skimpyclaw 0.1.9 → 0.3.0

package/dist/__tests__/bash-path-validation.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/bash-path-validation.test.js

@@ -0,0 +1,164 @@
+import { describe, it, expect } from 'vitest';
+import { isPathLikeToken, extractScriptTarget, extractPathsFromCommand, validateBashPaths, } from '../tools/bash-path-validation.js';
+describe('isPathLikeToken', () => {
+    it('detects absolute paths', () => {
+        expect(isPathLikeToken('/etc/passwd')).toBe(true);
+        expect(isPathLikeToken('/home/user/file.txt')).toBe(true);
+    });
+    it('detects relative paths', () => {
+        expect(isPathLikeToken('./foo')).toBe(true);
+        expect(isPathLikeToken('../bar')).toBe(true);
+        expect(isPathLikeToken('.')).toBe(true);
+        expect(isPathLikeToken('..')).toBe(true);
+    });
+    it('detects home-relative paths', () => {
+        expect(isPathLikeToken('~/Documents')).toBe(true);
+        expect(isPathLikeToken('~')).toBe(true);
+    });
+    it('rejects flags', () => {
+        expect(isPathLikeToken('-f')).toBe(false);
+        expect(isPathLikeToken('--file')).toBe(false);
+        expect(isPathLikeToken('-')).toBe(false);
+        expect(isPathLikeToken('--')).toBe(false);
+    });
+    it('rejects bare words', () => {
+        expect(isPathLikeToken('foo')).toBe(false);
+        expect(isPathLikeToken('bar.txt')).toBe(false);
+        expect(isPathLikeToken('some-command')).toBe(false);
+    });
+    it('rejects empty/whitespace', () => {
+        expect(isPathLikeToken('')).toBe(false);
+        expect(isPathLikeToken('  ')).toBe(false);
+    });
+});
+describe('extractScriptTarget', () => {
+    it('extracts script path from python command', () => {
+        expect(extractScriptTarget(['python3', 'script.py'])).toBe('script.py');
+        expect(extractScriptTarget(['python3', '-u', 'script.py'])).toBe('script.py');
+        expect(extractScriptTarget(['python', '/home/user/run.py'])).toBe('/home/user/run.py');
+    });
+    it('extracts script path from node command', () => {
+        expect(extractScriptTarget(['node', 'app.js'])).toBe('app.js');
+        expect(extractScriptTarget(['node', '--experimental-modules', 'app.js'])).toBe('app.js');
+    });
+    it('extracts script path from ruby/perl', () => {
+        expect(extractScriptTarget(['ruby', 'script.rb'])).toBe('script.rb');
+        expect(extractScriptTarget(['perl', 'script.pl'])).toBe('script.pl');
+    });
+    it('extracts script path from shell interpreters', () => {
+        expect(extractScriptTarget(['bash', 'script.sh'])).toBe('script.sh');
+        expect(extractScriptTarget(['sh', './run.sh'])).toBe('./run.sh');
+    });
+    it('returns null for inline execution (-c, -e)', () => {
+        expect(extractScriptTarget(['python3', '-c', 'print("hi")'])).toBeNull();
+        expect(extractScriptTarget(['node', '-e', 'console.log(1)'])).toBeNull();
+        expect(extractScriptTarget(['perl', '-e', 'print 1'])).toBeNull();
+        expect(extractScriptTarget(['bash', '-c', 'echo hello'])).toBeNull();
+    });
+    it('returns null for module execution (-m)', () => {
+        expect(extractScriptTarget(['python3', '-m', 'http.server'])).toBeNull();
+    });
+    it('returns null for non-interpreter commands', () => {
+        expect(extractScriptTarget(['ls', '-la'])).toBeNull();
+        expect(extractScriptTarget(['grep', 'pattern', 'file.txt'])).toBeNull();
+    });
+    it('handles env var prefix in segment', () => {
+        expect(extractScriptTarget(['NODE_ENV=prod', 'node', 'app.js'])).toBe('app.js');
+    });
+    it('skips flags with values', () => {
+        expect(extractScriptTarget(['python3', '-W', 'ignore', 'script.py'])).toBe('script.py');
+    });
+    it('returns null for no arguments', () => {
+        expect(extractScriptTarget(['python3'])).toBeNull();
+        expect(extractScriptTarget([])).toBeNull();
+    });
+});
+describe('extractPathsFromCommand', () => {
+    const cwd = '/home/user/project';
+    it('extracts absolute paths from simple commands', () => {
+        const paths = extractPathsFromCommand('cat /etc/passwd', cwd);
+        expect(paths).toContain('/etc/passwd');
+    });
