sandhop 0.1.0

package/dist/core/services/reinstall.js

@@ -0,0 +1,159 @@
+import { CLAUDE_INSTALLED_PLUGINS_PATH, CLAUDE_KNOWN_MARKETPLACES_PATH, CLAUDE_SETTINGS_PATH, CLAUDE_SKILLS_PATH, joinClaudeHomePath, joinClaudeLocalPath, } from "../../agents/claude-paths.js";
+import { isRecord } from "../json.js";
+import { dirname, joinPath, listSkillNames, normalizePath } from "../paths.js";
+import { quoteShellPath, shellQuote } from "../shell.js";
+const readLinkedPath = (path, target) => normalizePath(target.startsWith("/") ? target : joinPath(dirname(path), target));
+const readJsonRecord = (host, path) => {
+    const text = host.readFile(path);
+    if (text === null)
+        return null;
+    const parsed = JSON.parse(text);
+    if (!isRecord(parsed))
+        throw new Error(`Expected JSON object at ${path}`);
+    return parsed;
+};
+const readMarketplaceSource = (path, name, value) => {
+    if (!isRecord(value))
+        throw new Error(`Expected marketplace object ${name}`);
+    const source = value.source;
+    if (!isRecord(source))
+        throw new Error(`Expected marketplace source ${name}`);
+    const repo = source.repo;
+    if (typeof repo === "string")
+        return repo;
+    const url = source.url;
+    if (typeof url === "string")
+        return url;
+    throw new Error(`Expected marketplace repo or url in ${path} for ${name}`);
+};
+const readPluginKeys = (path, value) => {
+    if (!isRecord(value))
+        throw new Error(`Expected installed plugins object at ${path}`);
+    const plugins = value.plugins;
+    if (!isRecord(plugins))
+        throw new Error(`Expected plugins map at ${path}`);
+    return Object.keys(plugins);
+};
+const readDisabledPlugins = (path, value) => {
+    if (!isRecord(value))
+        throw new Error(`Expected settings object at ${path}`);
+    const enabled = value.enabledPlugins;
+    if (enabled === undefined)
+        return [];
+    if (!isRecord(enabled))
+        throw new Error(`Expected enabledPlugins object at ${path}`);
+    return Object.entries(enabled)
+        .map(([name, state]) => {
+        if (state === false)
+            return name;
+        if (state === true)
+            return null;
+        throw new Error(`Expected boolean enabledPlugins.${name} at ${path}`);
+    })
+        .filter((name) => name !== null);
+};
+const toRemoteSkillPath = (localPath, gitSkills) => {
+    for (const skill of gitSkills) {
+        if (localPath === skill.localDir)
+            return skill.remoteDir;
+        if (localPath.startsWith(`${skill.localDir}/`))
+            return `${skill.remoteDir}${localPath.slice(skill.localDir.length)}`;
+    }
+    return null;
+};
+const readSymlinkSource = (host, skillDir) => {
+    if (host.isSymlink(skillDir)) {
+        const target = readLinkedPath(skillDir, host.readlink(skillDir));
+        return target.endsWith("/SKILL.md") ? target : `${target}/SKILL.md`;
+    }
+    const skillFile = `${skillDir}/SKILL.md`;
+    if (host.exists(skillFile) && host.isSymlink(skillFile))
+        return readLinkedPath(skillFile, host.readlink(skillFile));
+    return null;
+};
+export class ReinstallService {
+    host;
+    agent;
+    constructor(host, agent) {
+        this.host = host;
+        this.agent = agent;
+    }
+    listMarketplaceCommands() {
+        const path = joinClaudeLocalPath(this.host.home, CLAUDE_KNOWN_MARKETPLACES_PATH);
+        const record = readJsonRecord(this.host, path);
+        if (record === null)
