npm - labgate - Versions diffs - 0.1.0 - Mend

labgate 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/lib/container.js ADDED Viewed

@@ -0,0 +1,794 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.imageToSifName = imageToSifName;
+exports.buildEntrypoint = buildEntrypoint;
+exports.startSession = startSession;
+exports.listSessions = listSessions;
+exports.stopSession = stopSession;
+const child_process_1 = require("child_process");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const os_1 = require("os");
+const child_process_2 = require("child_process");
+const crypto_1 = require("crypto");
+const fast_glob_1 = __importDefault(require("fast-glob"));
+const config_js_1 = require("./config.js");
+const runtime_js_1 = require("./runtime.js");
+const audit_js_1 = require("./audit.js");
+// ── SIF image management (Apptainer/Singularity) ─────────
+/**
+ * Convert a container image URI to a local SIF filename.
+ * e.g. "docker.io/library/ubuntu:22.04" → "docker.io_library_ubuntu_22.04.sif"
+ */
+function imageToSifName(image) {
+    return image.replace(/[/:]/g, '_') + '.sif';
+}
+/**
+ * Ensure a SIF image exists in the cache directory.
+ * Pulls from docker:// URI if not already cached.
+ */
+function ensureSifImage(runtime, image) {
+    const imagesDir = (0, config_js_1.getImagesDir)();
+    (0, fs_1.mkdirSync)(imagesDir, { recursive: true });
+    const sifPath = (0, path_1.join)(imagesDir, imageToSifName(image));
+    if ((0, fs_1.existsSync)(sifPath)) {
+        return sifPath;
+    }
+    console.log(`[labgate] Pulling image to SIF (first run): ${image}`);
+    (0, child_process_1.execFileSync)(runtime, ['pull', sifPath, `docker://${image}`], {
+        stdio: 'inherit',
+    });
+    return sifPath;
+}
+// ── OCI image management (Podman/Docker) ─────────────────
+function ensureOciImage(runtime, image) {
+    try {
+        if (runtime === 'docker') {
+            (0, child_process_1.execFileSync)(runtime, ['image', 'inspect', image], { stdio: 'ignore' });
+        }
+        else {
+            (0, child_process_1.execFileSync)(runtime, ['image', 'exists', image], { stdio: 'ignore' });
+        }
+    }
+    catch {
+        console.log(`[labgate] Pulling image (first run): ${image}`);
+        (0, child_process_1.execFileSync)(runtime, ['pull', image], { stdio: 'inherit' });
+    }
+}
+function ensureEmptyDir() {
+    const emptyDir = (0, config_js_1.getEmptyDir)();
+    (0, fs_1.mkdirSync)(emptyDir, { recursive: true });
+    return emptyDir;
+}
+function resolveBlockedMounts(patterns, mounts) {
+    const blocked = [];
+    const seen = new Set();
+    for (const mount of mounts) {
+        if (!(0, fs_1.existsSync)(mount.host))
+            continue;
+        const matches = fast_glob_1.default.sync(patterns, {
+            cwd: mount.host,
+            dot: true,
+            onlyFiles: false,
+            followSymbolicLinks: false,
+            unique: true,
+            suppressErrors: true,
+            absolute: true,
+        });
+        for (const abs of matches) {
+            if (!(0, fs_1.existsSync)(abs))
+                continue;
+            const rel = (0, path_1.relative)(mount.host, abs);
+            if (!rel || rel.startsWith('..'))
+                continue;
+            const containerPath = (0, path_1.join)(mount.container, rel);
+            if (seen.has(containerPath))
+                continue;
+            try {
+                const stat = (0, fs_1.statSync)(abs);
+                blocked.push({
+                    hostPath: abs,
+                    containerPath,
+                    kind: stat.isDirectory() ? 'dir' : 'file',
+                });
+                seen.add(containerPath);
+            }
+            catch {
+                // Skip paths that disappeared between glob and stat
+            }
+        }
+    }
+    return blocked;
+}
+function getMountRoots(session) {
+    const { workdir, config } = session;
+    const sandboxHome = (0, config_js_1.getSandboxHome)();
+    return [
+        { host: sandboxHome, container: '/home/sandbox' },
+        { host: workdir, container: '/work' },
+        ...config.filesystem.extra_paths.map(({ path: p }) => {
+            const resolved = p.replace(/^~/, (0, os_1.homedir)());
+            const target = `/mnt/${(0, path_1.basename)(resolved)}`;
+            return { host: resolved, container: target };
+        }),
+    ];
+}
+// ── Dry-run runtime fallback ──────────────────────────────
+function getDryRunRuntime(preferred) {
+    const check = (0, runtime_js_1.checkRuntime)(preferred);
+    if (check.ok)
+        return check.runtime;
+    // No runtime installed — use the preference for preview, or default to apptainer
+    if (preferred && preferred !== 'auto')
+        return preferred;
+    return 'apptainer';
+}
+// ── Network + policy helpers ──────────────────────────────
+function resolveCommandBlacklist(config) {
+    const cmds = config.commands.blacklist.map(c => c.trim()).filter(Boolean);
+    return cmds.length ? cmds.join(':') : null;
+}
+function buildFilteredProxyEnv(config) {
+    const proxy = process.env.LABGATE_PROXY ??
