npm - shortcutxl - Versions diffs - 0.2.12 → 0.2.13 - Mend

shortcutxl 0.2.12 → 0.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/README.md +26 -26
package/agent-docs/README.md +397 -397
package/agent-docs/docs/compaction.md +390 -390
package/agent-docs/docs/custom-provider.md +580 -580
package/agent-docs/docs/extensions.md +1971 -1971
package/agent-docs/docs/packages.md +209 -209
package/agent-docs/docs/rpc.md +1317 -1317
package/agent-docs/docs/sdk.md +962 -962
package/agent-docs/docs/session.md +412 -412
package/agent-docs/docs/termux.md +127 -127
package/agent-docs/docs/tui.md +887 -887
package/agent-docs/examples/README.md +25 -25
package/agent-docs/examples/extensions/README.md +205 -205
package/agent-docs/examples/extensions/antigravity-image-gen.ts +447 -447
package/agent-docs/examples/extensions/auto-commit-on-exit.ts +49 -49
package/agent-docs/examples/extensions/bash-spawn-hook.ts +30 -30
package/agent-docs/examples/extensions/bookmark.ts +50 -50
package/agent-docs/examples/extensions/built-in-tool-renderer.ts +256 -256
package/agent-docs/examples/extensions/claude-rules.ts +86 -86
package/agent-docs/examples/extensions/commands.ts +75 -75
package/agent-docs/examples/extensions/confirm-destructive.ts +59 -59
package/agent-docs/examples/extensions/custom-compaction.ts +126 -126
package/agent-docs/examples/extensions/custom-footer.ts +63 -63
package/agent-docs/examples/extensions/custom-header.ts +73 -73
package/agent-docs/examples/extensions/custom-provider-anthropic/index.ts +660 -660
package/agent-docs/examples/extensions/custom-provider-gitlab-duo/index.ts +362 -362
package/agent-docs/examples/extensions/custom-provider-gitlab-duo/test.ts +88 -88
package/agent-docs/examples/extensions/custom-provider-qwen-cli/index.ts +349 -349
package/agent-docs/examples/extensions/dirty-repo-guard.ts +56 -56
package/agent-docs/examples/extensions/doom-overlay/doom-component.ts +133 -133
package/agent-docs/examples/extensions/doom-overlay/doom-keys.ts +108 -108
package/agent-docs/examples/extensions/doom-overlay/index.ts +74 -74
package/agent-docs/examples/extensions/dynamic-resources/index.ts +15 -15
package/agent-docs/examples/extensions/dynamic-tools.ts +77 -77
package/agent-docs/examples/extensions/event-bus.ts +43 -43
package/agent-docs/examples/extensions/file-trigger.ts +41 -41
package/agent-docs/examples/extensions/git-checkpoint.ts +53 -53
package/agent-docs/examples/extensions/handoff.ts +155 -155
package/agent-docs/examples/extensions/hello.ts +25 -25
package/agent-docs/examples/extensions/inline-bash.ts +94 -94
package/agent-docs/examples/extensions/input-transform.ts +43 -43
package/agent-docs/examples/extensions/interactive-shell.ts +209 -209
package/agent-docs/examples/extensions/mac-system-theme.ts +47 -47
package/agent-docs/examples/extensions/message-renderer.ts +59 -59
package/agent-docs/examples/extensions/minimal-mode.ts +430 -430
package/agent-docs/examples/extensions/modal-editor.ts +90 -90
package/agent-docs/examples/extensions/model-status.ts +31 -31
package/agent-docs/examples/extensions/notify.ts +55 -55
package/agent-docs/examples/extensions/overlay-qa-tests.ts +936 -936
package/agent-docs/examples/extensions/overlay-test.ts +159 -159
package/agent-docs/examples/extensions/permission-gate.ts +37 -37
package/agent-docs/examples/extensions/pirate.ts +47 -47
package/agent-docs/examples/extensions/plan-mode/index.ts +363 -363
package/agent-docs/examples/extensions/preset.ts +418 -418
package/agent-docs/examples/extensions/protected-paths.ts +30 -30