+            return [];
+        return Object.keys(record).map((name) => `claude plugin marketplace add ${readMarketplaceSource(path, name, record[name])}`);
+    }
+    listPluginCommands() {
+        const path = joinClaudeLocalPath(this.host.home, CLAUDE_INSTALLED_PLUGINS_PATH);
+        const record = readJsonRecord(this.host, path);
+        if (record === null)
+            return [];
+        return readPluginKeys(path, record).map((plugin) => `claude plugin install ${plugin} --scope user`);
+    }
+    listDisableCommands() {
+        const path = joinClaudeLocalPath(this.host.home, CLAUDE_SETTINGS_PATH);
+        const record = readJsonRecord(this.host, path);
+        if (record === null)
+            return [];
+        return readDisabledPlugins(path, record).map((plugin) => `claude plugin disable ${plugin}`);
+    }
+    listGitSkillCommands() {
+        const skillsRoot = joinClaudeLocalPath(this.host.home, CLAUDE_SKILLS_PATH);
+        const commands = [];
+        const gitSkills = [];
+        for (const name of listSkillNames(this.host, skillsRoot)) {
+            const localDir = `${skillsRoot}/${name}`;
+            if (this.host.isSymlink(localDir))
+                continue;
+            const gitDir = `${localDir}/.git`;
+            if (!this.host.exists(gitDir))
+                continue;
+            const remoteDir = joinClaudeHomePath(`${CLAUDE_SKILLS_PATH}/${name}`);
+            const url = this.host
+                .exec("git", ["-C", localDir, "config", "--get", "remote.origin.url"])
+                .trim();
+            const ref = this.host
+                .exec("git", ["-C", localDir, "rev-parse", "HEAD"])
+                .trim();
+            gitSkills.push({ name, localDir, remoteDir });
+            const clone = `git clone ${shellQuote(url)} ${quoteShellPath(remoteDir)}`;
+            const checkout = `git -C ${quoteShellPath(remoteDir)} checkout ${shellQuote(ref)}`;
+            commands.push(`${clone} && ${checkout}`);
+        }
+        return { commands, gitSkills };
+    }
+    listSymlinkSkillCommands(gitSkills) {
+        const skillsRoot = joinClaudeLocalPath(this.host.home, CLAUDE_SKILLS_PATH);
+        const commands = [];
+        for (const name of listSkillNames(this.host, skillsRoot)) {
+            const skillDir = `${skillsRoot}/${name}`;
+            const localSource = readSymlinkSource(this.host, skillDir);
+            if (localSource === null)
+                continue;
+            const remoteSource = toRemoteSkillPath(localSource, gitSkills);
+            if (remoteSource === null)
+                continue;
+            const remoteSkillDir = joinClaudeHomePath(`${CLAUDE_SKILLS_PATH}/${name}`);
+            const mkdir = `mkdir -p ${quoteShellPath(remoteSkillDir)}`;
+            const link = `ln -sf ${quoteShellPath(remoteSource)} ${quoteShellPath(`${remoteSkillDir}/SKILL.md`)}`;
+            commands.push(`${mkdir} && ${link}`);
+        }
+        return commands;
+    }
+    plan() {
+        if (!this.agent.supportsReinstall())
+            return { commands: [] };
+        const gitSkillPlan = this.listGitSkillCommands();
+        return {
+            commands: [
+                ...this.listMarketplaceCommands(),
+                ...this.listPluginCommands(),
+                ...this.listDisableCommands(),
+                ...gitSkillPlan.commands,
+                ...this.listSymlinkSkillCommands(gitSkillPlan.gitSkills),
+            ],
+        };
+    }
+}

