skimpyclaw 0.1.9 → 0.2.0

package/dist/__tests__/sandbox-runtime.test.js

@@ -0,0 +1,140 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+const { mockSpawn, mockSpawnSync } = vi.hoisted(() => ({
+    mockSpawn: vi.fn(),
+    mockSpawnSync: vi.fn().mockReturnValue({ status: 0, stdout: '', stderr: '' }),
+}));
+vi.mock('child_process', () => ({ spawn: mockSpawn, spawnSync: mockSpawnSync }));
+import { createContainer, execInContainer, removeContainer, isContainerRunning, cleanupOrphans, setRuntime, resetRuntime, } from '../sandbox/runtime.js';
+function fakeChild(exitCode, stdout = '', stderr = '', opts) {
+    const stdoutCallbacks = [];
+    const stderrCallbacks = [];
+    const eventCallbacks = {};
+    const child = {
+        stdout: { on: (_e, cb) => stdoutCallbacks.push(cb) },
+        stderr: { on: (_e, cb) => stderrCallbacks.push(cb) },
+        stdin: opts?.stdinNeeded ? { write: vi.fn(), end: vi.fn() } : null,
+        on(event, cb) {
+            if (!eventCallbacks[event])
+                eventCallbacks[event] = [];
+            eventCallbacks[event].push(cb);
+            return child;
+        },
+    };
+    // Emit data and close on next tick (setTimeout ensures listeners are attached first)
+    setTimeout(() => {
+        if (stdout)
+            for (const cb of stdoutCallbacks)
+                cb(Buffer.from(stdout));
+        if (stderr)
+            for (const cb of stderrCallbacks)
+                cb(Buffer.from(stderr));
+        for (const cb of eventCallbacks['close'] ?? [])
+            cb(exitCode);
+    }, 0);
+    return child;
+}
+describe('sandbox/runtime', () => {
+    beforeEach(() => {
+        vi.clearAllMocks();
+        resetRuntime();
+        setRuntime('container'); // skip auto-detection in tests
+    });
+    describe('createContainer', () => {
+        it('builds correct docker args', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0));
+            await createContainer('test-ctr', {
+                image: 'myimg',
+                cpus: 2,
+                memory: '1G',
+                network: 'none',
+                user: '501:20',
+                mounts: [{ host: '/a', container: '/b', readOnly: true }],
+            });
+            const args = mockSpawn.mock.calls[0][1];
+            expect(args).toContain('--name');
+            expect(args).toContain('test-ctr');
+            expect(args).toContain('--cpus');
+            expect(args).toContain('2');
+            expect(args).toContain('--memory');
+            expect(args).toContain('1G');
+            expect(args).toContain('--network');
+            expect(args).toContain('none');
+            expect(args).toContain('--user');
+            expect(args).toContain('501:20');
+            expect(args.some((a) => a.includes('type=bind,src=/a,dst=/b,ro'))).toBe(true);
+            expect(args).toContain('myimg');
+        });
+        it('throws on non-zero exit', async () => {
+            mockSpawn.mockReturnValue(fakeChild(1, '', 'boom'));
+            await expect(createContainer('c1', { image: 'img' })).rejects.toThrow('Failed to create container');
+        });
+    });
+    describe('execInContainer', () => {
+        it('builds sh -c command', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0, 'hello'));
+            const result = await execInContainer('ctr', ['echo hello']);
+            expect(result.stdout).toBe('hello');
+            const args = mockSpawn.mock.calls[0][1];
+            expect(args).toContain('sh');
+            expect(args).toContain('-c');
+        });
+        it('handles stdin', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0, '', '', { stdinNeeded: true }));
+            await execInContainer('ctr', ['cat'], { stdin: 'data' });
+            const args = mockSpawn.mock.calls[0][1];
+            expect(args).toContain('-i');
+        });
+        it('handles env vars', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0));
+            await execInContainer('ctr', ['cmd'], { env: { FOO: 'bar' } });
+            const args = mockSpawn.mock.calls[0][1];
+            expect(args).toContain('-e');
+            expect(args).toContain('FOO=bar');
+        });
+    });
+    describe('removeContainer', () => {
+        it('calls stop then rm', async () => {
+            mockSpawn.mockImplementation((_cmd, args) => {
+                return fakeChild(0);
+            });
+            await removeContainer('ctr');
+            expect(mockSpawn).toHaveBeenCalledTimes(2);
+            expect(mockSpawn.mock.calls[0][1]).toContain('stop');
+            expect(mockSpawn.mock.calls[1][1]).toContain('rm');
+        }, 10_000);
+        it('does not throw on failure', async () => {
+            mockSpawn.mockImplementation(() => fakeChild(1, '', 'fail'));
+            await expect(removeContainer('ctr')).resolves.toBeUndefined();
+        }, 10_000);
+    });
+    describe('isContainerRunning', () => {
+        it('returns true when inspect shows running state', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0, '{"State": {"Status": "running"}}'));
+            expect(await isContainerRunning('ctr')).toBe(true);
+        });
+        it('returns false otherwise', async () => {
+            mockSpawn.mockReturnValue(fakeChild(1));
+            expect(await isContainerRunning('ctr')).toBe(false);
+        });
+    });
+    describe('cleanupOrphans', () => {
+        it('lists containers, filters by prefix, removes matches', async () => {
+            let callCount = 0;
+            mockSpawn.mockImplementation(() => {
+                callCount++;
+                if (callCount === 1) {
+                    // ps call
+                    return fakeChild(0, 'skimpyclaw-sbx-abc\nother-ctr\nskimpyclaw-sbx-def\n');
+                }
+                // stop/rm calls
+                return fakeChild(0);
+            });
+            const count = await cleanupOrphans();
+            expect(count).toBe(2);
+        });
+        it('returns 0 on ps failure', async () => {
+            mockSpawn.mockImplementation(() => fakeChild(1));
+            expect(await cleanupOrphans()).toBe(0);
+        });
+    });
+});

