sandboxbox 2.5.5 → 3.0.1

package/utils/sandbox.js

@@ -0,0 +1,106 @@
+import { mkdtempSync, rmSync, cpSync, existsSync, mkdirSync } from 'fs';
+import { tmpdir, homedir } from 'os';
+import { join } from 'path';
+import { spawn, execSync } from 'child_process';
+
+export function createSandbox(projectDir) {
+  const sandboxDir = mkdtempSync(join(tmpdir(), 'sandboxbox-'));
+  const workspaceDir = join(sandboxDir, 'workspace');
+
+  if (projectDir && existsSync(projectDir)) {
+    const isGitRepo = existsSync(join(projectDir, '.git'));
+
+    if (isGitRepo) {
+      execSync(`git clone "${projectDir}" "${workspaceDir}"`, {
+        stdio: 'pipe',
+        shell: true,
+        windowsHide: true
+      });
+    } else {
+      cpSync(projectDir, workspaceDir, {
+        recursive: true,
+        filter: (src) => !src.includes('node_modules')
+      });
+    }
+  }
+
+  const claudeDir = join(sandboxDir, '.claude');
+  const hostClaudeDir = join(homedir(), '.claude');
+
+  if (existsSync(hostClaudeDir)) {
+    try {
+      cpSync(hostClaudeDir, claudeDir, {
+        recursive: true,
+        filter: (src) => {
+          return !src.includes('shell-snapshots') &&
+                 !src.includes('logs') &&
+                 !src.includes('debug') &&
+                 !src.includes('.log');
+        }
+      });
+    } catch (e) {
+      console.error('Warning: Failed to copy Claude config:', e.message);
+    }
+  } else {
+    mkdirSync(claudeDir, { recursive: true });
+  }
+
+  const playwrightDir = join(sandboxDir, '.playwright');
+  mkdirSync(playwrightDir, { recursive: true });
+
+  const cleanup = () => {
+    try {
+      rmSync(sandboxDir, { recursive: true, force: true });
+    } catch (e) {
+      console.error('Cleanup failed:', e.message);
+    }
+  };
+
+  return { sandboxDir, cleanup };
+}
+
+export function createSandboxEnv(sandboxDir, options = {}) {
+  const hostHome = homedir();
+
+  const env = {
+    PATH: process.env.PATH,
+    HOME: sandboxDir,
+    USERPROFILE: sandboxDir,
+    TMPDIR: join(sandboxDir, 'tmp'),
+    TEMP: join(sandboxDir, 'tmp'),
+    TMP: join(sandboxDir, 'tmp'),
+    PLAYWRIGHT_BROWSERS_PATH: join(sandboxDir, 'browsers'),
+    PLAYWRIGHT_STORAGE_STATE: join(sandboxDir, '.playwright', 'storage-state.json'),
+    ANTHROPIC_AUTH_TOKEN: process.env.ANTHROPIC_AUTH_TOKEN,
+    CLAUDECODE: '1',
+    NPM_CONFIG_CACHE: process.env.NPM_CONFIG_CACHE || join(hostHome, '.npm'),
+    npm_config_cache: process.env.npm_config_cache || join(hostHome, '.npm'),
+    ...options
+  };
+
+  return env;
+}
+
+export function runInSandbox(commandStr, args, sandboxDir, env) {
+  return new Promise((resolve, reject) => {
+    const fullCommand = args.length > 0 ? `${commandStr} ${args.join(' ')}` : commandStr;
+
+    const proc = spawn(fullCommand, [], {
+      cwd: join(sandboxDir, 'workspace'),
+      env,
+      stdio: 'inherit',
+      shell: true,
+      windowsHide: false
+    });
+
+    proc.on('close', (code) => {
+      if (code === 0) {
+        resolve();
+      } else {
+        reject(new Error(`Process exited with code ${code}`));
+      }
+    });
+
+    proc.on('error', reject);
+  });
+}