package/dist/core/services/scripts.js

@@ -0,0 +1,142 @@
+import { CLAUDE_SETTINGS_PATH, CLAUDE_SETTINGS_SANDBOX_PATH, joinClaudeLocalPath, } from "../../agents/claude-paths.js";
+import { isRecord } from "../json.js";
+import { expandEnv, joinPath, normalizePath } from "../paths.js";
+import { installCmd } from "./mcp-classify.js";
+import { hasRootMarker, LOCAL_PATH_EXCLUDES, maybeRealpath, nearestRoot, remapValue, sandboxPath, } from "./mcp-paths.js";
+export { LOCAL_PATH_EXCLUDES };
+const PATH_TOKEN = /(?:^|[\s"'(=;&|])((?:~\/|\$HOME\/|\$\{HOME\}\/|\/|\.\/|\.\.\/)[^"'`\s;&|)<>]*)/g;
+const expandTokenPath = (host, token, cwd) => {
+    const expanded = expandEnv(token, host.home, host.env);
+    if (expanded.startsWith("./") || expanded.startsWith("../"))
+        return normalizePath(joinPath(cwd, expanded));
+    return normalizePath(expanded);
+};
+const readScriptRoot = (host, localPath) => {
+    const root = nearestRoot(host, localPath);
+    return hasRootMarker(host, root) ? root : localPath;
+};
+const readScriptTokens = (host, command, cwd) => {
+    const scripts = [];
+    for (const match of command.matchAll(PATH_TOKEN)) {
+        const token = match[1];
+        const expanded = expandTokenPath(host, token, cwd);
+        const real = maybeRealpath(host, expanded);
+        if (real === null || host.isDirectory(real))
+            continue;
+        scripts.push({ token, localPath: real, root: readScriptRoot(host, real) });
+    }
+    return scripts;
+};
+const mapScriptPath = (host, token) => {
+    const mapping = {
+        localPath: token.root,
+        sandboxPath: sandboxPath(host, token.root),
+    };
+    return remapValue(token.localPath, host, [mapping]);
+};
+const rewriteCommand = (ctx, command) => {
+    let next = command;
+    let changed = false;
+    for (const token of readScriptTokens(ctx.host, command, ctx.cwd)) {
+        ctx.roots.add(token.root);
+        next = next.split(token.token).join(mapScriptPath(ctx.host, token));
+        changed = true;
+    }
+    return { command: next, changed };
+};
+const rewriteCommandField = (ctx, record) => {
+    const command = record.command;
+    if (typeof command !== "string")
+        return false;
+    const rewritten = rewriteCommand(ctx, command);
+    if (!rewritten.changed)
+        return false;
+    record.command = rewritten.command;
+    return true;
+};
+const rewriteHookGroups = (ctx, value) => {
+    if (!isRecord(value))
+        return false;
+    let changed = false;
+    for (const entries of Object.values(value)) {
+        if (!Array.isArray(entries))
+            continue;
+        for (const entry of entries) {
+            if (!isRecord(entry) || !Array.isArray(entry.hooks))
+                continue;
+            for (const hook of entry.hooks) {
+                if (isRecord(hook) && rewriteCommandField(ctx, hook))
+                    changed = true;
+            }
+        }
+    }
+    return changed;
+};
+const rewriteApiKeyHelper = (ctx, settings) => {
+    const helper = settings.apiKeyHelper;
+    if (typeof helper !== "string")
+        return false;
+    const rewritten = rewriteCommand(ctx, helper);
+    if (!rewritten.changed)
+        return false;
+    settings.apiKeyHelper = rewritten.command;
+    return true;
+};
+const rewriteSettings = (host, cwd, settings, roots) => {
+    const ctx = { host, cwd, roots };
+    let changed = false;
+    if (rewriteHookGroups(ctx, settings.hooks))
+        changed = true;
+    if (isRecord(settings.statusLine) &&
+        rewriteCommandField(ctx, settings.statusLine))
+        changed = true;
+    if (rewriteApiKeyHelper(ctx, settings))
+        changed = true;
+    return changed;
+};
+const settingsFiles = (host, cwd) => [
+    {
+        localPath: joinClaudeLocalPath(host.home, CLAUDE_SETTINGS_PATH),
+        sandboxPath: CLAUDE_SETTINGS_SANDBOX_PATH,
+        cwd,
+    },
+    {
+        localPath: `${cwd}/${CLAUDE_SETTINGS_PATH}`,
+        sandboxPath: `${cwd}/${CLAUDE_SETTINGS_PATH}`,
+        cwd,
+    },
+];
+export class ScriptCaptureService {
+    host;
+    constructor(host) {
+        this.host = host;
+    }
+    plan(cwd) {
+        const roots = new Set();
+        const rewrites = [];
+        for (const file of settingsFiles(this.host, cwd)) {
+            const text = this.host.readFile(file.localPath);
+            if (text === null)
+                continue;
+            const settings = JSON.parse(text);
+            if (!isRecord(settings))
+                throw new Error(`Expected settings object at ${file.localPath}`);
+            if (!rewriteSettings(this.host, file.cwd, settings, roots))
+                continue;
+            rewrites.push({
+                localPath: file.localPath,
+                sandboxPath: file.sandboxPath,
+                content: `${JSON.stringify(settings, null, 2)}\n`,
+            });
+        }
+        const mappings = [...roots].sort().map((localPath) => ({
+            localPath,
+            sandboxPath: sandboxPath(this.host, localPath),
+        }));
+        const installCmds = mappings.flatMap((mapping) => this.host.isDirectory(mapping.localPath) &&
+            hasRootMarker(this.host, mapping.localPath)
+            ? installCmd(this.host, mapping.localPath, mapping.sandboxPath)
+            : []);
+        return { mappings, rewrites, installCmds };
+    }
+}

