npm - daycare-cli - Versions diffs - 2026.2.26 → 2026.2.28 - Mend

daycare-cli 2026.2.26 → 2026.2.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (402) hide show

package/dist/sandbox/docker/dockerContainerExec.spec.js ADDED Viewed

@@ -0,0 +1,75 @@
+import { PassThrough } from "node:stream";
+import { describe, expect, it, vi } from "vitest";
+import { dockerContainerExec } from "./dockerContainerExec.js";
+describe("dockerContainerExec", () => {
+    it("executes command and returns stdout/stderr with exit code", async () => {
+        const stream = new PassThrough();
+        const execHandle = {
+            start: vi.fn().mockImplementation(async () => {
+                setTimeout(() => {
+                    stream.end();
+                }, 0);
+                return stream;
+            }),
+            inspect: vi.fn().mockResolvedValue({ ExitCode: 7 })
+        };
+        const container = {
+            exec: vi.fn().mockResolvedValue(execHandle)
+        };
+        const docker = {
+            modem: {
+                demuxStream: vi.fn((_stream, stdout, stderr) => {
+                    stdout.write("hello");
+                    stderr.write("warn");
+                })
+            }
+        };
+        const result = await dockerContainerExec(docker, container, {
+            command: ["echo", "ok"],
+            cwd: "/home",
+            env: {
+                HOME: "/home",
+                DEBUG: "1"
+            }
+        });
+        expect(container.exec).toHaveBeenCalledWith({
+            Cmd: ["echo", "ok"],
+            AttachStdout: true,
+            AttachStderr: true,
+            WorkingDir: "/home",
+            Env: ["HOME=/home", "DEBUG=1"]
+        });
+        expect(result).toEqual({
+            stdout: "hello",
+            stderr: "warn",
+            exitCode: 7
+        });
+    });
+    it("fails when output exceeds max buffer", async () => {
+        const stream = new PassThrough();
+        const execHandle = {
+            start: vi.fn().mockImplementation(async () => {
+                setTimeout(() => {
+                    stream.end();
+                }, 0);
+                return stream;
+            }),
+            inspect: vi.fn().mockResolvedValue({ ExitCode: 0 })
+        };
+        const container = {
+            exec: vi.fn().mockResolvedValue(execHandle)
+        };
+        const docker = {
+            modem: {
+                demuxStream: vi.fn((_stream, stdout) => {
+                    stdout.write("12345");
+                })
+            }
+        };
+        await expect(dockerContainerExec(docker, container, {
+            command: ["echo", "ok"],
+            maxBufferBytes: 3
+        })).rejects.toThrow("maxBufferBytes");
+    });
+});
+//# sourceMappingURL=dockerContainerExec.spec.js.map

package/dist/sandbox/docker/dockerContainerExec.spec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dockerContainerExec.spec.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainerExec.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG1C,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAElD,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG;YACf,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,IAAI,EAAE;gBACzC,UAAU,CAAC,GAAG,EAAE;oBACZ,MAAM,CAAC,GAAG,EAAE,CAAC;gBACjB,CAAC,EAAE,CAAC,CAAC,CAAC;gBACN,OAAO,MAAM,CAAC;YAClB,CAAC,CAAC;YACF,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;SACtD,CAAC;QAEF,MAAM,SAAS,GAAG;YACd,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC;SACf,CAAC;QAEjC,MAAM,MAAM,GAAG;YACX,KAAK,EAAE;gBACH,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,OAA8B,EAAE,MAA6B,EAAE,MAAM,EAAE,EAAE;oBACzF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBACzB,CAAC,CAAC;aACL;SACiB,CAAC;QAEvB,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,MAAM,EAAE,SAAS,EAAE;YACxD,OAAO,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;YACvB,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE;gBACD,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,GAAG;aACb;SACJ,CAAC,CAAC;QAEH,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC;YACxC,GAAG,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;YACnB,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,IAAI;YAClB,UAAU,EAAE,OAAO;YACnB,GAAG,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SACjC,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACnB,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,CAAC;SACd,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG;YACf,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,IAAI,EAAE;gBACzC,UAAU,CAAC,GAAG,EAAE;oBACZ,MAAM,CAAC,GAAG,EAAE,CAAC;gBACjB,CAAC,EAAE,CAAC,CAAC,CAAC;gBACN,OAAO,MAAM,CAAC;YAClB,CAAC,CAAC;YACF,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;SACtD,CAAC;QAEF,MAAM,SAAS,GAAG;YACd,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC;SACf,CAAC;QAEjC,MAAM,MAAM,GAAG;YACX,KAAK,EAAE;gBACH,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,OAA8B,EAAE,MAA6B,EAAE,EAAE;oBACjF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC,CAAC;aACL;SACiB,CAAC;QAEvB,MAAM,MAAM,CACR,mBAAmB,CAAC,MAAM,EAAE,SAAS,EAAE;YACnC,OAAO,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;YACvB,cAAc,EAAE,CAAC;SACpB,CAAC,CACL,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/sandbox/docker/dockerContainerNameBuild.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Builds a stable Docker container name for a sandbox user.
+ * Expects: userId is stable across the user's agent sessions.
+ */
+export declare function dockerContainerNameBuild(userId: string): string;
+//# sourceMappingURL=dockerContainerNameBuild.d.ts.map