+        process.env.HTTP_PROXY ??
+        process.env.HTTPS_PROXY ??
+        process.env.http_proxy ??
+        process.env.https_proxy;
+    const httpProxy = process.env.LABGATE_HTTP_PROXY ??
+        process.env.HTTP_PROXY ??
+        process.env.http_proxy ??
+        proxy ??
+        '';
+    const httpsProxy = process.env.LABGATE_HTTPS_PROXY ??
+        process.env.HTTPS_PROXY ??
+        process.env.https_proxy ??
+        proxy ??
+        '';
+    if (!httpProxy && !httpsProxy) {
+        throw new Error('[labgate] network.mode=filtered requires a proxy. ' +
+            'Set LABGATE_PROXY, LABGATE_HTTP_PROXY/LABGATE_HTTPS_PROXY, or HTTP_PROXY/HTTPS_PROXY.');
+    }
+    const env = [];
+    if (httpProxy) {
+        env.push('--env', `HTTP_PROXY=${httpProxy}`, '--env', `http_proxy=${httpProxy}`);
+    }
+    if (httpsProxy) {
+        env.push('--env', `HTTPS_PROXY=${httpsProxy}`, '--env', `https_proxy=${httpsProxy}`);
+    }
+    env.push('--env', 'NO_PROXY=localhost,127.0.0.1', '--env', 'no_proxy=localhost,127.0.0.1');
+    if (config.network.allowed_domains.length > 0) {
+        env.push('--env', `LABGATE_ALLOWED_DOMAINS=${config.network.allowed_domains.join(',')}`);
+    }
+    return env;
+}
+function buildNetworkArgs(config, runtime) {
+    if (config.network.mode === 'none')
+        return ['--network=none'];
+    if (config.network.mode === 'host')
+        return ['--network=host'];
+    // filtered
+    return runtime === 'podman' ? ['--network=slirp4netns'] : ['--network=bridge'];
+}
+// ── Build Podman/Docker arguments ─────────────────────────
+function buildPodmanArgs(session, runtime, sessionId, tokenEnv = []) {
+    const { agent, workdir, config, imageOverride } = session;
+    const image = imageOverride ?? config.image;
+    const sandboxHome = (0, config_js_1.getSandboxHome)();
+    (0, fs_1.mkdirSync)(sandboxHome, { recursive: true });
+    const blockedMounts = resolveBlockedMounts(config.filesystem.blocked_patterns, getMountRoots(session));
+    const emptyDir = ensureEmptyDir();
+    const commandBlacklist = resolveCommandBlacklist(config);
+    const proxyEnv = config.network.mode === 'filtered' && !session.dryRun ? buildFilteredProxyEnv(config) : [];
+    const args = [
+        'run',
+        '--rm',
+        '--interactive',
+        '--tty',
+        '--name', `labgate-${sessionId}`,
+        // ── Isolation ──
+        '--cap-drop=ALL',
+        '--security-opt=no-new-privileges',
+        '--pids-limit=512',
+        // ── Network ──
+        ...buildNetworkArgs(config, runtime),
+        // ── Persistent sandbox HOME ──
+        '--volume', `${sandboxHome}:/home/sandbox:rw`,
+        // ── Working directory ──
+        '--volume', `${workdir}:/work:rw`,
+        '--workdir', '/work',
+        // ── Extra mounts from config ──
+        ...config.filesystem.extra_paths.map(({ path: p, mode }) => {
+            const resolved = p.replace(/^~/, (0, os_1.homedir)());
+            const target = `/mnt/${(0, path_1.basename)(resolved)}`;
+            return `--volume=${resolved}:${target}:${mode}`;
+        }),
+        // ── Block sensitive paths ──
+        ...blockedMounts.flatMap(({ containerPath, kind }) => {
+            const source = kind === 'dir' ? emptyDir : '/dev/null';
+            return ['--volume', `${source}:${containerPath}:ro`];
+        }),
+        // ── Environment ──
+        '--env', `LABGATE_AGENT=${agent}`,
+        '--env', `LABGATE_SESSION=${sessionId}`,
+        '--env', `LABGATE_NETWORK_MODE=${config.network.mode}`,
+        '--env', 'HOME=/home/sandbox',
+        ...(commandBlacklist ? ['--env', `LABGATE_CMD_BLACKLIST=${commandBlacklist}`] : []),
+        ...tokenEnv,
+        ...proxyEnv,
+        // ── Image ──
+        image,
+        // ── Entrypoint ──
+        'bash', '-lc', buildEntrypoint(agent, session.statusline ?? true),
