mstro-app 0.4.17 → 0.4.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +148 -75
- package/dist/server/cli/headless/claude-invoker-process.d.ts +1 -1
- package/dist/server/cli/headless/claude-invoker-process.d.ts.map +1 -1
- package/dist/server/cli/headless/claude-invoker-process.js +4 -10
- package/dist/server/cli/headless/claude-invoker-process.js.map +1 -1
- package/dist/server/cli/headless/claude-invoker.js +1 -1
- package/dist/server/cli/headless/claude-invoker.js.map +1 -1
- package/dist/server/cli/headless/mcp-config.d.ts +7 -2
- package/dist/server/cli/headless/mcp-config.d.ts.map +1 -1
- package/dist/server/cli/headless/mcp-config.js +28 -4
- package/dist/server/cli/headless/mcp-config.js.map +1 -1
- package/dist/server/cli/headless/runner.d.ts.map +1 -1
- package/dist/server/cli/headless/runner.js +0 -1
- package/dist/server/cli/headless/runner.js.map +1 -1
- package/dist/server/cli/headless/types.d.ts +1 -4
- package/dist/server/cli/headless/types.d.ts.map +1 -1
- package/dist/server/cli/improvisation-retry.d.ts +1 -1
- package/dist/server/cli/improvisation-retry.d.ts.map +1 -1
- package/dist/server/cli/improvisation-retry.js +1 -2
- package/dist/server/cli/improvisation-retry.js.map +1 -1
- package/dist/server/cli/improvisation-session-manager.d.ts +0 -1
- package/dist/server/cli/improvisation-session-manager.d.ts.map +1 -1
- package/dist/server/cli/improvisation-session-manager.js +44 -9
- package/dist/server/cli/improvisation-session-manager.js.map +1 -1
- package/dist/server/index.js +17 -2
- package/dist/server/index.js.map +1 -1
- package/dist/server/mcp/bouncer-haiku.d.ts.map +1 -1
- package/dist/server/mcp/bouncer-haiku.js +10 -5
- package/dist/server/mcp/bouncer-haiku.js.map +1 -1
- package/dist/server/mcp/bouncer-integration.d.ts +3 -1
- package/dist/server/mcp/bouncer-integration.d.ts.map +1 -1
- package/dist/server/mcp/bouncer-integration.js +16 -5
- package/dist/server/mcp/bouncer-integration.js.map +1 -1
- package/dist/server/mcp/server.js +3 -1
- package/dist/server/mcp/server.js.map +1 -1
- package/dist/server/services/plan/composer.d.ts +1 -1
- package/dist/server/services/plan/composer.d.ts.map +1 -1
- package/dist/server/services/plan/composer.js +2 -3
- package/dist/server/services/plan/composer.js.map +1 -1
- package/dist/server/services/plan/executor.d.ts +0 -3
- package/dist/server/services/plan/executor.d.ts.map +1 -1
- package/dist/server/services/plan/executor.js +1 -8
- package/dist/server/services/plan/executor.js.map +1 -1
- package/dist/server/services/plan/review-gate.d.ts.map +1 -1
- package/dist/server/services/plan/review-gate.js +19 -2
- package/dist/server/services/plan/review-gate.js.map +1 -1
- package/dist/server/services/plan/state-reconciler.d.ts +6 -0
- package/dist/server/services/plan/state-reconciler.d.ts.map +1 -1
- package/dist/server/services/plan/state-reconciler.js +68 -1
- package/dist/server/services/plan/state-reconciler.js.map +1 -1
- package/dist/server/services/platform.d.ts.map +1 -1
- package/dist/server/services/platform.js +18 -6
- package/dist/server/services/platform.js.map +1 -1
- package/dist/server/services/terminal/pty-manager.d.ts +2 -4
- package/dist/server/services/terminal/pty-manager.d.ts.map +1 -1
- package/dist/server/services/terminal/pty-manager.js +5 -28
- package/dist/server/services/terminal/pty-manager.js.map +1 -1
- package/dist/server/services/terminal/pty-utils.d.ts +2 -13
- package/dist/server/services/terminal/pty-utils.d.ts.map +1 -1
- package/dist/server/services/terminal/pty-utils.js +2 -74
- package/dist/server/services/terminal/pty-utils.js.map +1 -1
- package/dist/server/services/websocket/autocomplete.d.ts +1 -1
- package/dist/server/services/websocket/autocomplete.d.ts.map +1 -1
- package/dist/server/services/websocket/autocomplete.js +37 -24
- package/dist/server/services/websocket/autocomplete.js.map +1 -1
- package/dist/server/services/websocket/file-explorer-handlers.d.ts +2 -2
- package/dist/server/services/websocket/file-explorer-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/file-explorer-handlers.js +11 -4
- package/dist/server/services/websocket/file-explorer-handlers.js.map +1 -1
- package/dist/server/services/websocket/handler.d.ts.map +1 -1
- package/dist/server/services/websocket/handler.js +6 -1
- package/dist/server/services/websocket/handler.js.map +1 -1
- package/dist/server/services/websocket/plan-board-handlers.d.ts +5 -5
- package/dist/server/services/websocket/plan-board-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/plan-board-handlers.js.map +1 -1
- package/dist/server/services/websocket/plan-execution-handlers.d.ts +6 -6
- package/dist/server/services/websocket/plan-execution-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/plan-execution-handlers.js +1 -4
- package/dist/server/services/websocket/plan-execution-handlers.js.map +1 -1
- package/dist/server/services/websocket/plan-handlers.d.ts +1 -1