package/scripts/download-podman.js

@@ -1,103 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Auto-download Podman portable binaries
- * Similar to how sqlite/playwright auto-downloads platform-specific binaries
- */
-
-import { existsSync, mkdirSync, chmodSync, unlinkSync } from 'fs';
-import { join, dirname } from 'path';
-import { fileURLToPath } from 'url';
-import { PODMAN_VERSION, DOWNLOADS } from './podman-config.js';
-import { download, extractZip, extractTarGz } from './podman-extract.js';
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-const binDir = join(__dirname, '..', 'bin');
-
-async function main() {
-  const platform = process.platform;
-
-  console.log(`\n📦 Setting up Podman portable binaries for ${platform}...`);
-
-  if (!DOWNLOADS[platform]) {
-    console.log(`⚠️  Platform ${platform} not supported for auto-download`);
-    console.log(`   Skipping auto-download (will use system Podman if available)`);
-    return;
-  }
-
-  if (!existsSync(binDir)) {
-    mkdirSync(binDir, { recursive: true });
-  }
-
-  const { url, binary, extract } = DOWNLOADS[platform];
-  const binaryPath = join(binDir, binary);
-
-  if (existsSync(binaryPath)) {
-    console.log(`✅ Podman already installed at ${binaryPath}`);
-    return;
-  }
-
-  console.log(`📥 Downloading Podman v${PODMAN_VERSION}...`);
-
-  const archiveName = url.split('/').pop();
-  const archivePath = join(binDir, archiveName);
-
-  try {
-    const extractedDir = join(binDir, 'podman-4.9.3');
-    if (existsSync(extractedDir)) {
-      const fs = await import('fs/promises');
-      await fs.rm(extractedDir, { recursive: true, force: true });
-    }
-
-    console.log(`   Downloading from GitHub releases...`);
-    await download(url, archivePath);
-    console.log(`✅ Downloaded successfully`);
-
-    console.log(`📦 Extracting...`);
-    if (extract === 'tar') {
-      await extractTarGz(archivePath, binDir, 1);
-    } else if (extract === 'unzip') {
-      await extractZip(archivePath, binDir);
-
-      if (platform === 'win32') {
-        const extractedDir = join(binDir, `podman-4.9.3`);
-        const extractedPodman = join(extractedDir, 'usr', 'bin', 'podman.exe');
-        const targetPodman = join(binDir, binary);
-
-        if (existsSync(extractedPodman)) {
-          const fs = await import('fs/promises');
-          await fs.copyFile(extractedPodman, targetPodman);
-          await fs.rm(extractedDir, { recursive: true, force: true });
-        }
-      }
-    }
-
-    if (platform !== 'win32' && existsSync(binaryPath)) {
-      chmodSync(binaryPath, 0o755);
-    }
-
-    console.log(`✅ Podman installed successfully!`);
-    console.log(`   Binary: ${binaryPath}\n`);
-
-    if (existsSync(archivePath)) {
-      unlinkSync(archivePath);
-    }
-
-  } catch (error) {
-    console.error(`⚠️  Auto-download failed: ${error.message}`);
-    console.log(`\n💡 No problem! You can install Podman manually:`);
-    if (platform === 'win32') {
-      console.log(`   winget install RedHat.Podman`);
-    } else if (platform === 'darwin') {
-      console.log(`   brew install podman && podman machine init && podman machine start`);
-    } else {
-      console.log(`   sudo apt-get install podman  # Ubuntu/Debian`);
-    }
-    console.log(`\n   Or it will use system Podman if installed.\n`);
-  }
-}
-
-main().catch(() => {
-  // Silently fail - will use system Podman
-});

package/scripts/podman-config.js

@@ -1,20 +0,0 @@
-export const PODMAN_VERSION = '4.9.3';
-export const ARCH = process.arch === 'arm64' ? 'arm64' : 'amd64';
-
-export const DOWNLOADS = {
-  win32: {
-    url: `https://github.com/containers/podman/releases/download/v${PODMAN_VERSION}/podman-remote-release-windows_${ARCH}.zip`,
-    binary: 'podman.exe',
-    extract: 'unzip'
-  },
-  darwin: {
-    url: `https://github.com/containers/podman/releases/download/v${PODMAN_VERSION}/podman-remote-release-darwin_${ARCH}.tar.gz`,
-    binary: 'podman',
-    extract: 'tar'
-  },
-  linux: {
-    url: `https://github.com/containers/podman/releases/download/v${PODMAN_VERSION}/podman-remote-static-linux_${ARCH}.tar.gz`,
-    binary: `podman-remote-static-linux_${ARCH}`,
-    extract: 'tar'
-  }
-};

