage(toolCall, text, false, {
-            action: "read",
-            path: displayPath,
-            bytes: stats.size,
-            mimeType
-        });
-        toolMessage.content = [
-            { type: "text", text },
-            { type: "image", data: imageBuffer.toString("base64"), mimeType }
-        ];
-        return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "read"));
-    }
-    const textContent = await readTextFileSecure(resolvedPath);
-    const allLines = textContent.split("\n");
-    const totalFileLines = allLines.length;
-    const startLine = offset ? Math.max(0, offset - 1) : 0;
-    const startLineDisplay = startLine + 1;
-    if (startLine >= allLines.length) {
-        throw new Error(`Offset ${offset} is beyond end of file (${allLines.length} lines total)`);
-    }
-    let selectedContent;
-    let userLimitedLines;
-    if (limit !== undefined) {
-        const endLine = Math.min(startLine + limit, allLines.length);
-        selectedContent = allLines.slice(startLine, endLine).join("\n");
-        userLimitedLines = endLine - startLine;
-    }
-    else {
-        selectedContent = allLines.slice(startLine).join("\n");
-    }
-    const truncation = truncateHead(selectedContent);
-    let outputText;
-    if (truncation.firstLineExceedsLimit) {
-        const firstLineSize = formatSize(Buffer.byteLength(allLines[startLine] ?? "", "utf8"));
-        outputText = `[Line ${startLineDisplay} is ${firstLineSize}, exceeds ${formatSize(READ_MAX_BYTES)} limit. Use bash: sed -n '${startLineDisplay}p' ${requestedPath} | head -c ${READ_MAX_BYTES}]`;
-    }
-    else if (truncation.truncated) {
-        const endLineDisplay = startLineDisplay + truncation.outputLines - 1;
-        const nextOffset = endLineDisplay + 1;
-        outputText = truncation.content;
-        if (truncation.truncatedBy === "lines") {
-            outputText += `\n\n[Showing lines ${startLineDisplay}-${endLineDisplay} of ${totalFileLines}. Use offset=${nextOffset} to continue.]`;
-        }
-        else {
-            outputText += `\n\n[Showing lines ${startLineDisplay}-${endLineDisplay} of ${totalFileLines} (${formatSize(READ_MAX_BYTES)} limit). Use offset=${nextOffset} to continue.]`;
-        }
-    }
-    else if (userLimitedLines !== undefined && startLine + userLimitedLines < allLines.length) {
-        const remaining = allLines.length - (startLine + userLimitedLines);
-        const nextOffset = startLine + userLimitedLines + 1;
-        outputText = `${truncation.content}\n\n[${remaining} more lines in file. Use offset=${nextOffset} to continue.]`;
-    }
-    else {
-        outputText = truncation.content;
-    }
-    const toolMessage = buildToolMessage(toolCall, outputText, false, {
-        action: "read",
-        path: displayPath,
-        bytes: stats.size,
-        truncated: truncation.truncated,
-        truncatedBy: truncation.truncatedBy,
-        offset: offset ?? null,
-        limit: limit ?? null
-    });
-    return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "read"));
-}
-/**
- * Secure write handler that prevents TOCTOU attacks.
- * The path has already been securely resolved (symlinks followed, containment verified).
- */
-async function handleWriteSecure(resolvedPath, content, append, workingDir, toolCall) {
-    await fs.mkdir(path.dirname(resolvedPath), { recursive: true });
-    // Check if target is a symlink before writing
-    try {
-        const stats = await fs.lstat(resolvedPath);
-        if (stats.isSymbolicLink()) {
-            throw new Error("Cannot write to symbolic link.");
-        }
-    }
-    catch (error) {
-        // File doesn't exist yet - OK for write operations
-        if (error.code !== "ENOENT") {
-            throw error;
-        }
-    }
-    // Use atomic file operations via file handle
-    const flags = append ? "a" : "w";
-    const handle = await fs.open(resolvedPath, flags);
-    try {
-        await handle.writeFile(content, "utf8");
-    }
-    finally {
-        await handle.close();
-    }
-    const bytes = Buffer.byteLength(content, "utf8");
-    const displayPath = formatDisplayPath(workingDir, resolvedPath);
-    const text = `${append ? "Appended" : "Wrote"} ${bytes} bytes to ${displayPath}.`;
-    const toolMessage = buildToolMessage(toolCall, text, false, {
-        action: "write",
-        path: displayPath,
-        bytes,
-        append
-    });
-    return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "write"));
-}
-/**
- * Secure edit handler that prevents TOCTOU attacks.
- * Uses file handle to ensure atomic read-modify-write operations.