package/dist/__tests__/setup.test.js

@@ -79,7 +79,7 @@ describe('setup config generation', () => {
             agentName: 'Claw',
             selectedProviders: new Set(['anthropic-api']),
             providerSecrets: { anthropicKey: 'sk-ant-test' },
-            features: { browser: false, voice: false, mcp: false },
+            features: { browser: false, voice: false, mcp: false, sandbox: false },
         });
         expect(config.heartbeat.tools.browser.enabled).toBe(false);
         expect(config.voice).toBeUndefined();
@@ -92,7 +92,7 @@ describe('setup config generation', () => {
             agentName: 'Claw',
             selectedProviders: new Set(['anthropic-api']),
             providerSecrets: { anthropicKey: 'sk-ant-test' },
-            features: { browser: true, voice: true, mcp: false },
+            features: { browser: true, voice: true, mcp: false, sandbox: false },
         });
         expect(config.heartbeat.tools.browser.enabled).toBe(true);
         expect(config.voice).toBeDefined();
@@ -115,4 +115,30 @@ describe('setup config generation', () => {
         // parseInt('not-a-number') is NaN, so || falls through to string
         expect(config.channels.telegram.allowFrom).toEqual(['not-a-number']);
     });
+    it('includes starter cron jobs and skills when requested', () => {
+        const config = buildSetupConfig({
+            workspaceDir: '/tmp/workspace',
+            telegramId: '12345',
+            telegramToken: 'tg-token',
+            agentName: 'Claw',
+            selectedProviders: new Set(['anthropic-api']),
+            providerSecrets: { anthropicKey: 'sk-ant-test' },
+            starters: {
+                cronTechNews: true,
+                cronWeather: true,
+                timezone: 'America/New_York',
+                weatherLocation: 'Austin, TX',
+                skillCodeReview: true,
+                skillDailyNotes: true,
+            },
+        });
+        expect(config.cron.jobs).toHaveLength(2);
+        expect(config.cron.jobs[0].id).toBe('starter-tech-news-hn');
+        expect(config.cron.jobs[1].id).toBe('starter-weather-7am');
+        expect(config.cron.jobs[1].schedule.tz).toBe('America/New_York');
+        expect(config.cron.jobs[1].payload.message).toContain('Austin, TX');
+        expect(config.skills.enabled).toBe(true);
+        expect(config.skills.entries['code-review']).toBe(true);
+        expect(config.skills.entries['daily-notes']).toBe(true);
+    });
 });