package/dist/sandbox/docker/dockerContainerNameBuild.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dockerContainerNameBuild.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainerNameBuild.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAS/D"}

package/dist/sandbox/docker/dockerContainerNameBuild.js ADDED Viewed

@@ -0,0 +1,15 @@
+const DEFAULT_CONTAINER_SUFFIX = "user";
+/**
+ * Builds a stable Docker container name for a sandbox user.
+ * Expects: userId is stable across the user's agent sessions.
+ */
+export function dockerContainerNameBuild(userId) {
+    const suffix = userId
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, "-")
+        .replace(/^-+/, "")
+        .replace(/-+$/, "");
+    const safeSuffix = suffix.length > 0 ? suffix : DEFAULT_CONTAINER_SUFFIX;
+    return `daycare-sandbox-${safeSuffix}`;
+}
+//# sourceMappingURL=dockerContainerNameBuild.js.map

package/dist/sandbox/docker/dockerContainerNameBuild.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dockerContainerNameBuild.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainerNameBuild.ts"],"names":[],"mappings":"AAAA,MAAM,wBAAwB,GAAG,MAAM,CAAC;AAExC;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,MAAc;IACnD,MAAM,MAAM,GAAG,MAAM;SAChB,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAExB,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,wBAAwB,CAAC;IACzE,OAAO,mBAAmB,UAAU,EAAE,CAAC;AAC3C,CAAC"}

package/dist/sandbox/docker/dockerContainerNameBuild.spec.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=dockerContainerNameBuild.spec.d.ts.map

package/dist/sandbox/docker/dockerContainerNameBuild.spec.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dockerContainerNameBuild.spec.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainerNameBuild.spec.ts"],"names":[],"mappings":""}

package/dist/sandbox/docker/dockerContainerNameBuild.spec.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { describe, expect, it } from "vitest";
+import { dockerContainerNameBuild } from "./dockerContainerNameBuild.js";
+describe("dockerContainerNameBuild", () => {
+    it("creates a docker-safe container name from user id", () => {
+        const name = dockerContainerNameBuild("User_42");
+        expect(name).toBe("daycare-sandbox-user-42");
+    });
+    it("trims non-alphanumeric boundaries", () => {
+        const name = dockerContainerNameBuild("---user---");
+        expect(name).toBe("daycare-sandbox-user");
+    });
+    it("falls back when user id has no safe characters", () => {
+        const name = dockerContainerNameBuild("---");
+        expect(name).toBe("daycare-sandbox-user");
+    });
+});
+//# sourceMappingURL=dockerContainerNameBuild.spec.js.map