- package/dist/server/services/websocket/plan-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/plan-handlers.js.map +1 -1
- package/dist/server/services/websocket/plan-helpers.d.ts +1 -1
- package/dist/server/services/websocket/plan-helpers.d.ts.map +1 -1
- package/dist/server/services/websocket/plan-helpers.js.map +1 -1
- package/dist/server/services/websocket/plan-issue-handlers.d.ts +4 -4
- package/dist/server/services/websocket/plan-issue-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/plan-issue-handlers.js +10 -0
- package/dist/server/services/websocket/plan-issue-handlers.js.map +1 -1
- package/dist/server/services/websocket/plan-sprint-handlers.d.ts +3 -3
- package/dist/server/services/websocket/plan-sprint-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/plan-sprint-handlers.js.map +1 -1
- package/dist/server/services/websocket/quality-handlers.d.ts +1 -1
- package/dist/server/services/websocket/quality-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/quality-handlers.js +9 -5
- package/dist/server/services/websocket/quality-handlers.js.map +1 -1
- package/dist/server/services/websocket/quality-review-agent.d.ts.map +1 -1
- package/dist/server/services/websocket/quality-review-agent.js +7 -4
- package/dist/server/services/websocket/quality-review-agent.js.map +1 -1
- package/dist/server/services/websocket/session-handlers.d.ts +1 -1
- package/dist/server/services/websocket/session-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/session-handlers.js +5 -2
- package/dist/server/services/websocket/session-handlers.js.map +1 -1
- package/dist/server/services/websocket/terminal-handlers.d.ts +1 -1
- package/dist/server/services/websocket/terminal-handlers.d.ts.map +1 -1
- package/dist/server/services/websocket/terminal-handlers.js +9 -21
- package/dist/server/services/websocket/terminal-handlers.js.map +1 -1
- package/dist/server/services/websocket/types.d.ts +2 -2
- package/dist/server/services/websocket/types.d.ts.map +1 -1
- package/dist/server/utils/port.d.ts +0 -11
- package/dist/server/utils/port.d.ts.map +1 -1
- package/dist/server/utils/port.js +0 -31
- package/dist/server/utils/port.js.map +1 -1
- package/package.json +1 -2
- package/server/cli/headless/claude-invoker-process.ts +5 -12
- package/server/cli/headless/claude-invoker.ts +1 -1
- package/server/cli/headless/mcp-config.ts +31 -4
- package/server/cli/headless/runner.ts +0 -1
- package/server/cli/headless/types.ts +1 -4
- package/server/cli/improvisation-retry.ts +0 -2
- package/server/cli/improvisation-session-manager.ts +45 -10
- package/server/index.ts +16 -2
- package/server/mcp/bouncer-haiku.ts +11 -5
- package/server/mcp/bouncer-integration.ts +14 -5
- package/server/mcp/server.ts +3 -1
- package/server/services/plan/composer.ts +1 -3
- package/server/services/plan/executor.ts +1 -9
- package/server/services/plan/review-gate.ts +13 -2
- package/server/services/plan/state-reconciler.ts +70 -1
- package/server/services/platform.ts +17 -6
- package/server/services/terminal/pty-manager.ts +6 -33
- package/server/services/terminal/pty-utils.ts +2 -80
- package/server/services/websocket/autocomplete.ts +48 -26
- package/server/services/websocket/file-explorer-handlers.ts +14 -7
- package/server/services/websocket/handler.ts +8 -2
- package/server/services/websocket/plan-board-handlers.ts +5 -5
- package/server/services/websocket/plan-execution-handlers.ts +7 -10
- package/server/services/websocket/plan-handlers.ts +1 -1
- package/server/services/websocket/plan-helpers.ts +1 -1
- package/server/services/websocket/plan-issue-handlers.ts +14 -4
- package/server/services/websocket/plan-sprint-handlers.ts +3 -3
- package/server/services/websocket/quality-handlers.ts +9 -5
- package/server/services/websocket/quality-review-agent.ts +7 -4
- package/server/services/websocket/session-handlers.ts +8 -3
- package/server/services/websocket/terminal-handlers.ts +10 -24
- package/server/services/websocket/types.ts +2 -2
- package/server/utils/port.ts +0 -41
- package/dist/server/mcp/bouncer-sandbox.d.ts +0 -60
- package/dist/server/mcp/bouncer-sandbox.d.ts.map +0 -1
- package/dist/server/mcp/bouncer-sandbox.js +0 -182
- package/dist/server/mcp/bouncer-sandbox.js.map +0 -1
- package/dist/server/services/credentials.d.ts +0 -39
- package/dist/server/services/credentials.d.ts.map +0 -1
- package/dist/server/services/credentials.js +0 -110
- package/dist/server/services/credentials.js.map +0 -1
- package/dist/server/services/sandbox-utils.d.ts +0 -8
- package/dist/server/services/sandbox-utils.d.ts.map +0 -1
- package/dist/server/services/sandbox-utils.js +0 -75
- package/dist/server/services/sandbox-utils.js.map +0 -1
- package/server/mcp/bouncer-sandbox.ts +0 -214
- package/server/services/credentials.ts +0 -134
- package/server/services/sandbox-utils.ts +0 -82
|
@@ -1,110 +0,0 @@
|
|
|
1
|
-
// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
|
|
2
|
-
// Licensed under the MIT License. See LICENSE file for details.
