sandhop 0.1.0

package/dist/core/services/auth.js

@@ -0,0 +1,11 @@
+export class AuthService {
+    host;
+    agent;
+    constructor(host, agent) {
+        this.host = host;
+        this.agent = agent;
+    }
+    extract() {
+        return this.agent.authEnv(this.host);
+    }
+}

package/dist/core/services/bootstrap.js

@@ -0,0 +1,121 @@
+import { dirname } from "../paths.js";
+import { buildMergeClaudeMcpScript, buildPruneMcpTablesScript, } from "../sandbox-scripts.js";
+import { LOW_PRIORITY_SETUP, SUDO_SETUP, nonFatal, quoteHomePath, runLowPriority, shellLog, } from "../shell.js";
+const ARCH_SETUP = 'ARCH=$(uname -m); case "$ARCH" in aarch64|arm64) TTYD_ARCH=aarch64; CF_ARCH=arm64;; *) TTYD_ARCH=x86_64; CF_ARCH=amd64;; esac';
+const ZSTD_INSTALL = "command -v zstd || $SUDO sh -lc 'command -v apt-get >/dev/null && (apt-get update && apt-get install -y zstd) || (command -v dnf >/dev/null && dnf install -y zstd) || (command -v apk >/dev/null && apk add zstd) || (command -v yum >/dev/null && yum install -y zstd)'";
+const renderMcpConfig = (agent, codePlan) => {
+    if (codePlan.rewrites.length === 0)
+        return [];
+    const config = agent.formatMcpConfig(codePlan.rewrites);
+    const dir = dirname(config.path);
+    if (config.mode === "merge-claude-json")
+        return [
+            `mkdir -p ${quoteHomePath(dir)}`,
+            `node -e ${JSON.stringify(buildMergeClaudeMcpScript(config.path, config.content))}`,
+        ];
+    const redirect = config.mode === "append" ? ">>" : ">";
+    return [
+        `mkdir -p ${quoteHomePath(dir)}`,
+        ...(config.mode === "append"
+            ? [`node -e ${JSON.stringify(buildPruneMcpTablesScript(config.path))}`]
+            : []),
+        `cat ${redirect} ${quoteHomePath(config.path)} <<'SANDHOP_MCP_CONFIG'`,
+        config.content.trimEnd(),
+        "SANDHOP_MCP_CONFIG",
+    ];
+};
+const renderMcpExcluded = (codePlan) => codePlan.excluded.map((server) => `echo "[sandhop] mcp skipped: ${shellLog(server.name)} (${shellLog(server.reason)})"`);
+const renderMcpCode = (codePlan) => {
+    if (codePlan === null || codePlan === undefined)
+        return [];
+    const runtimes = [
+        ...(codePlan.runtimes.has("bun")
+            ? ["curl -fsSL https://bun.sh/install | bash"]
+            : []),
+        ...(codePlan.runtimes.has("uv")
+            ? ["curl -LsSf https://astral.sh/uv/install.sh | sh"]
+            : []),
+    ];
+    return [
+        ...runtimes.map((cmd) => nonFatal(runLowPriority(cmd))),
+        ...(runtimes.length === 0
+            ? []
+            : ['export PATH="$HOME/.bun/bin:$HOME/.local/bin:$PATH"']),
+        ...codePlan.installCmds.map((cmd) => nonFatal(runLowPriority(cmd))),
+    ];
+};
+const renderSummary = (steps) => [
+    'echo "[sandhop] enrichment summary"',
+    ...steps.map((step) => step.ok
+        ? `echo "[sandhop] ok: ${shellLog(step.name)}"`
+        : `echo "[sandhop] failed: ${shellLog(step.name)}: ${shellLog(step.error)}"`),