package/dist/__tests__/skills.test.js

@@ -313,21 +313,12 @@ describe('formatSkillsPrompt', () => {
         expect(result).toContain('### a');
         expect(result).toContain('### b');
     });
-    it('respects token budget', () => {
-        // With maxTokens=10 (40 chars), only header + maybe first tiny skill fits
-        const result = formatSkillsPrompt([
-            makeSkill('big', 'x'.repeat(200)),
-        ], 10);
-        // The header alone is ~18 chars, the skill section would be ~210 chars
-        // Total exceeds 40 chars budget, so skill gets skipped
-        expect(result).toBe('');
-    });
-    it('includes skills that fit within budget', () => {
+    it('does not skip skills based on prompt budget argument', () => {
         const result = formatSkillsPrompt([
             makeSkill('small', 'tiny'),
             makeSkill('big', 'x'.repeat(50000)),
         ], 100);
         expect(result).toContain('### small');
-        expect(result).not.toContain('### big');
+        expect(result).toContain('### big');
     });
 });

package/dist/__tests__/tools.test.js

@@ -180,9 +180,14 @@ describe('bash', () => {
         expect(result).toContain('Error: Working directory not in allowed paths');
     });
     it('returns stderr on failure', async () => {
-        const result = await executeTool('Bash', { command: 'cat /nonexistent_file_xyz' }, toolConfig);
+        const nonexistent = join(TEST_DIR, 'nonexistent_file_xyz');
+        const result = await executeTool('Bash', { command: `cat "${nonexistent}"` }, toolConfig);
         expect(result).toContain('No such file');
     });
+    it('blocks commands referencing paths outside allowed dirs', async () => {
+        const result = await executeTool('Bash', { command: 'cat /etc/passwd' }, toolConfig);
+        expect(result).toContain('Error: Command references paths outside allowed directories');
+    });
     it('handles unknown tools', async () => {
         const result = await executeTool('delete_everything', {}, toolConfig);
         expect(result).toContain('Error: Unknown tool');

package/dist/agent.js

@@ -153,6 +153,8 @@ export async function runAgentTurn(agentId, userMessage, config, modelOverride,
         channelTargetId,
         approverUserId: context?.userId,
         approverUsername: context?.metadata?.username,
+        sandboxConfig: config.sandbox,
+        sessionId: context?.sessionId || String(chatIdNum ?? 'default'),
     };
     const runTurn = async () => {
         if (toolConfig?.enabled) {

package/dist/api.js

@@ -1,5 +1,6 @@
 // Dashboard API endpoints
 import { readFileSync, writeFileSync, existsSync, readdirSync, statSync, mkdirSync, rmSync } from 'fs';
+import { timingSafeEqual } from 'crypto';
 import { join, basename, resolve } from 'path';
 import { homedir } from 'os';
 import { loadConfig, loadRawConfig, saveConfig, getSessionsDir, getLogsDir, getAgentDir, listMemoryFiles, readMemoryFile, } from './config.js';
@@ -102,7 +103,10 @@ export function registerDashboardAPI(fastify, config) {
             return reply.code(401).send({ error: 'Unauthorized: Bearer token required' });
         }
         const providedToken = authHeader.slice(7);
-        if (providedToken !== token) {
+        // Timing-safe comparison to prevent token extraction via timing attacks
+        const tokenBuf = Buffer.from(token, 'utf8');
+        const providedBuf = Buffer.from(providedToken, 'utf8');
+        if (tokenBuf.length !== providedBuf.length || !timingSafeEqual(tokenBuf, providedBuf)) {
             return reply.code(401).send({ error: 'Unauthorized: Invalid token' });
         }
     });

package/dist/channels/telegram/utils.js

@@ -114,8 +114,8 @@ export function getDefaultTelegramToolConfig(cfg) {
     }
     return {
         enabled: true,
-        allowedPaths: [join(homedir(), '.skimpyclaw'), process.cwd()],
-        maxIterations: 100,
+        allowedPaths: [join(homedir(), '.skimpyclaw')],
+        maxIterations: 30,
         bashTimeout: 15000,
     };
 }