package/agent-docs/examples/extensions/qna.ts +122 -122
package/agent-docs/examples/extensions/question.ts +278 -278
package/agent-docs/examples/extensions/questionnaire.ts +440 -440
package/agent-docs/examples/extensions/rainbow-editor.ts +90 -90
package/agent-docs/examples/extensions/reload-runtime.ts +37 -37
package/agent-docs/examples/extensions/rpc-demo.ts +124 -124
package/agent-docs/examples/extensions/sandbox/index.ts +324 -324
package/agent-docs/examples/extensions/send-user-message.ts +97 -97
package/agent-docs/examples/extensions/session-name.ts +27 -27
package/agent-docs/examples/extensions/shutdown-command.ts +69 -69
package/agent-docs/examples/extensions/snake.ts +343 -343
package/agent-docs/examples/extensions/space-invaders.ts +566 -566
package/agent-docs/examples/extensions/ssh.ts +233 -233
package/agent-docs/examples/extensions/status-line.ts +40 -40
package/agent-docs/examples/extensions/subagent/agents.ts +130 -130
package/agent-docs/examples/extensions/subagent/index.ts +1068 -1068
package/agent-docs/examples/extensions/summarize.ts +206 -206
package/agent-docs/examples/extensions/system-prompt-header.ts +17 -17
package/agent-docs/examples/extensions/timed-confirm.ts +72 -72
package/agent-docs/examples/extensions/titlebar-spinner.ts +58 -58
package/agent-docs/examples/extensions/todo.ts +314 -314
package/agent-docs/examples/extensions/tool-override.ts +146 -146
package/agent-docs/examples/extensions/tools.ts +145 -145
package/agent-docs/examples/extensions/trigger-compact.ts +40 -40
package/agent-docs/examples/extensions/truncated-tool.ts +194 -194
package/agent-docs/examples/extensions/widget-placement.ts +17 -17
package/agent-docs/examples/extensions/with-deps/index.ts +37 -37
package/agent-docs/examples/rpc-extension-ui.ts +654 -654
package/agent-docs/examples/sdk/01-minimal.ts +22 -22
package/agent-docs/examples/sdk/02-custom-model.ts +48 -48
package/agent-docs/examples/sdk/03-custom-prompt.ts +55 -55
package/agent-docs/examples/sdk/04-skills.ts +53 -53
package/agent-docs/examples/sdk/05-tools.ts +56 -56
package/agent-docs/examples/sdk/06-extensions.ts +88 -88
package/agent-docs/examples/sdk/07-context-files.ts +40 -40
package/agent-docs/examples/sdk/08-prompt-templates.ts +47 -47
package/agent-docs/examples/sdk/09-api-keys-and-oauth.ts +48 -48
package/agent-docs/examples/sdk/10-settings.ts +54 -54
package/agent-docs/examples/sdk/11-sessions.ts +48 -48
package/agent-docs/examples/sdk/12-full-control.ts +82 -82
package/agent-docs/examples/sdk/README.md +144 -144
package/agent-docs/xll-spec.md +110 -110
package/dist/core/auth-storage.js +21 -2
package/package.json +1 -1
package/xll/ShortcutXL.xll +0 -0
package/xll/modules/debug_render.py +272 -272
package/xll/modules/gameboy.py +241 -241
package/xll/modules/pong.py +188 -188
package/xll/modules/shortcut_xl/_diff_highlight.py +176 -0
package/xll/modules/shortcut_xl/_log.py +12 -12
package/xll/modules/shortcut_xl/_registry.py +44 -44
package/xll/modules/stocks.py +100 -100
/package/skills/{com-advanced-api → COM-advanced-api}/SKILL.md +0 -0
/package/skills/{com-advanced-api → COM-advanced-api}/excel-type-library.py +0 -0
/package/skills/{com-advanced-api → COM-advanced-api}/office-type-library.py +0 -0

package/agent-docs/examples/extensions/sandbox/index.ts CHANGED Viewed

@@ -1,324 +1,324 @@
-/**
- * Sandbox Extension - OS-level sandboxing for bash commands
- *
- * Uses @anthropic-ai/sandbox-runtime to enforce filesystem and network
- * restrictions on bash commands at the OS level (sandbox-exec on macOS,
- * bubblewrap on Linux).
