npm - labgate - Versions diffs - 0.1.0 - Mend

labgate 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,107 @@
+# LabGate
+Policy-controlled sandboxes for LLM coding agents on HPC systems.
+## Install
+```bash
+npm i -g labgate
+```
+LabGate auto-detects your container runtime (Apptainer, Singularity, Podman, or Docker) and offers to install one if none is found.
+## Quick start
+```bash
+labgate init                          # create ~/.labgate/config.json
+labgate claude                        # launch Claude Code in current dir
+labgate codex /projects/my-analysis   # launch Codex in a specific dir
+```
+## What it does
+LabGate runs your AI coding agent inside a sandboxed container with:
+- **Scoped filesystem** — only your working directory and configured paths are visible
+- **Credential blocking** — `.ssh`, `.aws`, `.env`, `.gnupg`, and other sensitive paths are hidden by default
+- **Network isolation** — no outbound network by default (configurable)
+- **Command blocking** — `ssh`, `curl`, `wget`, and other commands are blocked by default
+- **Audit logging** — session start/stop and mount configuration logged to `~/.labgate/logs/`
+- **HPC ready** — first-class Apptainer/Singularity support for shared clusters
+## Configuration
+Edit `~/.labgate/config.json` to customize:
+```bash
+$EDITOR ~/.labgate/config.json
+```
+Or start fresh:
+```bash
+labgate init --force
+```
+### Key settings
+| Setting | Default | What it does |
+|---------|---------|-------------|
+| `runtime` | `auto` | `auto`, `apptainer`, `singularity`, `podman`, or `docker` |
+| `image` | `node:20-slim` | Container image |
+| `session_timeout_hours` | `8` | Max session length |
+| `filesystem.blocked_patterns` | `.ssh, .aws, .env, ...` | Hidden from sandbox |
+| `filesystem.extra_paths` | `[]` | Additional mounts |
+| `network.mode` | `none` | `none`, `filtered`, or `host` |
+| `commands.blacklist` | `ssh, curl, wget, ...` | Blocked commands |
+## Commands
+```bash
+labgate claude [workdir]    # launch Claude Code
+labgate codex [workdir]     # launch Codex
+labgate status              # list running sessions
+labgate stop <id>           # stop a session
+labgate init [--force]      # create/reset config
+```
+### Options
+```bash
+labgate claude --dry-run              # print the sandbox command without running
+labgate claude --image my-image:tag   # use a different container image
+labgate claude --no-footer            # disable the status footer line
+```
+## How it works
+LabGate builds a sandboxed container from your config:
+1. Detects the best available runtime (apptainer > singularity > podman > docker)
+2. Mounts your working directory at `/work`
+3. Mounts persistent sandbox HOME at `/home/sandbox` (for npm cache, agent config)
+4. Overlays blocked paths (`.ssh`, `.aws`, etc.) with empty mounts
+5. Applies network isolation and capability restrictions
+6. Installs the agent (if not cached) and runs it interactively
+On macOS, LabGate syncs your Claude credentials from the system keychain so the agent can authenticate automatically.
+## Audit logs
+Session events are logged to `~/.labgate/logs/YYYY-MM-DD.jsonl`:
+```bash
+cat ~/.labgate/logs/2025-02-05.jsonl | jq .