+    it('extracts relative paths and resolves them', () => {
+        const paths = extractPathsFromCommand('cat ./data/file.txt', cwd);
+        expect(paths).toContain('/home/user/project/data/file.txt');
+    });
+    it('extracts home-relative paths', () => {
+        const paths = extractPathsFromCommand('cat ~/secret.txt', cwd);
+        expect(paths.length).toBe(1);
+        expect(paths[0]).toMatch(/secret\.txt$/);
+    });
+    it('extracts paths from piped commands', () => {
+        const paths = extractPathsFromCommand('cat /etc/hosts | grep /var/log/syslog', cwd);
+        expect(paths).toContain('/etc/hosts');
+        expect(paths).toContain('/var/log/syslog');
+    });
+    it('extracts paths from chained commands', () => {
+        const paths = extractPathsFromCommand('ls /tmp && cat /etc/passwd', cwd);
+        expect(paths).toContain('/tmp');
+        expect(paths).toContain('/etc/passwd');
+    });
+    it('extracts interpreter script targets', () => {
+        const paths = extractPathsFromCommand('python3 /opt/scripts/exploit.py', cwd);
+        expect(paths).toContain('/opt/scripts/exploit.py');
+    });
+    it('extracts both script target and path args', () => {
+        const paths = extractPathsFromCommand('python3 ./script.py /data/input.csv', cwd);
+        expect(paths).toContain('/home/user/project/script.py');
+        expect(paths).toContain('/data/input.csv');
+    });
+    it('deduplicates paths', () => {
+        const paths = extractPathsFromCommand('cat /etc/passwd /etc/passwd', cwd);
+        expect(paths.length).toBe(1);
+    });
+    it('returns empty for commands with no path args', () => {
+        const paths = extractPathsFromCommand('echo hello world', cwd);
+        expect(paths).toEqual([]);
+    });
+    it('returns empty for inline interpreter execution', () => {
+        const paths = extractPathsFromCommand('python3 -c "print(1)"', cwd);
+        expect(paths).toEqual([]);
+    });
+    it('handles bare words that are not paths', () => {
+        const paths = extractPathsFromCommand('git status', cwd);
+        expect(paths).toEqual([]);
+    });
+});
+describe('validateBashPaths', () => {
+    // Use /home/user paths to avoid macOS /tmp → /private/tmp symlink issues
+    const allowedPaths = ['/home/user/project', '/home/user/data'];
+    it('returns null when all paths are allowed', () => {
+        expect(validateBashPaths('cat /home/user/project/file.txt', undefined, allowedPaths)).toBeNull();
+        expect(validateBashPaths('ls /home/user/data/stuff', undefined, allowedPaths)).toBeNull();
+    });
+    it('returns error when path is outside allowed dirs', () => {
+        const result = validateBashPaths('cat /etc/passwd', undefined, allowedPaths);
+        expect(result).toContain('Error');
+        expect(result).toContain('/etc/passwd');
+    });
+    it('blocks interpreter commands targeting outside paths', () => {
+        const result = validateBashPaths('python3 /opt/evil.py', undefined, allowedPaths);
+        expect(result).toContain('Error');
+        expect(result).toContain('/opt/evil.py');
+    });
+    it('allows interpreter commands targeting allowed paths', () => {
+        expect(validateBashPaths('python3 /home/user/project/run.py', undefined, allowedPaths)).toBeNull();
+    });
+    it('returns null when no allowedPaths configured (permissive)', () => {
+        expect(validateBashPaths('cat /etc/passwd', undefined, [])).toBeNull();
+    });
+    it('blocks paths in chained commands', () => {
+        const result = validateBashPaths('ls /home/user/data && cat /etc/shadow', undefined, allowedPaths);
+        expect(result).toContain('Error');
+        expect(result).toContain('/etc/shadow');
+    });
+    it('lists all blocked paths in error', () => {
+        const result = validateBashPaths('cat /etc/passwd /var/secret', undefined, allowedPaths);
+        expect(result).toContain('/etc/passwd');
+        expect(result).toContain('/var/secret');
+    });
+    it('returns null for commands with no path arguments', () => {
+        expect(validateBashPaths('echo hello', undefined, allowedPaths)).toBeNull();
+        expect(validateBashPaths('git status', undefined, allowedPaths)).toBeNull();
+    });
+});

