mstro-app 0.4.15 → 0.4.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/cli/headless/claude-invoker-process.d.ts.map +1 -1
- package/dist/server/cli/headless/claude-invoker-process.js +5 -1
- package/dist/server/cli/headless/claude-invoker-process.js.map +1 -1
- package/dist/server/services/sandbox-utils.d.ts +3 -1
- package/dist/server/services/sandbox-utils.d.ts.map +1 -1
- package/dist/server/services/sandbox-utils.js +6 -3
- package/dist/server/services/sandbox-utils.js.map +1 -1
- package/package.json +1 -1
- package/server/cli/headless/claude-invoker-process.ts +6 -1
- package/server/services/sandbox-utils.ts +7 -3
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-invoker-process.d.ts","sourceRoot":"","sources":["../../../../server/cli/headless/claude-invoker-process.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,KAAK,YAAY,EAAS,MAAM,oBAAoB,CAAC;AAE9D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAKvE,OAAO,KAAK,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AA0B1E,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,CAAC,cAAc,EAC5B,MAAM,EAAE,sBAAsB,EAC9B,MAAM,EAAE,CAAC,MAAM,EAAE,KAAK,KAAK,IAAI,GAC9B,IAAI,CAYN;AAID,wBAAgB,eAAe,CAC7B,MAAM,EAAE,sBAAsB,EAC9B,MAAM,EAAE,MAAM,EACd,mBAAmB,EAAE,OAAO,EAC5B,aAAa,EAAE,OAAO,EACtB,aAAa,EAAE,MAAM,GAAG,IAAI,GAC3B,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"claude-invoker-process.d.ts","sourceRoot":"","sources":["../../../../server/cli/headless/claude-invoker-process.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,KAAK,YAAY,EAAS,MAAM,oBAAoB,CAAC;AAE9D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAKvE,OAAO,KAAK,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AA0B1E,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,CAAC,cAAc,EAC5B,MAAM,EAAE,sBAAsB,EAC9B,MAAM,EAAE,CAAC,MAAM,EAAE,KAAK,KAAK,IAAI,GAC9B,IAAI,CAYN;AAID,wBAAgB,eAAe,CAC7B,MAAM,EAAE,sBAAsB,EAC9B,MAAM,EAAE,MAAM,EACd,mBAAmB,EAAE,OAAO,EAC5B,aAAa,EAAE,OAAO,EACtB,aAAa,EAAE,MAAM,GAAG,IAAI,GAC3B,MAAM,EAAE,CA8CV;AAqBD,mDAAmD;AACnD,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,sBAAsB,EAC9B,MAAM,EAAE,MAAM,EACd,mBAAmB,EAAE,OAAO,EAC5B,aAAa,EAAE,OAAO,EACtB,gBAAgB,EAAE,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,EAC3C,SAAS,EAAE,MAAM,GAChB,YAAY,CAyCd;AAID,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,oBAAoB,EACzB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GAAG,IAAI,EACnB,MAAM,EAAE,MAAM,CAAC,OAAO,GAAG,IAAI,EAC7B,cAAc,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAC3C,eAAe,CAoBjB"}
|
|
@@ -68,6 +68,10 @@ export function buildClaudeArgs(config, prompt, hasImageAttachments, useStreamJs
|
|
|
68
68
|
}
|
|
69
69
|
// Reduce Edit-without-Read errors by reminding the model
|
|
70
70
|
args.push('--append-system-prompt', 'IMPORTANT: Always use the Read tool to read a file before using Edit or Write on it. Never edit a file you have not read in this session.');
|
|
71
|
+
// Sandboxed sessions: restrict all file operations to the working directory
|
|
72
|
+
if (config.sandboxed) {
|
|
73
|
+
args.push('--append-system-prompt', `SECURITY: You are running in sandboxed mode for a shared user. You MUST NOT read, write, list, or access any files or directories outside the working directory (${config.workingDir}). This includes home directories, /etc, /tmp, /proc, and any path that does not start with ${config.workingDir}. If asked to access files outside this boundary, refuse the request and explain that access is restricted to the project directory.`);
|
|
74
|
+
}
|
|
71
75
|
if (!hasImageAttachments) {
|
|
72
76
|
// Strip null bytes — Node.js spawn rejects args containing \0
|
|
73
77
|
args.push(prompt.replaceAll('\0', ''));
|
|
@@ -96,7 +100,7 @@ export function spawnAndRegister(config, prompt, hasImageAttachments, useStreamJ
|
|
|
96
100
|
const args = buildClaudeArgs(config, prompt, hasImageAttachments, useStreamJson, mcpConfigPath);
|
|
97
101
|
verboseLog(config.verbose, `[PERF] About to spawn: ${Date.now() - perfStart}ms`, `[PERF] Command: ${config.claudeCommand} ${args.join(' ')}`);
|
|
98
102
|
const baseEnv = config.sandboxed
|
|
99
|
-
? sanitizeEnvForSandbox(process.env, config.workingDir)
|
|
103
|
+
? sanitizeEnvForSandbox(process.env, config.workingDir, { overrideHome: false })
|