+```
+## Roadmap
+- **M0** CLI + sandbox engine + config + audit (this release)
+- **M1** Mount allowlists, network filtering, project-level config
+- **M2** SLURM proxy (submit/status/cancel from inside sandbox)
+- **M3** Web UI for config + audit viewer
+- **M4** Institutional mode (/etc/labgate/ policies, admin locks)
+## License
+MIT

package/bin/labgate.js ADDED Viewed

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+require('../dist/cli.js');

package/dist/cli.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const path_1 = require("path");
+const fs_1 = require("fs");
+const config_js_1 = require("./lib/config.js");
+const init_js_1 = require("./lib/init.js");
+const container_js_1 = require("./lib/container.js");
+const runtime_js_1 = require("./lib/runtime.js");
+const AGENTS = ['claude', 'codex'];
+const program = new commander_1.Command();
+program
+    .name('labgate')
+    .description('Policy-controlled sandboxes for LLM coding agents')
+    .version('0.1.0');
+// ── labgate init ──────────────────────────────────────────
+program
+    .command('init')
+    .description('Create default config at ~/.labgate/config.json')
+    .option('--force', 'Overwrite existing config')
+    .action(async (opts) => {
+    try {
+        await (0, init_js_1.initConfig)({ force: opts.force });
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+});
+// ── labgate <agent> [workdir] ─────────────────────────────
+// Register each agent as a subcommand so commander doesn't
+// choke on unknown positional args. The handler is the same.
+for (const agent of AGENTS) {
+    program
+        .command(agent)
+        .description(`Launch ${agent} in a sandboxed container`)
+        .argument('[workdir]', 'Working directory to mount', process.cwd())
+        .option('--dry-run', 'Print the container command without running it')
+        .option('--image <uri>', 'Override container image')
+        .option('--no-footer', 'Disable status footer line')
+        .option('--no-statusline', 'Disable Claude Code status line')
+        .action(async (workdir, opts) => {
+        await runAgent(agent, workdir, opts);
+    });
+}
+// ── labgate status ────────────────────────────────────────
+program
+    .command('status')
+    .description('List running labgate sessions')
+    .action(async () => {
+    const { listSessions } = await import('./lib/container.js');
+    await listSessions();
+});
+// ── labgate stop <id> ─────────────────────────────────────
+program
+    .command('stop')
+    .description('Stop a running labgate session')
+    .argument('<id>', 'Session ID or container name')
+    .action(async (id) => {
+    const { stopSession } = await import('./lib/container.js');
+    await stopSession(id);
+});
+async function runAgent(agent, workdir, opts) {
+    // Resolve workdir
+    const resolved = (0, path_1.resolve)(workdir);
+    if (!(0, fs_1.existsSync)(resolved)) {
+        console.error(`Error: directory does not exist: ${resolved}`);
+        process.exit(1);
+    }
+    // Load config (creates default if missing) — need config.runtime for runtime check
+    const configPath = (0, config_js_1.getConfigPath)();
+    if (!(0, fs_1.existsSync)(configPath)) {
+        console.log('[labgate] No config found. Running "labgate init" first...\n');
+        await (0, init_js_1.initConfig)({ force: false });
+    }
+    const config = (0, config_js_1.loadConfig)();
+    // Check container runtime is available — offer to install if missing
+    // (skip for dry-run so users can preview without runtime)
+    if (!opts.dryRun) {
+        const runtime = await (0, runtime_js_1.ensureRuntime)(config.runtime);
+        if (!runtime.ok) {
+            process.exit(1);
+        }