package/dist/__tests__/cron.test.js

@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import { parseDualOutput } from '../cron.js';
+import { parseDualOutput, validatePrReviewOutput } from '../cron.js';
 describe('parseDualOutput', () => {
     it('returns full response as text when no delimiters present', () => {
         const response = 'Hello, this is a regular response with no delimiters.';
@@ -64,3 +64,53 @@ Voice content here
         expect(result.text).toBe(fullResponse);
     });
 });
+describe('validatePrReviewOutput', () => {
+    it('returns null for NO_CANDIDATES result', () => {
+        const output = 'No PRs found.\n[PR_REVIEW_RESULT: NO_CANDIDATES]';
+        expect(validatePrReviewOutput(output)).toBeNull();
+    });
+    it('returns null when candidates were reviewed with code_with_agent', () => {
+        const output = 'Reviewed 3 PRs.\n[PR_REVIEW_RESULT: CANDIDATES=3 CODE_AGENT_CALLS=3 BLOCKED=0]';
+        expect(validatePrReviewOutput(output)).toBeNull();
+    });
+    it('returns null when all candidates are blocked', () => {
+        const output = 'All blocked.\n[PR_REVIEW_RESULT: CANDIDATES=2 CODE_AGENT_CALLS=0 BLOCKED=2]';
+        expect(validatePrReviewOutput(output)).toBeNull();
+    });
+    it('returns alert when candidates exist but no code_with_agent calls', () => {
+        const output = 'Inline review.\n[PR_REVIEW_RESULT: CANDIDATES=3 CODE_AGENT_CALLS=0 BLOCKED=0]';
+        const result = validatePrReviewOutput(output);
+        expect(result).not.toBeNull();
+        expect(result).toContain('code_with_agent was never called');
+        expect(result).toContain('3 PR candidate');
+    });
+    it('returns alert when result line is missing entirely', () => {
+        const output = 'The agent just rambled about PRs without following the prompt.';
+        const result = validatePrReviewOutput(output);
+        expect(result).not.toBeNull();
+        expect(result).toContain('Missing [PR_REVIEW_RESULT]');
+    });
+    it('returns null when some candidates reviewed and some blocked', () => {
+        const output = '[PR_REVIEW_RESULT: CANDIDATES=4 CODE_AGENT_CALLS=2 BLOCKED=2]';
+        expect(validatePrReviewOutput(output)).toBeNull();
+    });
+    it('returns alert when partially blocked but zero calls', () => {
+        const output = '[PR_REVIEW_RESULT: CANDIDATES=3 CODE_AGENT_CALLS=0 BLOCKED=1]';
+        const result = validatePrReviewOutput(output);
+        expect(result).not.toBeNull();
+        expect(result).toContain('code_with_agent was never called');
+    });
+});
+describe('cron job tool injection', () => {
+    it('isCronJob field exists on ExecuteToolContext', () => {
+        // Verify the field is part of the type (compile-time check via assignment)
+        const ctx = {
+            isCronJob: true,
+        };
+        expect(ctx.isCronJob).toBe(true);
+    });
+    it('isCronJob defaults to undefined when not set', () => {
+        const ctx = {};
+        expect(ctx.isCronJob).toBeUndefined();
+    });
+});