|
|
3
|
-
/**
|
|
4
|
-
* Credentials Service
|
|
5
|
-
*
|
|
6
|
-
* Manages persistent authentication credentials stored in ~/.mstro/credentials.json
|
|
7
|
-
*
|
|
8
|
-
* Structure:
|
|
9
|
-
* {
|
|
10
|
-
* "token": "device-token-here",
|
|
11
|
-
* "userId": "user-uuid",
|
|
12
|
-
* "email": "user@example.com",
|
|
13
|
-
* "name": "User Name",
|
|
14
|
-
* "deviceId": "device-uuid",
|
|
15
|
-
* "clientId": "client-uuid",
|
|
16
|
-
* "createdAt": "2024-01-01T00:00:00.000Z",
|
|
17
|
-
* "lastRefreshedAt": "2024-01-01T00:00:00.000Z"
|
|
18
|
-
* }
|
|
19
|
-
*/
|
|
20
|
-
import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
|
|
21
|
-
import { homedir } from 'node:os';
|
|
22
|
-
import { join } from 'node:path';
|
|
23
|
-
const MSTRO_DIR = join(homedir(), '.mstro');
|
|
24
|
-
const CREDENTIALS_FILE = join(MSTRO_DIR, 'credentials.json');
|
|
25
|
-
/**
|
|
26
|
-
* Ensure the ~/.mstro directory exists
|
|
27
|
-
*/
|
|
28
|
-
function ensureMstroDir() {
|
|
29
|
-
if (!existsSync(MSTRO_DIR)) {
|
|
30
|
-
mkdirSync(MSTRO_DIR, { recursive: true, mode: 0o700 });
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
/**
|
|
34
|
-
* Get stored credentials, or null if not logged in
|
|
35
|
-
*/
|
|
36
|
-
export function getCredentials() {
|
|
37
|
-
if (!existsSync(CREDENTIALS_FILE)) {
|
|
38
|
-
return null;
|
|
39
|
-
}
|
|
40
|
-
try {
|
|
41
|
-
const content = readFileSync(CREDENTIALS_FILE, 'utf-8');
|
|
42
|
-
const credentials = JSON.parse(content);
|
|
43
|
-
// Validate required fields
|
|
44
|
-
if (!credentials.token || !credentials.userId || !credentials.email || !credentials.clientId) {
|
|
45
|
-
console.warn('Invalid credentials file, missing required fields');
|
|
46
|
-
return null;
|
|
47
|
-
}
|
|
48
|
-
return credentials;
|
|
49
|
-
}
|
|
50
|
-
catch (err) {
|
|
51
|
-
console.warn('Failed to read credentials file:', err);
|
|
52
|
-
return null;
|
|
53
|
-
}
|
|
54
|
-
}
|
|
55
|
-
/**
|
|
56
|
-
* Save credentials after successful login
|
|
57
|
-
*/
|
|
58
|
-
export function saveCredentials(credentials) {
|
|
59
|
-
ensureMstroDir();
|
|
60
|
-
writeFileSync(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2), {
|
|
61
|
-
mode: 0o600 // Read/write for owner only
|
|
62
|
-
});
|
|
63
|
-
}
|
|
64
|
-
/**
|
|
65
|
-
* Update the token (used during refresh)
|
|
66
|
-
*/
|
|
67
|
-
export function updateToken(newToken) {
|
|
68
|
-
const credentials = getCredentials();
|
|
69
|
-
if (!credentials) {
|
|
70
|
-
throw new Error('No credentials to update');
|
|
71
|
-
}
|
|
72
|
-
credentials.token = newToken;
|
|
73
|
-
credentials.lastRefreshedAt = new Date().toISOString();
|
|
74
|
-
saveCredentials(credentials);
|
|
75
|
-
}
|
|
76
|
-
/**
|
|
77
|
-
* Delete credentials (logout)
|
|
78
|
-
*/
|
|
79
|
-
export function deleteCredentials() {
|
|
80
|
-
if (!existsSync(CREDENTIALS_FILE)) {
|
|
81
|
-
return false;
|
|
82
|
-
}
|
|
83
|
-
try {
|
|
84
|
-
unlinkSync(CREDENTIALS_FILE);
|
|
85
|
-
return true;
|
|
86
|
-
}
|
|
87
|
-
catch (err) {
|
|
88
|
-
console.error('Failed to delete credentials:', err);
|
|
89
|
-
return false;
|
|
90
|
-
}
|
|
91
|
-
}
|
|
92
|
-
/**
|
|
93
|
-
* Check if user is logged in
|
|
94
|
-
*/
|
|
95
|
-
export function isLoggedIn() {
|
|
96
|
-
return getCredentials() !== null;
|
|
97
|
-
}
|
|
98
|
-
/**
|
|
99
|
-
* Get the credentials file path (for display)
|
|
100
|
-
*/
|
|
101
|
-
export function getCredentialsPath() {
|
|
102
|
-
return CREDENTIALS_FILE;
|
|
103
|
-
}
|
|
104
|
-
/**
|
|
105
|
-
* Get the mstro directory path
|
|
106
|
-
*/
|
|
107
|
-
export function getMstroDir() {
|
|
108
|
-
return MSTRO_DIR;
|
|
109
|
-
}
|
|
110
|
-
//# sourceMappingURL=credentials.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../../server/services/credentials.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAEhE;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AACxF,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAEhC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAA;AAC3C,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAA;AAa5D;;GAEG;AACH,SAAS,cAAc;IACrB,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAA;QACvD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAgB,CAAA;QAEtD,2BAA2B;QAC3B,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC7F,OAAO,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAA;YACjE,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,WAAW,CAAA;IACpB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;QACrD,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,WAAwB;IACtD,cAAc,EAAE,CAAA;IAChB,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QACpE,IAAI,EAAE,KAAK,CAAC,4BAA4B;KACzC,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,MAAM,WAAW,GAAG,cAAc,EAAE,CAAA;IACpC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC;IAED,WAAW,CAAC,KAAK,GAAG,QAAQ,CAAA;IAC5B,WAAW,CAAC,eAAe,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;IACtD,eAAe,CAAC,WAAW,CAAC,CAAA;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,CAAC;QACH,UAAU,CAAC,gBAAgB,CAAC,CAAA;QAC5B,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAA;QACnD,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,KAAK,IAAI,CAAA;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,SAAS,CAAA;AAClB,CAAC"}
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Create a sanitized environment for sandboxed execution.
