dtc-mcp 0.2.0 → 1.0.0

package/dist/sandbox/node-discovery.js

@@ -0,0 +1,228 @@
+import { spawn } from "node:child_process";
+import { access, readdir } from "node:fs/promises";
+import { constants as FS } from "node:fs";
+import { homedir, platform } from "node:os";
+import { join, resolve } from "node:path";
+/**
+ * Discover a usable Node binary on the user's system, scanning common
+ * install locations and version managers. Returns the first one whose
+ * `--version` reports >= minMajor. Null if none found.
+ *
+ * Order of preference:
+ *   1. DTC_MCP_NODE_PATH env var (explicit override)
+ *   2. PATH (via `which` / `where`)
+ *   3. Homebrew (macOS Intel + Apple Silicon)
+ *   4. Standard system locations
+ *   5. nvm (POSIX + Windows)
+ *   6. Volta
+ *   7. fnm (POSIX + Windows)
+ *   8. asdf
+ *
+ * Why exhaustive: a developer who installed Node via nvm or fnm has it
+ * available in their shell but NOT in the GUI app's PATH (Claude Desktop
+ * launches without a login shell). Walking the common per-version-manager
+ * directories catches those.
+ */
+const MIN_MAJOR = 20;
+const MAX_CANDIDATES_TO_PROBE = 12;
+export async function discoverNode() {
+    const candidates = await collectCandidates();
+    let probed = 0;
+    for (const candidate of candidates) {
+        if (probed >= MAX_CANDIDATES_TO_PROBE)
+            break;
+        if (!candidate.path)
+            continue;
+        if (!(await exists(candidate.path)))
+            continue;
+        probed++;
+        const version = await probeNodeVersion(candidate.path);
+        if (!version)
+            continue;
+        const major = parseInt(version.replace(/^v/, "").split(".")[0], 10);
+        if (!Number.isFinite(major) || major < MIN_MAJOR)
+            continue;
+        return {
+            path: candidate.path,
+            version,
+            major,
+            source: candidate.source,
+        };
+    }
+    return null;
+}
+async function collectCandidates() {
+    const out = [];
+    const isWindows = platform() === "win32";
+    const home = homedir();
+    // 1. Explicit override
+    const override = process.env.DTC_MCP_NODE_PATH;
+    if (override)
+        out.push({ path: override, source: "DTC_MCP_NODE_PATH" });
+    // 2. PATH lookup (via shell)
+    const fromPath = await whichNode();
+    if (fromPath)
+        out.push({ path: fromPath, source: "PATH" });
+    if (isWindows) {
+        // 3. Windows common locations
+        const programFiles = process.env.ProgramFiles ?? "C:\\Program Files";
+        const programFilesX86 = process.env["ProgramFiles(x86)"] ?? "C:\\Program Files (x86)";
+        const localAppData = process.env.LOCALAPPDATA ?? join(home, "AppData", "Local");
+        const userProfile = process.env.USERPROFILE ?? home;
+        out.push({ path: join(programFiles, "nodejs", "node.exe"), source: "Program Files" }, { path: join(programFilesX86, "nodejs", "node.exe"), source: "Program Files (x86)" }, { path: join(userProfile, ".volta", "bin", "node.exe"), source: "volta" });
+        // nvm-windows: %LOCALAPPDATA%\nvm\v22.x.x\node.exe — scan dir
+        out.push(...(await scanDir(join(localAppData, "nvm"), "node.exe", "nvm-windows")));
+        // fnm: %LOCALAPPDATA%\fnm_multishells\<pid>_<ts>\node.exe — scan dir
+        out.push(...(await scanDir(join(localAppData, "fnm_multishells"), "node.exe", "fnm-windows")));
+        // fnm node-versions: %LOCALAPPDATA%\fnm\node-versions\v22.x.x\installation\node.exe
+        out.push(...(await scanFnmNodeVersions(join(localAppData, "fnm", "node-versions"), true)));
+    }
+    else {
+        // 3. POSIX common locations
+        out.push({ path: "/opt/homebrew/bin/node", source: "homebrew-arm64" }, { path: "/usr/local/bin/node", source: "homebrew-x64" }, { path: "/usr/bin/node", source: "system" });
+        // 4. nvm (~/.nvm/versions/node/v22.x.x/bin/node) — pick latest
+        out.push(...(await scanNvm(join(home, ".nvm", "versions", "node"))));
+        // 5. Volta
+        out.push({ path: join(home, ".volta", "bin", "node"), source: "volta" });
+        // 6. fnm (~/.fnm/node-versions/v22.x.x/installation/bin/node)
+        out.push(...(await scanFnmNodeVersions(join(home, ".fnm", "node-versions"), false)));
+        // fnm alternate: ~/.local/share/fnm/node-versions/v22.x.x/installation/bin/node