package/dist/__tests__/doctor.runner.test.js

@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from 'vitest';
-const { mockLoadConfig, mockCheckNodeVersion, mockCheckPackageManagerAvailable, mockCheckTypeScriptCompile, mockCheckConfigExistsAndValidJson, mockCheckRequiredEnvVars, mockCheckEnvVarPatterns, mockCheckAllowedPathsWritable, mockCheckProviderAuth, mockCheckTelegramToken, mockCheckDiscordToken, mockCheckBrowserBinaryIfEnabled, mockCheckVoiceDependencies, mockCheckMcpConfig, mockCheckGatewayHostBindable, mockCheckSkimpyclawDirWritable, mockCheckPortAvailability, } = vi.hoisted(() => ({
+const { mockLoadConfig, mockCheckNodeVersion, mockCheckPackageManagerAvailable, mockCheckTypeScriptCompile, mockCheckConfigExistsAndValidJson, mockCheckRequiredEnvVars, mockCheckEnvVarPatterns, mockCheckAllowedPathsWritable, mockCheckProviderAuth, mockCheckTelegramToken, mockCheckDiscordToken, mockCheckBrowserBinaryIfEnabled, mockCheckVoiceDependencies, mockCheckMcpConfig, mockCheckGatewayHostBindable, mockCheckSkimpyclawDirWritable, mockCheckPortAvailability, mockCheckSandboxAvailable, } = vi.hoisted(() => ({
     mockLoadConfig: vi.fn(),
     mockCheckNodeVersion: vi.fn(),
     mockCheckPackageManagerAvailable: vi.fn(),
@@ -17,6 +17,7 @@ const { mockLoadConfig, mockCheckNodeVersion, mockCheckPackageManagerAvailable,
     mockCheckGatewayHostBindable: vi.fn(),
     mockCheckSkimpyclawDirWritable: vi.fn(),
     mockCheckPortAvailability: vi.fn(),
+    mockCheckSandboxAvailable: vi.fn(),
 }));
 vi.mock('../config.js', () => ({
     loadConfig: mockLoadConfig,
@@ -38,6 +39,7 @@ vi.mock('../doctor/checks.js', () => ({
     checkGatewayHostBindable: mockCheckGatewayHostBindable,
     checkSkimpyclawDirWritable: mockCheckSkimpyclawDirWritable,
     checkPortAvailability: mockCheckPortAvailability,
+    checkSandboxAvailable: mockCheckSandboxAvailable,
 }));
 import { computeExitCode, runDoctor } from '../doctor/runner.js';
 function okCheck(name, category, detail = 'ok') {
@@ -78,6 +80,7 @@ describe('doctor runner', () => {
         mockCheckGatewayHostBindable.mockReset();
         mockCheckSkimpyclawDirWritable.mockReset();
         mockCheckPortAvailability.mockReset();
+        mockCheckSandboxAvailable.mockReset();
         mockCheckNodeVersion.mockResolvedValue(okCheck('node_version', 'environment', 'v20.11.0'));
         mockCheckPackageManagerAvailable.mockResolvedValue(okCheck('package_manager_available', 'environment', 'pnpm'));
         mockCheckTypeScriptCompile.mockResolvedValue(okCheck('typescript_compile', 'environment'));
@@ -94,6 +97,7 @@ describe('doctor runner', () => {
         mockCheckGatewayHostBindable.mockResolvedValue(okCheck('gateway_host_bindable', 'runtime', '127.0.0.1 (always available)'));
         mockCheckSkimpyclawDirWritable.mockResolvedValue(okCheck('skimpyclaw_dirs_writable', 'runtime'));
         mockCheckPortAvailability.mockResolvedValue(okCheck('gateway_port_available', 'runtime'));
+        mockCheckSandboxAvailable.mockResolvedValue(okCheck('sandbox_available', 'runtime', 'Sandbox disabled'));
     });
     it('computes exit code 0 when all checks pass', () => {
         const code = computeExitCode({ checks: [okCheck('node_version', 'environment')] });