+];
+export class BootstrapService {
+    agent;
+    constructor(agent) {
+        this.agent = agent;
+    }
+    render(manifest, opts) {
+        const installCmd = this.agent.installCmd(manifest.cliVersion);
+        const dest = this.agent.remoteTranscriptPath(manifest.remoteEnc, manifest.transcriptName);
+        return [
+            "set -e",
+            SUDO_SETUP,
+            ARCH_SETUP,
+            "$SUDO curl -fsSL https://github.com/tsl0922/ttyd/releases/latest/download/ttyd.${TTYD_ARCH} -o /usr/local/bin/ttyd",
+            "$SUDO chmod +x /usr/local/bin/ttyd",
+            ...(opts.transportSteps ?? []),
+            `${installCmd} || $SUDO env PATH="$PATH" ${installCmd}`,
+            ...this.agent.preSeed(manifest.remoteProj),
+            `$SUDO mkdir -p "${manifest.remoteProj}"`,
+            `$SUDO chown -R "$(id -u):$(id -g)" "${manifest.remoteProj}"`,
+            `git config --global --add safe.directory "${manifest.remoteProj}"`,
+            `tar -xzf /tmp/bundle.tgz -C "${manifest.remoteProj}"`,
+            `dest="${dest}"`,
+            'mkdir -p "$(dirname "$dest")"',
+            'cp /tmp/transcript.jsonl "$dest"',
+            "echo SANDHOP_RESTORE_OK",
+        ].join("\n");
+    }
+    renderEnrichmentSetup() {
+        return ["set -e", SUDO_SETUP, LOW_PRIORITY_SETUP, ZSTD_INSTALL].join("\n");
+    }
+    renderEnrichmentConfig(remoteProj, opts) {
+        if (opts.codePlan === null || opts.codePlan === undefined)
+            return 'echo "[sandhop] mcp config skipped"';
+        const excluded = renderMcpExcluded(opts.codePlan);
+        const config = renderMcpConfig(this.agent, opts.codePlan);
+        if (config.length === 0)
+            return [...excluded, 'echo "[sandhop] mcp config skipped"'].join("\n");
+        return [...excluded, ...config].join("\n");
+    }
+    renderEnrichmentInstalls(opts) {
+        return [
+            SUDO_SETUP,
+            LOW_PRIORITY_SETUP,
+            nonFatal(ZSTD_INSTALL),
+            ...renderMcpCode(opts.codePlan),
+        ].join("\n");
+    }
+    renderSettingsScriptInstalls(plan) {
+        if (plan === null || plan.installCmds.length === 0)
+            return 'echo "[sandhop] settings script installs skipped"';
+        return [
+            SUDO_SETUP,
+            LOW_PRIORITY_SETUP,
+            ...plan.installCmds.map((cmd) => nonFatal(runLowPriority(cmd))),
+        ].join("\n");
+    }
+    renderReinstall(commands) {
+        if (commands.length === 0)
+            return 'echo "[sandhop] reinstall skipped"';
+        return [
+            LOW_PRIORITY_SETUP,
+            "export CLAUDE_CODE_PLUGIN_PREFER_HTTPS=1",
+            ...commands.map((command) => `${runLowPriority(command)} || { echo "[sandhop] reinstall step failed: ${shellLog(command)}" >&2; true; }`),
+        ].join("\n");
+    }
+    renderEnrichmentCompletion(steps) {
+        return [...renderSummary(steps), "touch /tmp/sandhop-enriched"].join("\n");
+    }
+}