package/dist/sandbox/docker/dockerContainerNameBuild.spec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dockerContainerNameBuild.spec.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainerNameBuild.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAEzE,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QACzD,MAAM,IAAI,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QACzC,MAAM,IAAI,GAAG,wBAAwB,CAAC,YAAY,CAAC,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACtD,MAAM,IAAI,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/sandbox/docker/dockerContainers.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { DockerContainerConfig, DockerContainerExecArgs, DockerContainerExecResult } from "./dockerTypes.js";
+/**
+ * Facade for per-user long-lived Docker sandbox containers.
+ * Expects: callers pass stable userId + hostHomeDir for each execution.
+ */
+export declare class DockerContainers {
+    private readonly clientsBySocket;
+    private readonly ensureInFlight;
+    exec(config: DockerContainerConfig, args: DockerContainerExecArgs): Promise<DockerContainerExecResult>;
+    private dockerClientResolve;
+    private containerEnsure;
+}
+//# sourceMappingURL=dockerContainers.d.ts.map

package/dist/sandbox/docker/dockerContainers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dockerContainers.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainers.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAER,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EAC5B,MAAM,kBAAkB,CAAC;AAE1B;;;GAGG;AACH,qBAAa,gBAAgB;IACzB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA6B;IAC7D,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA+C;IAExE,IAAI,CAAC,MAAM,EAAE,qBAAqB,EAAE,IAAI,EAAE,uBAAuB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAM5G,OAAO,CAAC,mBAAmB;YAYb,eAAe;CAgBhC"}

package/dist/sandbox/docker/dockerContainers.js ADDED Viewed

@@ -0,0 +1,42 @@
+import Docker from "dockerode";
+import { dockerContainerEnsure } from "./dockerContainerEnsure.js";
+import { dockerContainerExec } from "./dockerContainerExec.js";
+/**
+ * Facade for per-user long-lived Docker sandbox containers.
+ * Expects: callers pass stable userId + hostHomeDir for each execution.
+ */
+export class DockerContainers {
+    clientsBySocket = new Map();
+    ensureInFlight = new Map();
+    async exec(config, args) {
+        const docker = this.dockerClientResolve(config.socketPath);
+        const container = await this.containerEnsure(docker, config);
+        return dockerContainerExec(docker, container, args);
+    }
+    dockerClientResolve(socketPath) {
+        const key = socketPath ?? "default";
+        const cached = this.clientsBySocket.get(key);
+        if (cached) {
+            return cached;
+        }
+        const docker = socketPath ? new Docker({ socketPath }) : new Docker();
+        this.clientsBySocket.set(key, docker);
+        return docker;
+    }
+    async containerEnsure(docker, config) {
+        const key = `${config.socketPath ?? "default"}:${config.userId}`;
+        const pending = this.ensureInFlight.get(key);
+        if (pending) {
+            return pending;
+        }
+        const operation = dockerContainerEnsure(docker, config);
+        this.ensureInFlight.set(key, operation);
+        try {
+            return await operation;
+        }
+        finally {
+            this.ensureInFlight.delete(key);
+        }
+    }
+}
+//# sourceMappingURL=dockerContainers.js.map

package/dist/sandbox/docker/dockerContainers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dockerContainers.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainers.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,WAAW,CAAC;AAE/B,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAQ/D;;;GAGG;AACH,MAAM,OAAO,gBAAgB;IACR,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC5C,cAAc,GAAG,IAAI,GAAG,EAAoC,CAAC;IAE9E,KAAK,CAAC,IAAI,CAAC,MAA6B,EAAE,IAA6B;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC7D,OAAO,mBAAmB,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;IAEO,mBAAmB,CAAC,UAAmB;QAC3C,MAAM,GAAG,GAAG,UAAU,IAAI,SAAS,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,MAAM,EAAE,CAAC;YACT,OAAO,MAAM,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;QACtE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,MAA6B;QACvE,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,UAAU,IAAI,SAAS,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QACjE,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACV,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,MAAM,SAAS,GAAG,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAExC,IAAI,CAAC;YACD,OAAO,MAAM,SAAS,CAAC;QAC3B,CAAC;gBAAS,CAAC;YACP,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACpC,CAAC;IACL,CAAC;CACJ"}

package/dist/sandbox/docker/dockerContainersShared.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { DockerContainers } from "./dockerContainers.js";
+export declare const dockerContainersShared: DockerContainers;
+//# sourceMappingURL=dockerContainersShared.d.ts.map

