sapper-ai 0.6.1 → 0.7.0

package/dist/cli.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAkBA,wBAAsB,MAAM,CAAC,IAAI,GAAE,MAAM,EAA0B,GAAG,OAAO,CAAC,MAAM,CAAC,CAuFpF"}
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAmBA,wBAAsB,MAAM,CAAC,IAAI,GAAE,MAAM,EAA0B,GAAG,OAAO,CAAC,MAAM,CAAC,CAiGpF"}

package/dist/cli.js

@@ -39,7 +39,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.runCli = runCli;
 const node_fs_1 = require("node:fs");
-const node_child_process_1 = require("node:child_process");
 const node_os_1 = require("node:os");
 const node_path_1 = require("node:path");
 const readline = __importStar(require("node:readline"));
@@ -50,6 +49,8 @@ const harden_1 = require("./harden");
 const quarantine_1 = require("./quarantine");
 const wrapConfig_1 = require("./mcp/wrapConfig");
 const scan_1 = require("./scan");
+const detect_1 = require("./openclaw/detect");
+const scanner_1 = require("./openclaw/scanner");
 const env_1 = require("./utils/env");
 async function runCli(argv = process.argv.slice(2)) {
     if (argv[0] === '--help' || argv[0] === '-h') {
@@ -84,6 +85,17 @@ async function runCli(argv = process.argv.slice(2)) {
         }
         return scanExitCode;
     }
+    if (argv[0] === 'openclaw') {
+        if (argv[1] === '--help' || argv[1] === '-h') {
+            printUsage();
+            return 0;
+        }
+        if (argv.length > 1) {
+            printUsage();
+            return 1;
+        }
+        return runOpenClawWizard();
+    }
     if (argv[0] === 'harden') {
         const parsed = parseHardenArgs(argv.slice(1));
         if (!parsed) {
@@ -111,9 +123,6 @@ async function runCli(argv = process.argv.slice(2)) {
         }
         return (0, quarantine_1.runQuarantineRestore)({ id: parsed.id, quarantineDir: parsed.quarantineDir, force: parsed.force });
     }
-    if (argv[0] === 'dashboard') {
-        return runDashboard();
-    }
     if (argv[0] !== 'init') {
         printUsage();
         return 1;
@@ -139,6 +148,7 @@ Usage:
   sapper-ai scan --harden     After scan, offer to apply recommended hardening
   sapper-ai scan --no-open    Skip opening report in browser
   sapper-ai scan --no-save    Skip saving scan results to ~/.sapperai/scans/
+  sapper-ai openclaw          OpenClaw skill security scanner
   sapper-ai harden            Plan recommended setup changes (no writes)
   sapper-ai harden --apply    Apply recommended project changes
   sapper-ai harden --include-system   Include system changes (home directory)
@@ -147,7 +157,6 @@ Usage:
   sapper-ai quarantine list   List quarantined files
   sapper-ai quarantine restore <id> [--force]  Restore quarantined file by id
   sapper-ai init          Interactive setup wizard
-  sapper-ai dashboard     Launch web dashboard
   sapper-ai --help        Show this help
 