package/dist/cli.js

@@ -43,6 +43,10 @@ Commands:
   tools list              List available tools (built-in + MCP)
   tools install <name>    Add MCP server (--command <cmd> [--args ...] or --url <url>)
   tools remove <name>     Remove MCP server
+  sandbox status          Show active sandbox containers
+  sandbox prune           Force-prune all sandbox containers
+  sandbox init            Auto-setup sandbox runtime/image/config (supports --profile)
+  sandbox doctor          Sandbox-specific diagnostics and hints
   help                    Show this help
 `);
 }
@@ -724,6 +728,211 @@ async function commandTools(args) {
     console.error('Usage: skimpyclaw tools <list|install|remove>');
     return 1;
 }
+const SANDBOX_CLI_BY_PROFILE = {
+    minimal: ['bash', 'curl', 'git', 'gh', 'jq', 'python3', 'rg', 'pnpm'],
+    dev: ['bash', 'curl', 'git', 'gh', 'jq', 'python3', 'rg', 'pnpm', 'gcc', 'g++', 'make'],
+    full: ['bash', 'curl', 'git', 'gh', 'jq', 'python3', 'rg', 'pnpm', 'gcc', 'g++', 'make', 'pip3', 'sqlite3'],
+};
+function defaultSandboxNetwork(runtime) {
+    return runtime === 'container' ? 'default' : 'bridge';
+}
+function detectSandboxRuntime(preferred) {
+    if (preferred === 'container' || preferred === 'docker') {
+        return spawnSync(preferred, ['--version'], { encoding: 'utf-8' }).status === 0 ? preferred : null;
+    }
+    if (spawnSync('container', ['--version'], { encoding: 'utf-8' }).status === 0) {
+        return 'container';
+    }
+    if (spawnSync('docker', ['--version'], { encoding: 'utf-8' }).status === 0) {
+        return 'docker';
+    }
+    return null;
+}
+function isSandboxRuntimeRunning(runtime) {
+    if (runtime === 'container') {
+        return spawnSync('container', ['system', 'status'], { encoding: 'utf-8' }).status === 0;
+    }
+    return spawnSync('docker', ['info'], { encoding: 'utf-8' }).status === 0;
+}
+function sandboxNetworkExists(runtime, network) {
+    if (runtime === 'container') {
+        const result = spawnSync('container', ['network', 'ls'], { encoding: 'utf-8' });
+        if (result.status !== 0)
+            return false;
+        return result.stdout.split('\n').some((line) => line.trim().split(/\s+/)[0] === network);
+    }
+    const result = spawnSync('docker', ['network', 'inspect', network], { encoding: 'utf-8' });
+    return result.status === 0;
+}
+function sandboxImageExists(runtime, image) {
+    return spawnSync(runtime, ['image', 'inspect', image], { encoding: 'utf-8' }).status === 0;
+}
+function resolveSandboxDir() {
+    const cwdSandbox = join(process.cwd(), 'sandbox');
+    if (existsSync(join(cwdSandbox, 'Dockerfile'))) {
+        return cwdSandbox;
+    }
+    return null;
+}
+function parseSandboxOption(args, flag) {
+    const idx = args.indexOf(flag);
+    if (idx === -1 || idx + 1 >= args.length)
+        return undefined;
+    return args[idx + 1];
+}
+function runSandboxImageCheck(runtime, image, network, cmd) {
+    const result = spawnSync(runtime, ['run', '--rm', '--network', network, image, 'sh', '-lc', cmd], { encoding: 'utf-8' });
+    if (result.status === 0) {
+        return { ok: true, detail: (result.stdout || '').trim() || 'ok' };
+    }
+    const detail = `${(result.stderr || '').trim()} ${(result.stdout || '').trim()}`.trim() || `exit ${result.status ?? 1}`;
+    return { ok: false, detail };
+}
+function printSandboxCheck(ok, name, detail, hint) {
+    const prefix = ok ? '✓' : '✗';
+    console.log(`${prefix} ${name}: ${detail}`);
+    if (!ok && hint) {
+        console.log(`  → ${hint}`);
+    }
+}
+async function commandSandbox(args) {
+    const sub = args[0];
+    if (sub === 'status') {
+        const rt = detectSandboxRuntime();
+        if (!rt) {
+            console.log('No container runtime found (install Docker or Apple Containers).');
+            return 1;
+        }
+        const result = spawnSync(rt, ['ps', '--format', '{{.Names}}'], { encoding: 'utf-8' });