package/dist/sandbox/docker/dockerContainersShared.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dockerContainersShared.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainersShared.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,eAAO,MAAM,sBAAsB,kBAAyB,CAAC"}

package/dist/sandbox/docker/dockerContainersShared.js ADDED Viewed

@@ -0,0 +1,3 @@
+import { DockerContainers } from "./dockerContainers.js";
+export const dockerContainersShared = new DockerContainers();
+//# sourceMappingURL=dockerContainersShared.js.map

package/dist/sandbox/docker/dockerContainersShared.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dockerContainersShared.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerContainersShared.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,gBAAgB,EAAE,CAAC"}

package/dist/sandbox/docker/dockerRunInSandbox.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { SandboxRuntimeConfig } from "@anthropic-ai/sandbox-runtime";
+import type { DockerContainerConfig } from "./dockerTypes.js";
+export type DockerRunInSandboxOptions = {
+    cwd?: string;
+    env?: NodeJS.ProcessEnv;
+    home: string;
+    timeoutMs?: number;
+    maxBufferBytes?: number;
+    docker: Omit<DockerContainerConfig, "hostHomeDir">;
+};
+/**
+ * Runs sandbox-runtime inside a per-user Docker container.
+ * Expects: docker image is local and options.home is mounted to /home/<userId>.
+ */
+export declare function dockerRunInSandbox(command: string, config: SandboxRuntimeConfig, options: DockerRunInSandboxOptions): Promise<{
+    stdout: string;
+    stderr: string;
+}>;
+//# sourceMappingURL=dockerRunInSandbox.d.ts.map

package/dist/sandbox/docker/dockerRunInSandbox.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dockerRunInSandbox.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerRunInSandbox.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAO1E,OAAO,KAAK,EAAE,qBAAqB,EAA6B,MAAM,kBAAkB,CAAC;AAMzF,MAAM,MAAM,yBAAyB,GAAG;IACpC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,IAAI,CAAC,qBAAqB,EAAE,aAAa,CAAC,CAAC;CACtD,CAAC;AAEF;;;GAGG;AACH,wBAAsB,kBAAkB,CACpC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,oBAAoB,EAC5B,OAAO,EAAE,yBAAyB,GACnC,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAmE7C"}

package/dist/sandbox/docker/dockerRunInSandbox.integration.spec.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=dockerRunInSandbox.integration.spec.d.ts.map

package/dist/sandbox/docker/dockerRunInSandbox.integration.spec.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dockerRunInSandbox.integration.spec.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerRunInSandbox.integration.spec.ts"],"names":[],"mappings":""}