|
100
104
|
: { ...process.env };
|
|
101
105
|
const spawnEnv = config.extraEnv
|
|
102
106
|
? { ...baseEnv, ...config.extraEnv }
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-invoker-process.js","sourceRoot":"","sources":["../../../../server/cli/headless/claude-invoker-process.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAEhE,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AAExE,OAAO,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACnF,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAG3D,uCAAuC;AAEvC,+EAA+E;AAC/E,SAAS,cAAc,CAAC,MAAc;IACpC,MAAM,GAAG,GAA2B;QAClC,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC;QAC5C,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE;KAClD,CAAC;IACF,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED,uCAAuC;AAEvC,MAAM,eAAe,GAAsD;IACzE,MAAM,EAAE;QACN,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,mHAAmH;KAC7H;IACD,MAAM,EAAE;QACN,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,4EAA4E;KACtF;CACF,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAC9B,KAA4B,EAC5B,MAA8B,EAC9B,MAA+B;IAE/B,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACpE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,KAAK,CAAC,CAAC;QACd,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,iBAAiB,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IACrE,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,CAAC,cAAc,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED,0CAA0C;AAE1C,MAAM,UAAU,eAAe,CAC7B,MAA8B,EAC9B,MAAc,EACd,mBAA4B,EAC5B,aAAsB,EACtB,aAA4B;IAE5B,MAAM,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAEzB,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,aAAa,EAAE,4BAA4B,EAAE,WAAW,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,mBAAmB,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IAChD,CAAC;SAAM,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,qCAAqC,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,aAAa,CAAC,CAAC;IAChD,CAAC;IAED,yDAAyD;IACzD,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,2IAA2I,CAAC,CAAC;IAEjL,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,8DAA8D;QAC9D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AACzE,SAAS,4BAA4B,CACnC,aAA2B,EAC3B,MAAc,EACd,MAA8B;IAE9B,aAAa,CAAC,KAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QACvC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,CAAC,sBAAsB,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,CAAC,cAAc,EAAE,CAAC,6EAA6E,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;IACxH,CAAC,CAAC,CAAC;IACH,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,gBAAiB,CAAC,CAAC;IACnF,aAAa,CAAC,KAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC9C,aAAa,CAAC,KAAM,CAAC,GAAG,EAAE,CAAC;AAC7B,CAAC;AAED,yCAAyC;AAEzC,mDAAmD;AACnD,MAAM,UAAU,gBAAgB,CAC9B,MAA8B,EAC9B,MAAc,EACd,mBAA4B,EAC5B,aAAsB,EACtB,gBAA2C,EAC3C,SAAiB;IAEjB,MAAM,aAAa,GAAG,iBAAiB,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAE3E,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC5C,MAAM,CAAC,cAAc,CACnB,sKAAsK,CACvK,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;IAEhG,UAAU,CAAC,MAAM,CAAC,OAAO,EACvB,0BAA0B,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,EACpD,mBAAmB,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC5D,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS;QAC9B,CAAC,CAAC,qBAAqB,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"claude-invoker-process.js","sourceRoot":"","sources":["../../../../server/cli/headless/claude-invoker-process.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAEhE,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AAExE,OAAO,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACnF,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAG3D,uCAAuC;AAEvC,+EAA+E;AAC/E,SAAS,cAAc,CAAC,MAAc;IACpC,MAAM,GAAG,GAA2B;QAClC,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC;QAC5C,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE;KAClD,CAAC;IACF,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED,uCAAuC;AAEvC,MAAM,eAAe,GAAsD;IACzE,MAAM,EAAE;QACN,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,mHAAmH;KAC7H;IACD,MAAM,EAAE;QACN,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,4EAA4E;KACtF;CACF,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAC9B,KAA4B,EAC5B,MAA8B,EAC9B,MAA+B;IAE/B,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACpE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,KAAK,CAAC,CAAC;QACd,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,iBAAiB,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IACrE,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,CAAC,cAAc,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED,0CAA0C;AAE1C,MAAM,UAAU,eAAe,CAC7B,MAA8B,EAC9B,MAAc,EACd,mBAA4B,EAC5B,aAAsB,EACtB,aAA4B;IAE5B,MAAM,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAEzB,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,aAAa,EAAE,4BAA4B,EAAE,WAAW,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,mBAAmB,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IAChD,CAAC;SAAM,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,qCAAqC,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,aAAa,CAAC,CAAC;IAChD,CAAC;IAED,yDAAyD;IACzD,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,2IAA2I,CAAC,CAAC;IAEjL,4EAA4E;IAC5E,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,oKAAoK,MAAM,CAAC,UAAU,+FAA+F,MAAM,CAAC,UAAU,sIAAsI,CAAC,CAAC;IACnd,CAAC;IAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,8DAA8D;QAC9D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AACzE,SAAS,4BAA4B,CACnC,aAA2B,EAC3B,MAAc,EACd,MAA8B;IAE9B,aAAa,CAAC,KAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QACvC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,CAAC,sBAAsB,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,CAAC,cAAc,EAAE,CAAC,6EAA6E,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;IACxH,CAAC,CAAC,CAAC;IACH,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,gBAAiB,CAAC,CAAC;IACnF,aAAa,CAAC,KAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC9C,aAAa,CAAC,KAAM,CAAC,GAAG,EAAE,CAAC;AAC7B,CAAC;AAED,yCAAyC;AAEzC,mDAAmD;AACnD,MAAM,UAAU,gBAAgB,CAC9B,MAA8B,EAC9B,MAAc,EACd,mBAA4B,EAC5B,aAAsB,EACtB,gBAA2C,EAC3C,SAAiB;IAEjB,MAAM,aAAa,GAAG,iBAAiB,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAE3E,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC5C,MAAM,CAAC,cAAc,CACnB,sKAAsK,CACvK,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;IAEhG,UAAU,CAAC,MAAM,CAAC,OAAO,EACvB,0BAA0B,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,EACpD,mBAAmB,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC5D,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS;QAC9B,CAAC,CAAC,qBAAqB,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;QAChF,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ;QAC9B,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE;QACpC,CAAC,CAAC,OAAO,CAAC;IAEZ,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,EAAE;QACtD,GAAG,EAAE,MAAM,CAAC,UAAU;QACtB,QAAQ,EAAE,IAAI;QACd,GAAG,EAAE,QAAQ;QACb,KAAK,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;KACjE,CAAC,CAAC;IAEH,IAAI,mBAAmB,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QAC/C,4BAA4B,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,aAAa,CAAC,GAAG,EAAE,CAAC;QACtB,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IACzD,CAAC;IAED,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,CAAC,CAAC;IAE1E,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,wCAAwC;AAExC,MAAM,UAAU,gBAAgB,CAC9B,GAAyB,EACzB,MAAc,EACd,MAAc,EACd,IAAmB,EACnB,MAA6B,EAC7B,cAA4C;IAE5C,MAAM,WAAW,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,cAAc,GAAG,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,sBAAsB,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1G,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC,WAAW,GAAG,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,YAAY,GAAG,CAAC,CAAC;IAC9F,OAAO;QACL,MAAM,EAAE,MAAM;QACd,KAAK,EAAE,MAAM,IAAI,SAAS;QAC1B,QAAQ;QACR,UAAU,EAAE,MAAM,IAAI,SAAS;QAC/B,iBAAiB,EAAE,GAAG,CAAC,4BAA4B,IAAI,SAAS;QAChE,cAAc,EAAE,GAAG,CAAC,mBAAmB,IAAI,SAAS;QACpD,cAAc,EAAE,GAAG,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;QACtF,eAAe,EAAE,cAAc,CAAC,eAAe;QAC/C,kBAAkB,EAAE,GAAG,CAAC,qBAAqB,CAAC,YAAY,IAAI,SAAS;QACvE,iBAAiB,EAAE,WAAW;QAC9B,oBAAoB,EAAE,cAAc;QACpC,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS;QACnE,UAAU,EAAE,GAAG,CAAC,UAAU;KAC3B,CAAC;AACJ,CAAC"}
|
|
@@ -2,5 +2,7 @@
|
|
|
2
2
|
* Create a sanitized environment for sandboxed execution.