+    ];
+    return args;
+}
+// ── Build Apptainer/Singularity arguments ─────────────────
+function buildApptainerArgs(session, runtime, sifPath, sessionId, tokenEnv = []) {
+    const { agent, workdir, config } = session;
+    const sandboxHome = (0, config_js_1.getSandboxHome)();
+    (0, fs_1.mkdirSync)(sandboxHome, { recursive: true });
+    const blockedMounts = resolveBlockedMounts(config.filesystem.blocked_patterns, getMountRoots(session));
+    const emptyDir = ensureEmptyDir();
+    const commandBlacklist = resolveCommandBlacklist(config);
+    const proxyEnv = config.network.mode === 'filtered' && !session.dryRun ? buildFilteredProxyEnv(config) : [];
+    const args = [
+        'exec',
+        '--containall',
+        '--cleanenv',
+        // ── Persistent sandbox HOME ──
+        '--home', `${sandboxHome}:/home/sandbox`,
+        // ── Working directory ──
+        '--bind', `${workdir}:/work`,
+        '--pwd', '/work',
+        // ── Extra mounts from config ──
+        ...config.filesystem.extra_paths.flatMap(({ path: p, mode }) => {
+            const resolved = p.replace(/^~/, (0, os_1.homedir)());
+            const target = `/mnt/${(0, path_1.basename)(resolved)}`;
+            const bindSpec = mode === 'ro' ? `${resolved}:${target}:ro` : `${resolved}:${target}`;
+            return ['--bind', bindSpec];
+        }),
+        // ── Block sensitive paths ──
+        ...blockedMounts.flatMap(({ containerPath, kind }) => {
+            const source = kind === 'dir' ? emptyDir : '/dev/null';
+            return ['--bind', `${source}:${containerPath}`];
+        }),
+        // ── Environment ──
+        '--env', `LABGATE_AGENT=${agent}`,
+        '--env', `LABGATE_SESSION=${sessionId}`,
+        '--env', `LABGATE_NETWORK_MODE=${config.network.mode}`,
+        '--env', `HOME=/home/sandbox`,
+        ...(commandBlacklist ? ['--env', `LABGATE_CMD_BLACKLIST=${commandBlacklist}`] : []),
+        ...tokenEnv,
+        ...proxyEnv,
+        // ── SIF image ──
+        sifPath,
+        // ── Entrypoint ──
+        'bash', '-lc', buildEntrypoint(agent, session.statusline ?? true),
+    ];
+    return args;
+}
+// ── Entrypoint script (inline, same logic for both backends) ──
+function buildEntrypoint(agent, statuslineEnabled = true) {
+    const agentSetup = {
+        claude: {
+            pkg: '@anthropic-ai/claude-code',
+            installer: 'npm i -g @anthropic-ai/claude-code 2>&1 | tail -1',
+            bin: 'claude',
+        },
+        codex: {
+            pkg: '@openai/codex',
+            installer: 'npm i -g @openai/codex 2>&1 | tail -1',
+            bin: 'codex',
+        },
+    };
+    const setup = agentSetup[agent];
+    if (!setup) {
+        throw new Error(`Unknown agent: ${agent}`);
+    }
+    const lines = [
+        'set -euo pipefail',
+        'export HOME=/home/sandbox',
+        'export PATH="$HOME/.npm-global/bin:$PATH"',
+        'npm config set prefix "$HOME/.npm-global" 2>/dev/null || true',
+        'if [ -n "${LABGATE_CMD_BLACKLIST:-}" ]; then',
+        '  mkdir -p "$HOME/.labgate-bin"',
+        '  IFS=":" read -r -a _labgate_cmds <<< "$LABGATE_CMD_BLACKLIST"',
+        '  for _cmd in "${_labgate_cmds[@]}"; do',
+        '    [ -z "$_cmd" ] && continue',
+        '    printf \'#!/usr/bin/env bash\\necho "[labgate] Command blocked: %s" >&2\\nexit 126\\n\' "$_cmd" > "$HOME/.labgate-bin/$_cmd"',
+        '    chmod +x "$HOME/.labgate-bin/$_cmd"',
+        '  done',
+        '  export PATH="$HOME/.labgate-bin:$PATH"',
+        'fi',
+        '',
+    ];
+    if (agent === 'claude' && statuslineEnabled) {