package/dist/core/services/enrichment.js

@@ -0,0 +1,120 @@
+import { formatErrorStack } from "../errors.js";
+import { makeTempPath, sandboxExpandHome } from "../paths.js";
+import { LOCAL_PATH_EXCLUDES, } from "./scripts.js";
+const appendLog = async (sandbox, text) => {
+    const marker = `SANDHOP_ENRICH_LOG_${Date.now()}`;
+    await sandbox.exec(`cat >> /tmp/sandhop-enrich.log <<'${marker}'\n${text}\n${marker}`);
+};
+const runLogged = async (sandbox, script) => sandbox.exec(["{", script, "} >> /tmp/sandhop-enrich.log 2>&1"].join("\n"));
+const recordStep = async (sandbox, steps, name, run) => {
+    await appendLog(sandbox, `[sandhop] step started: ${name}`).catch(() => undefined);
+    try {
+        const value = await run();
+        steps.push({ name, ok: true });
+        await appendLog(sandbox, `[sandhop] step ok: ${name}`).catch(() => undefined);
+        return value;
+    }
+    catch (error) {
+        const text = formatErrorStack(error);
+        steps.push({ name, ok: false, error: text });
+        await appendLog(sandbox, `[sandhop] step failed: ${name}\n${text}`).catch(() => undefined);
+        return null;
+    }
+};
+const recordScriptStep = async (sandbox, steps, name, script) => {
+    await recordStep(sandbox, steps, name, async () => {
+        const result = await runLogged(sandbox, script);
+        if (result.exitCode !== 0)
+            throw new Error(`${name} failed: ${result.stderr}`);
+    });
+};
+export class EnrichmentService {
+    agent;
+    sandbox;
+    transfer;
+    profile;
+    mcpCode;
+    reinstall;
+    secrets;
+    scripts;
+    bootstrap;
+    constructor(agent, services) {
+        this.agent = agent;
+        this.sandbox = services.sandbox;
+        this.transfer = services.transfer;
+        this.profile = services.profile;
+        this.mcpCode = services.mcpCode;
+        this.reinstall = services.reinstall;
+        this.secrets = services.secrets;
+        this.scripts = services.scripts;
+        this.bootstrap = services.bootstrap;
+    }
+    async run(cwd, profile) {
+        const steps = [];
+        try {
+            await appendLog(this.sandbox, `sandhop enrichment started ${new Date().toISOString()}`).catch(() => undefined);
+            await recordScriptStep(this.sandbox, steps, "enrichment setup", this.bootstrap.renderEnrichmentSetup());
+            await recordStep(this.sandbox, steps, "profile transfer + extract", async () => {
+                if (!profile)
+                    return;
+                await this.sendProfile();
+            });
+            await recordScriptStep(this.sandbox, steps, "re-apply preseed (trust + root config)", this.agent.preSeed(cwd).join("\n"));
+            const scriptPlan = await recordStep(this.sandbox, steps, "settings scripts transfer + rewrite", () => this.sendScripts(cwd));
+            await recordScriptStep(this.sandbox, steps, "settings script dependency installs", this.bootstrap.renderSettingsScriptInstalls(scriptPlan));
+            const codePlan = await recordStep(this.sandbox, steps, "mcp code transfer + config rewrite", () => this.sendMcpCode(cwd));
+            await recordScriptStep(this.sandbox, steps, "per-MCP dependency installs", this.bootstrap.renderEnrichmentInstalls({ codePlan }));
+            await recordScriptStep(this.sandbox, steps, "plugin and git skill reinstall", this.bootstrap.renderReinstall(this.reinstall.plan().commands));
+            await runLogged(this.sandbox, this.bootstrap.renderEnrichmentCompletion(steps)).catch(async (error) => {
+                await appendLog(this.sandbox, formatErrorStack(error)).catch(() => undefined);
+            });
+            return steps;
+        }
+        catch (error) {
+            await appendLog(this.sandbox, formatErrorStack(error)).catch(() => undefined);
+            throw error;
+        }
+    }
+    async sendProfile() {
+        const profileTree = await this.profile.build(makeTempPath("profile"));
+        if (profileTree !== null)
+            await this.transfer.send(profileTree, "/home/user", "profile", {
+                codec: "zstd",
+                lowPriority: true,
+            });
+    }
+    async sendScripts(cwd) {
+        if (!this.agent.supportsSettingsScripts())
+            return { mappings: [], rewrites: [], installCmds: [] };
+        const scriptPlan = this.scripts.plan(cwd);
+        if (scriptPlan.mappings.length === 0 && scriptPlan.rewrites.length === 0)
+            return scriptPlan;
+        await Promise.all(scriptPlan.mappings.map((mapping, index) => this.transfer.send(mapping.localPath, mapping.sandboxPath, `settings-scripts-${index}`, {
+            codec: "zstd",
+            lowPriority: true,
+            excludes: LOCAL_PATH_EXCLUDES,
+        })));
+        for (const rewrite of scriptPlan.rewrites)
+            await this.sandbox.uploadFile(rewrite.sandboxPath, rewrite.content);
+        return scriptPlan;
+    }
+    async sendMcpCode(cwd) {
+        const codePlan = await this.mcpCode.build(cwd);
+        if (codePlan === null)
+            return null;
+        await Promise.all(codePlan.mappings.map((mapping, index) => this.transfer.send(mapping.localPath, mapping.sandboxPath, `mcp-${index}`, {
+            codec: "zstd",
+            lowPriority: true,
+        })));
+        const bundle = this.secrets.collect(cwd, {
+            envRefs: codePlan.envRefs,
+            referencedFiles: codePlan.referencedFiles,
+        });
+        for (const file of bundle.files)
+            await this.sandbox.uploadFile(sandboxExpandHome(file.path), file.content);
+        const result = await runLogged(this.sandbox, this.bootstrap.renderEnrichmentConfig(cwd, { codePlan }));
+        if (result.exitCode !== 0)
+            throw new Error(`MCP config rewrite failed: ${result.stderr}`);
+        return codePlan;
+    }
+}