package/dist/sandbox/docker/dockerRunInSandbox.integration.spec.js ADDED Viewed

@@ -0,0 +1,143 @@
+import { execSync } from "node:child_process";
+import { promises as fs } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { DockerContainers } from "./dockerContainers.js";
+const IMAGE = "daycare-runtime";
+const TAG = "latest";
+/** Returns true when Docker is reachable and daycare-runtime:latest exists locally. */
+function dockerAvailable() {
+    try {
+        const output = execSync(`docker image inspect ${IMAGE}:${TAG}`, {
+            stdio: ["pipe", "pipe", "pipe"],
+            timeout: 5000
+        });
+        return output.length > 0;
+    }
+    catch {
+        return false;
+    }
+}
+const describeIfDocker = process.env.CI || !dockerAvailable() ? describe.skip : describe;
+describeIfDocker("dockerRunInSandbox integration (live Docker)", () => {
+    const userId = `test-${process.pid}`;
+    let rootDir;
+    let homeDir;
+    let containers;
+    let config;
+    beforeEach(async () => {
+        rootDir = await fs.mkdtemp(path.join(os.tmpdir(), "daycare-docker-integration-"));
+        homeDir = path.join(rootDir, "home");
+        await fs.mkdir(homeDir, { recursive: true });
+        containers = new DockerContainers();
+        config = {
+            image: IMAGE,
+            tag: TAG,
+            userId,
+            hostHomeDir: homeDir
+        };
+    });
+    afterEach(async () => {
+        // Stop and remove the test container
+        try {
+            execSync(`docker rm -f daycare-sandbox-${userId}`, {
+                stdio: ["pipe", "pipe", "pipe"],
+                timeout: 10_000
+            });
+        }
+        catch {
+            // Container may not exist
+        }
+        await fs.rm(rootDir, { recursive: true, force: true });
+    });
+    it("runs a simple command and returns stdout", async () => {
+        const result = await containers.exec(config, {
+            command: ["echo", "hello from docker"],
+            timeoutMs: 30_000
+        });
+        expect(result.exitCode).toBe(0);
+        expect(result.stdout.trim()).toBe("hello from docker");
+    });
+    it("returns non-zero exit code for failing commands", async () => {
+        const result = await containers.exec(config, {
+            command: ["sh", "-c", "exit 42"],
+            timeoutMs: 10_000
+        });
+        expect(result.exitCode).toBe(42);
+    });
+    it("captures stderr from commands", async () => {
+        const result = await containers.exec(config, {
+            command: ["sh", "-c", "echo err >&2"],
+            timeoutMs: 10_000
+        });
+        expect(result.stderr.trim()).toBe("err");
+    });
+    // nvm is sourced via /etc/profile — use login shell for node commands
+    it("runs node inside the container", async () => {
+        const result = await containers.exec(config, {
+            command: ["bash", "-lc", "node -e \"console.log(JSON.stringify({v: process.version, ok: true}))\""],
+            timeoutMs: 30_000
+        });
+        expect(result.exitCode).toBe(0);
+        const parsed = JSON.parse(result.stdout.trim());
+        expect(parsed.ok).toBe(true);
+        expect(parsed.v).toMatch(/^v\d+/);
+    });
+    it("can resolve sandbox-runtime CLI path", async () => {
+        // sandbox-runtime is installed globally — resolve from nvm's global node_modules
+        const result = await containers.exec(config, {
+            command: [
+                "bash",
+                "-lc",
+                "node -e \"console.log(require.resolve('@anthropic-ai/sandbox-runtime/dist/cli.js'))\""
+            ],
+            timeoutMs: 30_000
+        });
+        if (result.exitCode !== 0) {
+            // May fail if sandbox-runtime isn't globally installed in this image build
+            expect(result.stderr).toContain("MODULE_NOT_FOUND");
+            return;
+        }
+        expect(result.stdout.trim()).toMatch(/cli\.js$/);
+    });
+    it("mounts host home directory into container", async () => {
+        const marker = `marker-${Date.now()}`;
+        await fs.writeFile(path.join(homeDir, "test.txt"), marker, "utf8");
+        const result = await containers.exec(config, {
+            command: ["cat", "/home/test.txt"],
+            timeoutMs: 10_000
+        });
+        expect(result.exitCode).toBe(0);
+        expect(result.stdout.trim()).toBe(marker);
+    });
+    it("writes from container are visible on host", async () => {
+        await containers.exec(config, {
+            command: ["sh", "-c", "echo written-by-container > /home/output.txt"],
+            timeoutMs: 10_000
+        });
+        const content = await fs.readFile(path.join(homeDir, "output.txt"), "utf8");
+        expect(content.trim()).toBe("written-by-container");
+    });
+    it("respects cwd option", async () => {
+        const subDir = path.join(homeDir, "subdir");
+        await fs.mkdir(subDir, { recursive: true });
+        const result = await containers.exec(config, {
+            command: ["pwd"],
+            cwd: "/home/subdir",
+            timeoutMs: 10_000
+        });
+        expect(result.exitCode).toBe(0);
+        expect(result.stdout.trim()).toBe("/home/subdir");
+    });
+    it("passes environment variables to the container", async () => {
+        const result = await containers.exec(config, {
+            command: ["sh", "-c", "echo $DAYCARE_TEST_VAR"],
+            env: { DAYCARE_TEST_VAR: "hello-env" },
+            timeoutMs: 10_000
+        });
+        expect(result.exitCode).toBe(0);
+        expect(result.stdout.trim()).toBe("hello-env");
+    });
+});
+//# sourceMappingURL=dockerRunInSandbox.integration.spec.js.map