 Learn more: https://github.com/sapper-ai/sapperai
@@ -445,6 +454,140 @@ function displayPath(path) {
         return '~';
     return path.startsWith(home + '/') ? `~/${path.slice(home.length + 1)}` : path;
 }
+function defaultOpenClawAction(dockerAvailable) {
+    return dockerAvailable ? 'scan_static_dynamic' : 'scan_static_only';
+}
+function isOpenClawPromptEnabled() {
+    return process.stdout.isTTY === true && process.stdin.isTTY === true && (0, env_1.isCiEnv)(process.env) !== true;
+}
+async function promptOpenClawAction(dockerAvailable) {
+    if (!isOpenClawPromptEnabled()) {
+        return defaultOpenClawAction(dockerAvailable);
+    }
+    const choices = [];
+    if (dockerAvailable) {
+        choices.push({
+            name: 'Scan all skills (static + dynamic analysis)',
+            value: 'scan_static_dynamic',
+        });
+    }
+    choices.push({
+        name: 'Scan all skills (static only)',
+        value: 'scan_static_only',
+    });
+    choices.push({
+        name: 'Harden configuration',
+        value: 'harden',
+    });
+    return (0, select_1.default)({
+        message: 'What would you like to do?',
+        choices,
+        default: defaultOpenClawAction(dockerAvailable),
+    });
+}
+function createOpenClawProgressHandler() {
+    if (process.stdout.isTTY !== true) {
+        return () => { };
+    }
+    let previousPhase = null;
+    return (event) => {
+        const label = event.phase === 'static' ? '  Phase 1 - Static analysis' : '  Phase 2 - Dynamic analysis';
+        if (previousPhase !== null && previousPhase !== event.phase) {
+            process.stdout.write('\n');
+        }
+        previousPhase = event.phase;
+        process.stdout.write(`\r${label}: ${event.completed}/${event.total}`);
+        if (event.completed >= event.total) {
+            process.stdout.write('\n');
+        }
+    };
+}
+async function runOpenClawWizard() {
+    console.log('\n  Detecting your environment...\n');
+    const environment = await (0, detect_1.detectOpenClawEnvironment)({ cwd: process.cwd() });
+    console.log('  Found:');
+    if (environment.installed) {
+        const versionSuffix = environment.version ? ` (v${environment.version})` : '';
+        console.log(`    OpenClaw Gateway${versionSuffix}`);
+    }
+    else {
+        console.log('    OpenClaw Gateway: not detected');
+    }
+    if (environment.skillsPaths.length === 0) {
+        console.log('    Skills directory: not detected');
+    }
+    else {
+        console.log(`    Skills directories: ${environment.skillsPaths.length}`);
+        for (const skillPath of environment.skillsPaths) {
+            console.log(`      - ${displayPath(skillPath)}`);
+        }
+    }
+    console.log(`    Skills discovered: ${environment.skillCount}`);
+    if (environment.dockerAvailable) {
+        const composeStatus = environment.dockerComposeAvailable ? 'yes' : 'no';
+        console.log(`    Docker: available (compose: ${composeStatus})`);
+    }
+    else {
+        console.log('    Docker: not available');
+    }
+    console.log();
+    if (!environment.installed && environment.skillsPaths.length === 0) {
+        console.log('  OpenClaw not detected. Add skills under ~/.openclaw/skills or ./skills and rerun.\n');
+        return 1;
+    }
+    const action = await promptOpenClawAction(environment.dockerAvailable);
+    if (action === 'harden') {
+        return (0, harden_1.runHarden)({
+            apply: true,
+            includeSystem: true,
+        });
+    }
+    if (environment.skillCount === 0) {
+        console.log('  No skill markdown files found in detected paths.\n');
+        return 0;
+    }
+    const dynamicRequested = action === 'scan_static_dynamic' && environment.dockerAvailable;
+    const policy = (0, scanner_1.resolveOpenClawPolicy)({ cwd: process.cwd() });
+    const scanResult = await (0, scanner_1.scanSkills)(environment.skillsPaths, policy, {
+        dynamicAnalysis: dynamicRequested,
+        quarantineOnRisk: true,
+        quarantineDir: process.env.SAPPERAI_QUARANTINE_DIR ?? (0, node_path_1.join)((0, node_os_1.homedir)(), '.openclaw', 'quarantine'),
+        onProgress: createOpenClawProgressHandler(),
+    });
+    const safeCount = scanResult.results.filter((entry) => entry.decision === 'safe').length;
+    const suspiciousCount = scanResult.results.filter((entry) => entry.decision === 'suspicious').length;
+    const quarantinedCount = scanResult.results.filter((entry) => entry.decision === 'quarantined').length;
+    console.log('\n  Results:');
+    console.log(`    ${safeCount} skills safe`);
+    console.log(`    ${suspiciousCount} skills suspicious`);
+    console.log(`    ${quarantinedCount} skills quarantined`);
+    if (dynamicRequested && scanResult.dynamicStatus === 'skipped_unconfigured') {
+        console.log('\n  Dynamic analysis requested but no dynamic analyzer is configured yet.');
+        console.log('  Static analysis results are shown.\n');
+    }
+    if (dynamicRequested && scanResult.dynamicStatus === 'skipped_unavailable') {
+        console.log('\n  Dynamic analysis requested but the dynamic analyzer is unavailable in this environment.');
+        console.log('  Static analysis results are shown.\n');
+    }
+    if (quarantinedCount > 0) {
+        console.log('\n  Quarantined skills:');
+        const quarantined = scanResult.results.filter((entry) => entry.decision === 'quarantined');
+        for (const entry of quarantined) {
+            const reasons = entry.dynamicResult?.findings?.length
+                ? entry.dynamicResult.findings.map((finding) => `${finding.honeytoken.envVar} -> ${finding.destination}`)
+                : entry.staticResult?.reasons ?? [];
+            const reasonText = reasons.length > 0 ? reasons[0] : 'High-risk behavior detected';
+            console.log(`    - ${entry.skillName} (${displayPath(entry.skillPath)}): ${reasonText}`);
+        }
+    }
+    if (suspiciousCount > 0) {
+        console.log('\n  Suspicious skills require manual review.\n');
+    }
+    else {
+        console.log('\n  Scan complete.\n');
+    }
+    return quarantinedCount > 0 || suspiciousCount > 0 ? 1 : 0;
+}
 async function promptScanScope(cwd) {
     const answer = await (0, select_1.default)({
         message: 'Scan scope:',
@@ -524,43 +667,6 @@ async function resolveScanOptions(args) {
     }
     return { ...common, targets: [cwd], deep: true, ai, scopeLabel: 'Current + subdirectories' };
 }
-async function runDashboard() {
-    const configuredPort = process.env.PORT;
-    const standalonePort = configuredPort ?? '4100';
-    const devPort = configuredPort ?? '3000';
-    try {
-        // eslint-disable-next-line @typescript-eslint/no-var-requires
-        const startPath = require.resolve('@sapper-ai/dashboard/bin/start');
-        process.env.PORT = standalonePort;
-        // eslint-disable-next-line @typescript-eslint/no-var-requires
-        require(startPath);
-        return await new Promise((resolveExit) => {
-            const stop = () => resolveExit(0);
-            process.once('SIGINT', stop);
-            process.once('SIGTERM', stop);
-        });
-    }
-    catch {
-    }
-    const webDir = (0, node_path_1.resolve)(__dirname, '../../../apps/web');
-    if ((0, node_fs_1.existsSync)((0, node_path_1.resolve)(webDir, 'package.json'))) {
-        console.log(`\n  SapperAI Dashboard (dev): http://localhost:${devPort}/dashboard\n`);
-        console.log('  Press Ctrl+C to stop\n');
-        const child = (0, node_child_process_1.spawn)('npx', ['next', 'dev', '--port', devPort], {
-            cwd: webDir,
-            stdio: 'inherit',
-            env: process.env,
-        });
-        process.on('SIGINT', () => child.kill('SIGINT'));
-        process.on('SIGTERM', () => child.kill('SIGTERM'));
-        return await new Promise((resolveExit) => {
-            child.on('close', (code) => resolveExit(code ?? 0));
-        });
-    }
-    console.error('\n  Install @sapper-ai/dashboard for standalone mode:');
-    console.error('  pnpm add @sapper-ai/dashboard\n');
-    return 1;
-}
 async function runInitWizard() {
     const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
     const ask = (q) => new Promise((res) => rl.question(q, res));