- */
-async function handleEditSecure(resolvedPath, edits, workingDir, toolCall) {
-    // Check if target is a symlink
-    const stats = await fs.lstat(resolvedPath);
-    if (stats.isSymbolicLink()) {
-        throw new Error("Cannot edit symbolic link.");
-    }
-    // Open with r+ for read-modify-write atomicity
-    const handle = await fs.open(resolvedPath, "r+");
-    try {
-        const original = await handle.readFile("utf8");
-        let updated = original;
-        const counts = [];
-        for (const edit of edits) {
-            const { next, count } = applyEdit(updated, edit);
-            if (count === 0) {
-                const preview = edit.search.length > 80 ? `${edit.search.slice(0, 77)}...` : edit.search;
-                throw new Error(`Edit not applied: "${preview}" not found.`);
-            }
-            counts.push(count);
-            updated = next;
-        }
-        // Truncate and write from beginning
-        await handle.truncate(0);
-        await handle.write(updated, 0, "utf8");
-        const displayPath = formatDisplayPath(workingDir, resolvedPath);
-        const summary = counts
-            .map((count, index) => `edit ${index + 1}: ${count} replacement${count === 1 ? "" : "s"}`)
-            .join(", ");
-        const text = `Updated ${displayPath} (${summary}).`;
-        const toolMessage = buildToolMessage(toolCall, text, false, {
-            action: "edit",
-            path: displayPath,
-            edits: counts
-        });
-        return toolExecutionResultOutcomeWithTyped(toolMessage, shellResultBuild(toolMessage, "edit"));
-    }
-    finally {
-        await handle.close();
+function ensureAbsolutePath(target) {
+    if (!path.isAbsolute(target)) {
+        throw new Error("Path must be absolute.");
     }
 }
 function applyEdit(input, edit) {
@@ -429,12 +268,6 @@ function detailNumberGet(details, key) {
     const value = details[key];
     return typeof value === "number" && Number.isFinite(value) ? value : undefined;
 }
-function toText(value) {
-    if (!value) {
-        return "";
-    }
-    return typeof value === "string" ? value : value.toString("utf8");
-}
 export function formatExecOutput(stdout, stderr, failed) {
     const parts = [];
     const stdoutPart = formatExecStream("stdout", stdout);
@@ -457,233 +290,4 @@ function formatExecStream(stream, value) {
     const text = stringTruncateTail(value.trimEnd(), MAX_EXEC_STREAM_OUTPUT_CHARS, stream);
     return `${stream}:\n${text}`;
 }
-async function readTextFileSecure(resolvedPath) {
-    const handle = await openSecure(resolvedPath, "r");
-    try {
-        return await handle.readFile("utf8");
-    }
-    finally {
-        await handle.close();
-    }
-}
-async function readBinaryFileSecure(resolvedPath) {
-    const handle = await openSecure(resolvedPath, "r");
-    try {
-        return await handle.readFile();
-    }
-    finally {
-        await handle.close();
-    }
-}
-async function detectSupportedImageMimeTypeFromFile(resolvedPath) {
-    const handle = await openSecure(resolvedPath, "r");
-    try {
-        const header = Buffer.alloc(16);
-        const { bytesRead } = await handle.read(header, 0, header.length, 0);
-        if (bytesRead === 0) {
-            return null;
-        }
-        return detectSupportedImageMimeTypeFromHeader(header.subarray(0, bytesRead));
-    }
-    finally {
-        await handle.close();
-    }
-}
-function detectSupportedImageMimeTypeFromHeader(header) {
-    if (header.length >= 3 && header[0] === 0xff && header[1] === 0xd8 && header[2] === 0xff) {
-        return "image/jpeg";
-    }
-    if (header.length >= 8 &&
-        header[0] === 0x89 &&
-        header[1] === 0x50 &&
-        header[2] === 0x4e &&
-        header[3] === 0x47 &&
-        header[4] === 0x0d &&
-        header[5] === 0x0a &&
-        header[6] === 0x1a &&
-        header[7] === 0x0a) {
-        return "image/png";
-    }
-    if (header.length >= 6) {
-        const signature = header.subarray(0, 6).toString("ascii");
-        if (signature === "GIF87a" || signature === "GIF89a") {
-            return "image/gif";
-        }
-    }
-    if (header.length >= 12 &&
-        header.subarray(0, 4).toString("ascii") === "RIFF" &&
-        header.subarray(8, 12).toString("ascii") === "WEBP") {
-        return "image/webp";
-    }
-    return null;
-}
-function formatSize(bytes) {
-    if (bytes < 1024) {
-        return `${bytes}B`;
-    }
-    if (bytes < 1024 * 1024) {
-        return `${(bytes / 1024).toFixed(1)}KB`;
-    }
-    return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
-}
-function truncateHead(content) {
-    const totalBytes = Buffer.byteLength(content, "utf8");
-    const lines = content.split("\n");
-    const totalLines = lines.length;
-    if (totalLines <= READ_MAX_LINES && totalBytes <= READ_MAX_BYTES) {
-        return {
-            content,
-            truncated: false,
-            truncatedBy: null,
-            totalLines,
-            totalBytes,