+        out.push(...(await scanFnmNodeVersions(join(home, ".local", "share", "fnm", "node-versions"), false)));
+        // 7. asdf (~/.asdf/installs/nodejs/22.x.x/bin/node)
+        out.push(...(await scanAsdf(join(home, ".asdf", "installs", "nodejs"))));
+    }
+    return dedupe(out);
+}
+function dedupe(items) {
+    const seen = new Set();
+    const out = [];
+    for (const item of items) {
+        const key = resolve(item.path);
+        if (seen.has(key))
+            continue;
+        seen.add(key);
+        out.push({ ...item, path: key });
+    }
+    return out;
+}
+async function exists(p) {
+    try {
+        await access(p, FS.X_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function whichNode() {
+    const cmd = platform() === "win32" ? "where" : "which";
+    return new Promise((resolveP) => {
+        const proc = spawn(cmd, ["node"], { stdio: ["ignore", "pipe", "ignore"] });
+        let out = "";
+        proc.stdout.on("data", (d) => {
+            out += d.toString("utf8");
+        });
+        proc.on("close", () => {
+            // `where` on Windows can return multiple lines; take the first.
+            const first = out.split(/\r?\n/).map((s) => s.trim()).find(Boolean);
+            resolveP(first || null);
+        });
+        proc.on("error", () => resolveP(null));
+    });
+}
+async function probeNodeVersion(nodePath) {
+    return new Promise((resolveP) => {
+        const proc = spawn(nodePath, ["--version"], {
+            stdio: ["ignore", "pipe", "ignore"],
+            timeout: 3_000,
+        });
+        let out = "";
+        proc.stdout.on("data", (d) => {
+            out += d.toString("utf8");
+        });
+        proc.on("close", (code) => {
+            if (code !== 0)
+                return resolveP(null);
+            const version = out.trim();
+            resolveP(version.startsWith("v") ? version : null);
+        });
+        proc.on("error", () => resolveP(null));
+    });
+}
+async function scanDir(dir, binaryName, source) {
+    try {
+        const entries = await readdir(dir);
+        // Largest version-looking dir wins, so a user with multiple installed
+        // versions tries the most recent first.
+        const sorted = entries
+            .filter((e) => /v?\d/.test(e))
+            .sort((a, b) => semverDescend(a, b));
+        return sorted.slice(0, 5).map((entry) => ({
+            path: join(dir, entry, binaryName),
+            source: `${source}:${entry}`,
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+async function scanNvm(nvmDir) {
+    try {
+        const entries = await readdir(nvmDir);
+        const sorted = entries
+            .filter((e) => /^v?\d/.test(e))
+            .sort((a, b) => semverDescend(a, b));
+        return sorted.slice(0, 5).map((entry) => ({
+            path: join(nvmDir, entry, "bin", "node"),
+            source: `nvm:${entry}`,
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+async function scanFnmNodeVersions(versionsDir, isWindows) {
+    try {
+        const entries = await readdir(versionsDir);
+        const sorted = entries
+            .filter((e) => /^v?\d/.test(e))
+            .sort((a, b) => semverDescend(a, b));
+        const segments = isWindows
+            ? ["installation", "node.exe"]
+            : ["installation", "bin", "node"];
+        return sorted.slice(0, 5).map((entry) => ({
+            path: join(versionsDir, entry, ...segments),
+            source: `fnm:${entry}`,
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+async function scanAsdf(asdfDir) {
+    try {
+        const entries = await readdir(asdfDir);
+        const sorted = entries
+            .filter((e) => /^\d/.test(e))
+            .sort((a, b) => semverDescend(a, b));
+        return sorted.slice(0, 5).map((entry) => ({
+            path: join(asdfDir, entry, "bin", "node"),
+            source: `asdf:${entry}`,
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+function semverDescend(a, b) {
+    const ax = a.replace(/^v/, "").split(".").map((n) => parseInt(n, 10) || 0);
+    const bx = b.replace(/^v/, "").split(".").map((n) => parseInt(n, 10) || 0);
+    for (let i = 0; i < 3; i++) {
+        const av = ax[i] ?? 0;
+        const bv = bx[i] ?? 0;
+        if (av !== bv)
+            return bv - av;
+    }
+    return 0;
+}
+//# sourceMappingURL=node-discovery.js.map