+    }
+    // Start the session
+    await (0, container_js_1.startSession)({
+        agent,
+        workdir: resolved,
+        config,
+        dryRun: opts.dryRun ?? false,
+        imageOverride: opts.image,
+        footerMode: opts.footer === false ? 'off' : 'once',
+        statusline: opts.statusline ?? true,
+    });
+}
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAAA,yCAAoC;AACpC,+BAA+B;AAC/B,2BAAgC;AAChC,+CAA4D;AAC5D,2CAA2C;AAC3C,qDAAkD;AAClD,iDAAiD;AAEjD,MAAM,MAAM,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAU,CAAC;AAG5C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,mDAAmD,CAAC;KAChE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,6DAA6D;AAC7D,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,iDAAiD,CAAC;KAC9D,MAAM,CAAC,SAAS,EAAE,2BAA2B,CAAC;KAC9C,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,IAAI,CAAC;QACH,MAAM,IAAA,oBAAU,EAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,6DAA6D;AAC7D,2DAA2D;AAC3D,6DAA6D;AAC7D,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;IAC3B,OAAO;SACJ,OAAO,CAAC,KAAK,CAAC;SACd,WAAW,CAAC,UAAU,KAAK,2BAA2B,CAAC;SACvD,QAAQ,CAAC,WAAW,EAAE,4BAA4B,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SAClE,MAAM,CAAC,WAAW,EAAE,gDAAgD,CAAC;SACrE,MAAM,CAAC,eAAe,EAAE,0BAA0B,CAAC;SACnD,MAAM,CAAC,aAAa,EAAE,4BAA4B,CAAC;SACnD,MAAM,CAAC,iBAAiB,EAAE,iCAAiC,CAAC;SAC5D,MAAM,CAAC,KAAK,EAAE,OAAe,EAAE,IAAI,EAAE,EAAE;QACtC,MAAM,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACP,CAAC;AAED,6DAA6D;AAC7D,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,+BAA+B,CAAC;KAC5C,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC5D,MAAM,YAAY,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEL,6DAA6D;AAC7D,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,gCAAgC,CAAC;KAC7C,QAAQ,CAAC,MAAM,EAAE,8BAA8B,CAAC;KAChD,MAAM,CAAC,KAAK,EAAE,EAAU,EAAE,EAAE;IAC3B,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC3D,MAAM,WAAW,CAAC,EAAE,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC;AAEL,KAAK,UAAU,QAAQ,CAAC,KAAY,EAAE,OAAe,EAAE,IAAS;IAC9D,kBAAkB;IAClB,MAAM,QAAQ,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,CAAC;IAClC,IAAI,CAAC,IAAA,eAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,mFAAmF;IACnF,MAAM,UAAU,GAAG,IAAA,yBAAa,GAAE,CAAC;IACnC,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,MAAM,IAAA,oBAAU,EAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAE5B,qEAAqE;IACrE,0DAA0D;IAC1D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAa,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,IAAA,2BAAY,EAAC;QACjB,KAAK;QACL,OAAO,EAAE,QAAQ;QACjB,MAAM;QACN,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,KAAK;QAC5B,aAAa,EAAE,IAAI,CAAC,KAAK;QACzB,UAAU,EAAE,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;QAClD,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;KACpC,CAAC,CAAC;AACL,CAAC;AAED,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/lib/audit.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { LabgateConfig } from './config.js';
+export interface AuditEvent {
+    timestamp: string;
+    session: string;
+    event: string;
+    [key: string]: unknown;
+}
+export declare function writeAuditEvent(config: LabgateConfig, event: AuditEvent): void;

package/dist/lib/audit.js ADDED Viewed

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeAuditEvent = writeAuditEvent;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const config_js_1 = require("./config.js");
+function getLogFile(config) {
+    const dir = (0, config_js_1.getLogDir)(config);
+    (0, fs_1.mkdirSync)(dir, { recursive: true });
+    const date = new Date().toISOString().slice(0, 10);
+    return (0, path_1.join)(dir, `${date}.jsonl`);
+}
+function writeAuditEvent(config, event) {