+        const lines = (result.stdout || '').trim().split('\n').filter(Boolean);
+        const containers = lines.filter((line) => line.includes('skimpyclaw-sbx'));
+        if (containers.length === 0) {
+            console.log('No active sandbox containers.');
+        }
+        else {
+            console.log(`Active sandbox containers (${containers.length}):`);
+            containers.forEach((c) => console.log(`  ${c}`));
+        }
+        return 0;
+    }
+    if (sub === 'prune') {
+        const { cleanupOrphans } = await import('./sandbox/index.js');
+        const count = await cleanupOrphans();
+        console.log(`Pruned ${count} sandbox container(s).`);
+        return 0;
+    }
+    if (sub === 'init') {
+        const runtimeFlag = parseSandboxOption(args, '--runtime');
+        const profileFlag = parseSandboxOption(args, '--profile') || 'minimal';
+        const imageFlag = parseSandboxOption(args, '--image');
+        const networkFlag = parseSandboxOption(args, '--network');
+        const validProfiles = ['minimal', 'dev', 'full'];
+        if (!validProfiles.includes(profileFlag)) {
+            console.error(`Invalid profile "${profileFlag}". Use one of: minimal, dev, full`);
+            return 1;
+        }
+        const profile = profileFlag;
+        const runtime = detectSandboxRuntime(runtimeFlag);
+        if (!runtime) {
+            console.error('No supported runtime found. Install Apple Containers or Docker.');
+            return 1;
+        }
+        const network = networkFlag || defaultSandboxNetwork(runtime);
+        const image = imageFlag || 'skimpyclaw-sandbox:latest';
+        if (!isSandboxRuntimeRunning(runtime)) {
+            const hint = runtime === 'container' ? 'Run: container system start' : 'Start Docker Desktop (or run `docker info`).';
+            console.error(`Runtime "${runtime}" is not running.`);
+            console.error(hint);
+            return 1;
+        }
+        if (!sandboxNetworkExists(runtime, network)) {
+            const hint = runtime === 'container'
+                ? 'Create/list networks with `container network ls`.'
+                : 'Create/list networks with `docker network ls`.';
+            console.error(`Sandbox network "${network}" not found for runtime "${runtime}".`);
+            console.error(hint);
+            return 1;
+        }
+        const sandboxDir = resolveSandboxDir();
+        if (!sandboxDir) {
+            console.error('Could not find sandbox/Dockerfile from current directory.');
+            console.error('Run from repo root (contains ./sandbox) or build image manually.');
+            return 1;
+        }
+        console.log(`Building sandbox image "${image}" (runtime=${runtime}, profile=${profile})...`);
+        const build = spawnSync(runtime, ['build', '--build-arg', `SKIMPY_PROFILE=${profile}`, '-t', image, sandboxDir], { stdio: 'inherit' });
+        if (build.status !== 0) {
+            console.error('Sandbox image build failed.');
+            return 1;
+        }
+        const raw = loadRawConfig();
+        const sandbox = raw.sandbox ?? {};
+        sandbox.enabled = true;
+        sandbox.runtime = runtime;
+        sandbox.network = network;
+        sandbox.image = image;
+        raw.sandbox = sandbox;
+        saveConfig(raw);
+        console.log('Updated config: sandbox.enabled=true');
+        console.log(`Updated config: sandbox.runtime="${runtime}"`);
+        console.log(`Updated config: sandbox.network="${network}"`);
+        console.log(`Updated config: sandbox.image="${image}"`);
+        const required = SANDBOX_CLI_BY_PROFILE[profile];
+        const checkCmd = `for c in ${required.join(' ')}; do command -v "$c" >/dev/null || { echo "missing:$c"; exit 1; }; done; echo cli-ok`;
+        const cliCheck = runSandboxImageCheck(runtime, image, network, checkCmd);
+        const netCheck = runSandboxImageCheck(runtime, image, network, 'curl -fsS --max-time 8 https://example.com >/dev/null && echo net-ok');