|
|
3
3
|
* Strips sensitive env vars and sets HOME to the project directory.
|
|
4
4
|
*/
|
|
5
|
-
export declare function sanitizeEnvForSandbox(env: NodeJS.ProcessEnv, workingDir: string
|
|
5
|
+
export declare function sanitizeEnvForSandbox(env: NodeJS.ProcessEnv, workingDir: string, options?: {
|
|
6
|
+
overrideHome?: boolean;
|
|
7
|
+
}): Record<string, string>;
|
|
6
8
|
//# sourceMappingURL=sandbox-utils.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox-utils.d.ts","sourceRoot":"","sources":["../../../server/services/sandbox-utils.ts"],"names":[],"mappings":"AAsDA;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,MAAM,CAAC,UAAU,EACtB,UAAU,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"sandbox-utils.d.ts","sourceRoot":"","sources":["../../../server/services/sandbox-utils.ts"],"names":[],"mappings":"AAsDA;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,MAAM,CAAC,UAAU,EACtB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAE,GACnC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBxB"}
|
|
@@ -52,7 +52,7 @@ const BLOCKED_KEYS = new Set([
|
|
|
52
52
|
* Create a sanitized environment for sandboxed execution.
|
|
53
53
|
* Strips sensitive env vars and sets HOME to the project directory.
|
|
54
54
|
*/
|
|
55
|
-
export function sanitizeEnvForSandbox(env, workingDir) {
|
|
55
|
+
export function sanitizeEnvForSandbox(env, workingDir, options) {
|
|
56
56
|
const result = {};
|
|
57
57
|
for (const [key, value] of Object.entries(env)) {
|
|
58
58
|
if (!value)
|
|
@@ -63,8 +63,11 @@ export function sanitizeEnvForSandbox(env, workingDir) {
|
|
|
63
63
|
continue;
|
|
64
64
|
result[key] = value;
|
|
65
65
|
}
|
|
66
|
-
// Override HOME to project directory so `cd ~` stays sandboxed
|
|
67
|
-
|
|
66
|
+
// Override HOME to project directory so `cd ~` stays sandboxed (e.g. terminals).
|
|
67
|
+
// Claude Code processes opt out (overrideHome: false) to preserve OAuth auth lookup.
|
|
68
|
+
if (options?.overrideHome !== false) {
|
|
69
|
+
result.HOME = workingDir;
|
|
70
|
+
}
|
|
68
71
|
// Marker so scripts can detect sandboxed execution
|
|
69
72
|
result.MSTRO_SANDBOXED = '1';
|
|
70
73
|
return result;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox-utils.js","sourceRoot":"","sources":["../../../server/services/sandbox-utils.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAEhE;;;;;;GAMG;AAEH,oFAAoF;AACpF,MAAM,gBAAgB,GAAG;IACvB,MAAM;IACN,SAAS;IACT,KAAK;IACL,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,SAAS;IACT,SAAS;IACT,YAAY;IACZ,SAAS;IACT,SAAS;IACT,WAAW;IACX,UAAU;IACV,SAAS;IACT,QAAQ;IACR,UAAU;CACX,CAAC;AAEF,oEAAoE;AACpE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,UAAU;IACV,cAAc;IACd,WAAW;IACX,YAAY;IACZ,YAAY;IACZ,WAAW;IACX,cAAc;IACd,WAAW;IACX,aAAa;IACb,YAAY;IACZ,SAAS;IACT,YAAY;IACZ,cAAc;IACd,eAAe;IACf,aAAa;IACb,YAAY;CACb,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAsB,EACtB,UAAkB;
|
|
1
|
+