package/dist/sandbox/node-discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"node-discovery.js","sourceRoot":"","sources":["../../src/sandbox/node-discovery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,SAAS,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE1C;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,uBAAuB,GAAG,EAAE,CAAC;AASnC,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,UAAU,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAC7C,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,MAAM,IAAI,uBAAuB;YAAE,MAAM;QAC7C,IAAI,CAAC,SAAS,CAAC,IAAI;YAAE,SAAS;QAC9B,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAAE,SAAS;QAC9C,MAAM,EAAE,CAAC;QAET,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,SAAS;YAAE,SAAS;QAE3D,OAAO;YACL,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,OAAO;YACP,KAAK;YACL,MAAM,EAAE,SAAS,CAAC,MAAM;SACzB,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAOD,KAAK,UAAU,iBAAiB;IAC9B,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG,QAAQ,EAAE,KAAK,OAAO,CAAC;IACzC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IAEvB,uBAAuB;IACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC/C,IAAI,QAAQ;QAAE,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAExE,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,MAAM,SAAS,EAAE,CAAC;IACnC,IAAI,QAAQ;QAAE,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAE3D,IAAI,SAAS,EAAE,CAAC;QACd,8BAA8B;QAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,mBAAmB,CAAC;QACrE,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,yBAAyB,CAAC;QAChE,MAAM,YAAY,GAChB,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC;QAEpD,GAAG,CAAC,IAAI,CACN,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,EAC3E,EAAE,IAAI,EAAE,IAAI,CAAC,eAAe,EAAE,QAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,EACpF,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAC1E,CAAC;QAEF,8DAA8D;QAC9D,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC,CACzE,CAAC;QACF,qEAAqE;QACrE,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,MAAM,OAAO,CACf,IAAI,CAAC,YAAY,EAAE,iBAAiB,CAAC,EACrC,UAAU,EACV,aAAa,CACd,CAAC,CACH,CAAC;QACF,oFAAoF;QACpF,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,MAAM,mBAAmB,CAC3B,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,eAAe,CAAC,EAC1C,IAAI,CACL,CAAC,CACH,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,GAAG,CAAC,IAAI,CACN,EAAE,IAAI,EAAE,wBAAwB,EAAE,MAAM,EAAE,gBAAgB,EAAE,EAC5D,EAAE,IAAI,EAAE,qBAAqB,EAAE,MAAM,EAAE,cAAc,EAAE,EACvD,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,CAC5C,CAAC;QAEF,+DAA+D;QAC/D,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAC3D,CAAC;QAEF,WAAW;QACX,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAEzE,8DAA8D;QAC9D,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,MAAM,mBAAmB,CAC3B,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,eAAe,CAAC,EACnC,KAAK,CACN,CAAC,CACH,CAAC;QACF,gFAAgF;QAChF,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,MAAM,mBAAmB,CAC3B,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,EACrD,KAAK,CACN,CAAC,CACH,CAAC;QAEF,oDAAoD;QACpD,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,CAC/D,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,MAAM,CAAC,KAAkB;IAChC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,CAAS;IAC7B,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS;IACtB,MAAM,GAAG,GAAG,QAAQ,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IACvD,OAAO,IAAI,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC3E,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE;YACnC,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACpB,gEAAgE;YAChE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpE,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,QAAgB;IAC9C,OAAO,IAAI,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE;YAC1C,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE;YACnC,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;YAC3B,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,OAAO,CACpB,GAAW,EACX,UAAkB,EAClB,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,sEAAsE;QACtE,wCAAwC;QACxC,MAAM,MAAM,GAAG,OAAO;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;aAC7B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,CAAC;YAClC,MAAM,EAAE,GAAG,MAAM,IAAI,KAAK,EAAE;SAC7B,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,MAAc;IACnC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,OAAO;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;aAC9B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC;YACxC,MAAM,EAAE,OAAO,KAAK,EAAE;SACvB,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,WAAmB,EACnB,SAAkB;IAElB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,OAAO;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;aAC9B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,QAAQ,GAAG,SAAS;YACxB,CAAC,CAAC,CAAC,cAAc,EAAE,UAAU,CAAC;YAC9B,CAAC,CAAC,CAAC,cAAc,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,QAAQ,CAAC;YAC3C,MAAM,EAAE,OAAO,KAAK,EAAE;SACvB,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,OAAe;IACrC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,OAAO;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;aAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC;YACzC,MAAM,EAAE,QAAQ,KAAK,EAAE;SACxB,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,CAAS,EAAE,CAAS;IACzC,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3E,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtB,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtB,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IAChC,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC"}

