kly 0.1.0 → 0.2.0

package/dist/bin/config-builder-D5EtwOB3.mjs

@@ -0,0 +1,3 @@
+import { n as formatPermissionsSummary, t as buildSandboxConfig } from "./kly.mjs";
+
+export { buildSandboxConfig, formatPermissionsSummary };

package/dist/bin/kly.mjs

@@ -950,9 +950,10 @@ function createResourceProvider(options) {
 * 4. Returns execution result
 */
 async function launchSandbox(options) {
-	const { scriptPath, args: args$1, appId, sandboxConfig, allowApiKey } = options;
+	const { scriptPath, args: args$1, appId, invokeDir, sandboxConfig, allowApiKey } = options;
 	await SandboxManager.initialize(sandboxConfig);
 	const absoluteScriptPath = resolve(process.cwd(), scriptPath);
+	const _scriptDir = absoluteScriptPath.substring(0, absoluteScriptPath.lastIndexOf("/"));
 	const executorPath = resolve(__dirname, "../sandbox/bundled-executor.mjs");
 	if (!SandboxManager.isSandboxingEnabled()) {
 		console.warn("⚠️  Sandboxing is not supported on this platform.");
@@ -973,6 +974,7 @@ async function launchSandbox(options) {
 			"inherit",
 			"ipc"
 		],
+		cwd: _scriptDir,
 		env: {
 			...process.env,
 			KLY_SANDBOX_MODE: "true"
@@ -994,6 +996,7 @@ async function launchSandbox(options) {
 		scriptPath: absoluteScriptPath,
 		args: args$1,
 		appId,
+		invokeDir,
 		permissions: {
 			allowApiKey,
 			sandboxConfig
@@ -1843,22 +1846,42 @@ async function clearAllPermissionsAction() {
 */
 const PROTECTED_PATHS = {
 	alwaysDenyWrite: [
-		join(homedir(), ".kly"),
+		join(homedir(), ".kly/config"),
+		join(homedir(), ".kly/permissions.json"),
+		join(homedir(), ".kly/kly.sum"),
 		join(homedir(), ".ssh"),
 		join(homedir(), ".aws"),
 		join(homedir(), ".gnupg")
 	],
-	alwaysDenyRead: [join(homedir(), ".kly")]
+	alwaysDenyRead: [join(homedir(), ".kly/config"), join(homedir(), ".kly/permissions.json")]
 };
 /**
+* Resolve filesystem path with special marker support
+*
+* Special markers:
+* - "*": User's home directory (allows access to all non-sensitive files)
+* - Absolute paths: Used as-is
+*
+* @param path - Path to resolve (may contain special markers)
+* @returns Resolved absolute path, or undefined if path is undefined
+*/
+function resolveFilesystemPath(path) {
+	if (!path) return void 0;
+	if (path === "*") return homedir();
+	return path;
+}
+/**
 * Build a complete SandboxRuntimeConfig from declared app permissions
 *
 * This merges:
 * 1. Default safe configuration
 * 2. Automatic LLM domains (if apiKeys: true)
-* 3. User-declared sandbox config
+* 3. User-declared sandbox config (with special marker support)
 * 4. Mandatory protections (always applied)
 *
+* Special markers in filesystem paths:
+* - "*": Allows access to all files in user's home directory (except sensitive paths)
+*
 * @param permissions - Declared app permissions
 * @returns Complete sandbox configuration ready for SandboxManager
 */
@@ -1870,10 +1893,16 @@ function buildSandboxConfig(permissions) {
 	if (permissions?.apiKeys) allowedDomains = [...LLM_API_DOMAINS];
 	if (permissions?.sandbox) {
 		const userSandbox = permissions.sandbox;
-		if (userSandbox.network?.allowedDomains) allowedDomains = [...allowedDomains, ...userSandbox.network.allowedDomains];
+		if (userSandbox.network?.allowedDomains) {
+			const domains = userSandbox.network.allowedDomains.filter((d) => d !== void 0);
+			allowedDomains = [...allowedDomains, ...domains];
+		}
 		if (userSandbox.filesystem) {