{"version":3,"file":"sandbox-utils.js","sourceRoot":"","sources":["../../../server/services/sandbox-utils.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAEhE;;;;;;GAMG;AAEH,oFAAoF;AACpF,MAAM,gBAAgB,GAAG;IACvB,MAAM;IACN,SAAS;IACT,KAAK;IACL,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,SAAS;IACT,SAAS;IACT,YAAY;IACZ,SAAS;IACT,SAAS;IACT,WAAW;IACX,UAAU;IACV,SAAS;IACT,QAAQ;IACR,UAAU;CACX,CAAC;AAEF,oEAAoE;AACpE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,UAAU;IACV,cAAc;IACd,WAAW;IACX,YAAY;IACZ,YAAY;IACZ,WAAW;IACX,cAAc;IACd,WAAW;IACX,aAAa;IACb,YAAY;IACZ,SAAS;IACT,YAAY;IACZ,cAAc;IACd,eAAe;IACf,aAAa;IACb,YAAY;CACb,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAsB,EACtB,UAAkB,EAClB,OAAoC;IAEpC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAAE,SAAS;QAC5D,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,iFAAiF;IACjF,qFAAqF;IACrF,IAAI,OAAO,EAAE,YAAY,KAAK,KAAK,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC;IAC3B,CAAC;IACD,mDAAmD;IACnD,MAAM,CAAC,eAAe,GAAG,GAAG,CAAC;IAE7B,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED
|
@@ -95,6 +95,11 @@ export function buildClaudeArgs(
|
|
|
95
95
|
// Reduce Edit-without-Read errors by reminding the model
|
|
96
96
|
args.push('--append-system-prompt', 'IMPORTANT: Always use the Read tool to read a file before using Edit or Write on it. Never edit a file you have not read in this session.');
|
|
97
97
|
|
|
98
|
+
// Sandboxed sessions: restrict all file operations to the working directory
|
|
99
|
+
if (config.sandboxed) {
|
|
100
|
+
args.push('--append-system-prompt', `SECURITY: You are running in sandboxed mode for a shared user. You MUST NOT read, write, list, or access any files or directories outside the working directory (${config.workingDir}). This includes home directories, /etc, /tmp, /proc, and any path that does not start with ${config.workingDir}. If asked to access files outside this boundary, refuse the request and explain that access is restricted to the project directory.`);
|
|
101
|
+
}
|
|
102
|
+
|
|
98
103
|
if (!hasImageAttachments) {
|
|
99
104
|
// Strip null bytes — Node.js spawn rejects args containing \0
|
|
100
105
|
args.push(prompt.replaceAll('\0', ''));
|
|
@@ -147,7 +152,7 @@ export function spawnAndRegister(
|
|
|
147
152
|
);
|
|
148
153
|
|
|
149
154
|
const baseEnv = config.sandboxed
|
|
150
|
-
? sanitizeEnvForSandbox(process.env, config.workingDir)
|
|
155
|
+
? sanitizeEnvForSandbox(process.env, config.workingDir, { overrideHome: false })
|
|
151
156
|
: { ...process.env };
|
|
152
157
|
const spawnEnv = config.extraEnv
|
|
153
158
|
? { ...baseEnv, ...config.extraEnv }
|
|
@@ -58,7 +58,8 @@ const BLOCKED_KEYS = new Set([
|
|
|
58
58
|
*/
|
|
59
59
|
export function sanitizeEnvForSandbox(
|
|
60
60
|
env: NodeJS.ProcessEnv,
|
|
61
|
-
workingDir: string
|
|
61
|
+
workingDir: string,
|
|
62
|
+
options?: { overrideHome?: boolean }
|
|
62
63
|
): Record<string, string> {
|
|
63
64
|
const result: Record<string, string> = {};
|
|
64
65
|
|
|
@@ -69,8 +70,11 @@ export function sanitizeEnvForSandbox(
|
|
|
69
70
|
result[key] = value;
|
|
70
71
|
}
|
|
71
72
|
|
|
72
|
-
// Override HOME to project directory so `cd ~` stays sandboxed
|
|
73
|
-
|
|
73
|
+
// Override HOME to project directory so `cd ~` stays sandboxed (e.g. terminals).
|
|
74
|
+
// Claude Code processes opt out (overrideHome: false) to preserve OAuth auth lookup.
|
|
75
|
+
if (options?.overrideHome !== false) {
|
|
76
|
+
result.HOME = workingDir;
|
|
77
|
+
}
|
|
74
78
|
// Marker so scripts can detect sandboxed execution
|
|
75
79
|
result.MSTRO_SANDBOXED = '1';
|
|
76
80
|
|