|
|
3
|
-
* Strips sensitive env vars and sets HOME to the project directory.
|
|
4
|
-
*/
|
|
5
|
-
export declare function sanitizeEnvForSandbox(env: NodeJS.ProcessEnv, workingDir: string, options?: {
|
|
6
|
-
overrideHome?: boolean;
|
|
7
|
-
}): Record<string, string>;
|
|
8
|
-
//# sourceMappingURL=sandbox-utils.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox-utils.d.ts","sourceRoot":"","sources":["../../../server/services/sandbox-utils.ts"],"names":[],"mappings":"AAsDA;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,MAAM,CAAC,UAAU,EACtB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAE,GACnC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBxB"}
|
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
|
|
2
|
-
// Licensed under the MIT License. See LICENSE file for details.
|
|
3
|
-
/**
|
|
4
|
-
* Sandbox Utilities
|
|
5
|
-
*
|
|
6
|
-
* Environment sanitization for sandboxed shared sessions.
|
|
7
|
-
* Used by both PTY manager (terminal) and Claude invoker (prompts)
|
|
8
|
-
* to restrict shared users to the project directory.
|
|
9
|
-
*/
|
|
10
|
-
/** Env var prefixes that may contain secrets or grant access outside the project */
|
|
11
|
-
const BLOCKED_PREFIXES = [
|
|
12
|
-
'AWS_',
|
|
13
|
-
'GITHUB_',
|
|
14
|
-
'GH_',
|
|
15
|
-
'NPM_',
|
|
16
|
-
'DOCKER_',
|
|
17
|
-
'SSH_',
|
|
18
|
-
'GPG_',
|
|
19
|
-
'AZURE_',
|
|
20
|
-
'GCP_',
|
|
21
|
-
'GOOGLE_',
|
|
22
|
-
'OPENAI_',
|
|
23
|
-
'ANTHROPIC_',
|
|
24
|
-
'STRIPE_',
|
|
25
|
-
'TWILIO_',
|
|
26
|
-
'SENDGRID_',
|
|
27
|
-
'DATADOG_',
|
|
28
|
-
'SENTRY_',
|
|
29
|
-
'SLACK_',
|
|
30
|
-
'DISCORD_',
|
|
31
|
-
];
|
|
32
|
-
/** Specific env vars that may contain secrets or sensitive paths */
|
|
33
|
-
const BLOCKED_KEYS = new Set([
|
|
34
|
-
'HISTFILE',
|
|
35
|
-
'LESSHISTFILE',
|
|
36
|
-
'MYSQL_PWD',
|
|
37
|
-
'PGPASSWORD',
|
|
38
|
-
'PGPASSFILE',
|
|
39
|
-
'REDIS_URL',
|
|
40
|
-
'DATABASE_URL',
|
|
41
|
-
'MONGO_URI',
|
|
42
|
-
'MONGODB_URI',
|
|
43
|
-
'SECRET_KEY',
|
|
44
|
-
'API_KEY',
|
|
45
|
-
'API_SECRET',
|
|
46
|
-
'ACCESS_TOKEN',
|
|
47
|
-
'REFRESH_TOKEN',
|
|
48
|
-
'PRIVATE_KEY',
|
|
49
|
-
'JWT_SECRET',
|
|
50
|
-
]);
|
|
51
|
-
/**
|
|
52
|
-
* Create a sanitized environment for sandboxed execution.
|
|
53
|
-
* Strips sensitive env vars and sets HOME to the project directory.
|
|
54
|
-
*/
|
|
55
|
-
export function sanitizeEnvForSandbox(env, workingDir, options) {
|
|
56
|
-
const result = {};
|
|
57
|
-
for (const [key, value] of Object.entries(env)) {
|
|
58
|
-
if (!value)
|
|
59
|
-
continue;
|
|
60
|
-
if (BLOCKED_KEYS.has(key))
|
|
61
|
-
continue;
|
|
62
|
-
if (BLOCKED_PREFIXES.some(p => key.startsWith(p)))
|
|
63
|
-
continue;
|
|
64
|
-
result[key] = value;
|
|
65
|
-
}
|
|
66
|
-
// Override HOME to project directory so `cd ~` stays sandboxed (e.g. terminals).
|
|
67
|
-
// Claude Code processes opt out (overrideHome: false) to preserve OAuth auth lookup.