package/dist/core/services/secrets.js

@@ -0,0 +1,68 @@
+const remotePath = (home, path) => {
+    if (path === home)
+        return "$HOME";
+    if (path.startsWith(`${home}/`))
+        return `$HOME${path.slice(home.length)}`;
+    return path;
+};
+const HOST_ENV_NAMES = new Set([
+    "HOME",
+    "PATH",
+    "PWD",
+    "OLDPWD",
+    "USER",
+    "LOGNAME",
+    "SHELL",
+    "SHLVL",
+    "TERM",
+    "TMPDIR",
+    "TMP",
+    "TEMP",
+    "LANG",
+    "LC_ALL",
+    "LC_CTYPE",
+    "MAIL",
+    "EDITOR",
+]);
+const HOST_ENV_PATTERN = /^(npm_config_|NODE_|FNM_|__MISE|MISE_|NVM_|VOLTA_|ZSH|BASH)/i;
+const isHostEnvName = (name) => HOST_ENV_NAMES.has(name) || HOST_ENV_PATTERN.test(name);
+export class SecretsService {
+    host;
+    agent;
+    constructor(host, agent) {
+        this.host = host;
+        this.agent = agent;
+    }
+    collect(cwd, inputs) {
+        const names = new Set();
+        for (const path of this.agent.mcpConfigPaths(this.host.home, cwd)) {
+            const text = this.host.readFile(path);
+            if (text === null)
+                continue;
+            for (const name of this.agent.mcpEnvRefs(text))
+                names.add(name);
+        }
+        if (inputs !== undefined) {
+            for (const name of inputs.envRefs)
+                names.add(name);
+        }
+        const envs = {};
+        for (const name of [...names].sort()) {
+            if (isHostEnvName(name))
+                continue;
+            const value = this.host.env[name];
+            if (value !== undefined)
+                envs[name] = value;
+        }
+        const files = [];
+        if (inputs !== undefined) {
+            for (const path of [...inputs.referencedFiles].sort()) {
+                const content = this.host.readFile(path);
+                if (content === null)
+                    throw new Error(`Referenced MCP file not found: ${path}`);
+                files.push({ path: remotePath(this.host.home, path), content });
+            }
+        }
+        return { envs, files };
+    }
+}

package/dist/core/services/session.js

@@ -0,0 +1,23 @@
+export class SessionService {
+    host;
+    agent;
+    constructor(host, agent) {
+        this.host = host;
+        this.agent = agent;
+    }
+    latest(cwd) {
+        const sessions = this.agent.matchSession(this.host, cwd);
+        const session = sessions[0];
+        if (!session)
+            throw new Error(`No ${this.agent.id} session transcript found for ${cwd}`);
+        return session;
+    }
+    byId(cwd, id) {
+        const session = this.agent
+            .matchSession(this.host, cwd)
+            .find((candidate) => candidate.sessionId === id);
+        if (!session)
+            throw new Error(`No ${this.agent.id} session transcript found for ${cwd} (id ${id})`);
+        return session;
+    }
+}