- *
- * Config files (merged, project takes precedence):
- * - ~/.shortcut/agent/sandbox.json (global)
- * - <cwd>/.shortcut/sandbox.json (project-local)
- *
- * Example .shortcut/sandbox.json:
- * ```json
- * {
- *   "enabled": true,
- *   "network": {
- *     "allowedDomains": ["github.com", "*.github.com"],
- *     "deniedDomains": []
- *   },
- *   "filesystem": {
- *     "denyRead": ["~/.ssh", "~/.aws"],
- *     "allowWrite": [".", "/tmp"],
- *     "denyWrite": [".env"]
- *   }
- * }
- * ```
- *
- * Usage:
- * - `shortcut -e ./sandbox` - sandbox enabled with default/config settings
- * - `shortcut -e ./sandbox --no-sandbox` - disable sandboxing
- * - `/sandbox` - show current sandbox configuration
- *
- * Setup:
- * 1. Copy sandbox/ directory to ~/.shortcut/agent/extensions/
- * 2. Run `npm install` in ~/.shortcut/agent/extensions/sandbox/
- *
- * Linux also requires: bubblewrap, socat, ripgrep
- */
-import { SandboxManager, type SandboxRuntimeConfig } from '@anthropic-ai/sandbox-runtime';
-import { spawn } from 'node:child_process';
-import { existsSync, readFileSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { join } from 'node:path';
-import type { ExtensionAPI } from 'shortcutxl';
-import { type BashOperations, createBashTool } from 'shortcutxl';
-interface SandboxConfig extends SandboxRuntimeConfig {
-  enabled?: boolean;
-}
-const DEFAULT_CONFIG: SandboxConfig = {
-  enabled: true,
-  network: {
-    allowedDomains: [
-      'npmjs.org',
-      '*.npmjs.org',
-      'registry.npmjs.org',
-      'registry.yarnpkg.com',
-      'pypi.org',
-      '*.pypi.org',
-      'github.com',
-      '*.github.com',
-      'api.github.com',
-      'raw.githubusercontent.com'
-    ],
-    deniedDomains: []
-  },
-  filesystem: {
-    denyRead: ['~/.ssh', '~/.aws', '~/.gnupg'],
-    allowWrite: ['.', '/tmp'],
-    denyWrite: ['.env', '.env.*', '*.pem', '*.key']
-  }
-};
-function loadConfig(cwd: string): SandboxConfig {
-  const projectConfigPath = join(cwd, '.shortcut', 'sandbox.json');
-  const globalConfigPath = join(homedir(), '.shortcut', 'agent', 'sandbox.json');
-  let globalConfig: Partial<SandboxConfig> = {};
-  let projectConfig: Partial<SandboxConfig> = {};
-  if (existsSync(globalConfigPath)) {
-    try {
-      globalConfig = JSON.parse(readFileSync(globalConfigPath, 'utf-8'));
-    } catch (e) {
-      console.error(`Warning: Could not parse ${globalConfigPath}: ${e}`);
-    }
-  }
-  if (existsSync(projectConfigPath)) {
-    try {
-      projectConfig = JSON.parse(readFileSync(projectConfigPath, 'utf-8'));
-    } catch (e) {
-      console.error(`Warning: Could not parse ${projectConfigPath}: ${e}`);
-    }
-  }
-  return deepMerge(deepMerge(DEFAULT_CONFIG, globalConfig), projectConfig);
-}
-function deepMerge(base: SandboxConfig, overrides: Partial<SandboxConfig>): SandboxConfig {
-  const result: SandboxConfig = { ...base };
-  if (overrides.enabled !== undefined) result.enabled = overrides.enabled;
-  if (overrides.network) {
-    result.network = { ...base.network, ...overrides.network };
-  }
-  if (overrides.filesystem) {
-    result.filesystem = { ...base.filesystem, ...overrides.filesystem };
-  }
-  const extOverrides = overrides as {
-    ignoreViolations?: Record<string, string[]>;
-    enableWeakerNestedSandbox?: boolean;
-  };
-  const extResult = result as {
-    ignoreViolations?: Record<string, string[]>;
-    enableWeakerNestedSandbox?: boolean;
-  };
-  if (extOverrides.ignoreViolations) {
-    extResult.ignoreViolations = extOverrides.ignoreViolations;
-  }
-  if (extOverrides.enableWeakerNestedSandbox !== undefined) {
-    extResult.enableWeakerNestedSandbox = extOverrides.enableWeakerNestedSandbox;
-  }
-  return result;
-}
-function createSandboxedBashOps(): BashOperations {
-  return {
