orquesta-agent 0.2.124 → 0.2.125

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/executor.d.ts +2 -1
  2. package/dist/executor.d.ts.map +1 -1
  3. package/dist/executor.js +83 -10
  4. package/dist/executor.js.map +1 -1
  5. package/dist/index.js +12 -6
  6. package/dist/index.js.map +1 -1
  7. package/dist/sandbox.d.ts +32 -0
  8. package/dist/sandbox.d.ts.map +1 -1
  9. package/dist/sandbox.js +98 -6
  10. package/dist/sandbox.js.map +1 -1
  11. package/dist/supabase.d.ts +2 -1
  12. package/dist/supabase.d.ts.map +1 -1
  13. package/dist/supabase.js +1 -1
  14. package/dist/supabase.js.map +1 -1
  15. package/package.json +1 -1
package/dist/executor.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import type { BroadcastChannel } from './ws-client.js';
2
+ import { type SandboxMode } from './sandbox.js';
2
3
  export declare function setInjectedCredentials(credentials: Record<string, string>): void;
3
4
  export declare function getInjectedCredentials(): Record<string, string>;
4
5
  export type PermissionMode = 'auto' | 'supervised';
@@ -45,7 +46,7 @@ export interface AuthConfig {
45
46
  }
46
47
  export declare function configureAuth(config: AuthConfig): void;
47
48
  export declare function setPermissionMode(mode: PermissionMode): void;
48
- export declare function setSandboxConfig(enabled: boolean, extraPaths?: string[]): void;
49
+ export declare function setSandboxConfig(enabled: boolean, extraPaths?: string[], mode?: SandboxMode): void;
49
50
  /** Reported to the dashboard so the UI can show Active / Unavailable / Off. */
50
51
  export declare function getSandboxStatus(): 'active' | 'unavailable' | 'off';
51
52
  export type CliPreference = 'auto' | 'orquesta' | 'claude';
package/dist/executor.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AA0OtD,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAEhF;AAGD,wBAAgB,sBAAsB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAE/D;AAGD,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,YAAY,CAAA;AAOlD,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB;AAID,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAMtE;AAGD,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,GAAG,IAAI,CAIlE;AA+DD,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,OAAO,EAAE,gBAAgB,CAAA;IACzB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,WAAW,CAAC,EAAE,UAAU,EAAE,CAAA;IAC1B;;;;;OAKG;IACH,SAAS,CAAC,EAAE,UAAU,GAAG,QAAQ,CAAA;CAClC;AAWD,MAAM,WAAW,UAAU;IACzB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,iBAAiB,CAAC,EAAE;QAClB,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,SAAS,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAGD,wBAAgB,aAAa,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAgBtD;AAGD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,cAAc,GAAG,IAAI,CAG5D;AASD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,GAAE,MAAM,EAAO,GAAG,IAAI,CASlF;AAiBD,+EAA+E;AAC/E,wBAAgB,gBAAgB,IAAI,QAAQ,GAAG,aAAa,GAAG,KAAK,CAGnE;AAwBD,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,UAAU,GAAG,QAAQ,CAAA;AAI1D,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,aAAa,GAAG,IAAI,CAGhE;AAWD,wBAAgB,sBAAsB,IAAI,OAAO,CAYhD;AAED,wBAAgB,oBAAoB,IAAI,OAAO,CAY9C;AAGD,wBAAgB,SAAS,IAAI;IAAE,GAAG,EAAE,UAAU,GAAG,QAAQ,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAoCjF;AAGD,wBAAgB,eAAe,IAAI;IAAE,aAAa,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAgDvG;AAgBD,wBAAsB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBtG;AAED,wBAAsB,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAa9D;AAED,wBAAsB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBxF;AAifD,wBAAgB,iBAAiB,IAAI,MAAM,GAAG,IAAI,CAA2B;AAwI7E,wBAAsB,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAk1BpE;AA0CD,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAQtG;AAED,wBAAgB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAwC1C;AAED,wBAAgB,SAAS,IAAI,IAAI,CAOhC;AAED,wBAAgB,mBAAmB,IAAI,OAAO,CAE7C;AAMD,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,cAAc,CAAA;IAC9D,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,eAAe,EAAE,UAAU,GAAG,WAAW,CAAA;IACzC,aAAa,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAA;CACzC;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,OAAO,EAAE,gBAAgB,CAAA;CAC1B;AAED;;;GAGG;AACH,wBAAsB,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAyLtE;AASD;;GAEG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAiBzD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAiB1D;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAenE;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAE5C;AAMD,MAAM,WAAW,wBAAwB;IACvC,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,OAAO,EAAE,gBAAgB,CAAA;IACzB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8GxF;AAmND,qFAAqF;AACrF,wBAAgB,iBAAiB,CAAC,EAAE,EAAE,MAAM,IAAI,GAAG,IAAI,CAEtD;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAA;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,OAAO,EAAE,gBAAgB,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,CA+OjF;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,UAAQ,EAAE,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,OAAO,CA8CnH;AAwED;;GAEG;AACH,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAgDrD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAUpF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,OAAO,CAE1C;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,GAAG,IAAI,CAElD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CAUxI;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAcvC"}