+    if (!config.audit.enabled)
+        return;
+    try {
+        const file = getLogFile(config);
+        (0, fs_1.appendFileSync)(file, JSON.stringify(event) + '\n', 'utf-8');
+    }
+    catch (err) {
+        // Don't crash if audit logging fails — just warn
+        console.error(`[labgate] Warning: audit log write failed: ${err.message}`);
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/lib/audit.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/lib/audit.ts"],"names":[],"mappings":";;AAmBA,0CAUC;AA7BD,2BAA+C;AAC/C,+BAA4B;AAE5B,2CAAuD;AASvD,SAAS,UAAU,CAAC,MAAqB;IACvC,MAAM,GAAG,GAAG,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;IAC9B,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnD,OAAO,IAAA,WAAI,EAAC,GAAG,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED,SAAgB,eAAe,CAAC,MAAqB,EAAE,KAAiB;IACtE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO;QAAE,OAAO;IAElC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QAChC,IAAA,mBAAc,EAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,iDAAiD;QACjD,OAAO,CAAC,KAAK,CAAC,8CAA8C,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC"}

package/dist/lib/config.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+export interface MountPath {
+    path: string;
+    mode: 'rw' | 'ro';
+}
+export type RuntimePreference = 'auto' | 'apptainer' | 'singularity' | 'podman' | 'docker';
+export interface LabgateConfig {
+    /** Container runtime preference: auto detects best available */
+    runtime: RuntimePreference;
+    /** Container image URI */
+    image: string;
+    /** Session timeout in hours */
+    session_timeout_hours: number;
+    /** Paths to mount into the sandbox */
+    filesystem: {
+        /** Additional paths to mount (workdir is always mounted) */
+        extra_paths: MountPath[];
+        /** Glob patterns to block via empty overlays */
+        blocked_patterns: string[];
+    };
+    /** Commands blocked inside the sandbox */
+    commands: {
+        blacklist: string[];
+    };
+    /** Network mode */
+    network: {
+        mode: 'none' | 'filtered' | 'host';
+        allowed_domains: string[];
+    };
+    /** SLURM proxy settings (M2, ignored for now) */
+    slurm: {
+        enabled: boolean;
+    };
+    /** Audit log settings */
+    audit: {
+        enabled: boolean;
+        log_dir: string;
+    };
+}
+export declare const DEFAULT_CONFIG: LabgateConfig;
+export declare const LABGATE_DIR: string;
+export declare const CONFIG_FILE = "config.json";
+export declare function getConfigPath(): string;
+export declare function getSandboxHome(): string;
+export declare function getImagesDir(): string;
+export declare function getEmptyDir(): string;
+export declare function getLogDir(config: LabgateConfig): string;
+export declare function loadConfig(): LabgateConfig;

package/dist/lib/config.js ADDED Viewed

@@ -0,0 +1,128 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CONFIG_FILE = exports.LABGATE_DIR = exports.DEFAULT_CONFIG = void 0;
+exports.getConfigPath = getConfigPath;
+exports.getSandboxHome = getSandboxHome;
+exports.getImagesDir = getImagesDir;
+exports.getEmptyDir = getEmptyDir;
+exports.getLogDir = getLogDir;
+exports.loadConfig = loadConfig;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const os_1 = require("os");
+// ── Defaults ──────────────────────────────────────────────
+exports.DEFAULT_CONFIG = {
+    runtime: 'auto',
+    image: 'docker.io/library/node:20-slim',
+    session_timeout_hours: 8,
+    filesystem: {
+        extra_paths: [],
+        blocked_patterns: [
+            '**/.ssh',
+            '**/.gnupg',
+            '**/.aws',
+            '**/.config/gcloud',
+            '**/.azure',
+            '**/.env',
+            '**/.netrc',