-			if (userSandbox.filesystem.allowWrite) allowWrite = userSandbox.filesystem.allowWrite;
-			if (userSandbox.filesystem.denyRead) denyRead = [...denyRead, ...userSandbox.filesystem.denyRead];
+			if (userSandbox.filesystem.allowWrite) allowWrite = userSandbox.filesystem.allowWrite.map(resolveFilesystemPath).filter((p) => p !== void 0);
+			if (userSandbox.filesystem.denyRead) {
+				const deniedPaths = userSandbox.filesystem.denyRead.map(resolveFilesystemPath).filter((p) => p !== void 0);
+				denyRead = [...denyRead, ...deniedPaths];
+			}
 		}
 	}
 	return {
@@ -1885,7 +1914,8 @@ function buildSandboxConfig(permissions) {
 			denyRead,
 			allowWrite,
 			denyWrite: PROTECTED_PATHS.alwaysDenyWrite
-		}
+		},
+		allowPty: true
 	};
 }
 /**
@@ -1904,9 +1934,13 @@ function formatPermissionsSummary(permissions) {
 		summary.push(`• Network: ${domains}${more}`);
 	}
 	if (config.filesystem.allowWrite.length > 1 || config.filesystem.allowWrite.length === 1 && config.filesystem.allowWrite[0] !== currentDir) {
-		const dirs = config.filesystem.allowWrite.map((p) => p === currentDir ? "current directory" : p).slice(0, 2).join(", ");
-		const more = config.filesystem.allowWrite.length > 2 ? ` +${config.filesystem.allowWrite.length - 2} more` : "";
-		summary.push(`• Filesystem write: ${dirs}${more}`);
+		const homeDir = homedir();
+		if (config.filesystem.allowWrite.includes(homeDir)) summary.push("• Filesystem write: All non-sensitive directories");
+		else {
+			const dirs = config.filesystem.allowWrite.map((p) => p === currentDir ? "current directory" : p).slice(0, 2).join(", ");
+			const more = config.filesystem.allowWrite.length > 2 ? ` +${config.filesystem.allowWrite.length - 2} more` : "";
+			summary.push(`• Filesystem write: ${dirs}${more}`);
+		}
 	}
 	if (permissions?.sandbox?.filesystem?.denyRead) summary.push(`• Filesystem read denied: ${permissions.sandbox.filesystem.denyRead.length} path(s)`);
 	return summary;
@@ -2320,9 +2354,13 @@ const ENTRY_CANDIDATES = [
 ];
 /**
 * Resolve entry point for a kly app
-* Priority: main field > convention candidates
+* Priority: convention candidates > main field
+*
+* We prioritize convention-based source files over package.json main field
+* because remote apps are run from source, not from built artifacts.
 */
 function resolveEntryPoint(repoPath) {
+	for (const candidate of ENTRY_CANDIDATES) if (existsSync(join(repoPath, candidate))) return candidate;
 	const pkgPath = join(repoPath, "package.json");
 	if (existsSync(pkgPath)) try {
 		const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
@@ -2330,7 +2368,6 @@ function resolveEntryPoint(repoPath) {
 			if (existsSync(join(repoPath, pkg.main))) return pkg.main;
 		}
 	} catch {}
-	for (const candidate of ENTRY_CANDIDATES) if (existsSync(join(repoPath, candidate))) return candidate;
 	return null;
 }
 /**
@@ -2703,20 +2740,40 @@ async function executeApp(ref, repoPath, args$1, mcp) {
 	const prevRemoteRef = process.env[ENV_VARS.REMOTE_REF];
 	process.env[ENV_VARS.REMOTE_REF] = remoteRef;
 	try {
-		const { getAppIdentifier: getAppIdentifier$1, checkApiKeyPermission: checkApiKeyPermission$1, getAppSandboxConfig: getAppSandboxConfig$1 } = await import("./permissions-2r_7ZqaH.mjs");
-		const { launchSandbox: launchSandbox$1 } = await import("./launcher-vTpgdO9n.mjs");
+		const { getAppIdentifier: getAppIdentifier$1, checkApiKeyPermission: checkApiKeyPermission$1, getAppSandboxConfig: getAppSandboxConfig$1 } = await import("./permissions-C_WgoA3t.mjs");