package/dist/openclaw/contextAdapter.d.ts

@@ -0,0 +1,8 @@
+import type { ParsedSkill } from '@sapper-ai/core';
+import type { AssessmentContext, Policy } from '@sapper-ai/types';
+export interface SkillAssessmentContextOptions {
+    skillPath?: string;
+    scanSource?: 'file_surface' | 'watch_surface';
+}
+export declare function skillToAssessmentContext(parsed: ParsedSkill, policy: Policy, options?: SkillAssessmentContextOptions): AssessmentContext;
+//# sourceMappingURL=contextAdapter.d.ts.map

package/dist/openclaw/contextAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contextAdapter.d.ts","sourceRoot":"","sources":["../../src/openclaw/contextAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AAClD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEjE,MAAM,WAAW,6BAA6B;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,cAAc,GAAG,eAAe,CAAA;CAC9C;AAED,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,6BAAkC,GAC1C,iBAAiB,CA8BnB"}

package/dist/openclaw/contextAdapter.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.skillToAssessmentContext = skillToAssessmentContext;
+function skillToAssessmentContext(parsed, policy, options = {}) {
+    const meta = {};
+    if (parsed.metadata.homepage) {
+        meta.homepage = parsed.metadata.homepage;
+    }
+    if (parsed.metadata.requires && parsed.metadata.requires.length > 0) {
+        meta.requires = parsed.metadata.requires;
+    }
+    if (options.skillPath) {
+        meta.scanSource = options.scanSource ?? 'file_surface';
+        meta.sourcePath = options.skillPath;
+        meta.sourceType = 'skill';
+    }
+    return {
+        kind: 'install_scan',
+        toolCall: {
+            toolName: 'skill_install',
+            arguments: {
+                skillName: parsed.metadata.name,
+                content: parsed.body,
+                frontmatter: parsed.raw,
+            },
+        },
+        meta,
+        policy,
+    };
+}