|
|
68
|
-
if (options?.overrideHome !== false) {
|
|
69
|
-
result.HOME = workingDir;
|
|
70
|
-
}
|
|
71
|
-
// Marker so scripts can detect sandboxed execution
|
|
72
|
-
result.MSTRO_SANDBOXED = '1';
|
|
73
|
-
return result;
|
|
74
|
-
}
|
|
75
|
-
//# sourceMappingURL=sandbox-utils.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox-utils.js","sourceRoot":"","sources":["../../../server/services/sandbox-utils.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAEhE;;;;;;GAMG;AAEH,oFAAoF;AACpF,MAAM,gBAAgB,GAAG;IACvB,MAAM;IACN,SAAS;IACT,KAAK;IACL,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,SAAS;IACT,SAAS;IACT,YAAY;IACZ,SAAS;IACT,SAAS;IACT,WAAW;IACX,UAAU;IACV,SAAS;IACT,QAAQ;IACR,UAAU;CACX,CAAC;AAEF,oEAAoE;AACpE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,UAAU;IACV,cAAc;IACd,WAAW;IACX,YAAY;IACZ,YAAY;IACZ,WAAW;IACX,cAAc;IACd,WAAW;IACX,aAAa;IACb,YAAY;IACZ,SAAS;IACT,YAAY;IACZ,cAAc;IACd,eAAe;IACf,aAAa;IACb,YAAY;CACb,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAsB,EACtB,UAAkB,EAClB,OAAoC;IAEpC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAAE,SAAS;QAC5D,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,iFAAiF;IACjF,qFAAqF;IACrF,IAAI,OAAO,EAAE,YAAY,KAAK,KAAK,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC;IAC3B,CAAC;IACD,mDAAmD;IACnD,MAAM,CAAC,eAAe,GAAG,GAAG,CAAC;IAE7B,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1,214 +0,0 @@
|
|
|
1
|
-
// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
|
|
2
|
-
// Licensed under the MIT License. See LICENSE file for details.
|
|
3
|
-
|
|
4
|
-
/**
|
|
5
|
-
* Sandbox Harness for Bouncer Testing
|
|
6
|
-
*
|
|
7
|
-
* Wraps command execution in Anthropic's sandbox-runtime (bubblewrap on Linux,
|
|
8
|
-
* sandbox-exec on macOS) to safely test what happens when the bouncer FAILS —
|
|
9
|
-
* i.e., when a malicious tool call gets through.
|
|
10
|
-
*
|
|
11
|
-
* Usage in tests:
|
|
12
|
-
* const harness = new BouncerSandboxHarness();
|
|
13
|
-
* await harness.initialize();
|
|
14
|
-
* const result = await harness.executeInSandbox('rm -rf /tmp/test-canary');
|
|
15
|
-
* expect(result.violations).toContain(...)
|
|
16
|
-
* await harness.cleanup();
|
|
17
|
-
*/
|
|
18
|
-
|
|
19
|
-
import { execSync } from 'node:child_process';
|
|
20
|
-
import { existsSync, mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
|
|
21
|
-
import { tmpdir } from 'node:os';
|
|
22
|
-
import { join } from 'node:path';
|
|
23
|
-
|
|
24
|
-
export interface SandboxExecResult {
|
|
25
|
-
/** The sandboxed command that was actually run */
|
|
26
|
-
wrappedCommand: string;
|
|
27
|
-
/** Whether sandbox-runtime is available on this platform */
|
|
28
|
-
sandboxAvailable: boolean;
|
|
29
|
-
/** Whether the sandbox contained the operation (no violations) */
|
|
30
|
-
contained: boolean;
|
|
31
|
-
/** List of violation descriptions if any escaped the sandbox */
|
|
32
|
-
violations: string[];
|
|
33
|
-
}
|
|
34
|
-
|
|
35
|
-
export interface CanaryCheckResult {
|
|
36
|
-
/** Whether the canary file still exists (should be true if sandbox contained the write) */
|
|
37
|
-
canaryIntact: boolean;
|
|
38
|
-
/** Whether a file was written outside the sandbox (should be false) */
|
|
39
|
-
escapeDetected: boolean;
|
|
40
|
-
}
|
|
41
|
-
|
|
42
|
-
/**
|
|
43
|
-
* Test harness that wraps command execution in sandbox-runtime.
|
|
44
|
-
* Provides canary files and violation tracking to verify containment.
|
|
45
|
-
*/
|
|
46
|
-
export class BouncerSandboxHarness {
|
|
47
|
-
private sandboxManager: Awaited<typeof import('@anthropic-ai/sandbox-runtime')>['SandboxManager'] | null = null;
|
|
48
|
-
private sandboxAvailable = false;
|
|
49
|
-
private tempDir: string;
|
|
50
|
-
private canaryDir: string;
|
|
51
|
-
|
|
52
|
-
constructor() {
|
|
53
|
-
this.tempDir = mkdtempSync(join(tmpdir(), 'bouncer-sandbox-'));
|
|
54
|
-
this.canaryDir = join(this.tempDir, 'canaries');
|
|
55
|
-
mkdirSync(this.canaryDir, { recursive: true });
|
|
56
|
-
}
|
|
57
|
-
|
|
58
|
-
/**
|
|
59
|
-
* Initialize the sandbox. Falls back gracefully if bwrap/sandbox-exec not available.