+            '**/.git-credentials',
+            '**/*.pem',
+            '**/*.key',
+            '**/id_rsa*',
+            '**/id_ed25519*',
+            '**/credentials*',
+            '**/secrets*',
+        ],
+    },
+    commands: {
+        blacklist: [
+            'ssh', 'scp', 'rsync',
+            'curl', 'wget',
+            'mount', 'umount',
+            'dd', 'mkfs',
+            'passwd', 'chown',
+            'reboot', 'shutdown',
+        ],
+    },
+    network: {
+        mode: 'none',
+        allowed_domains: [
+            'api.anthropic.com',
+            'api.openai.com',
+            'pypi.org',
+            'files.pythonhosted.org',
+            'conda.anaconda.org',
+            'registry.npmjs.org',
+            'github.com',
+        ],
+    },
+    slurm: {
+        enabled: false,
+    },
+    audit: {
+        enabled: true,
+        log_dir: '~/.labgate/logs',
+    },
+};
+// ── Paths ─────────────────────────────────────────────────
+exports.LABGATE_DIR = (0, path_1.join)((0, os_1.homedir)(), '.labgate');
+exports.CONFIG_FILE = 'config.json';
+function getConfigPath() {
+    return (0, path_1.join)(exports.LABGATE_DIR, exports.CONFIG_FILE);
+}
+function getSandboxHome() {
+    return (0, path_1.join)(exports.LABGATE_DIR, 'ai-home');
+}
+function getImagesDir() {
+    return (0, path_1.join)(exports.LABGATE_DIR, 'images');
+}
+function getEmptyDir() {
+    return (0, path_1.join)(exports.LABGATE_DIR, 'empty');
+}
+function getLogDir(config) {
+    return config.audit.log_dir.replace(/^~/, (0, os_1.homedir)());
+}
+// ── Loader ────────────────────────────────────────────────
+function loadConfig() {
+    const configPath = getConfigPath();
+    if (!(0, fs_1.existsSync)(configPath)) {
+        return { ...exports.DEFAULT_CONFIG };
+    }
+    try {
+        const rawText = (0, fs_1.readFileSync)(configPath, 'utf-8');
+        // Strip // comments (our config uses them for documentation)
+        const stripped = rawText.replace(/^\s*\/\/.*$/gm, '');
+        const raw = JSON.parse(stripped);
+        // Merge with defaults so missing fields get filled in.
+        // Shallow merge per section — good enough for M0.
+        return {
+            runtime: raw.runtime ?? exports.DEFAULT_CONFIG.runtime,
+            image: raw.image ?? exports.DEFAULT_CONFIG.image,
+            session_timeout_hours: raw.session_timeout_hours ?? exports.DEFAULT_CONFIG.session_timeout_hours,
+            filesystem: {
+                extra_paths: raw.filesystem?.extra_paths ?? exports.DEFAULT_CONFIG.filesystem.extra_paths,
+                blocked_patterns: raw.filesystem?.blocked_patterns ?? exports.DEFAULT_CONFIG.filesystem.blocked_patterns,
+            },
+            commands: {
+                blacklist: raw.commands?.blacklist ?? exports.DEFAULT_CONFIG.commands.blacklist,
+            },
+            network: {
+                mode: raw.network?.mode ?? exports.DEFAULT_CONFIG.network.mode,
+                allowed_domains: raw.network?.allowed_domains ?? exports.DEFAULT_CONFIG.network.allowed_domains,
+            },
+            slurm: {
+                enabled: raw.slurm?.enabled ?? exports.DEFAULT_CONFIG.slurm.enabled,
+            },
+            audit: {
+                enabled: raw.audit?.enabled ?? exports.DEFAULT_CONFIG.audit.enabled,
+                log_dir: raw.audit?.log_dir ?? exports.DEFAULT_CONFIG.audit.log_dir,
+            },
+        };
+    }
+    catch (err) {
+        console.error(`Warning: could not parse ${configPath}: ${err.message}`);
+        console.error('Using default config.');
+        return { ...exports.DEFAULT_CONFIG };