package/dist/core/services/teleport.js

@@ -0,0 +1,71 @@
+import { buildManifest } from "../manifest.js";
+import { makeTempPath, sandboxExpandHome } from "../paths.js";
+import { randomToken } from "../rand.js";
+import { shellQuote } from "../shell.js";
+import { makeTarGzipCommand } from "./transfer.js";
+export class TeleportService {
+    provider;
+    agent;
+    services;
+    constructor(provider, agent, services) {
+        this.provider = provider;
+        this.agent = agent;
+        this.services = services;
+    }
+    async run(cwd, opts) {
+        const user = "sandhop";
+        const pass = randomToken(24);
+        opts.onProgress?.("snapshotting");
+        const [bundle, session, baseSecrets, auth, cliVersion] = await Promise.all([
+            this.services.host.realpath(cwd),
+            opts.sessionId === undefined
+                ? this.services.session.latest(cwd)
+                : this.services.session.byId(cwd, opts.sessionId),
+            this.services.secrets.collect(cwd),
+            this.services.auth.extract(),
+            this.services.version.detect(),
+        ]);
+        const manifest = buildManifest({
+            agent: this.agent.id,
+            cliVersion,
+            cwd,
+            sessionId: session.sessionId,
+            transcriptName: session.transcriptName,
+            ts: Date.now(),
+        });
+        const envs = { ...baseSecrets.envs, ...auth.envs };
+        opts.onProgress?.("creating sandbox");
+        const sandbox = await this.provider.create({
+            envs,
+            timeoutMs: opts.timeoutMs,
+            ports: [7681],
+        });
+        opts.onProgress?.("uploading bundle");
+        const bundlePath = makeTempPath("bundle.tgz");
+        await this.services.host.spawnPipe(makeTarGzipCommand(bundlePath, bundle));
+        await sandbox.uploadFile("/tmp/bundle.tgz", this.services.host.readBytes(bundlePath));
+        await sandbox.uploadFile("/tmp/transcript.jsonl", this.services.host.readBytes(session.transcriptPath));
+        for (const file of baseSecrets.files)
+            await sandbox.uploadFile(sandboxExpandHome(file.path), file.content);
+        for (const file of auth.files)
+            await sandbox.uploadFile(sandboxExpandHome(file.path), file.content);
+        opts.onProgress?.(`installing ${this.agent.pkg}@${manifest.cliVersion} + ttyd`);
+        const restore = await sandbox.exec(this.services.bootstrap.render(manifest, {
+            transportSteps: opts.transport.bootstrapSteps(),
+        }));
+        if (restore.exitCode !== 0 ||
+            !restore.stdout.includes("SANDHOP_RESTORE_OK"))
+            throw new Error(`Restore failed: ${restore.stderr || restore.stdout}`);
+        opts.onProgress?.("restoring session");
+        const resume = this.agent.resumeCmd(session.sessionId, manifest.remoteProj);
+        const bind = opts.transport.ttydBindAddress();
+        const bindFlag = bind === "0.0.0.0" ? "" : `-i ${bind} `;
+        await sandbox.spawn(`ttyd ${bindFlag}-p 7681 -W -c ${user}:${pass} bash -lc ${shellQuote(resume)}`);
+        const { url } = await opts.transport.expose({
+            sandbox,
+            localPort: 7681,
+        });
+        opts.onProgress?.("ready");
+        return { url, sandboxId: sandbox.id, user, pass };
+    }
+}