package/scripts/podman-extract.js

@@ -1,117 +0,0 @@
-import { createWriteStream, createReadStream, unlinkSync } from 'fs';
-import { execSync } from 'child_process';
-import { createGunzip } from 'zlib';
-import { pipeline } from 'stream/promises';
-
-export async function extractZip(zipPath, extractTo) {
-  return new Promise((resolve, reject) => {
-    try {
-      const psCommand = `Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('${zipPath.replace(/'/g, "''")}', '${extractTo.replace(/'/g, "''")}')`;
-
-      // Add retry logic for ZIP extraction (file lock issues)
-      let retries = 0;
-      const maxRetries = 3;
-
-      while (retries < maxRetries) {
-        try {
-          execSync(`powershell -Command "${psCommand}"`, {
-            stdio: 'pipe',
-            shell: true,
-            windowsHide: true,
-            timeout: 120000 // ZIP extraction can take time
-          });
-          resolve();
-          return;
-        } catch (error) {
-          retries++;
-          if (retries < maxRetries && error.message.includes('being used by another process')) {
-            console.log(`   File locked, retrying extraction (${retries}/${maxRetries})...`);
-            // Wait 2 seconds before retry
-            const start = Date.now();
-            while (Date.now() - start < 2000) {
-              // Wait
-            }
-            continue;
-          }
-          reject(error);
-          return;
-        }
-      }
-    } catch (error) {
-      reject(error);
-    }
-  });
-}
-
-export async function extractTarGz(tarPath, extractTo, stripComponents = 0) {
-  return new Promise(async (resolve, reject) => {
-    try {
-      const tarWithoutGz = tarPath.replace('.gz', '');
-      const readStream = createReadStream(tarPath);
-      const writeStream = createWriteStream(tarWithoutGz);
-      const gunzip = createGunzip();
-
-      await pipeline(readStream, gunzip, writeStream);
-
-      try {
-        execSync(`tar -xf "${tarWithoutGz}" -C "${extractTo}"${stripComponents ? ` --strip-components=${stripComponents}` : ''}`, {
-          stdio: 'pipe',
-          shell: process.platform === 'win32',
-          windowsHide: process.platform === 'win32',
-          timeout: 120000
-        });
-      } catch (tarError) {
-        if (process.platform === 'win32') {
-          try {
-            execSync(`bsdtar -xf "${tarWithoutGz}" -C "${extractTo}"${stripComponents ? ` --strip-components=${stripComponents}` : ''}`, {
-              stdio: 'pipe',
-              shell: true,
-              windowsHide: true,
-              timeout: 120000
-            });
-          } catch (bsdtarError) {
-            throw new Error(`Failed to extract tar archive. Please install tar or bsdtar: ${tarError.message}`);
-          }
-        } else {
-          throw tarError;
-        }
-      }
-
-      unlinkSync(tarWithoutGz);
-      resolve();
-    } catch (error) {
-      reject(error);
-    }
-  });
-}
-
-export function download(url, dest) {
-  return new Promise(async (resolve, reject) => {
-    const { get: httpsGet } = await import('https');
-    const { get: httpGet } = await import('http');
-    const { createWriteStream } = await import('fs');
-
-    const get = url.startsWith('https') ? httpsGet : httpGet;
-
-    get(url, (response) => {
-      if (response.statusCode === 302 || response.statusCode === 301) {
-        return download(response.headers.location, dest).then(resolve).catch(reject);
-      }
-
-      if (response.statusCode !== 200) {
-        reject(new Error(`Download failed: ${response.statusCode}`));
-        return;
-      }
-
-      const file = createWriteStream(dest);
-      response.pipe(file);
-
-      file.on('finish', () => {
-        file.close();
-        resolve();
-      });
-
-      file.on('error', reject);
-    }).on('error', reject);
-  });
-}