+		const { launchSandbox: launchSandbox$1 } = await import("./launcher-Ex3ynZdE.mjs");
+		const { buildSandboxConfig: buildSandboxConfig$1, formatPermissionsSummary: formatPermissionsSummary$1 } = await import("./config-builder-D5EtwOB3.mjs");
+		const { extractAppPermissions: extractAppPermissions$1 } = await import("./permissions-extractor-BfUPS0Tr.mjs");
 		const appId = getAppIdentifier$1();
+		console.log("📋 Reading app permissions...");
+		const declaredPermissions = await extractAppPermissions$1(absoluteEntryPath);
+		if (declaredPermissions) {
+			const summary = formatPermissionsSummary$1(declaredPermissions);
+			if (summary.length > 0) {
+				console.log("\nThis app requests the following permissions:");
+				for (const item of summary) console.log(item);
+				console.log("");
+			}
+		}
 		console.log("🔐 Checking permissions...");
-		const allowApiKey = await checkApiKeyPermission$1(appId);
-		if (!allowApiKey) {
-			console.error("❌ Permission denied: API key access rejected");
-			process.exit(1);
+		let allowApiKey = false;
+		let sandboxConfig = null;
+		if (declaredPermissions?.apiKeys) {
+			allowApiKey = await checkApiKeyPermission$1(appId);
+			if (!allowApiKey) {
+				console.error("❌ Permission denied: API key access rejected");
+				process.exit(1);
+			}
 		}
-		const sandboxConfig = await getAppSandboxConfig$1(appId);
-		if (!sandboxConfig) {
-			console.error("❌ Permission denied: Sandbox configuration rejected");
-			process.exit(1);
+		if (declaredPermissions) sandboxConfig = buildSandboxConfig$1(declaredPermissions);
+		else {
+			sandboxConfig = await getAppSandboxConfig$1(appId);
+			if (!sandboxConfig) {
+				console.error("❌ Permission denied: Sandbox configuration rejected");
+				process.exit(1);
+			}
 		}
+		if (!sandboxConfig.filesystem.allowWrite.includes(repoPath)) sandboxConfig.filesystem.allowWrite.push(repoPath);
 		if (mcp) {
 			console.warn("⚠️  MCP mode with remote repos not yet fully supported in new architecture");
 			process.env[ENV_VARS.MCP_MODE] = "true";
@@ -2728,6 +2785,7 @@ async function executeApp(ref, repoPath, args$1, mcp) {
 			scriptPath: absoluteEntryPath,
 			args: args$1,
 			appId,
+			invokeDir: process.cwd(),
 			sandboxConfig,
 			allowApiKey
 		});
@@ -2799,6 +2857,7 @@ async function main() {
 }
 async function runFile(filePath, appArgs) {
 	const absolutePath = resolve(process.cwd(), filePath);
+	const invokeDir = process.cwd();
 	const prevLocalRef = process.env.KLY_LOCAL_REF;
 	process.env.KLY_LOCAL_REF = `local:${absolutePath}`;
 	try {
@@ -2823,6 +2882,7 @@ async function runFile(filePath, appArgs) {
 			scriptPath: absolutePath,
 			args: appArgs,
 			appId,
+			invokeDir,
 			sandboxConfig,
 			allowApiKey
 		});
@@ -2884,5 +2944,5 @@ main().catch((err) => {
 });
 
 //#endregion
-export { getAppSandboxConfig as a, revokePermission as c, getAppName as i, savePermissions as l, clearAllPermissions as n, listPermissions as o, getAppIdentifier as r, loadPermissions as s, checkApiKeyPermission as t, launchSandbox as u };
+export { getAppIdentifier as a, listPermissions as c, savePermissions as d, launchSandbox as f, clearAllPermissions as i, loadPermissions as l, formatPermissionsSummary as n, getAppName as o, checkApiKeyPermission as r, getAppSandboxConfig as s, buildSandboxConfig as t, revokePermission as u };
 //# sourceMappingURL=kly.mjs.map