+        const hostCheck = runSandboxImageCheck(runtime, image, network, 'hostname');
+        printSandboxCheck(hostCheck.ok, 'sandbox_hostname', hostCheck.detail);
+        printSandboxCheck(cliCheck.ok, 'sandbox_tools', cliCheck.detail, 'Rebuild image or choose a lighter profile.');
+        printSandboxCheck(netCheck.ok, 'sandbox_network_egress', netCheck.detail, 'Try a different sandbox.network or check runtime DNS/network settings.');
+        if (!hostCheck.ok || !cliCheck.ok || !netCheck.ok) {
+            return 1;
+        }
+        console.log('\nSandbox init complete. Restart Skimpy to apply runtime config.');
+        return 0;
+    }
+    if (sub === 'doctor') {
+        const config = loadConfig();
+        const runtime = detectSandboxRuntime(config.sandbox?.runtime);
+        const image = config.sandbox?.image || 'skimpyclaw-sandbox:latest';
+        const network = config.sandbox?.network || (runtime ? defaultSandboxNetwork(runtime) : 'unknown');
+        const profileFlag = parseSandboxOption(args, '--profile') || 'minimal';
+        const profile = (['minimal', 'dev', 'full'].includes(profileFlag) ? profileFlag : 'minimal');
+        let failed = false;
+        printSandboxCheck(config.sandbox?.enabled === true, 'sandbox_enabled', config.sandbox?.enabled ? 'enabled' : 'disabled', 'Run: skimpyclaw sandbox init');
+        if (!config.sandbox?.enabled)
+            failed = true;
+        printSandboxCheck(!!runtime, 'runtime_detected', runtime || 'none', 'Install Docker or Apple Containers.');
+        if (!runtime)
+            return 1;
+        printSandboxCheck(isSandboxRuntimeRunning(runtime), 'runtime_running', runtime, runtime === 'container' ? 'Run: container system start' : 'Start Docker Desktop.');
+        if (!isSandboxRuntimeRunning(runtime))
+            failed = true;
+        const networkOk = sandboxNetworkExists(runtime, network);
+        printSandboxCheck(networkOk, 'network_exists', network, `Use "${runtime === 'container' ? 'container' : 'docker'} network ls" and update sandbox.network.`);
+        if (!networkOk)
+            failed = true;
+        const imageOk = sandboxImageExists(runtime, image);
+        printSandboxCheck(imageOk, 'image_exists', image, `Build image: ${runtime} build -t ${image} sandbox/`);
+        if (!imageOk)
+            failed = true;
+        if (imageOk && networkOk) {
+            const required = SANDBOX_CLI_BY_PROFILE[profile];
+            const checkCmd = `for c in ${required.join(' ')}; do command -v "$c" >/dev/null || { echo "missing:$c"; exit 1; }; done; echo cli-ok`;
+            const cliCheck = runSandboxImageCheck(runtime, image, network, checkCmd);
+            printSandboxCheck(cliCheck.ok, 'image_toolchain', cliCheck.detail, 'Rebuild with: skimpyclaw sandbox init --profile dev');
+            if (!cliCheck.ok)
+                failed = true;
+            const netCheck = runSandboxImageCheck(runtime, image, network, 'curl -fsS --max-time 8 https://api.duckduckgo.com/?q=skimpyclaw&format=json >/dev/null && echo net-ok');
+            printSandboxCheck(netCheck.ok, 'network_egress', netCheck.detail, 'Some sources may timeout; verify DNS/network in runtime.');
+            if (!netCheck.ok)
+                failed = true;
+        }
+        return failed ? 1 : 0;
+    }
+    console.log('Usage: skimpyclaw sandbox <status|prune|init|doctor>');
+    return 1;
+}
 export async function runCli(argv = process.argv.slice(2)) {
     const [command, ...args] = argv;
     if (!command || command === 'help' || command === '--help' || command === '-h') {
@@ -787,6 +996,9 @@ export async function runCli(argv = process.argv.slice(2)) {
         if (command === 'tools') {
             return await commandTools(args);
         }
+        if (command === 'sandbox') {
+            return await commandSandbox(args);
+        }
         console.error(`Unknown command: ${command}`);
         printHelp();
         return 1;