1
+ {"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AA2BtD,OAAO,EAAwE,KAAK,WAAW,EAAE,MAAM,cAAc,CAAA;AA+MrH,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAEhF;AAGD,wBAAgB,sBAAsB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAE/D;AAGD,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,YAAY,CAAA;AAOlD,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB;AAID,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAMtE;AAGD,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,GAAG,IAAI,CAIlE;AA+DD,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,OAAO,EAAE,gBAAgB,CAAA;IACzB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,WAAW,CAAC,EAAE,UAAU,EAAE,CAAA;IAC1B;;;;;OAKG;IACH,SAAS,CAAC,EAAE,UAAU,GAAG,QAAQ,CAAA;CAClC;AAWD,MAAM,WAAW,UAAU;IACzB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,iBAAiB,CAAC,EAAE;QAClB,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,SAAS,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAGD,wBAAgB,aAAa,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAgBtD;AAGD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,cAAc,GAAG,IAAI,CAG5D;AAUD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,GAAE,MAAM,EAAO,EAAE,IAAI,GAAE,WAAwB,GAAG,IAAI,CAUlH;AAmCD,+EAA+E;AAC/E,wBAAgB,gBAAgB,IAAI,QAAQ,GAAG,aAAa,GAAG,KAAK,CAGnE;AAsED,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,UAAU,GAAG,QAAQ,CAAA;AAI1D,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,aAAa,GAAG,IAAI,CAGhE;AAWD,wBAAgB,sBAAsB,IAAI,OAAO,CAYhD;AAED,wBAAgB,oBAAoB,IAAI,OAAO,CAY9C;AAGD,wBAAgB,SAAS,IAAI;IAAE,GAAG,EAAE,UAAU,GAAG,QAAQ,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAoCjF;AAGD,wBAAgB,eAAe,IAAI;IAAE,aAAa,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAgDvG;AAgBD,wBAAsB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBtG;AAED,wBAAsB,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAa9D;AAED,wBAAsB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBxF;AAifD,wBAAgB,iBAAiB,IAAI,MAAM,GAAG,IAAI,CAA2B;AAwI7E,wBAAsB,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAk1BpE;AA0CD,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAQtG;AAED,wBAAgB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAwC1C;AAED,wBAAgB,SAAS,IAAI,IAAI,CAOhC;AAED,wBAAgB,mBAAmB,IAAI,OAAO,CAE7C;AAMD,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,cAAc,CAAA;IAC9D,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,eAAe,EAAE,UAAU,GAAG,WAAW,CAAA;IACzC,aAAa,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAA;CACzC;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,OAAO,EAAE,gBAAgB,CAAA;CAC1B;AAED;;;GAGG;AACH,wBAAsB,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAyLtE;AASD;;GAEG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAiBzD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAiB1D;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAenE;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAE5C;AAMD,MAAM,WAAW,wBAAwB;IACvC,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,OAAO,EAAE,gBAAgB,CAAA;IACzB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8GxF;AAmND,qFAAqF;AACrF,wBAAgB,iBAAiB,CAAC,EAAE,EAAE,MAAM,IAAI,GAAG,IAAI,CAEtD;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAA;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,OAAO,EAAE,gBAAgB,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,CAiPjF;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,UAAQ,EAAE,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,OAAO,CA8CnH;AAwED;;GAEG;AACH,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAgDrD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAUpF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,OAAO,CAE1C;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,GAAG,IAAI,CAElD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CAUxI;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAcvC"}
package/dist/executor.js CHANGED
@@ -17,7 +17,7 @@ import * as fs from 'fs';
17
17
  import * as path from 'path';
18
18
  import * as os from 'os';
19
19
  import * as logger from './logger.js';
20
- import { isSandboxAvailable, buildBwrapArgs, shQuote } from './sandbox.js';
20
+ import { isSandboxAvailable, buildBwrapArgs, shQuote, ensureStrictProjectDirs } from './sandbox.js';
21
21
  import { parseCoordSpec, runCoordination } from './coordination.js';
22
22
  import { sendOutput, sendComplete, sendError, sendSupervisionRequest, sendExecutionResumed, updatePromptStatus, persistOutputLogs, clearOutputBuffer, sendRequirement, persistRequirement, sendQAInstructions, persistQAInstructions, sendPlanItemsGenerated, sendSessionOutput, sendSessionStarted, sendSessionEnded, sendSessionError } from './supabase.js';
23
23
  import { createThinkingLog, createToolCallLog, createToolResultLog, createOutputLog, createErrorLog, createSystemLog, } from './types/agent-logs.js';
@@ -307,19 +307,42 @@ export function setPermissionMode(mode) {
307
307
  // to its working directory for writes; the rest of the host is read-only.