|
|
60
|
-
*/
|
|
61
|
-
async initialize(): Promise<{ available: boolean; reason?: string }> {
|
|
62
|
-
try {
|
|
63
|
-
const { SandboxManager } = await import('@anthropic-ai/sandbox-runtime');
|
|
64
|
-
|
|
65
|
-
if (!SandboxManager.isSupportedPlatform()) {
|
|
66
|
-
return { available: false, reason: 'Platform not supported by sandbox-runtime' };
|
|
67
|
-
}
|
|
68
|
-
|
|
69
|
-
const deps = SandboxManager.checkDependencies();
|
|
70
|
-
if (deps.errors.length > 0) {
|
|
71
|
-
return {
|
|
72
|
-
available: false,
|
|
73
|
-
reason: `Missing dependencies: ${deps.errors.join(', ')}`,
|
|
74
|
-
};
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
await SandboxManager.initialize({
|
|
78
|
-
network: {
|
|
79
|
-
allowedDomains: [], // Block ALL network access
|
|
80
|
-
deniedDomains: ['*'],
|
|
81
|
-
},
|
|
82
|
-
filesystem: {
|
|
83
|
-
denyRead: [
|
|
84
|
-
'/home/*/.ssh',
|
|
85
|
-
'/home/*/.aws',
|
|
86
|
-
'/home/*/.gnupg',
|
|
87
|
-
'/etc/shadow',
|
|
88
|
-
'/etc/passwd',
|
|
89
|
-
],
|
|
90
|
-
allowWrite: [this.tempDir], // Only allow writes to our temp dir
|
|
91
|
-
denyWrite: [
|
|
92
|
-
'/',
|
|
93
|
-
'/home',
|
|
94
|
-
'/etc',
|
|
95
|
-
'/usr',
|
|
96
|
-
'/var',
|
|
97
|
-
],
|
|
98
|
-
},
|
|
99
|
-
});
|
|
100
|
-
|
|
101
|
-
this.sandboxManager = SandboxManager;
|
|
102
|
-
this.sandboxAvailable = true;
|
|
103
|
-
return { available: true };
|
|
104
|
-
} catch (error: unknown) {
|
|
105
|
-
const msg = error instanceof Error ? error.message : String(error);
|
|
106
|
-
return { available: false, reason: `Failed to initialize sandbox: ${msg}` };
|
|
107
|
-
}
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
/**
|
|
111
|
-
* Execute a command inside the sandbox. Returns containment results.
|
|
112
|
-
* If sandbox is not available, validates the bouncer decision only (no actual execution).
|
|
113
|
-
*/
|
|
114
|
-
async executeInSandbox(command: string): Promise<SandboxExecResult> {
|
|
115
|
-
if (!this.sandboxAvailable || !this.sandboxManager) {
|
|
116
|
-
return {
|
|
117
|
-
wrappedCommand: command,
|
|
118
|
-
sandboxAvailable: false,
|
|
119
|
-
contained: true,
|
|
120
|
-
violations: ['Sandbox not available — decision-only testing mode'],
|
|
121
|
-
};
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
const violations: string[] = [];
|
|
125
|
-
try {
|
|
126
|
-
const wrappedCommand = await this.sandboxManager.wrapWithSandbox(command);
|
|
127
|
-
|
|
128
|
-
// Execute the wrapped command and capture violations
|
|
129
|
-
try {
|
|
130
|
-
execSync(wrappedCommand, {
|
|
131
|
-
timeout: 5000,
|
|
132
|
-
stdio: 'pipe',
|
|
133
|
-
cwd: this.tempDir,
|
|
134
|
-
});
|
|
135
|
-
} catch {
|
|
136
|
-
// Command failure inside sandbox is expected for malicious ops
|
|
137
|
-
}
|
|
138
|
-
|
|
139
|
-
// Check violation store
|
|
140
|
-
const stderr = this.sandboxManager.annotateStderrWithSandboxFailures(command, '');
|
|
141
|
-
if (stderr) {
|
|
142
|
-
violations.push(stderr);
|
|
143
|
-
}
|
|
144
|
-
|
|
145
|
-
this.sandboxManager.cleanupAfterCommand();
|
|
146
|
-
|
|
147
|
-
return {
|
|
148
|
-
wrappedCommand,
|
|
149
|
-
sandboxAvailable: true,
|
|
150
|
-
contained: violations.length === 0,
|
|
151
|
-
violations,
|
|
152
|
-
};
|
|
153
|
-
} catch (error: unknown) {
|
|
154
|
-
const msg = error instanceof Error ? error.message : String(error);
|
|
155
|
-
violations.push(`Sandbox execution error: ${msg}`);
|
|
156
|
-
return {
|
|
157
|
-
wrappedCommand: command,
|
|
158
|
-
sandboxAvailable: true,
|
|
159
|
-
contained: true, // Error means the command didn't execute
|
|
160
|
-
violations,
|
|
161
|
-
};
|
|
162
|
-
}
|
|
163
|
-
}
|
|
164
|
-
|
|
165
|
-
/**
|
|
166
|
-
* Place a canary file and return a checker to verify containment.
|
|
167
|
-
* If a sandboxed command can delete or modify the canary, containment failed.
|
|
168
|
-
*/
|
|
169
|
-
placeCanary(name: string): { path: string; check: () => CanaryCheckResult } {
|
|
170
|
-
const canaryPath = join(this.canaryDir, name);
|
|
171
|
-
const escapePath = join(this.canaryDir, `${name}.escaped`);
|
|
172
|
-
writeFileSync(canaryPath, `canary-${Date.now()}`, 'utf-8');
|
|
173
|
-
|
|
174
|
-
return {
|
|
175
|
-
path: canaryPath,
|
|
176
|
-
check: () => ({
|
|
177
|
-
canaryIntact: existsSync(canaryPath),
|
|
178
|
-
escapeDetected: existsSync(escapePath),
|
|
179
|
-
}),
|
|
180
|
-
};
|
|
181
|
-
}
|
|
182
|
-
|
|
183
|
-
/**
|
|
184
|
-
* Get the temp directory where sandboxed commands can write.
|
|
185
|
-
*/
|
|
186
|
-
getSandboxWriteDir(): string {
|
|
187
|
-
return this.tempDir;
|
|
188
|
-
}
|
|
189
|
-
|
|
190
|
-
/**
|
|
191
|
-
* Whether the sandbox is actually available and initialized.