package/dist/core/services/mcp-classify.js

@@ -0,0 +1,213 @@
+import { collectEnvRefs } from "../env.js";
+import { basename, expandEnv, joinPath, uniqueSorted } from "../paths.js";
+import { maybeRealpath, remapValue } from "./mcp-paths.js";
+const isHomePath = (path) => path.startsWith("~/") ||
+    path === "~" ||
+    path.startsWith("$HOME") ||
+    path.startsWith("${HOME}");
+const isPathLike = (value) => value.startsWith("/") ||
+    value.startsWith("./") ||
+    value.startsWith("../") ||
+    isHomePath(value);
+const addEnvRefs = (refs, value) => {
+    for (const name of collectEnvRefs(value))
+        if (name !== "HOME")
+            refs.add(name);
+};
+const toCandidatePath = (host, value, cwd) => {
+    const expanded = expandEnv(value, host.home, host.env);
+    if (isPathLike(expanded))
+        return expanded;
+    if (cwd !== undefined && isPathLike(cwd) && value.includes("/"))
+        return joinPath(expandEnv(cwd, host.home, host.env), expanded);
+    return null;
+};
+const hasMagic = (bytes, values) => values.every((value, index) => bytes[index] === value);
+const isBinary = (host, path) => {
+    if (host.isDirectory(path))
+        return false;
+    const text = host.readFile(path);
+    if (text !== null && text.startsWith("#!"))
+        return false;
+    const bytes = host.readBytes(path);
+    return (hasMagic(bytes, [0x7f, 0x45, 0x4c, 0x46]) ||
+        hasMagic(bytes, [0xfe, 0xed, 0xfa, 0xce]) ||
+        hasMagic(bytes, [0xfe, 0xed, 0xfa, 0xcf]) ||
+        hasMagic(bytes, [0xcf, 0xfa, 0xed, 0xfe]) ||
+        hasMagic(bytes, [0xce, 0xfa, 0xed, 0xfe]));
+};
+const isAppBundlePath = (path) => /\/Applications\/[^/]+\.app\//.test(path);
+const LOCAL_BIND_PATTERN = /(^|[^a-z])(localhost|127\.0\.0\.1|::1|0\.0\.0\.0)([^a-z]|$)/i;
+const localBindValues = (server) => {
+    const values = [];
+    if (server.url !== undefined)
+        values.push(server.url);
+    if (server.args !== undefined)
+        values.push(...server.args);
+    if (server.env !== undefined)
+        values.push(...Object.values(server.env));
+    return values;
+};
+const hasLocalBindValue = (server) => localBindValues(server).some((value) => LOCAL_BIND_PATTERN.test(value));
+const readSourceFiles = (host, refs, text) => {
+    const files = [];
+    for (const match of text.matchAll(/(?:^|[;&|]\s*)source\s+(["']?)([^"'\s;&|]+)\1/g)) {
+        const file = expandEnv(match[2], host.home, host.env);
+        addEnvRefs(refs, match[2]);
+        const real = maybeRealpath(host, file);
+        if (real !== null)
+            files.push(real);
+    }
+    return files;
+};
+const bashCommandTexts = (server) => {
+    if (server.args === undefined)
+        return [];
+    const command = server.command === undefined ? "" : basename(server.command);
+    if (command !== "bash" && command !== "sh")
+        return [];
+    const texts = [];
+    for (let index = 0; index < server.args.length - 1; index += 1) {
+        const arg = server.args[index];
+        if (arg === "-c" || arg === "-lc")
+            texts.push(server.args[index + 1]);
+    }
+    return texts;
+};
+export const collectReferencedInputs = (host, server) => {
+    const refs = new Set();
+    const files = [];
+    if (server.command !== undefined)
+        addEnvRefs(refs, server.command);
+    if (server.cwd !== undefined)
+        addEnvRefs(refs, server.cwd);
+    if (server.args !== undefined)
+        for (const arg of server.args)
+            addEnvRefs(refs, arg);
+    if (server.env !== undefined)
+        for (const [key, value] of Object.entries(server.env)) {
+            refs.add(key);
+            addEnvRefs(refs, value);
+        }
+    for (const text of bashCommandTexts(server))
+        files.push(...readSourceFiles(host, refs, text));
+    return { envRefs: uniqueSorted(refs), referencedFiles: uniqueSorted(files) };
+};
+const bashLocalPaths = (host, server) => {
+    const sourced = new Set(collectReferencedInputs(host, server).referencedFiles);
+    const paths = [];
+    for (const text of bashCommandTexts(server)) {
+        for (const match of text.matchAll(/(?:^|[\s;&|])((?:\/|~\/|\$HOME|\$\{HOME\})[^\s;&|]+)/g)) {
+            const expanded = expandEnv(match[1], host.home, host.env);
+            const real = maybeRealpath(host, expanded);