package/dist/sandbox/docker/dockerRunInSandbox.integration.spec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dockerRunInSandbox.integration.spec.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerRunInSandbox.integration.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAErE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzD,MAAM,KAAK,GAAG,iBAAiB,CAAC;AAChC,MAAM,GAAG,GAAG,QAAQ,CAAC;AAErB,uFAAuF;AACvF,SAAS,eAAe;IACpB,IAAI,CAAC;QACD,MAAM,MAAM,GAAG,QAAQ,CAAC,wBAAwB,KAAK,IAAI,GAAG,EAAE,EAAE;YAC5D,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,OAAO,EAAE,IAAI;SAChB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC;AAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC;AAEzF,gBAAgB,CAAC,8CAA8C,EAAE,GAAG,EAAE;IAClE,MAAM,MAAM,GAAG,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;IACrC,IAAI,OAAe,CAAC;IACpB,IAAI,OAAe,CAAC;IACpB,IAAI,UAA4B,CAAC;IACjC,IAAI,MAA6B,CAAC;IAElC,UAAU,CAAC,KAAK,IAAI,EAAE;QAClB,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,6BAA6B,CAAC,CAAC,CAAC;QAClF,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACrC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7C,UAAU,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACpC,MAAM,GAAG;YACL,KAAK,EAAE,KAAK;YACZ,GAAG,EAAE,GAAG;YACR,MAAM;YACN,WAAW,EAAE,OAAO;SACvB,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACjB,qCAAqC;QACrC,IAAI,CAAC;YACD,QAAQ,CAAC,gCAAgC,MAAM,EAAE,EAAE;gBAC/C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,MAAM;aAClB,CAAC,CAAC;QACP,CAAC;QAAC,MAAM,CAAC;YACL,0BAA0B;QAC9B,CAAC;QACD,MAAM,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,OAAO,EAAE,CAAC,MAAM,EAAE,mBAAmB,CAAC;YACtC,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,CAAC;YAChC,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC3C,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC;YACrC,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,sEAAsE;IACtE,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,yEAAyE,CAAC;YACnG,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QAClD,iFAAiF;QACjF,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,OAAO,EAAE;gBACL,MAAM;gBACN,KAAK;gBACL,uFAAuF;aAC1F;YACD,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YACxB,2EAA2E;YAC3E,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;YACpD,OAAO;QACX,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,MAAM,GAAG,UAAU,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACtC,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAEnE,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,OAAO,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC;YAClC,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,8CAA8C,CAAC;YACrE,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC;QAC5E,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qBAAqB,EAAE,KAAK,IAAI,EAAE;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC5C,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5C,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,OAAO,EAAE,CAAC,KAAK,CAAC;YAChB,GAAG,EAAE,cAAc;YACnB,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,wBAAwB,CAAC;YAC/C,GAAG,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE;YACtC,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/sandbox/docker/dockerRunInSandbox.js ADDED Viewed