+        lines.push('mkdir -p "$HOME/.claude"', 'STATUSLINE_PATH="$HOME/.claude/statusline.js"', 'SETTINGS_PATH="$HOME/.claude/settings.json"', 'if [ ! -f "$STATUSLINE_PATH" ] || grep -q "LABGATE_STATUSLINE" "$STATUSLINE_PATH" || grep -q "statusline.js" "$SETTINGS_PATH" 2>/dev/null; then', '  cat > "$STATUSLINE_PATH" <<\'LABGATE_STATUSLINE\'', '#!/usr/bin/env node', '// LABGATE_STATUSLINE', 'const fs = require("fs");', 'const path = require("path");', 'let input = "";', 'try { input = fs.readFileSync(0, "utf8"); } catch {}', 'let data = {};', 'try { data = JSON.parse(input || "{}"); } catch {}', 'const model = (data.model && data.model.display_name) || "unknown";', 'const currentDir = (data.workspace && data.workspace.current_dir) || "";', 'const dirBase = currentDir ? path.basename(currentDir) : "";', 'let branch = "";', 'try {', '  const headPath = path.join(currentDir || process.cwd(), ".git", "HEAD");', '  const head = fs.readFileSync(headPath, "utf8").trim();', '  if (head.startsWith("ref: ")) {', '    branch = head.replace("ref: refs/heads/", "");', '  }', '} catch {}', 'let percentUsed = null;', 'const cw = data.context_window || {};', 'const usage = cw.current_usage || null;', 'if (usage && typeof cw.context_window_size === "number" && cw.context_window_size > 0) {', '  const currentTokens = (usage.input_tokens || 0) + (usage.cache_creation_input_tokens || 0) + (usage.cache_read_input_tokens || 0);', '  percentUsed = Math.round((currentTokens * 100) / cw.context_window_size);', '}', 'const parts = ["Gated by LabGate"];', 'const agent = process.env.LABGATE_AGENT || "";', 'if (agent) parts.push(agent);', 'const session = process.env.LABGATE_SESSION || "";', 'if (session) parts.push(`id=${session.slice(0, 8)}`);', 'if (process.env.LABGATE_NETWORK_MODE) parts.push(`net=${process.env.LABGATE_NETWORK_MODE}`);', 'parts.push(`model=${model}`);', 'if (dirBase) parts.push(`dir=${dirBase}`);', 'if (branch) parts.push(`git=${branch}`);', 'if (typeof percentUsed === "number") parts.push(`ctx=${percentUsed}%`);', 'process.stdout.write(parts.join(" | "));', 'LABGATE_STATUSLINE', '  chmod +x "$STATUSLINE_PATH"', 'fi', 'node - <<\'LABGATE_STATUSLINE_SETTINGS\'', 'const fs = require("fs");', 'const path = require("path");', 'const home = process.env.HOME || "/home/sandbox";', 'const settingsPath = path.join(home, ".claude", "settings.json");', 'let settings = {};', 'try { settings = JSON.parse(fs.readFileSync(settingsPath, "utf8")); } catch {}', 'const desired = { type: "command", command: path.join(home, ".claude", "statusline.js"), padding: 0 };', 'const existingCmd = settings.statusLine && settings.statusLine.command;', 'if (!settings.statusLine || (typeof existingCmd === "string" && existingCmd.includes("statusline.js"))) {', '  settings.statusLine = desired;', '  fs.mkdirSync(path.dirname(settingsPath), { recursive: true });', '  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));', '}', 'LABGATE_STATUSLINE_SETTINGS', '');
+    }
+    lines.push(`if ! command -v ${setup.bin} >/dev/null 2>&1; then`, `  echo "[labgate] Installing ${setup.pkg}..."`, `  ${setup.installer}`, 'fi', `echo "[labgate] Starting ${setup.bin} in /work"`, `exec ${setup.bin}`);
+    return lines.join('\n');
+}
+// ── Browser-open hook for OAuth (via sandbox home) ────────
+/**
+ * Detect whether we can open a browser on this machine.
+ * Returns false for SSH sessions, headless servers, etc.
+ */
+function canOpenBrowser() {
+    if (process.env.SSH_CONNECTION || process.env.SSH_TTY)
+        return false;
+    if ((0, os_1.platform)() === 'darwin')
+        return true;
+    if (process.env.DISPLAY || process.env.WAYLAND_DISPLAY)
+        return true;
+    return false;
+}
+/**
+ * Sets up OAuth browser handling. Three scenarios:
+ *
+ * 1. Local macOS + podman: Set BROWSER hook, forward callback port via
+ *    `podman machine ssh`, open URL with `open`.
+ * 2. Local Linux with display: Set BROWSER hook, open with xdg-open.
+ *    No port forwarding needed (podman runs natively).