+            if (real !== null && !sourced.has(real))
+                paths.push(real);
+        }
+    }
+    return paths;
+};
+export const candidatePaths = (host, server) => {
+    const paths = [];
+    const cwd = server.cwd;
+    if (cwd !== undefined) {
+        const candidate = toCandidatePath(host, cwd, undefined);
+        const real = candidate === null ? null : maybeRealpath(host, candidate);
+        if (real !== null)
+            paths.push(real);
+    }
+    if (server.command !== undefined) {
+        const candidate = toCandidatePath(host, server.command, cwd);
+        const real = candidate === null ? null : maybeRealpath(host, candidate);
+        if (real !== null)
+            paths.push(real);
+    }
+    if (server.args !== undefined) {
+        for (const arg of server.args) {
+            const candidate = toCandidatePath(host, arg, cwd);
+            const real = candidate === null ? null : maybeRealpath(host, candidate);
+            if (real !== null)
+                paths.push(real);
+        }
+    }
+    paths.push(...bashLocalPaths(host, server));
+    return uniqueSorted(paths);
+};
+const commandName = (server) => server.command === undefined ? "" : basename(server.command);
+const hasRuntimeShebang = (host, paths, runtime) => paths.some((path) => {
+    if (host.isDirectory(path))
+        return false;
+    const text = host.readFile(path);
+    return text !== null && text.split("\n", 1)[0].includes(runtime);
+});
+export const addRuntime = (host, server, paths, root, runtimes) => {
+    const name = commandName(server);
+    if (name === "bun" ||
+        name === "bunx" ||
+        host.exists(joinPath(root, "bun.lock")) ||
+        hasRuntimeShebang(host, paths, "bun"))
+        runtimes.add("bun");
+    if (name === "uv" ||
+        name === "uvx" ||
+        host.exists(joinPath(root, "uv.lock")) ||
+        hasRuntimeShebang(host, paths, "uv"))
+        runtimes.add("uv");
+};
+export const installCmd = (host, root, sandboxRoot) => {
+    const cmds = [];
+    if (host.exists(joinPath(root, "package.json"))) {
+        if (host.exists(joinPath(root, "bun.lock")))
+            cmds.push(`cd ${sandboxRoot} && bun install`);
+        else if (host.exists(joinPath(root, "package-lock.json")))
+            cmds.push(`cd ${sandboxRoot} && npm ci`);
+        else
+            cmds.push(`cd ${sandboxRoot} && npm install`);
+    }
+    if (host.exists(joinPath(root, "pyproject.toml")) ||
+        host.exists(joinPath(root, "uv.lock")))
+        cmds.push(`cd ${sandboxRoot} && uv sync`);
+    else if (host.exists(joinPath(root, "requirements.txt")))
+        cmds.push(`cd ${sandboxRoot} && uv pip install -r requirements.txt --system`);
+    return cmds;
+};
+export const classify = (host, server, paths) => {
+    if (hasLocalBindValue(server))
+        return {
+            kind: "excluded",
+            reason: "binds to localhost / loopback (unreachable from sandbox)",
+        };
+    if (server.url !== undefined ||
+        server.transport === "http" ||
+        server.transport === "sse")
+        return { kind: "remote-url" };
+    const appPath = paths.find(isAppBundlePath);
+    if (appPath !== undefined)
+        return { kind: "excluded", reason: "path inside an app bundle" };
+    const binaryPath = paths.find((path) => isBinary(host, path));
+    if (binaryPath !== undefined)
+        return { kind: "excluded", reason: "non-shebang binary" };
+    if (paths.length > 0)
+        return { kind: "local-path" };
+    return { kind: "remote-installable" };
+};
+export const rewriteServer = (host, server, mappings) => ({
+    name: server.name,
+    transport: server.transport,
+    ...(server.command === undefined
+        ? {}
+        : { command: remapValue(server.command, host, mappings) }),
+    ...(server.args === undefined
+        ? {}
+        : { args: server.args.map((arg) => remapValue(arg, host, mappings)) }),
+    ...(server.env === undefined
+        ? {}
+        : {
+            env: Object.fromEntries(Object.entries(server.env).map(([key, value]) => [
+                key,
+                remapValue(value, host, mappings),
+            ])),
+        }),
+    ...(server.cwd === undefined
+        ? {}
+        : { cwd: remapValue(server.cwd, host, mappings) }),
+    ...(server.url === undefined ? {} : { url: server.url }),
+});