@@ -0,0 +1,117 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+import { getLogger } from "../../log.js";
+import { shellQuote } from "../../util/shellQuote.js";
+import { sandboxHomeRedefine } from "../sandboxHomeRedefine.js";
+import { sandboxPathHostToContainer } from "../sandboxPathHostToContainer.js";
+import { dockerContainersShared } from "./dockerContainersShared.js";
+const logger = getLogger("sandbox.docker");
+const DEFAULT_TIMEOUT_MS = 30_000;
+const DEFAULT_MAX_BUFFER_BYTES = 1_000_000;
+/**
+ * Runs sandbox-runtime inside a per-user Docker container.
+ * Expects: docker image is local and options.home is mounted to /home/<userId>.
+ */
+export async function dockerRunInSandbox(command, config, options) {
+    const hostHomeDir = path.resolve(options.home);
+    const dockerConfig = {
+        ...options.docker,
+        hostHomeDir
+    };
+    const runtimeConfig = runtimeConfigPathRewrite(config, hostHomeDir, options.docker.userId);
+    const settingsHostPath = path.join(hostHomeDir, ".tmp", `daycare-srt-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}.json`);
+    const { env } = await sandboxHomeRedefine({
+        env: options.env ?? process.env,
+        home: hostHomeDir
+    });
+    const containerEnv = envPathRewrite(env, hostHomeDir, options.docker.userId);
+    const containerCwd = options.cwd
+        ? sandboxPathHostToContainer(hostHomeDir, options.docker.userId, options.cwd)
+        : undefined;
+    const settingsContainerPath = sandboxPathHostToContainer(hostHomeDir, options.docker.userId, settingsHostPath);
+    await fs.mkdir(path.dirname(settingsHostPath), { recursive: true });
+    await fs.writeFile(settingsHostPath, JSON.stringify(runtimeConfig), "utf8");
+    try {
+        logger.debug(`exec: resolving sandbox-runtime CLI path in container`);
+        const cliResolveResult = await dockerContainersShared.exec(dockerConfig, {
+            command: [
+                "bash",
+                "-lc",
+                "node -p \"require.resolve('@anthropic-ai/sandbox-runtime/dist/cli.js')\""
+            ],
+            cwd: containerCwd,
+            env: containerEnv,
+            timeoutMs: options.timeoutMs ?? DEFAULT_TIMEOUT_MS,
+            maxBufferBytes: options.maxBufferBytes ?? DEFAULT_MAX_BUFFER_BYTES
+        });
+        const srtCliPath = cliPathResolveFromResult(cliResolveResult);
+        logger.debug(`exec: resolved CLI path=${srtCliPath} cwd=${containerCwd} command=${JSON.stringify(command)}`);
+        const result = await dockerContainersShared.exec(dockerConfig, {
+            command: ["bash", "-lc", `node ${srtCliPath} --settings ${settingsContainerPath} -c ${shellQuote(command)}`],
+            cwd: containerCwd,
+            env: containerEnv,
+            timeoutMs: options.timeoutMs ?? DEFAULT_TIMEOUT_MS,
+            maxBufferBytes: options.maxBufferBytes ?? DEFAULT_MAX_BUFFER_BYTES
+        });
+        logger.debug(`exec: completed exitCode=${result.exitCode}`);
+        if (result.exitCode !== 0) {
+            logger.warn(`exec: non-zero exit exitCode=${result.exitCode}` +
+                (result.stderr ? ` stderr=${result.stderr.slice(0, 500)}` : ""));
+            throw dockerExecErrorBuild(result);
+        }
+        return {
+            stdout: result.stdout,
+            stderr: result.stderr
+        };
+    }
+    finally {
+        await fs.rm(settingsHostPath, { force: true });
+    }
+}
+function runtimeConfigPathRewrite(config, hostHomeDir, userId) {
+    if (!config.filesystem) {
+        return config;
+    }
+    return {
+        ...config,
+        filesystem: {
+            ...config.filesystem,
+            allowWrite: config.filesystem.allowWrite.map((entry) => sandboxPathHostToContainer(hostHomeDir, userId, entry)),
+            denyRead: config.filesystem.denyRead.map((entry) => sandboxPathHostToContainer(hostHomeDir, userId, entry)),
+            denyWrite: config.filesystem.denyWrite.map((entry) => sandboxPathHostToContainer(hostHomeDir, userId, entry))
+        }
+    };
+}
+function envPathRewrite(env, hostHomeDir, userId) {
+    const rewritten = {};
+    for (const [key, value] of Object.entries(env)) {
+        if (value === undefined) {
+            continue;
+        }
+        rewritten[key] = sandboxPathHostToContainer(hostHomeDir, userId, value);
+    }
+    return rewritten;
+}
+function cliPathResolveFromResult(result) {
+    if (result.exitCode !== 0) {
+        throw dockerExecErrorBuild(result);
+    }
+    const lines = result.stdout
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter((line) => line.length > 0);
+    const cliPath = lines.at(-1);
+    if (!cliPath) {
+        throw new Error("Failed to resolve sandbox-runtime CLI path inside Docker container.");
+    }
+    return cliPath;
+}
+function dockerExecErrorBuild(result) {
+    const error = new Error(`docker exec failed with code ${result.exitCode ?? "unknown"}`);
+    error.stdout = result.stdout;
+    error.stderr = result.stderr;
+    error.code = result.exitCode;
+    error.signal = null;
+    return error;
+}
+//# sourceMappingURL=dockerRunInSandbox.js.map