308
308
  let globalSandbox = false;
309
309
  let globalSandboxExtraPaths = [];
310
+ let globalSandboxMode = 'standard';
310
311
  let sandboxUnavailableWarned = false;
311
312
  // Set global sandbox config
312
- export function setSandboxConfig(enabled, extraPaths = []) {
313
+ export function setSandboxConfig(enabled, extraPaths = [], mode = 'standard') {
313
314
  globalSandbox = enabled;
314
315
  globalSandboxExtraPaths = Array.isArray(extraPaths) ? extraPaths : [];
316
+ globalSandboxMode = mode === 'strict' ? 'strict' : 'standard';
315
317
  if (enabled) {
316
- logger.info(`Sandbox enabled${globalSandboxExtraPaths.length ? ` (extra rw: ${globalSandboxExtraPaths.join(', ')})` : ''}`);
318
+ logger.info(`Sandbox enabled [${globalSandboxMode}]${globalSandboxExtraPaths.length ? ` (extra rw: ${globalSandboxExtraPaths.join(', ')})` : ''}`);
317
319
  }
318
320
  else {
319
321
  logger.info('Sandbox disabled');
320
322
  }
321
323
  sandboxUnavailableWarned = false;
322
324
  }
325
+ // Absolute paths to the toolchain binaries the spawned CLI needs (node + the
326
+ // CLIs). In strict mode buildBwrapArgs re-binds whatever home subtree holds
327
+ // these so the sandboxed process can still run them. Resolved once and cached.
328
+ let cachedToolchainPaths = null;
329
+ function toolchainPaths() {
330
+ if (cachedToolchainPaths)
331
+ return cachedToolchainPaths;
332
+ const paths = new Set();
333
+ if (process.execPath)
334
+ paths.add(process.execPath); // node running this agent
335
+ for (const bin of ['node', 'claude', 'orquesta']) {
336
+ try {
337
+ const p = execSync(`command -v ${bin} 2>/dev/null || true`, { encoding: 'utf-8', timeout: 5000 }).trim();
338
+ if (p)
339
+ paths.add(p);
340
+ }
341
+ catch { /* ignore */ }
342
+ }
343
+ cachedToolchainPaths = Array.from(paths);
344
+ return cachedToolchainPaths;
345
+ }
323
346
  /**
324
347
  * Whether the sandbox should actually wrap spawns right now: enabled by config
325
348
  * AND bwrap usable on this host. Logs a one-time warning (per config change)
@@ -349,9 +372,51 @@ export function getSandboxStatus() {
349
372
  function sandboxArgv(file, args, cwd) {
350
373
  if (!sandboxActive())
351
374
  return { file, args };
352
- const bwrap = buildBwrapArgs({ workingDir: cwd, extraWritablePaths: globalSandboxExtraPaths });
375
+ ensureStrictProjectDirs(cwd, globalSandboxMode);
376
+ const bwrap = buildBwrapArgs({
377
+ workingDir: cwd,
378
+ extraWritablePaths: globalSandboxExtraPaths,
379
+ mode: globalSandboxMode,
380
+ toolchainPaths: toolchainPaths(),
381
+ });
353
382
  return { file: 'bwrap', args: [...bwrap, file, ...args] };
354
383
  }
384
+ /**
385
+ * Env for a sandboxed spawn. In strict mode, start from a minimal allowlist
386
+ * instead of inheriting the agent's full env, so a prompt-injected
387
+ * `echo $SOME_SECRET` finds nothing beyond what THIS project legitimately needs
388
+ * (the agent's deliberately-injected credentials + toolchain/locale basics).
389
+ * Returns `env` unchanged outside strict mode. `intentionalKeys` are env keys
390
+ * the caller set on purpose (injected creds, ANTHROPIC_API_KEY, ORQUESTA_*) and
391
+ * are always kept.
392
+ */
393
+ function sandboxEnv(env, intentionalKeys = []) {
394
+ if (!sandboxActive() || globalSandboxMode !== 'strict')
395
+ return env;
396
+ const allowExact = new Set([
397
+ 'PATH', 'HOME', 'USER', 'LOGNAME', 'SHELL', 'PWD', 'OLDPWD', 'HOSTNAME',
398
+ 'LANG', 'LANGUAGE', 'TERM', 'TZ', 'TMPDIR', 'COLORTERM',
399
+ 'NVM_DIR', 'NVM_BIN', 'NODE_PATH', 'NPM_CONFIG_PREFIX',
400
+ 'XDG_CONFIG_HOME', 'XDG_CACHE_HOME', 'XDG_DATA_HOME', 'XDG_RUNTIME_DIR',
401
+ // Claude/Anthropic auth the spawned CLI needs to function.