|
|
192
|
-
*/
|
|
193
|
-
isAvailable(): boolean {
|
|
194
|
-
return this.sandboxAvailable;
|
|
195
|
-
}
|
|
196
|
-
|
|
197
|
-
/**
|
|
198
|
-
* Clean up temp dirs and reset sandbox state.
|
|
199
|
-
*/
|
|
200
|
-
async cleanup(): Promise<void> {
|
|
201
|
-
try {
|
|
202
|
-
if (this.sandboxManager) {
|
|
203
|
-
await this.sandboxManager.reset();
|
|
204
|
-
}
|
|
205
|
-
} catch {
|
|
206
|
-
// Ignore cleanup errors
|
|
207
|
-
}
|
|
208
|
-
try {
|
|
209
|
-
rmSync(this.tempDir, { recursive: true, force: true });
|
|
210
|
-
} catch {
|
|
211
|
-
// Ignore cleanup errors
|
|
212
|
-
}
|
|
213
|
-
}
|
|
214
|
-
}
|
|
@@ -1,134 +0,0 @@
|
|
|
1
|
-
// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
|
|
2
|
-
// Licensed under the MIT License. See LICENSE file for details.
|
|
3
|
-
|
|
4
|
-
/**
|
|
5
|
-
* Credentials Service
|
|
6
|
-
*
|
|
7
|
-
* Manages persistent authentication credentials stored in ~/.mstro/credentials.json
|
|
8
|
-
*
|
|
9
|
-
* Structure:
|
|
10
|
-
* {
|
|
11
|
-
* "token": "device-token-here",
|
|
12
|
-
* "userId": "user-uuid",
|
|
13
|
-
* "email": "user@example.com",
|
|
14
|
-
* "name": "User Name",
|
|
15
|
-
* "deviceId": "device-uuid",
|
|
16
|
-
* "clientId": "client-uuid",
|
|
17
|
-
* "createdAt": "2024-01-01T00:00:00.000Z",
|
|
18
|
-
* "lastRefreshedAt": "2024-01-01T00:00:00.000Z"
|
|
19
|
-
* }
|
|
20
|
-
*/
|
|
21
|
-
|
|
22
|
-
import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs'
|
|
23
|
-
import { homedir } from 'node:os'
|
|
24
|
-
import { join } from 'node:path'
|
|
25
|
-
|
|
26
|
-
const MSTRO_DIR = join(homedir(), '.mstro')
|
|
27
|
-
const CREDENTIALS_FILE = join(MSTRO_DIR, 'credentials.json')
|
|
28
|
-
|
|
29
|
-
export interface Credentials {
|
|
30
|
-
token: string
|
|
31
|
-
userId: string
|
|
32
|
-
email: string
|
|
33
|
-
name?: string
|
|
34
|
-
deviceId?: string
|
|
35
|
-
clientId: string
|
|
36
|
-
createdAt: string
|
|
37
|
-
lastRefreshedAt?: string
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
/**
|
|
41
|
-
* Ensure the ~/.mstro directory exists
|
|
42
|
-
*/
|
|
43
|
-
function ensureMstroDir(): void {
|
|
44
|
-
if (!existsSync(MSTRO_DIR)) {
|
|
45
|
-
mkdirSync(MSTRO_DIR, { recursive: true, mode: 0o700 })
|
|
46
|
-
}
|
|
47
|
-
}
|
|
48
|
-
|
|
49
|
-
/**
|
|
50
|
-
* Get stored credentials, or null if not logged in
|
|
51
|
-
*/
|
|
52
|
-
export function getCredentials(): Credentials | null {
|
|
53
|
-
if (!existsSync(CREDENTIALS_FILE)) {
|
|
54
|
-
return null
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
try {
|
|
58
|
-
const content = readFileSync(CREDENTIALS_FILE, 'utf-8')
|
|
59
|
-
const credentials = JSON.parse(content) as Credentials
|
|
60
|
-
|
|
61
|
-
// Validate required fields
|
|
62
|
-
if (!credentials.token || !credentials.userId || !credentials.email || !credentials.clientId) {
|
|
63
|
-
console.warn('Invalid credentials file, missing required fields')
|
|
64
|
-
return null
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
return credentials
|
|
68
|
-
} catch (err) {
|
|
69
|
-
console.warn('Failed to read credentials file:', err)
|
|
70
|
-
return null
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
/**
|
|
75
|
-
* Save credentials after successful login
|
|
76
|
-
*/
|
|
77
|
-
export function saveCredentials(credentials: Credentials): void {
|
|
78
|
-
ensureMstroDir()
|
|
79
|
-
writeFileSync(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2), {
|
|
80
|
-
mode: 0o600 // Read/write for owner only
|
|
81
|
-
})
|
|
82
|
-
}
|
|
83
|
-
|
|
84
|
-
/**
|
|
85
|
-
* Update the token (used during refresh)
|
|
86
|
-
*/
|
|
87
|
-
export function updateToken(newToken: string): void {
|
|
88
|
-
const credentials = getCredentials()
|
|
89
|
-
if (!credentials) {
|
|
90
|
-
throw new Error('No credentials to update')
|
|
91
|
-
}
|
|
92
|
-
|
|
93
|
-
credentials.token = newToken
|
|
94
|
-
credentials.lastRefreshedAt = new Date().toISOString()
|
|
95
|
-
saveCredentials(credentials)
|
|
96
|
-
}
|
|
97
|
-
|
|
98
|
-
/**
|
|
99
|
-
* Delete credentials (logout)
|
|
100
|
-
*/
|
|
101
|
-
export function deleteCredentials(): boolean {
|
|
102
|
-
if (!existsSync(CREDENTIALS_FILE)) {
|
|
103
|
-
return false
|
|
104
|
-
}
|
|
105
|
-
|
|
106
|
-
try {
|
|
107
|
-
unlinkSync(CREDENTIALS_FILE)
|
|
108
|
-
return true
|
|
109
|
-
} catch (err) {
|
|
110
|
-
console.error('Failed to delete credentials:', err)
|
|
111
|
-
return false
|
|
112
|
-
}
|
|
113
|
-
}
|
|
114
|
-
|
|
115
|
-
/**
|
|
116
|
-
* Check if user is logged in
|
|
117
|
-
*/
|
|
118
|
-
export function isLoggedIn(): boolean {
|
|
119
|
-
return getCredentials() !== null
|
|
120
|
-
}
|
|
121
|
-
|
|
122
|
-
/**
|
|
123
|
-
* Get the credentials file path (for display)
|
|
124
|
-
*/
|
|
125
|
-
export function getCredentialsPath(): string {
|
|
126
|
-
return CREDENTIALS_FILE
|
|
127
|
-
}
|
|
128
|
-
|
|
129
|
-
/**
|
|
130
|
-
* Get the mstro directory path
|
|
131
|
-
*/
|
|
132
|
-
export function getMstroDir(): string {
|
|
133
|
-
return MSTRO_DIR
|
|
134
|
-
}
|
|
@@ -1,82 +0,0 @@
|
|
|
1
|
-
// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
|
|
2
|
-
// Licensed under the MIT License. See LICENSE file for details.