+ * 3. SSH / headless: Do NOT set BROWSER — Claude Code uses the code-paste
+ *    flow (redirect to platform.claude.com). Pass COLUMNS=1000 so the URL
+ *    doesn't get line-wrapped in the terminal.
+ */
+function setupBrowserHook() {
+    if (!canOpenBrowser()) {
+        // SSH or headless: code-paste flow, wide columns to avoid URL wrapping
+        console.log('[labgate] No local browser detected (SSH/headless). OAuth will use code-paste flow.');
+        return { env: ['--env', 'COLUMNS=1000'], cleanup: () => { } };
+    }
+    const sandboxHome = (0, config_js_1.getSandboxHome)();
+    const labgateDir = (0, path_1.join)(sandboxHome, '.labgate');
+    (0, fs_1.mkdirSync)(labgateDir, { recursive: true });
+    // Write the browser-open script (runs inside the container)
+    const scriptPath = (0, path_1.join)(labgateDir, 'browser-open.sh');
+    (0, fs_1.writeFileSync)(scriptPath, '#!/bin/sh\necho "$1" > /home/sandbox/.labgate/browser-url\n', { mode: 0o755 });
+    // Remove stale URL file
+    const urlFilePath = (0, path_1.join)(labgateDir, 'browser-url');
+    try {
+        (0, fs_1.unlinkSync)(urlFilePath);
+    }
+    catch { /* doesn't exist */ }
+    let handled = false;
+    // Watch for the URL file on the host side
+    const watcher = (0, fs_1.watch)(labgateDir, (_eventType, filename) => {
+        if (handled || filename !== 'browser-url')
+            return;
+        handled = true;
+        try {
+            const { readFileSync } = require('fs');
+            const url = readFileSync(urlFilePath, 'utf-8').trim();
+            if (!url)
+                return;
+            // Forward callback port from host → container VM (macOS podman only)
+            if ((0, os_1.platform)() === 'darwin') {
+                const portMatch = url.match(/localhost%3A(\d+)/);
+                if (portMatch) {
+                    const port = parseInt(portMatch[1], 10);
+                    if (port > 0 && port < 65536) {
+                        try {
+                            (0, child_process_2.execSync)(`podman machine ssh -- -f -N -L ${port}:localhost:${port}`, {
+                                timeout: 5000,
+                                stdio: 'ignore',
+                            });
+                            console.log(`[labgate] Forwarding callback port ${port} from host to container`);
+                        }
+                        catch { /* best effort — might not be podman, or already forwarded */ }
+                    }
+                }
+                try {
+                    (0, child_process_2.execSync)(`printf '%s' ${JSON.stringify(url)} | pbcopy`);
+                }
+                catch { /* best effort */ }
+                try {
+                    (0, child_process_2.execSync)(`open ${JSON.stringify(url)}`);
+                }
+                catch { /* best effort */ }
+                console.log('\n[labgate] Login URL opened in browser and copied to clipboard.');
+            }
+            else {
+                // Linux with display
+                try {
+                    (0, child_process_2.execSync)(`xdg-open ${JSON.stringify(url)}`);
+                }
+                catch {
+                    console.log(`\n[labgate] Login URL:\n${url}`);
+                }
+            }
+        }
+        catch { /* best effort */ }
+    });
+    const cleanup = () => {
+        watcher.close();
+        try {
+            (0, fs_1.unlinkSync)(urlFilePath);
+        }
+        catch { /* best effort */ }
+    };
+    return {
+        env: ['--env', 'BROWSER=/home/sandbox/.labgate/browser-open.sh'],
+        cleanup,
+    };
+}
+// ── Pretty-print a command for dry-run ────────────────────
+function prettyPrintCommand(runtime, args) {
+    const parts = [];
+    for (let i = 0; i < args.length; i++) {
+        const a = args[i];
+        if (a.startsWith('--') && !a.includes('=') && i + 1 < args.length && !args[i + 1].startsWith('--')) {
+            const val = args[i + 1];
+            const quotedVal = val.includes(' ') || val.includes('\n') ? `'${val}'` : val;
+            parts.push(`${a} ${quotedVal}`);
+            i++;
+        }
+        else {
+            parts.push(a.includes(' ') || a.includes('\n') ? `'${a}'` : a);
+        }
+    }
+    console.log(`${runtime} ${parts.join(' \\\n  ')}`);
+}
+async function loadPty() {
+    try {
+        const mod = await import('node-pty');
+        return mod?.default ?? mod;
+    }
+    catch {
+        return null;
+    }
+}
+function renderStickyFooter(line) {
+    if (!process.stdout.isTTY)
+        return;
+    const cols = process.stdout.columns || 80;
+    const rows = process.stdout.rows || 24;
+    const trimmed = line.length > cols ? line.slice(0, Math.max(0, cols - 1)) : line;
+    const padded = trimmed.padEnd(cols, ' ');
+    process.stdout.write(`\x1b7\x1b[${rows};1H\x1b[2K${padded}\x1b8`);
+}
+// ── Agent credential extraction ───────────────────────────
+/**
+ * On macOS, Claude Code stores OAuth tokens in the system keychain.