package/dist/__tests__/heartbeat.test.js

@@ -21,11 +21,11 @@ describe('heartbeat prompt path normalization', () => {
             agents: { default: 'main' },
             heartbeat: {
                 intervalMs: 60000,
-                prompt: 'Read /Users/katre/HEARTBEAT.md only. Reply HEARTBEAT_OK.',
+                prompt: 'Read /Users/example/HEARTBEAT.md only. Reply HEARTBEAT_OK.',
                 model: 'claude-fast',
                 tools: {
                     enabled: true,
-                    allowedPaths: ['/Users/katre/.skimpyclaw'],
+                    allowedPaths: ['/Users/example/.skimpyclaw'],
                     maxIterations: 10,
                     bashTimeout: 15000,
                 },
@@ -33,7 +33,7 @@ describe('heartbeat prompt path normalization', () => {
             channels: {
                 active: 'telegram',
                 telegram: {
-                    defaultAllowedPaths: ['/Users/katre/.skimpyclaw'],
+                    defaultAllowedPaths: ['/Users/example/.skimpyclaw'],
                 },
             },
         };
@@ -50,7 +50,7 @@ describe('heartbeat prompt path normalization', () => {
                 model: 'claude-fast',
                 tools: {
                     enabled: true,
-                    allowedPaths: ['/Users/katre/.skimpyclaw'],
+                    allowedPaths: ['/Users/example/.skimpyclaw'],
                     maxIterations: 10,
                     bashTimeout: 15000,
                 },
@@ -58,7 +58,7 @@ describe('heartbeat prompt path normalization', () => {
             channels: {
                 active: 'telegram',
                 telegram: {
-                    defaultAllowedPaths: ['/Users/katre/.skimpyclaw'],
+                    defaultAllowedPaths: ['/Users/example/.skimpyclaw'],
                 },
             },
         };

package/dist/__tests__/sandbox-bridge.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/sandbox-bridge.test.js

@@ -0,0 +1,116 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+const { mockExecInContainer } = vi.hoisted(() => ({
+    mockExecInContainer: vi.fn(),
+}));
+vi.mock('../sandbox/runtime.js', () => ({
+    execInContainer: mockExecInContainer,
+}));
+import { sandboxBash, sandboxReadFile, sandboxWriteFile, sandboxListDir, sandboxGlob, } from '../sandbox/bridge.js';
+describe('sandbox/bridge', () => {
+    beforeEach(() => {
+        vi.clearAllMocks();
+    });
+    describe('sandboxBash', () => {
+        it('passes command through', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: 'ok', stderr: '', exitCode: 0 });
+            const result = await sandboxBash('ctr', 'echo hi');
+            expect(result).toBe('ok');
+            expect(mockExecInContainer).toHaveBeenCalledWith('ctr', ['echo hi'], expect.any(Object));
+        });
+        it('handles cwd', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: '', exitCode: 0 });
+            await sandboxBash('ctr', 'ls', '/workspace');
+            const args = mockExecInContainer.mock.calls[0][1][0];
+            expect(args).toContain('cd');
+            expect(args).toContain('/workspace');
+        });
+        it('handles timeout', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: '', exitCode: 0 });
+            await sandboxBash('ctr', 'sleep 1', undefined, 5000);
+            const opts = mockExecInContainer.mock.calls[0][2];
+            expect(opts.timeout).toBe(5000);
+        });
+        it('truncates long output', async () => {
+            const longOutput = 'x'.repeat(60 * 1024);
+            mockExecInContainer.mockResolvedValue({ stdout: longOutput, stderr: '', exitCode: 0 });
+            const result = await sandboxBash('ctr', 'cmd');
+            expect(result.length).toBeLessThan(longOutput.length);
+            expect(result).toContain('truncated');
+        });