package/dist/code-agents/executor.js

@@ -10,6 +10,7 @@ import { buildCodeAgentArgs, notifyCodeAgentResult } from './utils.js';
 import { parseStreamJsonForLive, parseClaudeOutput, parseCodexOutput } from './parser.js';
 import { startTrace, addEvent, endTrace } from '../audit.js';
 import { buildUsageRecord, recordUsage } from '../usage.js';
+import { ensureContainer, SANDBOX_DEFAULTS, getRuntime } from '../sandbox/index.js';
 const CANCELLED_MESSAGE = 'Cancelled by user';
 /** Run build/test validation. Shared by solo agents and team orchestrator. */
 export function runValidation(workdir) {
@@ -87,6 +88,13 @@ export async function runCodeAgentBackground(id, agent, task, workdir, validate,
     logStream.write(`Task: ${task.slice(0, 500)}\n`);
     logStream.write(`Workdir: ${workdir}\n\n`);
     try {
+        // Resolve sandbox container name if enabled (used for spawn wrapping)
+        let sandboxContainer;
+        if (options?.sandboxConfig?.enabled) {
+            const merged = { ...SANDBOX_DEFAULTS, ...options.sandboxConfig };
+            sandboxContainer = await ensureContainer(`code-${id}`, merged, options.allowedPaths || [workdir]);
+            console.log(`[code-agent] Running in sandbox container: ${sandboxContainer}`);
+        }
         ensureNotCancelled();
         const exitCode = await new Promise((resolvePromise, reject) => {
             const spawnEnv = { ...process.env };
@@ -94,8 +102,11 @@ export async function runCodeAgentBackground(id, agent, task, workdir, validate,
             // Apply extra env vars (e.g. team mode feature flag)
             if (options?.env)
                 Object.assign(spawnEnv, options.env);
-            const proc = spawn(cmd, args, {
-                cwd: workdir,
+            // When sandbox is enabled, wrap the spawn: container exec <name> <cmd> <args>
+            const spawnCmd = sandboxContainer ? getRuntime() : cmd;
+            const spawnArgs = sandboxContainer ? ['exec', sandboxContainer, cmd, ...args] : args;
+            const proc = spawn(spawnCmd, spawnArgs, {
+                cwd: sandboxContainer ? undefined : workdir, // container has its own cwd
                 stdio: ['ignore', 'pipe', 'pipe'],
                 env: spawnEnv,
             });
@@ -277,8 +288,10 @@ export async function runCodeAgentBackground(id, agent, task, workdir, validate,
                 const retryExitCode = await new Promise((resolveRetry, rejectRetry) => {
                     const spawnEnv = { ...process.env };
                     delete spawnEnv.CLAUDECODE;
-                    const retryProc = spawn(retryCmd, retryArgs, {
-                        cwd: workdir,
+                    const retrySpawnCmd = sandboxContainer ? getRuntime() : retryCmd;
+                    const retrySpawnArgs = sandboxContainer ? ['exec', sandboxContainer, retryCmd, ...retryArgs] : retryArgs;
+                    const retryProc = spawn(retrySpawnCmd, retrySpawnArgs, {
+                        cwd: sandboxContainer ? undefined : workdir,
                         stdio: ['ignore', 'pipe', 'pipe'],
                         env: spawnEnv,
                     });

package/dist/code-agents/types.d.ts

@@ -1,3 +1,4 @@
+import type { SandboxConfig } from '../types.js';
 export interface CodeAgentTask {
     id: string;
     agent: string;
@@ -44,6 +45,10 @@ export interface CodeAgentBackgroundOptions {
     maxTimeoutMinutes?: number;
     /** Skip sending notification on completion (parent handles it) */
     skipNotification?: boolean;
+    /** Sandbox configuration — when enabled, run CLI inside container */
+    sandboxConfig?: SandboxConfig;
+    /** Paths to mount into the sandbox container */
+    allowedPaths?: string[];
 }
 export interface BuildCodeAgentArgsInput {
     task: string;