+ * We sync the full credential JSON into the sandbox home so Claude Code
+ * finds valid OAuth credentials at ~/.claude/.credentials.json inside
+ * the container. We also pass the access token as ANTHROPIC_API_KEY
+ * as a fallback.
+ */
+function getAgentTokenEnv(agent) {
+    if ((0, os_1.platform)() !== 'darwin')
+        return [];
+    if (agent !== 'claude')
+        return [];
+    try {
+        const raw = (0, child_process_1.execFileSync)('security', [
+            'find-generic-password',
+            '-s', 'Claude Code-credentials',
+            '-w',
+        ], { encoding: 'utf-8', timeout: 5000 }).trim();
+        const creds = JSON.parse(raw);
+        const token = creds.claudeAiOauth?.accessToken;
+        if (!token)
+            return [];
+        // Sync the full credential file into the sandbox home so
+        // Claude Code picks it up natively (no OAuth flow needed)
+        const sandboxHome = (0, config_js_1.getSandboxHome)();
+        const claudeDir = (0, path_1.join)(sandboxHome, '.claude');
+        (0, fs_1.mkdirSync)(claudeDir, { recursive: true });
+        (0, fs_1.writeFileSync)((0, path_1.join)(claudeDir, '.credentials.json'), raw, { mode: 0o600 });
+        console.log('[labgate] Synced Claude credentials from macOS keychain');
+        return ['--env', `ANTHROPIC_API_KEY=${token}`];
+    }
+    catch {
+        return [];
+    }
+}
+function formatStatusFooter(session, runtime, sessionId, image) {
+    const timeout = session.config.session_timeout_hours;
+    const timeoutLabel = Number.isFinite(timeout) && timeout > 0 ? `${timeout}h` : 'off';
+    const audit = session.config.audit.enabled ? 'on' : 'off';
+    const net = session.config.network.mode;
+    return `[labgate] Status: session=${sessionId} | runtime=${runtime} | net=${net} | timeout=${timeoutLabel} | audit=${audit} | image=${image}`;
+}
+// ── Session lifecycle ─────────────────────────────────────
+async function startSession(session) {
+    const preferred = session.config.runtime;
+    const runtime = session.dryRun ? getDryRunRuntime(preferred) : (0, runtime_js_1.getRuntime)(preferred);
+    const image = session.imageOverride ?? session.config.image;
+    const sessionId = (0, crypto_1.randomBytes)(4).toString('hex');
+    const footerMode = session.footerMode ?? 'sticky';
+    const footerLine = formatStatusFooter(session, runtime, sessionId, image);
+    // Extract agent auth token from host keychain (macOS)
+    const tokenEnv = session.dryRun ? [] : getAgentTokenEnv(session.agent);
+    // Set up browser hook so OAuth URLs get opened on the host
+    const browserHook = session.dryRun ? undefined : setupBrowserHook();
+    if ((0, runtime_js_1.isApptainerFamily)(runtime) && session.config.network.mode !== 'host') {
+        console.warn(`[labgate] Warning: network mode "${session.config.network.mode}" is not enforced for ${runtime}. ` +
+            'Configure network restrictions externally or use podman/docker.');
+    }
+    let args;
+    if ((0, runtime_js_1.isApptainerFamily)(runtime)) {
+        // Apptainer/Singularity path
+        let sifPath;
+        if (session.dryRun) {
+            sifPath = (0, path_1.join)((0, config_js_1.getImagesDir)(), imageToSifName(image));
+        }
+        else {
+            sifPath = ensureSifImage(runtime, image);
+        }
+        args = buildApptainerArgs(session, runtime, sifPath, sessionId, [...tokenEnv, ...(browserHook?.env ?? [])]);
+    }
+    else {
+        // Podman/Docker path
+        if (!session.dryRun) {
+            ensureOciImage(runtime, image);
+        }
+        args = buildPodmanArgs(session, runtime, sessionId, [...tokenEnv, ...(browserHook?.env ?? [])]);
+    }
+    if (session.dryRun) {
+        prettyPrintCommand(runtime, args);
+        return;
+    }
+    // Log session start
+    if (session.config.audit.enabled) {
+        const event = {
+            timestamp: new Date().toISOString(),
+            session: sessionId,
+            event: 'session_start',
+            agent: session.agent,
+            workdir: session.workdir,
+            network_mode: session.config.network.mode,
+            mounts: [
+                { path: session.workdir, target: '/work', mode: 'rw' },
+                ...session.config.filesystem.extra_paths.map(p => ({
+                    path: p.path.replace(/^~/, (0, os_1.homedir)()),
+                    target: `/mnt/${(0, path_1.basename)(p.path)}`,
+                    mode: p.mode,
+                })),
+            ],
+        };
+        (0, audit_js_1.writeAuditEvent)(session.config, event);
+    }
+    // Print session info
+    const mode = session.config.network.mode;
+    console.log(`[labgate] Session ${sessionId}`);
+    console.log(`[labgate] Runtime: ${runtime}`);