+        it('includes exit code on failure', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: 'out', stderr: 'err', exitCode: 42 });
+            const result = await sandboxBash('ctr', 'bad');
+            expect(result).toContain('[exit code: 42]');
+        });
+        it('returns (no output) when empty', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: '', exitCode: 0 });
+            const result = await sandboxBash('ctr', 'true');
+            expect(result).toBe('(no output)');
+        });
+    });
+    describe('sandboxReadFile', () => {
+        it('calls cat with path', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: 'content', stderr: '', exitCode: 0 });
+            const result = await sandboxReadFile('ctr', '/workspace/file.txt');
+            expect(result).toBe('content');
+            expect(mockExecInContainer.mock.calls[0][1][0]).toContain('cat');
+        });
+        it('truncates large files', async () => {
+            const big = 'y'.repeat(120 * 1024);
+            mockExecInContainer.mockResolvedValue({ stdout: big, stderr: '', exitCode: 0 });
+            const result = await sandboxReadFile('ctr', '/f');
+            expect(result.length).toBeLessThan(big.length);
+            expect(result).toContain('truncated');
+        });
+        it('throws on failure', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: 'not found', exitCode: 1 });
+            await expect(sandboxReadFile('ctr', '/missing')).rejects.toThrow('Failed to read');
+        });
+    });
+    describe('sandboxWriteFile', () => {
+        it('sends content via stdin', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: '', exitCode: 0 });
+            const result = await sandboxWriteFile('ctr', '/workspace/f.txt', 'hello');
+            expect(result).toContain('Written');
+            expect(result).toContain('5 bytes');
+            const opts = mockExecInContainer.mock.calls[0][2];
+            expect(opts.stdin).toBe('hello');
+        });
+        it('creates parent dirs', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: '', exitCode: 0 });
+            await sandboxWriteFile('ctr', '/workspace/a/b/c.txt', 'data');
+            expect(mockExecInContainer.mock.calls[0][1][0]).toContain('mkdir -p');
+        });
+        it('throws on failure', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: 'perm denied', exitCode: 1 });
+            await expect(sandboxWriteFile('ctr', '/f', 'x')).rejects.toThrow('Failed to write');
+        });
+    });
+    describe('sandboxListDir', () => {
+        it('calls ls -la', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: 'drwxr-xr-x ...', stderr: '', exitCode: 0 });
+            const result = await sandboxListDir('ctr', '/workspace');
+            expect(result).toBe('drwxr-xr-x ...');
+            expect(mockExecInContainer.mock.calls[0][1][0]).toContain('ls -la');
+        });
+        it('throws on failure', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: 'no such dir', exitCode: 1 });
+            await expect(sandboxListDir('ctr', '/bad')).rejects.toThrow('Failed to list');
+        });
+    });
+    describe('sandboxGlob', () => {
+        it('calls find with correct args', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '/workspace/a.ts\n', stderr: '', exitCode: 0 });
+            const result = await sandboxGlob('ctr', '/workspace', '*.ts');
+            expect(result).toContain('/workspace/a.ts');
+            const cmd = mockExecInContainer.mock.calls[0][1][0];
+            expect(cmd).toContain('find');
+            expect(cmd).toContain('-name');
+            expect(cmd).toContain('-maxdepth');
+        });
+        it('throws on failure', async () => {
+            mockExecInContainer.mockResolvedValue({ stdout: '', stderr: 'err', exitCode: 1 });
+            await expect(sandboxGlob('ctr', '/x', '*.js')).rejects.toThrow('Failed to glob');
+        });
+    });
+});