package/dist/cron.js

@@ -9,6 +9,7 @@ import { startTrace, addEvent, endTrace } from './audit.js';
 import { sendActiveChannelProactiveMessage, sendActiveChannelProactiveVoice, getActiveChannelId } from './channels.js';
 import { parseAndSaveDigest } from './digests.js';
 import { synthesizeSpeech } from './voice.js';
+import { ensureContainer, SANDBOX_DEFAULTS, sandboxBash } from './sandbox/index.js';
 const scheduledJobs = new Map();
 let configWatcher = null;
 function getCronLogDir() {
@@ -189,7 +190,7 @@ async function executeJobPayload(jobDef, config) {
             });
             appendCronLogLine(jobDef.id, `Script started: ${(jobDef.payload.script || '').slice(0, 100)}`);
             try {
-                const output = await executeScript(jobDef);
+                const output = await executeScript(jobDef, config);
                 logEntry.output = output.slice(0, 50000);
                 appendCronLogLine(jobDef.id, `Script completed (${output.length} chars)`);
                 addEvent(scriptTraceId, {
@@ -248,7 +249,7 @@ async function executeJobPayload(jobDef, config) {
         }
     }
 }
-async function executeScript(jobDef) {
+async function executeScript(jobDef, config) {
     const script = expandVariables(jobDef.payload.script || '');
     if (!script) {
         throw new Error(`Script payload is empty for job: ${jobDef.id}`);
@@ -258,6 +259,19 @@ async function executeScript(jobDef) {
         throw new Error(`Working directory does not exist: ${cwd}`);
     }
     const timeoutMs = jobDef.payload.timeoutMs || 600000; // 10 min default
+    // Sandbox routing for script payloads
+    const sandboxCfg = config.sandbox;
+    if (sandboxCfg?.enabled) {
+        const merged = { ...SANDBOX_DEFAULTS, ...sandboxCfg };
+        const containerName = await ensureContainer(`cron-${jobDef.id}`, merged, jobDef.payload.tools?.allowedPaths || []);
+        console.log(`[cron:script] Running in sandbox container: ${containerName}`);
+        console.log(`[cron:script] Running: ${script.slice(0, 100)}${script.length > 100 ? '...' : ''}`);
+        if (cwd)
+            console.log(`[cron:script] cwd: ${cwd}`);
+        const output = await sandboxBash(containerName, script, cwd, timeoutMs);
+        console.log(`[cron:script] Sandbox completed (${output.length} chars)`);
+        return output;
+    }
     return new Promise((resolve, reject) => {
         const startTime = Date.now();
         console.log(`[cron:script] Running: ${script.slice(0, 100)}${script.length > 100 ? '...' : ''}`);

package/dist/discord.js

@@ -47,8 +47,8 @@ const chatHistory = new Map();
 const loadedFromDisk = new Set();
 const DEFAULT_DISCORD_TOOLS = {
     enabled: true,
-    allowedPaths: [join(homedir(), '.skimpyclaw'), process.cwd()],
-    maxIterations: 100,
+    allowedPaths: [join(homedir(), '.skimpyclaw')],
+    maxIterations: 30,
     bashTimeout: 15000,
 };
 let client = null;

package/dist/doctor/checks.d.ts

@@ -15,4 +15,5 @@ export declare function checkVoiceDependencies(config: Config): Promise<DoctorCh
 export declare function checkMcpConfig(config: Config): Promise<DoctorCheckResult>;
 export declare function checkGatewayHostBindable(host: string): Promise<DoctorCheckResult>;
 export declare function checkSkimpyclawDirWritable(): Promise<DoctorCheckResult>;
+export declare function checkSandboxAvailable(config: Config): Promise<DoctorCheckResult>;
 export declare function checkPortAvailability(port: number): Promise<DoctorCheckResult>;