+    console.log(`[labgate] Agent: ${session.agent}`);
+    console.log(`[labgate] Workdir: ${session.workdir} → /work`);
+    console.log(`[labgate] Network: ${mode}`);
+    console.log(`[labgate] Blocked: ${session.config.filesystem.blocked_patterns.length} patterns`);
+    if (session.config.audit.enabled) {
+        console.log(`[labgate] Audit log: ${(0, config_js_1.getLogDir)(session.config)}`);
+    }
+    if (footerMode === 'once') {
+        console.log(footerLine);
+    }
+    const wantsSticky = footerMode === 'sticky';
+    if (wantsSticky) {
+        if (!process.stdout.isTTY || !process.stdin.isTTY) {
+            console.warn('[labgate] Sticky footer needs a TTY; falling back to one-time footer.');
+        }
+        else {
+            const pty = await loadPty();
+            if (!pty) {
+                console.warn('[labgate] Sticky footer requires node-pty. Install it or use --no-footer.');
+            }
+            else {
+                let runtimePath;
+                try {
+                    runtimePath = (0, child_process_1.execFileSync)('which', [runtime], { encoding: 'utf-8' }).trim();
+                }
+                catch {
+                    runtimePath = runtime;
+                }
+                const cleanEnv = {};
+                for (const [k, v] of Object.entries(process.env)) {
+                    if (v !== undefined)
+                        cleanEnv[k] = v;
+                }
+                const cols = process.stdout.columns || 80;
+                const rows = process.stdout.rows || 24;
+                const child = pty.spawn(runtimePath, args, {
+                    name: 'xterm-256color',
+                    cols,
+                    rows,
+                    cwd: process.cwd(),
+                    env: cleanEnv,
+                });
+                let exited = false;
+                const resizeHandler = () => {
+                    child.resize(process.stdout.columns || 80, process.stdout.rows || 24);
+                    renderStickyFooter(footerLine);
+                };
+                process.stdout.on('resize', resizeHandler);
+                renderStickyFooter(footerLine);
+                child.onData((data) => {
+                    process.stdout.write(data);
+                    renderStickyFooter(footerLine);
+                });
+                if (process.stdin.isTTY) {
+                    process.stdin.setRawMode(true);
+                }
+                process.stdin.resume();
+                process.stdin.on('data', (data) => {
+                    child.write(data.toString());
+                });
+                // Session timeout
+                let timeoutHandle;
+                const timeoutHours = session.config.session_timeout_hours;
+                if (Number.isFinite(timeoutHours) && timeoutHours > 0) {
+                    const timeoutMs = timeoutHours * 60 * 60 * 1000;
+                    timeoutHandle = setTimeout(() => {
+                        if (exited)
+                            return;
+                        console.error(`\n[labgate] Session ${sessionId} reached timeout (${timeoutHours}h). Stopping...`);
+                        if (session.config.audit.enabled) {
+                            (0, audit_js_1.writeAuditEvent)(session.config, {
+                                timestamp: new Date().toISOString(),
+                                session: sessionId,
+                                event: 'session_timeout',
+                                timeout_hours: timeoutHours,
+                            });
+                        }
+                        if (!(0, runtime_js_1.isApptainerFamily)(runtime)) {
+                            try {
+                                (0, child_process_1.execFileSync)(runtime, ['stop', `labgate-${sessionId}`], { stdio: 'ignore' });
+                            }
+                            catch { /* best effort */ }
+                        }
+                        child.kill('SIGTERM');
+                    }, timeoutMs);
+                    timeoutHandle.unref();
+                }
+                child.onExit((event) => {
+                    exited = true;
+                    if (timeoutHandle)
+                        clearTimeout(timeoutHandle);
+                    browserHook?.cleanup();
+                    if (process.stdin.isTTY) {
+                        process.stdin.setRawMode(false);
+                    }
+                    process.stdout.off('resize', resizeHandler);
+                    if (session.config.audit.enabled) {
+                        (0, audit_js_1.writeAuditEvent)(session.config, {
+                            timestamp: new Date().toISOString(),
+                            session: sessionId,
+                            event: 'session_end',