package/dist/sandbox/protocol.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Newline-delimited JSON-RPC protocol shared between the main MCP server
+ * and the spawned sidecar Node process. Each message is one JSON object
+ * per line on stdin/stdout.
+ *
+ * Flow:
+ *   1. Sidecar starts, tries to `require('isolated-vm')`.
+ *      - On failure → sends FatalMessage and exits 1.
+ *      - On success → sends ReadyMessage with isolated-vm version.
+ *   2. Main sends InitMessage with the method-path registry.
+ *   3. Main sends ExecuteRequestMessage to run user code.
+ *   4. During execution, the sandbox's bridge calls round-trip:
+ *      sidecar → HostCallRequestMessage → main → HostCallResponseMessage → sidecar.
+ *   5. Sidecar sends ExecuteResponseMessage when done.
+ *   6. On shutdown, main sends ShutdownMessage (or just closes stdin).
+ */
+export interface ReadyMessage {
+    type: "ready";
+    /** isolated-vm package version, for diagnostics. */
+    ivmVersion: string;
+}
+export interface FatalMessage {
+    type: "fatal";
+    reason: string;
+}
+export interface LogMessage {
+    type: "log";
+    level: "debug" | "info" | "warn" | "error";
+    message: string;
+}
+export interface InitMessage {
+    type: "init";
+    /** Method-path registry to mirror as the in-isolate SDK surface. */
+    methodPaths: string[];
+}
+export interface ExecuteRequestMessage {
+    type: "execute";
+    /** Correlation ID set by the main process. */
+    id: string;
+    code: string;
+    timeoutMs: number;
+}
+export interface HostCallRequestMessage {
+    type: "host-call";
+    /** ID of the in-flight execute that owns this call. */
+    execId: string;
+    /** Unique per host call within a single execute. */
+    callId: string;
+    path: string;
+    argsJson: string;
+}
+export interface HostCallResponseMessage {
+    type: "host-result";
+    execId: string;
+    callId: string;
+    /** JSON-encoded result, or `__ERROR__<msg>` sentinel for thrown errors. */
+    resultJson: string;
+}
+export interface ExecuteResponseMessage {
+    type: "execute-result";
+    id: string;
+    ok: boolean;
+    /** JSON-encoded user return value, only meaningful when ok=true. */
+    resultJson?: string;
+    stdout: string[];
+    error?: string;
+    durationMs: number;
+    /** True when the underlying isolate was recreated since the last call. */
+    sessionReset?: boolean;
+}
+export interface ShutdownMessage {
+    type: "shutdown";
+}
+export type MainToSidecar = InitMessage | ExecuteRequestMessage | HostCallResponseMessage | ShutdownMessage;
+export type SidecarToMain = ReadyMessage | FatalMessage | LogMessage | ExecuteResponseMessage | HostCallRequestMessage;
+export declare function encodeLine(msg: MainToSidecar | SidecarToMain): string;