package/dist/core/services/mcp-code.js

@@ -0,0 +1,78 @@
+import { uniqueSorted } from "../paths.js";
+import { addRuntime, candidatePaths, classify, collectReferencedInputs, installCmd, rewriteServer, } from "./mcp-classify.js";
+import { LOCAL_PATH_EXCLUDES, nearestRoot, sandboxPath, } from "./mcp-paths.js";
+export class McpCodeService {
+    host;
+    agent;
+    constructor(host, agent) {
+        this.host = host;
+        this.agent = agent;
+    }
+    plan(cwd) {
+        const servers = this.agent.parseMcpServers(this.host, cwd);
+        const mappings = [];
+        const roots = new Set();
+        const runtimes = new Set();
+        const installCmds = [];
+        const referencedFiles = new Set();
+        const envRefs = new Set();
+        const excluded = [];
+        const classifications = [];
+        const rewrites = [];
+        const localServers = [];
+        for (const server of servers) {
+            const referenced = collectReferencedInputs(this.host, server);
+            for (const file of referenced.referencedFiles)
+                referencedFiles.add(file);
+            for (const ref of referenced.envRefs)
+                envRefs.add(ref);
+            const paths = candidatePaths(this.host, server);
+            const classification = classify(this.host, server, paths);
+            classifications.push({ name: server.name, kind: classification.kind });
+            if (classification.kind === "excluded") {
+                excluded.push({ name: server.name, reason: classification.reason });
+                continue;
+            }
+            if (classification.kind === "local-path") {
+                const root = nearestRoot(this.host, paths[0]);
+                if (!roots.has(root)) {
+                    roots.add(root);
+                    const mapped = sandboxPath(this.host, root);
+                    mappings.push({ localPath: root, sandboxPath: mapped });
+                    installCmds.push(...installCmd(this.host, root, mapped));
+                }
+                addRuntime(this.host, server, paths, root, runtimes);
+                localServers.push({ server, paths });
+                continue;
+            }
+            rewrites.push(server);
+        }
+        const localRewrites = localServers.map((localServer) => rewriteServer(this.host, localServer.server, mappings));
+        return {
+            mappings,
+            rewrites: [...localRewrites, ...rewrites],
+            runtimes,
+            installCmds,
+            referencedFiles: uniqueSorted(referencedFiles),
+            envRefs: uniqueSorted(envRefs),
+            excluded,
+            classifications,
+        };
+    }
+    async build(cwd, outPath) {
+        const plan = this.plan(cwd);
+        if (plan.classifications.length === 0)
+            return null;
+        if (outPath !== undefined && plan.mappings.length > 0) {
+            const entries = plan.mappings.map((mapping) => {
+                if (!mapping.localPath.startsWith(`${this.host.home}/`))
+                    throw new Error(`Cannot package MCP path outside host home: ${mapping.localPath}`);
+                return mapping.localPath.slice(this.host.home.length + 1);
+            });
+            await this.host.tarGz(this.host.home, entries, outPath, {
+                excludes: LOCAL_PATH_EXCLUDES,
+            });
+        }
+        return plan;
+    }
+}