package/utils/claude-workspace.js

@@ -1,69 +0,0 @@
-import { execSync } from 'child_process';
-import { buildContainerMounts } from './isolation.js';
-
-export function getClaudeEnvironment() {
-  const envVars = {};
-
-  // Collect Anthropic and Claude environment variables
-  for (const [key, value] of Object.entries(process.env)) {
-    if (key.startsWith('ANTHROPIC_') || key.startsWith('CLAUDE')) {
-      envVars[key] = value;
-    }
-  }
-
-  return envVars;
-}
-
-export function buildClaudeContainerCommand(projectPath, podmanPath, command = 'claude', customMounts = null) {
-  const envVars = getClaudeEnvironment();
-  const envArgs = Object.entries(envVars)
-    .map(([key, value]) => `-e ${key}="${value}"`)
-    .join(' ');
-
-  const homeDir = process.platform === 'win32' ? process.env.USERPROFILE : process.env.HOME;
-
-  let allMounts = [];
-
-  if (customMounts) {
-    // Use provided custom mounts (includes git identity and host remote)
-    allMounts = customMounts;
-  } else {
-    // Build base mounts from isolation utility (includes git identity)
-    const baseMounts = buildContainerMounts(projectPath);
-    allMounts = baseMounts;
-  }
-
-  // Add Claude-specific mounts
-  const claudeMounts = [
-    `-v "${homeDir}/.claude:/root/.claude-host:ro"`,
-    `-v "${process.cwd()}/claude-settings.json:/root/.claude/settings.json:ro"`
-  ];
-
-  allMounts = [...allMounts, ...claudeMounts];
-
-  return `${podmanPath} run --rm -it ${allMounts.join(' ')} ${envArgs} --env HOME=/root sandboxbox-local:latest ${command}`;
-}
-
-export function createClaudeDockerfile() {
-  return `FROM node:20
-
-# Install development tools
-RUN apt-get update && apt-get install -y --no-install-recommends \\
-    git curl bash sudo nano vim \\
-    && apt-get clean && rm -rf /var/lib/apt/lists/*
-
-WORKDIR /workspace
-
-# Install Claude Code
-RUN npm install -g @anthropic-ai/claude-code@latest
-
-# Setup MCP servers after Claude installation
-RUN claude mcp add glootie -- npx -y mcp-glootie@latest && \\
-    claude mcp add vexify -- npx -y mcp-vexify@latest && \\
-    claude mcp add playwright -- npx @playwright/mcp@latest
-
-# Create isolated workspace script with cleanup
-RUN echo '#!/bin/bash\\nset -e\\n\\necho "🚀 Starting SandboxBox with Claude Code in isolated environment..."\\necho "📁 Working directory: /workspace"\\necho "🎯 This is an isolated copy of your repository"\\n\\n# Cleanup function for temporary files\\ncleanup_temp_files() {\\n    echo "🧹 Cleaning up temporary files..."\\n    find /tmp -user root -name "claude-*" -type f -delete 2>/dev/null || true\\n    find /tmp -user root -name "*.tmp" -type f -delete 2>/dev/null || true\\n    find /var/tmp -user root -name "claude-*" -type f -delete 2>/dev/null || true\\n}\\n\\n# Set up cleanup trap\\ntrap cleanup_temp_files EXIT INT TERM\\n\\nif [ -d "/workspace/.git" ]; then\\n    echo "✅ Git repository detected in workspace"\\n    echo "📋 Current status:"\\n    git status\\n    echo ""\\n    echo "🔧 Starting Claude Code..."\\n    echo "💡 Changes will be isolated and will NOT affect the original repository"\\n    echo "📝 To save changes, use git commands to commit and push before exiting"\\n    echo "🔧 MCP servers: glootie, vexify, playwright"\\n    exec claude\\nelse\\n    echo "❌ Error: /workspace is not a valid git repository"\\n    exit 1\\nfi' > /usr/local/bin/start-isolated-sandbox.sh && chmod +x /usr/local/bin/start-isolated-sandbox.sh
-
-CMD ["/usr/local/bin/start-isolated-sandbox.sh"]`;
-}