+                            exit_code: event.exitCode ?? 0,
+                        });
+                    }
+                    process.exit(event.exitCode ?? 0);
+                });
+                for (const sig of ['SIGINT', 'SIGTERM']) {
+                    process.on(sig, () => {
+                        child.kill(sig);
+                    });
+                }
+                return;
+            }
+        }
+    }
+    if (footerMode === 'sticky') {
+        console.log(footerLine);
+    }
+    console.log('');
+    // Spawn container (inherit stdio so it's fully interactive with TTY)
+    const child = (0, child_process_1.spawn)(runtime, args, {
+        stdio: 'inherit',
+    });
+    // Session timeout
+    let timeoutHandle;
+    const timeoutHours = session.config.session_timeout_hours;
+    if (Number.isFinite(timeoutHours) && timeoutHours > 0) {
+        const timeoutMs = timeoutHours * 60 * 60 * 1000;
+        timeoutHandle = setTimeout(() => {
+            if (child.exitCode !== null)
+                return;
+            console.error(`\n[labgate] Session ${sessionId} reached timeout (${timeoutHours}h). Stopping...`);
+            if (session.config.audit.enabled) {
+                (0, audit_js_1.writeAuditEvent)(session.config, {
+                    timestamp: new Date().toISOString(),
+                    session: sessionId,
+                    event: 'session_timeout',
+                    timeout_hours: timeoutHours,
+                });
+            }
+            if (!(0, runtime_js_1.isApptainerFamily)(runtime)) {
+                try {
+                    (0, child_process_1.execFileSync)(runtime, ['stop', `labgate-${sessionId}`], { stdio: 'ignore' });
+                }
+                catch { /* best effort */ }
+            }
+            child.kill('SIGTERM');
+        }, timeoutMs);
+        timeoutHandle.unref();
+    }
+    // Handle exit
+    child.on('close', (code) => {
+        if (timeoutHandle)
+            clearTimeout(timeoutHandle);
+        browserHook?.cleanup();
+        if (session.config.audit.enabled) {
+            (0, audit_js_1.writeAuditEvent)(session.config, {
+                timestamp: new Date().toISOString(),
+                session: sessionId,
+                event: 'session_end',
+                exit_code: code ?? 0,
+            });
+        }
+        process.exit(code ?? 0);
+    });
+    // Forward signals
+    for (const sig of ['SIGINT', 'SIGTERM']) {
+        process.on(sig, () => {
+            child.kill(sig);
+        });
+    }
+}
+// ── List running sessions ─────────────────────────────────
+async function listSessions() {
+    const config = (0, config_js_1.loadConfig)();
+    let runtime;
+    try {
+        runtime = (0, runtime_js_1.getRuntime)(config.runtime);
+    }
+    catch (err) {
+        console.error(err.message ?? String(err));
+        process.exit(1);
+    }
+    if ((0, runtime_js_1.isApptainerFamily)(runtime)) {
+        console.log('Apptainer sessions run as regular processes (not daemons).');
+        console.log('To find running labgate sessions:');
+        console.log('  ps aux | grep apptainer');
+        return;
+    }
+    try {
+        const output = (0, child_process_1.execFileSync)(runtime, [
+            'ps',
+            '--filter', 'name=labgate-',
+            '--format', '{{.Names}}\t{{.Status}}\t{{.RunningFor}}',
+        ], { encoding: 'utf-8' }).trim();
+        if (!output) {
+            console.log('No active labgate sessions.');
+            return;
+        }
+        console.log('Active sessions:');
+        console.log('NAME\t\t\tSTATUS\t\tRUNNING');
+        console.log(output);
+    }
+    catch {
+        console.log('No active labgate sessions.');
+    }
+}
+// ── Stop a session ────────────────────────────────────────
+async function stopSession(id) {
+    const config = (0, config_js_1.loadConfig)();
+    let runtime;
+    try {
+        runtime = (0, runtime_js_1.getRuntime)(config.runtime);
+    }
+    catch (err) {
+        console.error(err.message ?? String(err));
+        process.exit(1);
+    }
+    if ((0, runtime_js_1.isApptainerFamily)(runtime)) {
+        console.log('Apptainer sessions run as regular processes.');
+        console.log('To stop a session, find and kill the process:');
+        console.log('  ps aux | grep apptainer');
+        console.log('  kill <PID>');
+        return;
+    }
+    const name = id.startsWith('labgate-') ? id : `labgate-${id}`;
+    try {
+        (0, child_process_1.execFileSync)(runtime, ['stop', name], { stdio: 'inherit' });
+        console.log(`Stopped ${name}`);
+    }
+    catch {
+        console.error(`Could not stop ${name}. Is it running?`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=container.js.map