package/dist/sandbox/protocol.js

@@ -0,0 +1,20 @@
+/**
+ * Newline-delimited JSON-RPC protocol shared between the main MCP server
+ * and the spawned sidecar Node process. Each message is one JSON object
+ * per line on stdin/stdout.
+ *
+ * Flow:
+ *   1. Sidecar starts, tries to `require('isolated-vm')`.
+ *      - On failure → sends FatalMessage and exits 1.
+ *      - On success → sends ReadyMessage with isolated-vm version.
+ *   2. Main sends InitMessage with the method-path registry.
+ *   3. Main sends ExecuteRequestMessage to run user code.
+ *   4. During execution, the sandbox's bridge calls round-trip:
+ *      sidecar → HostCallRequestMessage → main → HostCallResponseMessage → sidecar.
+ *   5. Sidecar sends ExecuteResponseMessage when done.
+ *   6. On shutdown, main sends ShutdownMessage (or just closes stdin).
+ */
+export function encodeLine(msg) {
+    return JSON.stringify(msg) + "\n";
+}
+//# sourceMappingURL=protocol.js.map

package/dist/sandbox/protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../src/sandbox/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAiFH,MAAM,UAAU,UAAU,CAAC,GAAkC;IAC3D,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;AACpC,CAAC"}

package/dist/sandbox/proxy-template.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Build the JavaScript source that runs INSIDE the `node:vm` context to
+ * reconstruct the `klaviyo` and `shopify` namespace trees as thin async stubs.
+ *
+ * Each leaf method serializes its args to JSON, calls the host bridge function
+ * (`__host_invoke`) injected into the context, and awaits the host's promise.
+ * The host re-runs the request with real rate limiting, auth, and caching.
+ *
+ * JSON-encoded args are used (rather than passing the raw array) because:
+ *   - `node:vm` shares the V8 heap with the host, so objects could leak the
+ *     prototype chain across the boundary if passed directly. JSON normalizes
+ *     everything to plain data.
+ *   - Behavior matches what we'd do across a worker boundary if we later
+ *     swap the runtime for a stricter sandbox.
+ *
+ * The bootstrap also installs the output-discipline helpers (`pick`,
+ * `summarize`, `topN`) — see ./sandbox-helpers.ts.
+ */
+export declare function buildProxyScript(methodPaths: string[]): string;