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/lib/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":";;;AA0HA,sCAEC;AAED,wCAEC;AAED,oCAEC;AAED,kCAEC;AAED,8BAEC;AAID,gCAyCC;AAzLD,2BAA8C;AAC9C,+BAA4B;AAC5B,2BAA6B;AAoD7B,6DAA6D;AAEhD,QAAA,cAAc,GAAkB;IAC3C,OAAO,EAAE,MAAM;IAEf,KAAK,EAAE,gCAAgC;IAEvC,qBAAqB,EAAE,CAAC;IAExB,UAAU,EAAE;QACV,WAAW,EAAE,EAAE;QACf,gBAAgB,EAAE;YAChB,SAAS;YACT,WAAW;YACX,SAAS;YACT,mBAAmB;YACnB,WAAW;YACX,SAAS;YACT,WAAW;YACX,qBAAqB;YACrB,UAAU;YACV,UAAU;YACV,YAAY;YACZ,gBAAgB;YAChB,iBAAiB;YACjB,aAAa;SACd;KACF;IAED,QAAQ,EAAE;QACR,SAAS,EAAE;YACT,KAAK,EAAE,KAAK,EAAE,OAAO;YACrB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,QAAQ;YACjB,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,UAAU;SACrB;KACF;IAED,OAAO,EAAE;QACP,IAAI,EAAE,MAAM;QACZ,eAAe,EAAE;YACf,mBAAmB;YACnB,gBAAgB;YAChB,UAAU;YACV,wBAAwB;YACxB,oBAAoB;YACpB,oBAAoB;YACpB,YAAY;SACb;KACF;IAED,KAAK,EAAE;QACL,OAAO,EAAE,KAAK;KACf;IAED,KAAK,EAAE;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,iBAAiB;KAC3B;CACF,CAAC;AAEF,6DAA6D;AAEhD,QAAA,WAAW,GAAG,IAAA,WAAI,EAAC,IAAA,YAAO,GAAE,EAAE,UAAU,CAAC,CAAC;AAC1C,QAAA,WAAW,GAAG,aAAa,CAAC;AAEzC,SAAgB,aAAa;IAC3B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,mBAAW,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,cAAc;IAC5B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,SAAS,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,WAAW;IACzB,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,SAAgB,SAAS,CAAC,MAAqB;IAC7C,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,IAAA,YAAO,GAAE,CAAC,CAAC;AACvD,CAAC;AAED,6DAA6D;AAE7D,SAAgB,UAAU;IACxB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,GAAG,sBAAc,EAAE,CAAC;IAC/B,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,iBAAY,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,6DAA6D;QAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACjC,uDAAuD;QACvD,kDAAkD;QAClD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,sBAAc,CAAC,OAAO;YAC9C,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,sBAAc,CAAC,KAAK;YACxC,qBAAqB,EAAE,GAAG,CAAC,qBAAqB,IAAI,sBAAc,CAAC,qBAAqB;YACxF,UAAU,EAAE;gBACV,WAAW,EAAE,GAAG,CAAC,UAAU,EAAE,WAAW,IAAI,sBAAc,CAAC,UAAU,CAAC,WAAW;gBACjF,gBAAgB,EAAE,GAAG,CAAC,UAAU,EAAE,gBAAgB,IAAI,sBAAc,CAAC,UAAU,CAAC,gBAAgB;aACjG;YACD,QAAQ,EAAE;gBACR,SAAS,EAAE,GAAG,CAAC,QAAQ,EAAE,SAAS,IAAI,sBAAc,CAAC,QAAQ,CAAC,SAAS;aACxE;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,IAAI,sBAAc,CAAC,OAAO,CAAC,IAAI;gBACtD,eAAe,EAAE,GAAG,CAAC,OAAO,EAAE,eAAe,IAAI,sBAAc,CAAC,OAAO,CAAC,eAAe;aACxF;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;aAC5D;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;gBAC3D,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;aAC5D;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,4BAA4B,UAAU,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxE,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,OAAO,EAAE,GAAG,sBAAc,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC"}

package/dist/lib/container.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { LabgateConfig } from './config.js';
+export interface SessionOpts {
+    agent: string;
+    workdir: string;
+    config: LabgateConfig;
+    dryRun: boolean;
+    imageOverride?: string;
+    footerMode?: 'off' | 'once' | 'sticky';
+    statusline?: boolean;
+}
+/**
+ * Convert a container image URI to a local SIF filename.
+ * e.g. "docker.io/library/ubuntu:22.04" → "docker.io_library_ubuntu_22.04.sif"
+ */
+export declare function imageToSifName(image: string): string;
+export declare function buildEntrypoint(agent: string, statuslineEnabled?: boolean): string;
+export declare function startSession(session: SessionOpts): Promise<void>;
+export declare function listSessions(): Promise<void>;
+export declare function stopSession(id: string): Promise<void>;