package/dist/openclaw/detect.d.ts

@@ -0,0 +1,22 @@
+export interface OpenClawEnvironment {
+    installed: boolean;
+    version?: string;
+    skillsPaths: string[];
+    skillCount: number;
+    dockerAvailable: boolean;
+    dockerComposeAvailable: boolean;
+}
+interface CommandRunResult {
+    ok: boolean;
+    stdout: string;
+    stderr: string;
+}
+type CommandRunner = (command: string, args: string[]) => Promise<CommandRunResult>;
+export interface DetectOpenClawEnvironmentOptions {
+    cwd?: string;
+    homeDir?: string;
+    commandRunner?: CommandRunner;
+}
+export declare function detectOpenClawEnvironment(options?: DetectOpenClawEnvironmentOptions): Promise<OpenClawEnvironment>;
+export {};
+//# sourceMappingURL=detect.d.ts.map

package/dist/openclaw/detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/openclaw/detect.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,OAAO,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,UAAU,EAAE,MAAM,CAAA;IAClB,eAAe,EAAE,OAAO,CAAA;IACxB,sBAAsB,EAAE,OAAO,CAAA;CAChC;AAED,UAAU,gBAAgB;IACxB,EAAE,EAAE,OAAO,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;CACf;AAED,KAAK,aAAa,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,gBAAgB,CAAC,CAAA;AAEnF,MAAM,WAAW,gCAAgC;IAC/C,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,aAAa,CAAC,EAAE,aAAa,CAAA;CAC9B;AAuOD,wBAAsB,yBAAyB,CAC7C,OAAO,GAAE,gCAAqC,GAC7C,OAAO,CAAC,mBAAmB,CAAC,CA0B9B"}