package/dist/sandbox/proxy-template.js

@@ -0,0 +1,83 @@
+import { SANDBOX_HELPERS_SOURCE } from "./sandbox-helpers.js";
+/**
+ * Build the JavaScript source that runs INSIDE the `node:vm` context to
+ * reconstruct the `klaviyo` and `shopify` namespace trees as thin async stubs.
+ *
+ * Each leaf method serializes its args to JSON, calls the host bridge function
+ * (`__host_invoke`) injected into the context, and awaits the host's promise.
+ * The host re-runs the request with real rate limiting, auth, and caching.
+ *
+ * JSON-encoded args are used (rather than passing the raw array) because:
+ *   - `node:vm` shares the V8 heap with the host, so objects could leak the
+ *     prototype chain across the boundary if passed directly. JSON normalizes
+ *     everything to plain data.
+ *   - Behavior matches what we'd do across a worker boundary if we later
+ *     swap the runtime for a stricter sandbox.
+ *
+ * The bootstrap also installs the output-discipline helpers (`pick`,
+ * `summarize`, `topN`) — see ./sandbox-helpers.ts.
+ */
+export function buildProxyScript(methodPaths) {
+    const tree = {};
+    for (const path of methodPaths) {
+        const segments = path.split(".");
+        let cursor = tree;
+        for (let i = 0; i < segments.length - 1; i++) {
+            const key = segments[i];
+            if (typeof cursor[key] !== "object")
+                cursor[key] = {};
+            cursor = cursor[key];
+        }
+        cursor[segments[segments.length - 1]] = path;
+    }
+    function emit(node) {
+        const parts = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (typeof value === "string") {
+                parts.push(`${JSON.stringify(key)}: (...args) => __invoke(${JSON.stringify(value)}, args)`);
+            }
+            else {
+                parts.push(`${JSON.stringify(key)}: ${emit(value)}`);
+            }
+        }
+        return `{${parts.join(",")}}`;
+    }
+    return `
+(function () {
+  const __invoke = async function (path, args) {
+    const argsJson = JSON.stringify(args);
+    const resultJson = await __host_invoke(path, argsJson);
+    if (typeof resultJson === 'string' && resultJson.startsWith('__ERROR__')) {
+      throw new Error(resultJson.slice(9));
+    }
+    return resultJson ? JSON.parse(resultJson) : undefined;
+  };
+
+  const __stdout = [];
+  globalThis.console = {
+    log: (...args) => {
+      __stdout.push(args.map((a) => typeof a === 'string' ? a : JSON.stringify(a)).join(' '));
+    },
+    error: (...args) => {
+      __stdout.push('[err] ' + args.map((a) => typeof a === 'string' ? a : JSON.stringify(a)).join(' '));
+    },
+    warn: (...args) => {
+      __stdout.push('[warn] ' + args.map((a) => typeof a === 'string' ? a : JSON.stringify(a)).join(' '));
+    },
+    info: (...args) => {
+      __stdout.push(args.map((a) => typeof a === 'string' ? a : JSON.stringify(a)).join(' '));
+    },
+  };
+  globalThis.__getStdout = () => __stdout;
+  globalThis.__resetStdout = () => { __stdout.length = 0; };
+
+  const __sdk = ${emit(tree)};
+  for (const k of Object.keys(__sdk)) {
+    globalThis[k] = __sdk[k];
+  }
+})();
+
+${SANDBOX_HELPERS_SOURCE}
+`;
+}
+//# sourceMappingURL=proxy-template.js.map

package/dist/sandbox/proxy-template.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-template.js","sourceRoot":"","sources":["../../src/sandbox/proxy-template.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAAqB;IAEpD,MAAM,IAAI,GAAS,EAAE,CAAC;IACtB,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,MAAM,GAAG,IAAI,CAAC;QAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACxB,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ;gBAAE,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACtD,MAAM,GAAG,MAAM,CAAC,GAAG,CAAS,CAAC;QAC/B,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAC/C,CAAC;IAED,SAAS,IAAI,CAAC,IAAU;QACtB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,KAAK,CAAC,IAAI,CACR,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAChF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QACD,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,CAAC;IAED,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA6BS,IAAI,CAAC,IAAI,CAAC;;;;;;EAM1B,sBAAsB;CACvB,CAAC;AACF,CAAC"}

package/dist/sandbox/runner.d.ts

@@ -0,0 +1,20 @@
+import { type RunResult } from "./vm-runner.js";
+/**
+ * Public sandbox runner. Routes between the sidecar (isolated-vm) and the
+ * in-process vm-runner (node:vm) based on availability.
+ *
+ * Selection logic:
+ *   - DTC_MCP_SANDBOX=vm        → always use node:vm
+ *   - DTC_MCP_SANDBOX=sidecar   → require sidecar; error if unavailable
+ *   - DTC_MCP_SANDBOX=auto      → default: prefer sidecar, fall back to vm
+ *
+ * The active mode is logged once at first use so users can see in the debug
+ * log which sandbox is actually executing their code.
+ */
+export type { RunResult } from "./vm-runner.js";
+export type SandboxMode = "sidecar" | "vm";
+export declare function runSandbox(code: string, options: {
+    timeoutMs: number;
+}): Promise<RunResult & {
+    sandbox: SandboxMode;
+}>;