-    async exec(command, cwd, { onData, signal, timeout }) {
-      if (!existsSync(cwd)) {
-        throw new Error(`Working directory does not exist: ${cwd}`);
-      }
-      const wrappedCommand = await SandboxManager.wrapWithSandbox(command);
-      return new Promise((resolve, reject) => {
-        const child = spawn('bash', ['-c', wrappedCommand], {
-          cwd,
-          detached: true,
-          stdio: ['ignore', 'pipe', 'pipe']
-        });
-        let timedOut = false;
-        let timeoutHandle: NodeJS.Timeout | undefined;
-        if (timeout !== undefined && timeout > 0) {
-          timeoutHandle = setTimeout(() => {
-            timedOut = true;
-            if (child.pid) {
-              try {
-                process.kill(-child.pid, 'SIGKILL');
-              } catch {
-                child.kill('SIGKILL');
-              }
-            }
-          }, timeout * 1000);
-        }
-        child.stdout?.on('data', onData);
-        child.stderr?.on('data', onData);
-        child.on('error', (err) => {
-          if (timeoutHandle) clearTimeout(timeoutHandle);
-          reject(err);
-        });
-        const onAbort = () => {
-          if (child.pid) {
-            try {
-              process.kill(-child.pid, 'SIGKILL');
-            } catch {
-              child.kill('SIGKILL');
-            }
-          }
-        };
-        signal?.addEventListener('abort', onAbort, { once: true });
-        child.on('close', (code) => {
-          if (timeoutHandle) clearTimeout(timeoutHandle);
-          signal?.removeEventListener('abort', onAbort);
-          if (signal?.aborted) {
-            reject(new Error('aborted'));
-          } else if (timedOut) {
-            reject(new Error(`timeout:${timeout}`));
-          } else {
-            resolve({ exitCode: code });
-          }
-        });
-      });
-    }
-  };
-}
-export default function (shortcut: ExtensionAPI) {
-  shortcut.registerFlag('no-sandbox', {
-    description: 'Disable OS-level sandboxing for bash commands',
-    type: 'boolean',
-    default: false
-  });
-  const localCwd = process.cwd();
-  const localBash = createBashTool(localCwd);
-  let sandboxEnabled = false;
-  let sandboxInitialized = false;
-  shortcut.registerTool({
-    ...localBash,
-    label: 'bash (sandboxed)',
-    async execute(id, params, signal, onUpdate, _ctx) {
-      if (!sandboxEnabled || !sandboxInitialized) {
-        return localBash.execute(id, params, signal, onUpdate);
-      }
-      const sandboxedBash = createBashTool(localCwd, {
-        operations: createSandboxedBashOps()
-      });
-      return sandboxedBash.execute(id, params, signal, onUpdate);
-    }
-  });
-  shortcut.on('user_bash', () => {
-    if (!sandboxEnabled || !sandboxInitialized) return;
-    return { operations: createSandboxedBashOps() };
-  });
-  shortcut.on('session_start', async (_event, ctx) => {
-    const noSandbox = shortcut.getFlag('no-sandbox') as boolean;
-    if (noSandbox) {
-      sandboxEnabled = false;
-      ctx.ui.notify('Sandbox disabled via --no-sandbox', 'warning');
-      return;
-    }
-    const config = loadConfig(ctx.cwd);
-    if (!config.enabled) {
-      sandboxEnabled = false;
-      ctx.ui.notify('Sandbox disabled via config', 'info');
-      return;
-    }
-    const platform = process.platform;
-    if (platform !== 'darwin' && platform !== 'linux') {
-      sandboxEnabled = false;
-      ctx.ui.notify(`Sandbox not supported on ${platform}`, 'warning');
-      return;
-    }
-    try {
-      const configExt = config as unknown as {
-        ignoreViolations?: Record<string, string[]>;
-        enableWeakerNestedSandbox?: boolean;
-      };
-      await SandboxManager.initialize({
-        network: config.network,
-        filesystem: config.filesystem,
-        ignoreViolations: configExt.ignoreViolations,