package/dist/core/services/mcp-paths.js

@@ -0,0 +1,43 @@
+import { projectDirName } from "../encode.js";
+import { dirname, expandHome, joinPath, SANDBOX_HOME } from "../paths.js";
+export const LOCAL_PATH_EXCLUDES = ["node_modules", ".venv", ".git"];
+const MARKERS = [
+    "package.json",
+    "pyproject.toml",
+    "requirements.txt",
+    "Cargo.toml",
+    "bun.lock",
+    ".git",
+];
+export const maybeRealpath = (host, path) => {
+    if (!host.exists(path))
+        return null;
+    return host.realpath(path);
+};
+export const hasRootMarker = (host, path) => MARKERS.some((marker) => host.exists(joinPath(path, marker)));
+export const nearestRoot = (host, path) => {
+    const start = host.isDirectory(path) ? path : dirname(path);
+    let current = start;
+    for (;;) {
+        if (hasRootMarker(host, current))
+            return current;
+        const parent = dirname(current);
+        if (parent === current)
+            return start;
+        current = parent;
+    }
+};
+export const sandboxPath = (host, localPath) => {
+    if (localPath === host.home)
+        return SANDBOX_HOME;
+    if (localPath.startsWith(`${host.home}/`))
+        return `${SANDBOX_HOME}${localPath.slice(host.home.length)}`;
+    return `${SANDBOX_HOME}/.sandhop/mcp-roots/${projectDirName(localPath)}`;
+};
+const replaceAll = (value, from, to) => value.split(from).join(to);
+export const remapValue = (value, host, mappings) => {
+    let next = expandHome(value, host.home);
+    for (const mapping of [...mappings].sort((a, b) => b.localPath.length - a.localPath.length))
+        next = replaceAll(next, mapping.localPath, mapping.sandboxPath);
+    return replaceAll(next, host.home, SANDBOX_HOME);
+};

package/dist/core/services/profile.js

@@ -0,0 +1,50 @@
+import { CLAUDE_PROFILE_MANIFEST_PATHS, CLAUDE_SKILLS_PATH, joinClaudeLocalPath, } from "../../agents/claude-paths.js";
+import { listSkillNames } from "../paths.js";
+const CLAUDE_SKILL_SIZE_LIMIT = 5 * 1024 * 1024;
+const joinHome = (home, path) => `${home}/${path}`;
+const hasPathSegment = (path, segment) => path.split("/").includes(segment);
+export class ProfileService {
+    host;
+    agent;
+    constructor(host, agent) {
+        this.host = host;
+        this.agent = agent;
+    }
+    listClaudeProfileEntries() {
+        const entries = CLAUDE_PROFILE_MANIFEST_PATHS.filter((path) => this.host.exists(joinHome(this.host.home, path)));
+        const skillsRoot = joinClaudeLocalPath(this.host.home, CLAUDE_SKILLS_PATH);
+        for (const name of listSkillNames(this.host, skillsRoot)) {
+            const skillDir = `${skillsRoot}/${name}`;
+            if (this.host.isSymlink(skillDir))
+                continue;
+            if (!this.host.exists(`${skillDir}/SKILL.md`))
+                continue;
+            if (this.host.isSymlink(`${skillDir}/SKILL.md`))
+                continue;
+            if (this.host.exists(`${skillDir}/.git`))
+                continue;
+            if (this.host
+                .walk(skillDir)
+                .some((path) => hasPathSegment(path.slice(skillDir.length + 1), "node_modules")))
+                continue;
+            if (this.host.dirSizeBytes(skillDir) >= CLAUDE_SKILL_SIZE_LIMIT)
+                continue;
+            entries.push(`${CLAUDE_SKILLS_PATH}/${name}`);
+        }
+        return entries;
+    }
+    listProfileEntries() {
+        if (this.agent.id === "claude-code")
+            return this.listClaudeProfileEntries();
+        return this.agent
+            .profilePaths(this.host.home)
+            .filter((path) => this.host.exists(joinHome(this.host.home, path)));
+    }
+    async build(outPath) {
+        const entries = this.listProfileEntries();
+        if (entries.length === 0)
+            return null;
+        await this.host.copyTree(this.host.home, entries, outPath);
+        return outPath;
+    }
+}