package/dist/openclaw/detect.js

@@ -0,0 +1,217 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectOpenClawEnvironment = detectOpenClawEnvironment;
+const node_child_process_1 = require("node:child_process");
+const promises_1 = require("node:fs/promises");
+const node_os_1 = require("node:os");
+const node_path_1 = require("node:path");
+function whichCommand() {
+    return process.platform === 'win32' ? 'where' : 'which';
+}
+async function defaultCommandRunner(command, args) {
+    return new Promise((resolveResult) => {
+        (0, node_child_process_1.execFile)(command, args, { encoding: 'utf8' }, (error, stdout, stderr) => {
+            resolveResult({
+                ok: !error,
+                stdout: typeof stdout === 'string' ? stdout : '',
+                stderr: typeof stderr === 'string' ? stderr : '',
+            });
+        });
+    });
+}
+async function hasCommand(binary, runCommand) {
+    const result = await runCommand(whichCommand(), [binary]);
+    return result.ok;
+}
+async function pathExists(path) {
+    try {
+        await (0, promises_1.stat)(path);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function isDirectory(path) {
+    try {
+        const info = await (0, promises_1.stat)(path);
+        return info.isDirectory();
+    }
+    catch {
+        return false;
+    }
+}
+function uniqueStrings(values) {
+    return Array.from(new Set(values));
+}
+function expandHomePath(value, homeDir) {
+    if (value === '~') {
+        return homeDir;
+    }
+    if (value.startsWith('~/')) {
+        return (0, node_path_1.join)(homeDir, value.slice(2));
+    }
+    return value;
+}
+function normalizeCandidatePath(value, baseDir, homeDir) {
+    const expanded = expandHomePath(value.trim(), homeDir);
+    if ((0, node_path_1.isAbsolute)(expanded)) {
+        return (0, node_path_1.resolve)(expanded);
+    }
+    return (0, node_path_1.resolve)(baseDir, expanded);
+}
+function extractExtraSkillDirs(config) {
+    if (!config || typeof config !== 'object' || Array.isArray(config)) {
+        return [];
+    }
+    const skills = config.skills;
+    if (!skills || typeof skills !== 'object' || Array.isArray(skills)) {
+        return [];
+    }
+    const load = skills.load;
+    if (!load || typeof load !== 'object' || Array.isArray(load)) {
+        return [];
+    }
+    const extraDirs = load.extraDirs;
+    if (!Array.isArray(extraDirs)) {
+        return [];
+    }
+    return extraDirs.filter((entry) => typeof entry === 'string' && entry.trim().length > 0);
+}
+async function readConfigSkillDirs(configPath, homeDir) {
+    const exists = await pathExists(configPath);
+    if (!exists) {
+        return [];
+    }
+    let raw = '';
+    try {
+        raw = await (0, promises_1.readFile)(configPath, 'utf8');
+    }
+    catch {
+        return [];
+    }
+    if (raw.trim().length === 0) {
+        return [];
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return [];
+    }
+    const baseDir = (0, node_path_1.dirname)(configPath);
+    return extractExtraSkillDirs(parsed).map((entry) => normalizeCandidatePath(entry, baseDir, homeDir));
+}
+async function collectExistingSkillPaths(candidates) {
+    const uniqueCandidates = uniqueStrings(candidates.map((candidate) => (0, node_path_1.resolve)(candidate)));
+    const existingPaths = [];
+    for (const candidate of uniqueCandidates) {
+        if (await isDirectory(candidate)) {
+            existingPaths.push(candidate);
+        }
+    }
+    return existingPaths;
+}
+async function collectMarkdownFiles(rootPath) {
+    const markdownFiles = [];
+    const stack = [rootPath];
+    while (stack.length > 0) {
+        const current = stack.pop();
+        if (!current) {
+            continue;
+        }
+        let entries;
+        try {
+            entries = await (0, promises_1.readdir)(current, { withFileTypes: true });
+        }
+        catch {
+            continue;
+        }
+        for (const entry of entries) {
+            const fullPath = (0, node_path_1.join)(current, entry.name);
+            if (entry.isDirectory()) {
+                stack.push(fullPath);
+                continue;
+            }
+            if (entry.isFile() && entry.name.toLowerCase().endsWith('.md')) {
+                markdownFiles.push(fullPath);
+            }
+        }
+    }
+    return markdownFiles;
+}
+async function countSkillFiles(skillPaths) {
+    const seen = new Set();
+    for (const skillPath of skillPaths) {
+        const files = await collectMarkdownFiles(skillPath);
+        for (const file of files) {
+            seen.add(file);
+        }
+    }
+    return seen.size;
+}
+function parseOpenClawVersion(output) {
+    const line = output
+        .split(/\r?\n/)
+        .map((entry) => entry.trim())
+        .find((entry) => entry.length > 0);
+    if (!line) {
+        return undefined;
+    }
+    const matchedVersion = line.match(/(\d+\.\d+\.\d+(?:[-+][A-Za-z0-9.-]+)?)/);
+    return matchedVersion?.[1] ?? line;
+}
+async function resolveOpenClawVersion(runCommand, hasOpenClawBinary) {
+    if (!hasOpenClawBinary) {
+        return undefined;
+    }
+    const versionResult = await runCommand('openclaw', ['--version']);
+    if (!versionResult.ok) {
+        return undefined;
+    }
+    return parseOpenClawVersion(versionResult.stdout);
+}
+async function resolveDockerAvailability(runCommand) {
+    const dockerInstalled = await hasCommand('docker', runCommand);
+    if (!dockerInstalled) {
+        return {
+            dockerAvailable: false,
+            dockerComposeAvailable: false,
+        };
+    }
+    const dockerInfoResult = await runCommand('docker', ['info']);
+    if (!dockerInfoResult.ok) {
+        return {
+            dockerAvailable: false,
+            dockerComposeAvailable: false,
+        };
+    }
+    const dockerComposeResult = await runCommand('docker', ['compose', 'version']);
+    return {
+        dockerAvailable: true,
+        dockerComposeAvailable: dockerComposeResult.ok,
+    };
+}
+async function detectOpenClawEnvironment(options = {}) {
+    const runCommand = options.commandRunner ?? defaultCommandRunner;
+    const homeDir = options.homeDir ?? (0, node_os_1.homedir)();
+    const cwd = options.cwd ?? process.cwd();
+    const openClawHomeDir = (0, node_path_1.join)(homeDir, '.openclaw');
+    const hasOpenClawBinary = await hasCommand('openclaw', runCommand);
+    const hasOpenClawHomeDir = await isDirectory(openClawHomeDir);
+    const version = await resolveOpenClawVersion(runCommand, hasOpenClawBinary);
+    const configSkillDirs = await readConfigSkillDirs((0, node_path_1.join)(openClawHomeDir, 'config.json'), homeDir);
+    const skillPathCandidates = [(0, node_path_1.join)(openClawHomeDir, 'skills'), (0, node_path_1.join)(cwd, 'skills'), ...configSkillDirs];
+    const skillsPaths = await collectExistingSkillPaths(skillPathCandidates);
+    const skillCount = await countSkillFiles(skillsPaths);
+    const docker = await resolveDockerAvailability(runCommand);
+    return {
+        installed: hasOpenClawBinary || hasOpenClawHomeDir || skillsPaths.length > 0,
+        version,
+        skillsPaths,
+        skillCount,
+        dockerAvailable: docker.dockerAvailable,
+        dockerComposeAvailable: docker.dockerComposeAvailable,
+    };
+}