package/utils/isolation.js

@@ -1,222 +0,0 @@
-import { mkdtempSync, rmSync, existsSync } from 'fs';
-import { tmpdir } from 'os';
-import { join } from 'path';
-import { execSync } from 'child_process';
-
-/**
- * Builds container volume mounts with git identity and host remote
- * @param {string} tempProjectDir - Temporary project directory
- * @param {string} originalProjectDir - Original host project directory
- * @returns {Array} - Array of volume mount strings
- */
-export function buildContainerMounts(tempProjectDir, originalProjectDir) {
-  const mounts = [`-v "${tempProjectDir}:/workspace:rw"`];
-
-  // Add host repository as git remote
-  mounts.push(`-v "${originalProjectDir}:/host-repo:rw"`);
-
-  // Add git identity mounts
-  const homeDir = process.platform === 'win32' ? process.env.USERPROFILE : process.env.HOME;
-
-  if (existsSync(`${homeDir}/.gitconfig`)) {
-    mounts.push(`-v "${homeDir}/.gitconfig:/root/.gitconfig:ro"`);
-  }
-
-  if (existsSync(`${homeDir}/.ssh`)) {
-    mounts.push(`-v "${homeDir}/.ssh:/root/.ssh:ro"`);
-  }
-
-  return mounts;
-}
-
-/**
- * Creates an isolated temporary environment for running commands
- * @param {string} projectDir - Source project directory
- * @returns {Object} - Contains tempDir, tempProjectDir, and cleanup function
- */
-export function createIsolatedEnvironment(projectDir) {
-  const tempDir = mkdtempSync(join(tmpdir(), 'sandboxbox-'));
-  const projectName = projectDir.split(/[\\\/]/).pop() || 'project';
-  const tempProjectDir = join(tempDir, projectName);
-
-  // Copy project to temporary directory (creates isolation)
-  // First create the directory (cross-platform)
-  if (process.platform === 'win32') {
-    execSync(`powershell -Command "New-Item -ItemType Directory -Path '${tempProjectDir}' -Force"`, {
-      stdio: 'pipe',
-      shell: true,
-      windowsHide: true,
-      timeout: 30000
-    });
-  } else {
-    execSync(`mkdir -p "${tempProjectDir}"`, {
-      stdio: 'pipe',
-      shell: true,
-      timeout: 30000
-    });
-  }
-
-  if (process.platform === 'win32') {
-    // Windows approach - include hidden files like .git
-    execSync(`powershell -Command "Copy-Item -Path '${projectDir}\\*' -Destination '${tempProjectDir}' -Recurse -Force -Exclude 'node_modules'"`, {
-      stdio: 'pipe',
-      shell: true,
-      windowsHide: true,
-      timeout: 60000 // Copy operations can take longer
-    });
-    // Also copy hidden files separately
-    execSync(`powershell -Command "Get-ChildItem -Path '${projectDir}' -Force -Name | Where-Object { $_ -like '.*' } | ForEach-Object { Copy-Item -Path (Join-Path '${projectDir}' $_) -Destination '${tempProjectDir}' -Recurse -Force }"`, {
-      stdio: 'pipe',
-      shell: true,
-      windowsHide: true,
-      timeout: 60000
-    });
-  } else {
-    // Unix approach - include hidden files
-    execSync(`cp -r "${projectDir}"/.* "${tempProjectDir}/" 2>/dev/null || true`, {
-      stdio: 'pipe',
-      shell: true,
-      timeout: 60000
-    });
-    execSync(`cp -r "${projectDir}"/* "${tempProjectDir}/"`, {
-      stdio: 'pipe',
-      shell: true,
-      timeout: 60000
-    });
-  }
-
-  // Configure git remote to point to mounted host repository (only if git repo)
-  try {
-    // Check if the project directory is a git repository
-    const gitDirPath = process.platform === 'win32'
-      ? `${projectDir}\\.git`
-      : `${projectDir}/.git`;
-
-    if (!existsSync(gitDirPath)) {
-      // Not a git repository, skip git setup
-      // Define cleanup function early for early return
-      const cleanup = () => {
-        try {
-          rmSync(tempDir, { recursive: true, force: true });
-        } catch (cleanupError) {
-          // Ignore cleanup errors
-        }
-      };
-      return { tempDir, tempProjectDir, cleanup };
-    }
-
-    // Also check if the temp directory has .git after copy