402
+ 'CLAUDE_CODE_OAUTH_TOKEN', 'ANTHROPIC_API_KEY', 'ANTHROPIC_BASE_URL', 'ANTHROPIC_MODEL',
403
+ 'CI', 'GIT_TERMINAL_PROMPT', 'ORQUESTA_PROMPT_ID',
404
+ ]);
405
+ const allowPrefix = ['ORQUESTA_', 'LC_'];
406
+ const keep = new Set(intentionalKeys);
407
+ const injectedKeys = Object.keys(injectedCredentials);
408
+ for (const k of injectedKeys)
409
+ keep.add(k);
410
+ const out = {};
411
+ for (const [k, v] of Object.entries(env)) {
412
+ if (v === undefined)
413
+ continue;
414
+ if (allowExact.has(k) || keep.has(k) || allowPrefix.some(p => k.startsWith(p))) {
415
+ out[k] = v;
416
+ }
417
+ }
418
+ return out;
419
+ }
355
420
  /**
356
421
  * Prefix a shell command string with the bwrap invocation when the sandbox is
357
422
  * active (for the execSync `script -q -c "…" /dev/null` call sites). Returns ''
@@ -360,7 +425,13 @@ function sandboxArgv(file, args, cwd) {
360
425
  function sandboxShellPrefix(cwd) {
361
426
  if (!sandboxActive())
362
427
  return '';
363
- const bwrap = buildBwrapArgs({ workingDir: cwd, extraWritablePaths: globalSandboxExtraPaths });
428
+ ensureStrictProjectDirs(cwd, globalSandboxMode);
429
+ const bwrap = buildBwrapArgs({
430
+ workingDir: cwd,
431
+ extraWritablePaths: globalSandboxExtraPaths,
432
+ mode: globalSandboxMode,
433
+ toolchainPaths: toolchainPaths(),
434
+ });
364
435
  return `bwrap ${bwrap.map(shQuote).join(' ')} `;
365
436
  }
366
437
  let globalCliPreference = 'auto';
@@ -1355,7 +1426,7 @@ ${userRequestBody}`;
1355
1426
  }
1356
1427
  claude = spawn(spawnFile, spawnArgs, {
1357
1428
  cwd,
1358
- env,
1429
+ env: sandboxEnv(env),
1359
1430
  stdio: ['pipe', 'pipe', 'pipe'],
1360
1431
  });
1361
1432
  }
@@ -2078,7 +2149,7 @@ Return ONLY valid JSON in this exact format (no markdown, no explanation):
2078
2149
  try {
2079
2150
  const output = execSync(`${sandboxShellPrefix(cwd)}script -q -c "${command.replace(/"/g, '\\"')}" /dev/null`, {
2080
2151
  cwd,
2081
- env,
2152
+ env: sandboxEnv(env),
2082
2153
  timeout: 60000, // 60 second timeout for evaluation
2083
2154
  maxBuffer: 1024 * 1024, // 1MB buffer
2084
2155
  encoding: 'utf-8',
@@ -2292,7 +2363,7 @@ export async function generatePlanItems(options) {
2292
2363
  try {
2293
2364
  const output = execSync(`${sandboxShellPrefix(cwd)}script -q -c "${command.replace(/"/g, '\\"')}" /dev/null`, {
2294
2365
  cwd,
2295
- env,
2366
+ env: sandboxEnv(env),
2296
2367
  timeout: 120000, // 2 minute timeout for generation
2297
2368
  maxBuffer: 1024 * 1024, // 1MB buffer
2298
2369
  encoding: 'utf-8',
@@ -2575,9 +2646,11 @@ export async function startSession(options) {
2575
2646
  const { cli: selectedCli } = selectCli();
2576
2647
  const cliCommand = selectedCli || 'claude';
2577
2648
  logger.info(`Interactive session CLI: ${cliCommand}`);
2578
- // Filter undefined env values — node-pty requires Record<string, string>
2649
+ // Filter undefined env values — node-pty requires Record<string, string>.
2650
+ // In strict sandbox mode, sandboxEnv() first reduces to the allowlist so the
2651
+ // interactive CLI can't read unrelated host secrets from its own env.
2579
2652
  const ptyEnv = {};
2580
- for (const [key, val] of Object.entries(env)) {
2653
+ for (const [key, val] of Object.entries(sandboxEnv(env))) {
2581
2654
  if (val !== undefined)
2582
2655
  ptyEnv[key] = val;
2583
2656
  }