package/dist/core/services/transfer.js

@@ -0,0 +1,107 @@
+import pLimit from "p-limit";
+import { basename, dirname } from "../paths.js";
+import { randomToken } from "../rand.js";
+import { LOW_PRIORITY_SETUP, shellQuote } from "../shell.js";
+const CHUNK_BYTES = 90 * 1024 * 1024;
+const UPLOAD_CONCURRENCY = 8;
+const safeLabel = (label) => label.replace(/[^A-Za-z0-9.-]/g, "-");
+const readCodec = (opts) => {
+    if (opts === undefined)
+        return "gzip";
+    return opts.codec;
+};
+const makeArchivePath = (safe, id, codec) => `/tmp/sandhop-${safe}-${id}.${codec === "gzip" ? "tar.gz" : "tar.zst"}`;
+const TAR_CREATE_SETUP = [
+    "export COPYFILE_DISABLE=1",
+    'SANDHOP_TAR_MAC_FLAGS=""',
+    'case "$(tar --help 2>/dev/null)" in *--no-mac-metadata*) SANDHOP_TAR_MAC_FLAGS="--no-mac-metadata";; esac',
+].join("; ");
+const tarSource = (path, isDirectory) => isDirectory
+    ? { cwd: path, entry: "." }
+    : { cwd: dirname(path), entry: basename(path) };
+const tarExcludeArgs = (excludes) => excludes === undefined
+    ? ""
+    : excludes.map((exclude) => ` --exclude ${shellQuote(exclude)}`).join("");
+const tarEntryArg = (entry) => entry === "." ? "." : shellQuote(entry);
+export const makeTarGzipCommand = (archive, cwd, opts) => {
+    const source = tarSource(cwd, opts?.isDirectory !== false);
+    return [
+        `${TAR_CREATE_SETUP}; tar $SANDHOP_TAR_MAC_FLAGS${tarExcludeArgs(opts?.excludes)}`,
+        `-czf ${shellQuote(archive)}`,
+        `-C ${shellQuote(source.cwd)}`,
+        tarEntryArg(source.entry),
+    ].join(" ");
+};
+const makeTarStreamCommand = (path, isDirectory, excludes) => {
+    const source = tarSource(path, isDirectory);
+    return [
+        `${TAR_CREATE_SETUP}; tar $SANDHOP_TAR_MAC_FLAGS${tarExcludeArgs(excludes)}`,
+        "-cf -",
+        `-C ${shellQuote(source.cwd)}`,
+        tarEntryArg(source.entry),
+    ].join(" ");
+};
+const makeCompressionCommand = (codec, localPath, archive, isDirectory, excludes) => {
+    if (codec === "gzip")
+        return makeTarGzipCommand(archive, localPath, { isDirectory, excludes });
+    return [
+        makeTarStreamCommand(localPath, isDirectory, excludes),
+        `zstd -T0 -8 --long=27 --check -o ${shellQuote(archive)} -f`,
+    ].join(" | ");
+};
+const makeExtractionCommands = (codec, remoteArchive, sandboxDestDir, lowPriority) => {
+    const runExtract = (cmd) => lowPriority ? `$SANDHOP_LOW_PRIORITY sh -lc ${shellQuote(cmd)}` : cmd;
+    if (codec === "gzip")
+        return [
+            `gzip -t ${shellQuote(remoteArchive)}`,
+            `mkdir -p ${shellQuote(sandboxDestDir)}`,
+            runExtract(`tar -xzf ${shellQuote(remoteArchive)} -C ${shellQuote(sandboxDestDir)}`),
+        ];
+    return [
+        `zstd -t ${shellQuote(remoteArchive)}`,
+        `mkdir -p ${shellQuote(sandboxDestDir)}`,
+        runExtract(`zstd -d --long=27 -c ${shellQuote(remoteArchive)} | tar -xf - -C ${shellQuote(sandboxDestDir)}`),
+    ];
+};
+export class TransferService {
+    host;
+    sandbox;
+    constructor(host, sandbox) {
+        this.host = host;
+        this.sandbox = sandbox;
+    }
+    async send(localPath, sandboxDestPath, label, opts) {
+        const safe = safeLabel(label);
+        const id = randomToken(12);
+        const codec = readCodec(opts);
+        const isDirectory = !this.host.exists(localPath) || this.host.isDirectory(localPath);
+        const sandboxDestDir = isDirectory
+            ? sandboxDestPath
+            : dirname(sandboxDestPath);
+        const archive = makeArchivePath(safe, id, codec);
+        const prefix = `/tmp/sandhop-${safe}-${id}.part.`;
+        await this.host.spawnPipe(makeCompressionCommand(codec, localPath, archive, isDirectory, opts?.excludes));
+        const chunks = await this.host.splitFile(archive, CHUNK_BYTES, prefix);
+        const chunkSizes = chunks.map((chunk) => this.host.fileSize(chunk));
+        const remoteChunks = chunks.map((chunk) => `/tmp/sandhop-${safe}-${id}.${basename(chunk)}`);
+        const limit = pLimit(UPLOAD_CONCURRENCY);
+        await Promise.all(chunks.map((chunk, index) => limit(async (localChunk, remoteChunk) => {
+            await this.sandbox.uploadPath(remoteChunk, localChunk);
+        }, chunk, remoteChunks[index])));
+        const totalBytes = chunkSizes.reduce((sum, size) => sum + size, 0);
+        const remoteArchive = makeArchivePath(safe, id, codec);
+        const catInputs = remoteChunks.map(shellQuote).join(" ");
+        const cleanup = [remoteArchive, ...remoteChunks].map(shellQuote).join(" ");
+        const lowPriority = opts?.lowPriority === true;
+        const restore = await this.sandbox.exec([
+            "set -e",
+            ...(lowPriority ? [LOW_PRIORITY_SETUP] : []),
+            `cat ${catInputs} > ${shellQuote(remoteArchive)}`,
+            `test "$(wc -c < ${shellQuote(remoteArchive)} | tr -d ' ')" = ${shellQuote(String(totalBytes))}`,
+            ...makeExtractionCommands(codec, remoteArchive, sandboxDestDir, lowPriority),
+            `rm -f ${cleanup}`,
+        ].join("\n"));
+        if (restore.exitCode !== 0)
+            throw new Error(`Transfer failed for ${label}: ${restore.stderr}`);
+    }
+}