package/dist/sandbox/runner.js

@@ -0,0 +1,99 @@
+import { runSandboxVm } from "./vm-runner.js";
+import { getSidecarStatus, runSandboxSidecar } from "./sidecar-runner.js";
+import { log } from "../config.js";
+let activeMode = null;
+async function pickMode() {
+    const override = (process.env.DTC_MCP_SANDBOX ?? "auto").toLowerCase();
+    if (override === "vm")
+        return "vm";
+    const status = await getSidecarStatus();
+    if (override === "sidecar") {
+        if (!status.available) {
+            // Caller asked for sidecar specifically; throwing here would break
+            // execute_code. We log the failure and fall back so the tool stays
+            // usable — but the log makes it obvious.
+            log("error", "DTC_MCP_SANDBOX=sidecar but sidecar unavailable", {
+                reason: status.reason,
+            });
+        }
+        return status.available ? "sidecar" : "vm";
+    }
+    // auto
+    return status.available ? "sidecar" : "vm";
+}
+/**
+ * Cap user code's return payload so an over-eager LLM that returns a raw
+ * 380 KB JSON blob doesn't burn through the conversation's context window.
+ * Stainless's own benchmark caps factuality at 53% across all code-mode
+ * MCPs because "models tend toward verbose responses beyond what's strictly
+ * necessary." This is the host-side enforcement; the in-sandbox `pick` /
+ * `summarize` / `topN` helpers are the LLM-friendly remediation.
+ */
+const MAX_RESPONSE_BYTES = (() => {
+    const raw = process.env.DTC_MCP_MAX_RESPONSE_KB;
+    if (raw) {
+        const kb = parseInt(raw, 10);
+        if (Number.isFinite(kb) && kb > 0)
+            return kb * 1024;
+    }
+    return 100 * 1024;
+})();
+function applyResponseCap(result) {
+    if (!result.ok || result.result === undefined || result.result === null) {
+        return result;
+    }
+    let serialized;
+    try {
+        serialized = JSON.stringify(result.result);
+    }
+    catch {
+        // If the value isn't JSON-serializable, leave it for the upstream
+        // JSON.stringify (in execute_code.ts) to surface the error.
+        return result;
+    }
+    const bytes = Buffer.byteLength(serialized, "utf8");
+    if (bytes <= MAX_RESPONSE_BYTES)
+        return result;
+    // Capture a leading slice as a preview so the LLM can still see the shape.
+    // Truncate at ~90% of the cap to leave room for the truncation envelope.
+    const previewLimit = Math.floor(MAX_RESPONSE_BYTES * 0.9);
+    const preview = serialized.slice(0, previewLimit);
+    log("warn", "Response capped", {
+        originalBytes: bytes,
+        cap: MAX_RESPONSE_BYTES,
+    });
+    return {
+        ...result,
+        result: {
+            truncated: true,
+            originalBytes: bytes,
+            cap: MAX_RESPONSE_BYTES,
+            preview,
+            instructions: "Output exceeded the response cap. Use `pick(value, schema)` to project specific fields, `topN(arr, n, key)` for top items, or `summarize(arr, { by, topN })` for aggregate stats. See search_docs('output discipline') for examples.",
+        },
+    };
+}
+export async function runSandbox(code, options) {
+    if (!activeMode) {
+        activeMode = await pickMode();
+        log("info", "Sandbox mode selected", { mode: activeMode });
+    }
+    const result = activeMode === "sidecar"
+        ? await runSandboxSidecar(code, options)
+        : await runSandboxVm(code, options);
+    // If the sidecar died mid-session (e.g., child crashed), gracefully drop
+    // to vm-runner for THIS call and every future call.
+    if (activeMode === "sidecar" &&
+        !result.ok &&
+        typeof result.error === "string" &&
+        result.error.startsWith("Sidecar unavailable")) {
+        log("warn", "Sidecar dropped; falling back to vm-runner", {
+            error: result.error,
+        });
+        activeMode = "vm";
+        const fallback = await runSandboxVm(code, options);
+        return { ...applyResponseCap(fallback), sandbox: "vm" };
+    }
+    return { ...applyResponseCap(result), sandbox: activeMode };
+}
+//# sourceMappingURL=runner.js.map