-        enableWeakerNestedSandbox: configExt.enableWeakerNestedSandbox
-      });
-      sandboxEnabled = true;
-      sandboxInitialized = true;
-      const networkCount = config.network?.allowedDomains?.length ?? 0;
-      const writeCount = config.filesystem?.allowWrite?.length ?? 0;
-      ctx.ui.setStatus(
-        'sandbox',
-        ctx.ui.theme.fg('accent', `🔒 Sandbox: ${networkCount} domains, ${writeCount} write paths`)
-      );
-      ctx.ui.notify('Sandbox initialized', 'info');
-    } catch (err) {
-      sandboxEnabled = false;
-      ctx.ui.notify(
-        `Sandbox initialization failed: ${err instanceof Error ? err.message : err}`,
-        'error'
-      );
-    }
-  });
-  shortcut.on('session_shutdown', async () => {
-    if (sandboxInitialized) {
-      try {
-        await SandboxManager.reset();
-      } catch {
-        // Ignore cleanup errors
-      }
-    }
-  });
-  shortcut.registerCommand('sandbox', {
-    description: 'Show sandbox configuration',
-    handler: async (_args, ctx) => {
-      if (!sandboxEnabled) {
-        ctx.ui.notify('Sandbox is disabled', 'info');
-        return;
-      }
-      const config = loadConfig(ctx.cwd);
-      const lines = [
-        'Sandbox Configuration:',
-        '',
-        'Network:',
-        `  Allowed: ${config.network?.allowedDomains?.join(', ') || '(none)'}`,
-        `  Denied: ${config.network?.deniedDomains?.join(', ') || '(none)'}`,
-        '',
-        'Filesystem:',
-        `  Deny Read: ${config.filesystem?.denyRead?.join(', ') || '(none)'}`,
-        `  Allow Write: ${config.filesystem?.allowWrite?.join(', ') || '(none)'}`,
-        `  Deny Write: ${config.filesystem?.denyWrite?.join(', ') || '(none)'}`
-      ];
-      ctx.ui.notify(lines.join('\n'), 'info');
-    }
-  });
-}
+/**
+ * Sandbox Extension - OS-level sandboxing for bash commands
+ *
+ * Uses @anthropic-ai/sandbox-runtime to enforce filesystem and network
+ * restrictions on bash commands at the OS level (sandbox-exec on macOS,
+ * bubblewrap on Linux).
+ *
+ * Config files (merged, project takes precedence):
+ * - ~/.shortcut/agent/sandbox.json (global)
+ * - <cwd>/.shortcut/sandbox.json (project-local)
+ *
+ * Example .shortcut/sandbox.json:
+ * ```json
+ * {
+ *   "enabled": true,
+ *   "network": {
+ *     "allowedDomains": ["github.com", "*.github.com"],
+ *     "deniedDomains": []
+ *   },
+ *   "filesystem": {
+ *     "denyRead": ["~/.ssh", "~/.aws"],
+ *     "allowWrite": [".", "/tmp"],
+ *     "denyWrite": [".env"]
+ *   }
+ * }
+ * ```
+ *
+ * Usage:
+ * - `shortcut -e ./sandbox` - sandbox enabled with default/config settings
+ * - `shortcut -e ./sandbox --no-sandbox` - disable sandboxing
+ * - `/sandbox` - show current sandbox configuration
+ *
+ * Setup:
+ * 1. Copy sandbox/ directory to ~/.shortcut/agent/extensions/
+ * 2. Run `npm install` in ~/.shortcut/agent/extensions/sandbox/
+ *
+ * Linux also requires: bubblewrap, socat, ripgrep
+ */
+import { SandboxManager, type SandboxRuntimeConfig } from '@anthropic-ai/sandbox-runtime';
+import { spawn } from 'node:child_process';
+import { existsSync, readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import type { ExtensionAPI } from 'shortcutxl';
+import { type BashOperations, createBashTool } from 'shortcutxl';
+interface SandboxConfig extends SandboxRuntimeConfig {
+  enabled?: boolean;
+}
+const DEFAULT_CONFIG: SandboxConfig = {
+  enabled: true,
+  network: {
+    allowedDomains: [
+      'npmjs.org',
+      '*.npmjs.org',
+      'registry.npmjs.org',
+      'registry.yarnpkg.com',
+      'pypi.org',
+      '*.pypi.org',
+      'github.com',
+      '*.github.com',
+      'api.github.com',
+      'raw.githubusercontent.com'
+    ],
+    deniedDomains: []
+  },
+  filesystem: {
+    denyRead: ['~/.ssh', '~/.aws', '~/.gnupg'],