package/dist/core/services/version.js

@@ -0,0 +1,14 @@
+export class VersionService {
+    host;
+    agent;
+    constructor(host, agent) {
+        this.host = host;
+        this.agent = agent;
+    }
+    detect() {
+        const output = this.host
+            .exec(this.agent.bin, this.agent.detectVersionArgs)
+            .trim();
+        return this.agent.parseVersion(output);
+    }
+}

package/dist/core/shell.js

@@ -0,0 +1,14 @@
+export const shellQuote = (value) => `'${value.replaceAll("'", "'\\''")}'`;
+export const shellLog = (value) => value
+    .replaceAll("\\", "\\\\")
+    .replaceAll('"', '\\"')
+    .replaceAll("$", "\\$")
+    .replaceAll("`", "\\`");
+export const quoteHomePath = (path) => path.startsWith("$HOME") ? `"${path}"` : path;
+export const quoteShellPath = (value) => `"${shellLog(value)
+    .replaceAll("\\$HOME", "$HOME")
+    .replaceAll("\\${HOME}", "${HOME}")}"`;
+export const LOW_PRIORITY_SETUP = 'SANDHOP_LOW_PRIORITY="nice -n 19"; if command -v ionice >/dev/null 2>&1; then SANDHOP_LOW_PRIORITY="nice -n 19 ionice -c3"; fi';
+export const SUDO_SETUP = 'SUDO=""; if [ "$(id -u)" != 0 ] && command -v sudo >/dev/null 2>&1; then SUDO="sudo"; fi';
+export const nonFatal = (cmd) => `${cmd} || { echo "[sandhop] step failed: ${shellLog(cmd)}" >&2; true; }`;
+export const runLowPriority = (cmd) => `$SANDHOP_LOW_PRIORITY sh -lc ${shellQuote(cmd)}`;