package/dist/sandbox/runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../src/sandbox/runner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAkB,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAmBnC,IAAI,UAAU,GAAuB,IAAI,CAAC;AAE1C,KAAK,UAAU,QAAQ;IACrB,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;IAEvE,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE,CAAC;IACxC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACtB,mEAAmE;YACnE,mEAAmE;YACnE,yCAAyC;YACzC,GAAG,CAAC,OAAO,EAAE,iDAAiD,EAAE;gBAC9D,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7C,CAAC;IAED,OAAO;IACP,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE;IAC/B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAChD,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC7B,IAAI,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC;YAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACtD,CAAC;IACD,OAAO,GAAG,GAAG,IAAI,CAAC;AACpB,CAAC,CAAC,EAAE,CAAC;AAEL,SAAS,gBAAgB,CAAC,MAAiB;IACzC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;QACxE,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,4DAA4D;QAC5D,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACpD,IAAI,KAAK,IAAI,kBAAkB;QAAE,OAAO,MAAM,CAAC;IAE/C,2EAA2E;IAC3E,yEAAyE;IACzE,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,GAAG,GAAG,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAElD,GAAG,CAAC,MAAM,EAAE,iBAAiB,EAAE;QAC7B,aAAa,EAAE,KAAK;QACpB,GAAG,EAAE,kBAAkB;KACxB,CAAC,CAAC;IAEH,OAAO;QACL,GAAG,MAAM;QACT,MAAM,EAAE;YACN,SAAS,EAAE,IAAI;YACf,aAAa,EAAE,KAAK;YACpB,GAAG,EAAE,kBAAkB;YACvB,OAAO;YACP,YAAY,EACV,sOAAsO;SACzO;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,IAAY,EACZ,OAA8B;IAE9B,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,UAAU,GAAG,MAAM,QAAQ,EAAE,CAAC;QAC9B,GAAG,CAAC,MAAM,EAAE,uBAAuB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,MAAM,GACV,UAAU,KAAK,SAAS;QACtB,CAAC,CAAC,MAAM,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC;QACxC,CAAC,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAExC,yEAAyE;IACzE,oDAAoD;IACpD,IACE,UAAU,KAAK,SAAS;QACxB,CAAC,MAAM,CAAC,EAAE;QACV,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ;QAChC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAC9C,CAAC;QACD,GAAG,CAAC,MAAM,EAAE,4CAA4C,EAAE;YACxD,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QACH,UAAU,GAAG,IAAI,CAAC;QAClB,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACnD,OAAO,EAAE,GAAG,gBAAgB,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,GAAG,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AAC9D,CAAC"}

package/dist/sandbox/sandbox-helpers.d.ts

@@ -0,0 +1,14 @@
+/**
+ * JS source for the output-discipline helpers that get injected into the
+ * sandbox global scope. Same code runs in both runners (node:vm and
+ * isolated-vm) — keeping this as a single string source-of-truth means the
+ * behavior the LLM observes is identical regardless of which runner is
+ * actually executing.
+ *
+ * Why these helpers exist: Stainless's published benchmark caps factuality
+ * at 53% across all code-mode MCPs, with the model "tending toward verbose
+ * responses beyond what's strictly necessary." These helpers give the LLM
+ * a vocabulary to project / aggregate / trim raw API responses before
+ * returning, and the docs explicitly point at them.
+ */
+export declare const SANDBOX_HELPERS_SOURCE: string;