+    allowWrite: ['.', '/tmp'],
+    denyWrite: ['.env', '.env.*', '*.pem', '*.key']
+  }
+};
+function loadConfig(cwd: string): SandboxConfig {
+  const projectConfigPath = join(cwd, '.shortcut', 'sandbox.json');
+  const globalConfigPath = join(homedir(), '.shortcut', 'agent', 'sandbox.json');
+  let globalConfig: Partial<SandboxConfig> = {};
+  let projectConfig: Partial<SandboxConfig> = {};
+  if (existsSync(globalConfigPath)) {
+    try {
+      globalConfig = JSON.parse(readFileSync(globalConfigPath, 'utf-8'));
+    } catch (e) {
+      console.error(`Warning: Could not parse ${globalConfigPath}: ${e}`);
+    }
+  }
+  if (existsSync(projectConfigPath)) {
+    try {
+      projectConfig = JSON.parse(readFileSync(projectConfigPath, 'utf-8'));
+    } catch (e) {
+      console.error(`Warning: Could not parse ${projectConfigPath}: ${e}`);
+    }
+  }
+  return deepMerge(deepMerge(DEFAULT_CONFIG, globalConfig), projectConfig);
+}
+function deepMerge(base: SandboxConfig, overrides: Partial<SandboxConfig>): SandboxConfig {
+  const result: SandboxConfig = { ...base };
+  if (overrides.enabled !== undefined) result.enabled = overrides.enabled;
+  if (overrides.network) {
+    result.network = { ...base.network, ...overrides.network };
+  }
+  if (overrides.filesystem) {
+    result.filesystem = { ...base.filesystem, ...overrides.filesystem };
+  }
+  const extOverrides = overrides as {
+    ignoreViolations?: Record<string, string[]>;
+    enableWeakerNestedSandbox?: boolean;
+  };
+  const extResult = result as {
+    ignoreViolations?: Record<string, string[]>;
+    enableWeakerNestedSandbox?: boolean;
+  };
+  if (extOverrides.ignoreViolations) {
+    extResult.ignoreViolations = extOverrides.ignoreViolations;
+  }
+  if (extOverrides.enableWeakerNestedSandbox !== undefined) {
+    extResult.enableWeakerNestedSandbox = extOverrides.enableWeakerNestedSandbox;
+  }
+  return result;
+}
+function createSandboxedBashOps(): BashOperations {
+  return {
+    async exec(command, cwd, { onData, signal, timeout }) {
+      if (!existsSync(cwd)) {
+        throw new Error(`Working directory does not exist: ${cwd}`);
+      }
+      const wrappedCommand = await SandboxManager.wrapWithSandbox(command);
+      return new Promise((resolve, reject) => {
+        const child = spawn('bash', ['-c', wrappedCommand], {
+          cwd,
+          detached: true,
+          stdio: ['ignore', 'pipe', 'pipe']
+        });
+        let timedOut = false;
+        let timeoutHandle: NodeJS.Timeout | undefined;
+        if (timeout !== undefined && timeout > 0) {
+          timeoutHandle = setTimeout(() => {
+            timedOut = true;
+            if (child.pid) {
+              try {
+                process.kill(-child.pid, 'SIGKILL');
+              } catch {
+                child.kill('SIGKILL');
+              }
+            }
+          }, timeout * 1000);
+        }
+        child.stdout?.on('data', onData);
+        child.stderr?.on('data', onData);
+        child.on('error', (err) => {
+          if (timeoutHandle) clearTimeout(timeoutHandle);
+          reject(err);
+        });
+        const onAbort = () => {
+          if (child.pid) {
+            try {
+              process.kill(-child.pid, 'SIGKILL');
+            } catch {
+              child.kill('SIGKILL');
+            }
+          }
+        };
+        signal?.addEventListener('abort', onAbort, { once: true });
+        child.on('close', (code) => {
+          if (timeoutHandle) clearTimeout(timeoutHandle);
+          signal?.removeEventListener('abort', onAbort);
+          if (signal?.aborted) {
+            reject(new Error('aborted'));
+          } else if (timedOut) {
+            reject(new Error(`timeout:${timeout}`));
+          } else {
+            resolve({ exitCode: code });
+          }