package/dist/__tests__/sandbox-manager.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/sandbox-manager.test.js

@@ -0,0 +1,119 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+const { mockCreateContainer, mockRemoveContainer, mockIsContainerRunning, mockValidateMountPaths, } = vi.hoisted(() => ({
+    mockCreateContainer: vi.fn(),
+    mockRemoveContainer: vi.fn(),
+    mockIsContainerRunning: vi.fn(),
+    mockValidateMountPaths: vi.fn(),
+}));
+vi.mock('../sandbox/runtime.js', () => ({
+    createContainer: mockCreateContainer,
+    removeContainer: mockRemoveContainer,
+    isContainerRunning: mockIsContainerRunning,
+}));
+vi.mock('../sandbox/mount-security.js', () => ({
+    validateMountPaths: mockValidateMountPaths,
+}));
+import { ensureContainer, releaseContainer, pruneIdle, releaseAll, resetForTesting, SANDBOX_DEFAULTS, } from '../sandbox/manager.js';
+const testConfig = { ...SANDBOX_DEFAULTS, enabled: true };
+describe('sandbox/manager', () => {
+    beforeEach(() => {
+        resetForTesting();
+        vi.clearAllMocks();
+        mockValidateMountPaths.mockReturnValue([
+            { host: '/home/user/project', container: '/workspace/project', readOnly: false },
+        ]);
+        mockCreateContainer.mockResolvedValue(undefined);
+        mockRemoveContainer.mockResolvedValue(undefined);
+    });
+    describe('ensureContainer', () => {
+        it('creates container on first call', async () => {
+            const name = await ensureContainer('sess1', testConfig, ['/home/user/project']);
+            expect(name).toBe('skimpyclaw-sbx-sess1');
+            expect(mockCreateContainer).toHaveBeenCalledTimes(1);
+        });
+        it('reuses on second call if running', async () => {
+            mockIsContainerRunning
+                .mockResolvedValueOnce(false)
+                .mockResolvedValueOnce(true);
+            await ensureContainer('sess1', testConfig, ['/p']);
+            const name = await ensureContainer('sess1', testConfig, ['/p']);
+            expect(name).toBe('skimpyclaw-sbx-sess1');
+            expect(mockCreateContainer).toHaveBeenCalledTimes(1); // only first call
+        });
+        it('recreates if container died', async () => {
+            mockIsContainerRunning.mockResolvedValue(false);
+            await ensureContainer('sess1', testConfig, ['/p']);
+            // Second call — container exists in map but isContainerRunning returns false
+            await ensureContainer('sess1', testConfig, ['/p']);
+            expect(mockCreateContainer).toHaveBeenCalledTimes(2);
+        });
+        it('adopts existing running container after process restart', async () => {
+            mockIsContainerRunning.mockResolvedValue(true);
+            const name = await ensureContainer('default', testConfig, ['/p']);
+            expect(name).toBe('skimpyclaw-sbx-default');
+            expect(mockCreateContainer).not.toHaveBeenCalled();
+            expect(mockRemoveContainer).not.toHaveBeenCalled();
+        });
+        it('removes stale named container before creating', async () => {
+            mockIsContainerRunning.mockResolvedValue(false);
+            const name = await ensureContainer('default', testConfig, ['/p']);
+            expect(name).toBe('skimpyclaw-sbx-default');
+            expect(mockRemoveContainer).toHaveBeenCalledWith('skimpyclaw-sbx-default');
+            expect(mockCreateContainer).toHaveBeenCalledTimes(1);
+        });
+    });
+    describe('releaseContainer', () => {
+        it('removes container and clears from map', async () => {
+            await ensureContainer('sess1', testConfig, ['/p']);
+            await releaseContainer('sess1');
+            expect(mockRemoveContainer).toHaveBeenCalledWith('skimpyclaw-sbx-sess1');
+            // Next ensureContainer should create fresh
+            await ensureContainer('sess1', testConfig, ['/p']);
+            expect(mockCreateContainer).toHaveBeenCalledTimes(2);
+        });
+        it('no-ops for unknown session', async () => {
+            await expect(releaseContainer('unknown')).resolves.toBeUndefined();
+            expect(mockRemoveContainer).not.toHaveBeenCalled();
+        });
+    });
+    describe('pruneIdle', () => {
+        it('removes containers older than threshold', async () => {
+            vi.useFakeTimers();
+            try {
+                await ensureContainer('old', testConfig, ['/p']);
+                // Advance time by 10 seconds so the container is idle
+                vi.advanceTimersByTime(10_000);
+                const pruned = await pruneIdle(5_000);
+                expect(pruned).toBe(1);
+                expect(mockRemoveContainer).toHaveBeenCalledWith('skimpyclaw-sbx-old');
+            }
+            finally {
+                vi.useRealTimers();
+            }
+        });
+        it('keeps recent containers', async () => {
+            await ensureContainer('new', testConfig, ['/p']);
+            const pruned = await pruneIdle(60_000);
+            expect(pruned).toBe(0);
+        });
+    });
+    describe('releaseAll', () => {
+        it('removes all containers', async () => {
+            mockIsContainerRunning.mockResolvedValue(true);
+            await ensureContainer('a', testConfig, ['/p']);
+            await ensureContainer('b', testConfig, ['/p']);
+            await releaseAll();
+            expect(mockRemoveContainer).toHaveBeenCalledTimes(2);
+        });
+    });
+    describe('resetForTesting', () => {
+        it('clears state without removing containers', async () => {
+            mockIsContainerRunning.mockResolvedValue(false);
+            await ensureContainer('x', testConfig, ['/p']);
+            resetForTesting();
+            // Next call should create fresh (map is empty)
+            await ensureContainer('x', testConfig, ['/p']);
+            expect(mockCreateContainer).toHaveBeenCalledTimes(2);
+        });
+    });
+});

package/dist/__tests__/sandbox-mount-security.test.d.ts

@@ -0,0 +1 @@
+export {};