-            outputLines: totalLines,
-            outputBytes: totalBytes,
-            lastLinePartial: false,
-            firstLineExceedsLimit: false
-        };
-    }
-    const firstLineBytes = Buffer.byteLength(lines[0] ?? "", "utf8");
-    if (firstLineBytes > READ_MAX_BYTES) {
-        return {
-            content: "",
-            truncated: true,
-            truncatedBy: "bytes",
-            totalLines,
-            totalBytes,
-            outputLines: 0,
-            outputBytes: 0,
-            lastLinePartial: false,
-            firstLineExceedsLimit: true
-        };
-    }
-    const outputLines = [];
-    let outputBytes = 0;
-    let truncatedBy = "lines";
-    for (let index = 0; index < lines.length && index < READ_MAX_LINES; index++) {
-        const line = lines[index] ?? "";
-        const lineBytes = Buffer.byteLength(line, "utf8") + (index > 0 ? 1 : 0);
-        if (outputBytes + lineBytes > READ_MAX_BYTES) {
-            truncatedBy = "bytes";
-            break;
-        }
-        outputLines.push(line);
-        outputBytes += lineBytes;
-    }
-    if (outputLines.length >= READ_MAX_LINES && outputBytes <= READ_MAX_BYTES) {
-        truncatedBy = "lines";
-    }
-    const outputContent = outputLines.join("\n");
-    return {
-        content: outputContent,
-        truncated: true,
-        truncatedBy,
-        totalLines,
-        totalBytes,
-        outputLines: outputLines.length,
-        outputBytes: Buffer.byteLength(outputContent, "utf8"),
-        lastLinePartial: false,
-        firstLineExceedsLimit: false
-    };
-}
-function normalizeReadPathUnicodeSpaces(value) {
-    return value.replace(UNICODE_SPACES, " ");
-}
-function normalizeReadPathAtPrefix(value) {
-    return value.startsWith("@") ? value.slice(1) : value;
-}
-function normalizeReadPathInput(rawPath) {
-    const normalized = normalizeReadPathUnicodeSpaces(normalizeReadPathAtPrefix(rawPath));
-    if (normalized === "~") {
-        return os.homedir();
-    }
-    if (normalized.startsWith("~/")) {
-        return os.homedir() + normalized.slice(1);
-    }
-    return normalized;
-}
-async function pathExists(target) {
-    try {
-        await fs.access(target);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
-function readPathTryMacOSScreenshotVariant(target) {
-    return target.replace(/ (AM|PM)\./g, `${NARROW_NO_BREAK_SPACE}$1.`);
-}
-function readPathTryNfdVariant(target) {
-    return target.normalize("NFD");
-}
-function readPathTryCurlyQuoteVariant(target) {
-    return target.replace(/'/g, "\u2019");
-}
-/**
- * Resolves a read path with compatibility fallbacks for common macOS screenshot naming variants.
- */
-async function resolveReadInputPath(rawPath, workingDir) {
-    const normalized = normalizeReadPathInput(rawPath);
-    const resolved = path.isAbsolute(normalized) ? normalized : path.resolve(workingDir, normalized);
-    if (await pathExists(resolved)) {
-        return resolved;
-    }
-    const amPmVariant = readPathTryMacOSScreenshotVariant(resolved);
-    if (amPmVariant !== resolved && (await pathExists(amPmVariant))) {
-        return amPmVariant;
-    }
-    const nfdVariant = readPathTryNfdVariant(resolved);
-    if (nfdVariant !== resolved && (await pathExists(nfdVariant))) {
-        return nfdVariant;
-    }
-    const curlyVariant = readPathTryCurlyQuoteVariant(resolved);
-    if (curlyVariant !== resolved && (await pathExists(curlyVariant))) {
-        return curlyVariant;
-    }
-    const nfdCurlyVariant = readPathTryCurlyQuoteVariant(nfdVariant);
-    if (nfdCurlyVariant !== resolved && (await pathExists(nfdCurlyVariant))) {
-        return nfdCurlyVariant;
-    }
-    return resolved;
-}
-function ensureAbsolutePath(target) {
-    if (!path.isAbsolute(target)) {
-        throw new Error("Path must be absolute.");
-    }
-}
-async function resolveWritePathSecure(permissions, target) {
-    return sandboxCanWrite(permissions, target);
-}
-async function resolveReadPathSecure(permissions, target) {
-    return sandboxCanRead(permissions, target);
-}
-function formatDisplayPath(workingDir, target) {
-    if (isWithinSecure(workingDir, target)) {
-        return path.relative(workingDir, target) || ".";
-    }
-    return target;
-}
-function buildSandboxConfig(permissions, allowedDomains) {
-    const filesystem = sandboxFilesystemPolicyBuild({
-        writeDirs: permissions.writeDirs,
-        workingDir: permissions.workingDir
-    });
-    return {
-        filesystem,
-        network: {
-            allowedDomains,
-            deniedDomains: []
-        },
-        enableWeakerNestedSandbox: true
-    };
-}
-function resolveExecPermissions(currentPermissions) {
-    const readDirs = currentPermissions.readDirs ? [...currentPermissions.readDirs] : undefined;
-    return {
-        workingDir: currentPermissions.workingDir,
-        writeDirs: [...currentPermissions.writeDirs],
-        ...(readDirs ? { readDirs } : {})
-    };
-}
 //# sourceMappingURL=tool.js.map