+        });
+      });
+    }
+  };
+}
+export default function (shortcut: ExtensionAPI) {
+  shortcut.registerFlag('no-sandbox', {
+    description: 'Disable OS-level sandboxing for bash commands',
+    type: 'boolean',
+    default: false
+  });
+  const localCwd = process.cwd();
+  const localBash = createBashTool(localCwd);
+  let sandboxEnabled = false;
+  let sandboxInitialized = false;
+  shortcut.registerTool({
+    ...localBash,
+    label: 'bash (sandboxed)',
+    async execute(id, params, signal, onUpdate, _ctx) {
+      if (!sandboxEnabled || !sandboxInitialized) {
+        return localBash.execute(id, params, signal, onUpdate);
+      }
+      const sandboxedBash = createBashTool(localCwd, {
+        operations: createSandboxedBashOps()
+      });
+      return sandboxedBash.execute(id, params, signal, onUpdate);
+    }
+  });
+  shortcut.on('user_bash', () => {
+    if (!sandboxEnabled || !sandboxInitialized) return;
+    return { operations: createSandboxedBashOps() };
+  });
+  shortcut.on('session_start', async (_event, ctx) => {
+    const noSandbox = shortcut.getFlag('no-sandbox') as boolean;
+    if (noSandbox) {
+      sandboxEnabled = false;
+      ctx.ui.notify('Sandbox disabled via --no-sandbox', 'warning');
+      return;
+    }
+    const config = loadConfig(ctx.cwd);
+    if (!config.enabled) {
+      sandboxEnabled = false;
+      ctx.ui.notify('Sandbox disabled via config', 'info');
+      return;
+    }
+    const platform = process.platform;
+    if (platform !== 'darwin' && platform !== 'linux') {
+      sandboxEnabled = false;
+      ctx.ui.notify(`Sandbox not supported on ${platform}`, 'warning');
+      return;
+    }
+    try {
+      const configExt = config as unknown as {
+        ignoreViolations?: Record<string, string[]>;
+        enableWeakerNestedSandbox?: boolean;
+      };
+      await SandboxManager.initialize({
+        network: config.network,
+        filesystem: config.filesystem,
+        ignoreViolations: configExt.ignoreViolations,
+        enableWeakerNestedSandbox: configExt.enableWeakerNestedSandbox
+      });
+      sandboxEnabled = true;
+      sandboxInitialized = true;
+      const networkCount = config.network?.allowedDomains?.length ?? 0;
+      const writeCount = config.filesystem?.allowWrite?.length ?? 0;
+      ctx.ui.setStatus(
+        'sandbox',
+        ctx.ui.theme.fg('accent', `🔒 Sandbox: ${networkCount} domains, ${writeCount} write paths`)
+      );
+      ctx.ui.notify('Sandbox initialized', 'info');
+    } catch (err) {
+      sandboxEnabled = false;
+      ctx.ui.notify(
+        `Sandbox initialization failed: ${err instanceof Error ? err.message : err}`,
+        'error'
+      );
+    }
+  });
+  shortcut.on('session_shutdown', async () => {
+    if (sandboxInitialized) {
+      try {
+        await SandboxManager.reset();
+      } catch {
+        // Ignore cleanup errors
+      }
+    }
+  });
+  shortcut.registerCommand('sandbox', {
+    description: 'Show sandbox configuration',
+    handler: async (_args, ctx) => {
+      if (!sandboxEnabled) {
+        ctx.ui.notify('Sandbox is disabled', 'info');
+        return;
+      }
+      const config = loadConfig(ctx.cwd);
+      const lines = [
+        'Sandbox Configuration:',
+        '',
+        'Network:',
+        `  Allowed: ${config.network?.allowedDomains?.join(', ') || '(none)'}`,
+        `  Denied: ${config.network?.deniedDomains?.join(', ') || '(none)'}`,
+        '',
+        'Filesystem:',
+        `  Deny Read: ${config.filesystem?.denyRead?.join(', ') || '(none)'}`,
+        `  Allow Write: ${config.filesystem?.allowWrite?.join(', ') || '(none)'}`,
+        `  Deny Write: ${config.filesystem?.denyWrite?.join(', ') || '(none)'}`
+      ];
+      ctx.ui.notify(lines.join('\n'), 'info');
+    }
+  });
+}