package/dist/sandbox/docker/dockerRunInSandbox.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dockerRunInSandbox.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerRunInSandbox.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAC9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAGrE,MAAM,MAAM,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;AAC3C,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAClC,MAAM,wBAAwB,GAAG,SAAS,CAAC;AAW3C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACpC,OAAe,EACf,MAA4B,EAC5B,OAAkC;IAElC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,YAAY,GAA0B;QACxC,GAAG,OAAO,CAAC,MAAM;QACjB,WAAW;KACd,CAAC;IAEF,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3F,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAC9B,WAAW,EACX,MAAM,EACN,eAAe,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CACzF,CAAC;IACF,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,mBAAmB,CAAC;QACtC,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG;QAC/B,IAAI,EAAE,WAAW;KACpB,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7E,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG;QAC5B,CAAC,CAAC,0BAA0B,CAAC,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC;QAC7E,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,qBAAqB,GAAG,0BAA0B,CAAC,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAE/G,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpE,MAAM,EAAE,CAAC,SAAS,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,CAAC;IAE5E,IAAI,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACtE,MAAM,gBAAgB,GAAG,MAAM,sBAAsB,CAAC,IAAI,CAAC,YAAY,EAAE;YACrE,OAAO,EAAE;gBACL,MAAM;gBACN,KAAK;gBACL,0EAA0E;aAC7E;YACD,GAAG,EAAE,YAAY;YACjB,GAAG,EAAE,YAAY;YACjB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,kBAAkB;YAClD,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,wBAAwB;SACrE,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,CAAC,KAAK,CAAC,2BAA2B,UAAU,QAAQ,YAAY,YAAY,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE7G,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,IAAI,CAAC,YAAY,EAAE;YAC3D,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,UAAU,eAAe,qBAAqB,OAAO,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5G,GAAG,EAAE,YAAY;YACjB,GAAG,EAAE,YAAY;YACjB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,kBAAkB;YAClD,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,wBAAwB;SACrE,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CAAC,4BAA4B,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CACP,gCAAgC,MAAM,CAAC,QAAQ,EAAE;gBAC7C,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACtE,CAAC;YACF,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;QAED,OAAO;YACH,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;SACxB,CAAC;IACN,CAAC;YAAS,CAAC;QACP,MAAM,EAAE,CAAC,EAAE,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;AACL,CAAC;AAED,SAAS,wBAAwB,CAC7B,MAA4B,EAC5B,WAAmB,EACnB,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACrB,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,OAAO;QACH,GAAG,MAAM;QACT,UAAU,EAAE;YACR,GAAG,MAAM,CAAC,UAAU;YACpB,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACnD,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CACzD;YACD,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;YAC3G,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACjD,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CACzD;SACJ;KACJ,CAAC;AACN,CAAC;AAED,SAAS,cAAc,CAAC,GAAsB,EAAE,WAAmB,EAAE,MAAc;IAC/E,MAAM,SAAS,GAAsB,EAAE,CAAC;IAExC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,SAAS;QACb,CAAC;QACD,SAAS,CAAC,GAAG,CAAC,GAAG,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,SAAS,wBAAwB,CAAC,MAAiC;IAC/D,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM;SACtB,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAEvC,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;IAC3F,CAAC;IAED,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAiC;IAM3D,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,gCAAgC,MAAM,CAAC,QAAQ,IAAI,SAAS,EAAE,CAKrF,CAAC;IACF,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,KAAK,CAAC,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC;IAC7B,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,KAAK,CAAC;AACjB,CAAC"}

package/dist/sandbox/docker/dockerRunInSandbox.spec.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=dockerRunInSandbox.spec.d.ts.map

package/dist/sandbox/docker/dockerRunInSandbox.spec.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dockerRunInSandbox.spec.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerRunInSandbox.spec.ts"],"names":[],"mappings":""}