|
|
3
|
-
|
|
4
|
-
/**
|
|
5
|
-
* Sandbox Utilities
|
|
6
|
-
*
|
|
7
|
-
* Environment sanitization for sandboxed shared sessions.
|
|
8
|
-
* Used by both PTY manager (terminal) and Claude invoker (prompts)
|
|
9
|
-
* to restrict shared users to the project directory.
|
|
10
|
-
*/
|
|
11
|
-
|
|
12
|
-
/** Env var prefixes that may contain secrets or grant access outside the project */
|
|
13
|
-
const BLOCKED_PREFIXES = [
|
|
14
|
-
'AWS_',
|
|
15
|
-
'GITHUB_',
|
|
16
|
-
'GH_',
|
|
17
|
-
'NPM_',
|
|
18
|
-
'DOCKER_',
|
|
19
|
-
'SSH_',
|
|
20
|
-
'GPG_',
|
|
21
|
-
'AZURE_',
|
|
22
|
-
'GCP_',
|
|
23
|
-
'GOOGLE_',
|
|
24
|
-
'OPENAI_',
|
|
25
|
-
'ANTHROPIC_',
|
|
26
|
-
'STRIPE_',
|
|
27
|
-
'TWILIO_',
|
|
28
|
-
'SENDGRID_',
|
|
29
|
-
'DATADOG_',
|
|
30
|
-
'SENTRY_',
|
|
31
|
-
'SLACK_',
|
|
32
|
-
'DISCORD_',
|
|
33
|
-
];
|
|
34
|
-
|
|
35
|
-
/** Specific env vars that may contain secrets or sensitive paths */
|
|
36
|
-
const BLOCKED_KEYS = new Set([
|
|
37
|
-
'HISTFILE',
|
|
38
|
-
'LESSHISTFILE',
|
|
39
|
-
'MYSQL_PWD',
|
|
40
|
-
'PGPASSWORD',
|
|
41
|
-
'PGPASSFILE',
|
|
42
|
-
'REDIS_URL',
|
|
43
|
-
'DATABASE_URL',
|
|
44
|
-
'MONGO_URI',
|
|
45
|
-
'MONGODB_URI',
|
|
46
|
-
'SECRET_KEY',
|
|
47
|
-
'API_KEY',
|
|
48
|
-
'API_SECRET',
|
|
49
|
-
'ACCESS_TOKEN',
|
|
50
|
-
'REFRESH_TOKEN',
|
|
51
|
-
'PRIVATE_KEY',
|
|
52
|
-
'JWT_SECRET',
|
|
53
|
-
]);
|
|
54
|
-
|
|
55
|
-
/**
|
|
56
|
-
* Create a sanitized environment for sandboxed execution.
|
|
57
|
-
* Strips sensitive env vars and sets HOME to the project directory.
|
|
58
|
-
*/
|
|
59
|
-
export function sanitizeEnvForSandbox(
|
|
60
|
-
env: NodeJS.ProcessEnv,
|
|
61
|
-
workingDir: string,
|
|
62
|
-
options?: { overrideHome?: boolean }
|
|
63
|
-
): Record<string, string> {
|
|
64
|
-
const result: Record<string, string> = {};
|
|
65
|
-
|
|
66
|
-
for (const [key, value] of Object.entries(env)) {
|
|
67
|
-
if (!value) continue;
|
|
68
|
-
if (BLOCKED_KEYS.has(key)) continue;
|
|
69
|
-
if (BLOCKED_PREFIXES.some(p => key.startsWith(p))) continue;
|
|
70
|
-
result[key] = value;
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
// Override HOME to project directory so `cd ~` stays sandboxed (e.g. terminals).
|
|
74
|
-
// Claude Code processes opt out (overrideHome: false) to preserve OAuth auth lookup.
|
|
75
|
-
if (options?.overrideHome !== false) {
|
|
76
|
-
result.HOME = workingDir;
|
|
77
|
-
}
|
|
78
|
-
// Marker so scripts can detect sandboxed execution
|
|
79
|
-
result.MSTRO_SANDBOXED = '1';
|
|
80
|
-
|
|
81
|
-
return result;
|
|
82
|
-
}
|