package/dist/openclaw/docker/DockerSandbox.d.ts

@@ -0,0 +1,59 @@
+import type { Honeytoken } from '@sapper-ai/types';
+export interface DockerCommandRunOptions {
+    cwd?: string;
+    env?: NodeJS.ProcessEnv;
+    timeoutMs?: number;
+}
+export interface DockerCommandRunResult {
+    ok: boolean;
+    exitCode: number | null;
+    stdout: string;
+    stderr: string;
+    timedOut: boolean;
+}
+export type DockerCommandRunner = (command: string, args: string[], options?: DockerCommandRunOptions) => Promise<DockerCommandRunResult>;
+export interface DockerSandboxOptions {
+    commandRunner?: DockerCommandRunner;
+    assetsDir?: string;
+    imageTag?: string;
+    runTimeoutMs?: number;
+    readyTimeoutMs?: number;
+    buildTimeoutMs?: number;
+}
+export interface DockerSandboxRunResult {
+    sandboxId: string;
+    projectName: string;
+    openclawContainerId: string;
+    proxyContainerId: string;
+    durationMs: number;
+    ready: true;
+}
+export declare function defaultDockerCommandRunner(command: string, args: string[], options?: DockerCommandRunOptions): Promise<DockerCommandRunResult>;
+export declare class DockerSandbox {
+    private readonly commandRunner;
+    private readonly imageTag;
+    private readonly runTimeoutMs;
+    private readonly readyTimeoutMs;
+    private readonly buildTimeoutMs;
+    private readonly configuredAssetsDir?;
+    private readonly sandboxes;
+    private composeInvocation;
+    constructor(options?: DockerSandboxOptions);
+    prepare(skillPath: string, honeytokens: Honeytoken[]): Promise<string>;
+    run(sandboxId: string, timeoutMs?: number): Promise<DockerSandboxRunResult>;
+    getTrafficLog(sandboxId: string): Promise<string>;
+    cleanup(sandboxId: string): Promise<void>;
+    getOpenclawContainerId(sandboxId: string): string | undefined;
+    getProxyContainerId(sandboxId: string): string | undefined;
+    private writePersonaProfile;
+    private renderHoneytokenEnvFile;
+    private ensureOpenClawImage;
+    private assertDockerAvailable;
+    private resolveComposeInvocation;
+    private resolveAssetsDir;
+    private isAssetDirectory;
+    private runCompose;
+    private resolveContainerId;
+    private waitForReady;
+}
+//# sourceMappingURL=DockerSandbox.d.ts.map

package/dist/openclaw/docker/DockerSandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DockerSandbox.d.ts","sourceRoot":"","sources":["../../../src/openclaw/docker/DockerSandbox.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AA8BlD,MAAM,WAAW,uBAAuB;IACtC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;IACvB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,OAAO,CAAA;IACX,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,MAAM,mBAAmB,GAAG,CAChC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,CAAC,EAAE,uBAAuB,KAC9B,OAAO,CAAC,sBAAsB,CAAC,CAAA;AAEpC,MAAM,WAAW,oBAAoB;IACnC,aAAa,CAAC,EAAE,mBAAmB,CAAA;IACnC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;IACnB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,gBAAgB,EAAE,MAAM,CAAA;IACxB,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,EAAE,IAAI,CAAA;CACZ;AA8CD,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,sBAAsB,CAAC,CA+CjC;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAqB;IACnD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAQ;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAQ;IACrC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAQ;IACvC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAQ;IACvC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAQ;IAC7C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAmC;IAC7D,OAAO,CAAC,iBAAiB,CAAiC;gBAE9C,OAAO,GAAE,oBAAyB;IASxC,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IA4DtE,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAkC3E,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmCjD,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6B/C,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAI7D,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;YAI5C,mBAAmB;IAmBjC,OAAO,CAAC,uBAAuB;YAsBjB,mBAAmB;YAcnB,qBAAqB;YAOrB,wBAAwB;YA4BxB,gBAAgB;YAwBhB,gBAAgB;YAUhB,UAAU;YAyBV,kBAAkB;YAkBlB,YAAY;CAgB3B"}