-    const tempGitDirPath = process.platform === 'win32'
-      ? `${tempProjectDir}\\.git`
-      : `${tempProjectDir}/.git`;
-
-    if (!existsSync(tempGitDirPath)) {
-      // Copy didn't preserve git, skip git setup
-      // Define cleanup function early for early return
-      const cleanup = () => {
-        try {
-          rmSync(tempDir, { recursive: true, force: true });
-        } catch (cleanupError) {
-          // Ignore cleanup errors
-        }
-      };
-      return { tempDir, tempProjectDir, cleanup };
-    }
-
-    // Normalize paths for cross-platform compatibility
-    const normalizedTempDir = tempProjectDir.replace(/\\/g, '/');
-    const normalizedOriginalDir = projectDir.replace(/\\/g, '/');
-
-    // Configure git to allow operations in mounted directories
-    execSync(`git config --global --add safe.directory /workspace`, {
-      stdio: 'pipe',
-      shell: true,
-      windowsHide: process.platform === 'win32',
-      timeout: 60000 // 1 minute for git operations
-    });
-
-    // Configure host repository to accept pushes to checked-out branch
-    if (process.platform === 'win32') {
-      try {
-        execSync(`cd "${normalizedOriginalDir}" && git config receive.denyCurrentBranch ignore`, {
-          stdio: 'pipe',
-          shell: true,
-          windowsHide: true,
-          timeout: 60000 // 1 minute for git operations
-        });
-      } catch (e) {
-        // Ignore if git config fails
-      }
-    } else {
-      execSync(`cd "${normalizedOriginalDir}" && git config receive.denyCurrentBranch ignore`, {
-        stdio: 'pipe',
-        shell: true,
-        timeout: 60000 // 1 minute for git operations
-      });
-    }
-
-    // Remove any existing origin first (Windows-compatible)
-    if (process.platform === 'win32') {
-      try {
-        execSync(`cd "${normalizedTempDir}" && git remote remove origin`, {
-          stdio: 'pipe',
-          shell: true,
-          windowsHide: true,
-          timeout: 60000 // 1 minute for git operations
-        });
-      } catch (e) {
-        // Ignore if origin doesn't exist
-      }
-    } else {
-      execSync(`cd "${normalizedTempDir}" && git remote remove origin 2>/dev/null || true`, {
-        stdio: 'pipe',
-        shell: true,
-        timeout: 60000 // 1 minute for git operations
-      });
-    }
-
-    // Add origin pointing to mounted host repository (accessible from container)
-    execSync(`cd "${normalizedTempDir}" && git remote add origin /host-repo`, {
-      stdio: 'pipe',
-      shell: true,
-      windowsHide: process.platform === 'win32',
-      timeout: 60000 // 1 minute for git operations
-    });
-
-    // Set up upstream tracking for current branch (use push -u to set upstream)
-    const currentBranch = execSync(`cd "${normalizedTempDir}" && git branch --show-current`, {
-      encoding: 'utf8',
-      stdio: 'pipe',
-      windowsHide: process.platform === 'win32',
-      timeout: 60000 // 1 minute for git operations
-    }).trim();
-
-    // Note: Upstream will be set automatically on first push with -u flag
-    // No need to set up upstream manually as it may not exist yet
-  } catch (error) {
-    // Log git remote setup errors for debugging
-    console.error(`Git remote setup failed: ${error.message}`);
-  }
-
-  // Ensure cleanup on exit
-  const cleanup = () => {
-    try {
-      rmSync(tempDir, { recursive: true, force: true });
-    } catch (cleanupError) {
-      // Ignore cleanup errors
-    }
-  };
-
-  return { tempDir, tempProjectDir, cleanup };
-}
-
-/**
- * Sets up cleanup handlers for process signals
- * @param {Function} cleanup - Cleanup function to call
- */
-export function setupCleanupHandlers(cleanup) {
-  // Set up cleanup handlers
-  process.on('exit', cleanup);
-  process.on('SIGINT', () => { cleanup(); process.exit(130); });
-  process.on('SIGTERM', () => { cleanup(); process.exit(143); });
-}